Six tips for mobile device management security

There has been a lot of discussion this year about the increasing influx of consumer devices being used for both professional and personal purposes. Many organisations are feeling a little overwhelmed as they try to work out appropriate security levels and device management boundaries. When you take into consideration all the platform and application updates chewing through corporate bandwidth, plus the potential for rogue applications and malware to gain illicit access to company data, there are many headaches for security managers to deal with.

Here are six tips to help get the efficient and secure management of mobile devices under control:

1. Have a strong mobile policy

This may seem like an obvious tip, but there is often a clear disconnect between employees and employers’ expectations of how consumer devices will be used in the enterprise. Research from IDC found that not only were workers using their devices at twice the rate, they also tended to think employers were far more permissive of the use of consumer devices than they actually were. It is therefore very important to have a mobile use policy clearly defined to avoid these kinds of misunderstandings.

A mobile usage policy is a framework that defines who the users are and what devices, platforms and applications they can and can’t use. Enterprises must clearly define policies around reimbursement for services and what applications users can access via personal devices, along with clear guidance on who controls the data on devices.

2. Create an inventory of assets

How can you be assured of the security of employees’ mobile devices if you don’t know how many are out there and what they are? Implementing a robust and regularly updated inventory management system is a vital part of any mobile device management system. While many businesses do have an inventory of fixed and wireless assets, the majority of them are not updated and validated on a regular basis, leading to the potential for security issues to slip through the cracks via unknown devices or inappropriate usage. Businesses with accurate inventories have much clearer insight into their telecommunication environments and as such, more reliable information on which to base policy decisions.

3. Ensure proper configuration of devices

The sheer number of different devices and platforms out there can make the configuration of devices a challenging process. Factor in entry level handsets, smartphones, tablets with different operating systems and employees working in numerous different locations and the issue becomes even more complex. However, if a device is enrolled with a mobile device management server, a configuration profile defined and managed by IT admin can be implemented, enabling the device to interact with enterprise systems. An appropriate level of encryption can also be added to any commands coming from the server to ensure that settings cannot be altered without proper authorisation.

4. Implement appropriate security

Despite the influx of consumer devices into the workplace, many organisations haven’t implemented stronger security controls in response, leaving them at risk of security breaches or loss of sensitive data. Data encryption is a powerful piece of the mobile security puzzle and yet many businesses do not use it on a regular basis. In addition to implementing data encryption, enterprises need to inform workers about the risks of failing to comply with security protocols – there is a good chance that they are unaware of the risks associated with using their personal devices for professional purposes.

5. Regulate application protocols

Taking into consideration that there are thousands upon thousands of mobile applications out there, strong protocols need to be instituted for the deployment of any new applications and the management of existing applications. Malware is steadily creeping into the app world, so even applications from the app store need to be checked before they are allowed into the enterprise. Such malicious applications can take over the mobile device and operate in the background without the user knowing, searching for sensitive information such as passwords or banking details.

6. Provide training and end-user support

A relatively small percentage of the overall functionality of the average mobile device is used on a regular basis. With devices becoming more and more sophisticated, users could end up massively under-utilising all the functions that are at their disposal. As a result, most enterprises would benefit from providing user training, including how to set up email, device customisation, application selection and usage, understanding browser capabilities, using instant messaging, and mobile data services and understanding device functions and shortcuts. Support and training can increase worker efficiency and also reduce security risks, as employees better understand how their devices work.

Managing employee mobility doesn’t need to be a nightmare. With the right systems put into place, employees and employers alike can reap the benefits of mobility.

Original Publication

Unified Communications: Leading the Cloud revolution

Original Publication

The 101 of UC

The term unified communication (UC) is a popular subject that has been floating around the workplace for some time….but is it really an essential component for businesses today? Do employees, or businesses for that matter, really understand the pros and cons?

The problem with the current workforce is that it is dependent but scattered: 78 per cent of workers are part of global teams that can be scattered across the world.

Being part of the global workforce isn’t in itself a hindrance: technology allows communication. It is estimated that the average worker carries 2.9 devices, increasing their accessibility. While having multiple devices – from email, to mobile phones, to desk phones, to videoconference and beyond – should make getting in touch with someone easier, it can actually hinder the process.

A simple example is this: calling someone on their office phone could see you leaving a message at reception, to be emailed to their inbox with the request to call you back. Ultimately, the excess in opportunity to contact someone wastes time and resources.

Unified communications (UC) is a solution that streamlines this process, uniting full time employees, managers, top level staff and part time workers to communicate in a new way, across broad geographic space and time zones.

UC integrates a variety of communication tools, from the traditional non real- time to the advancing real- time. Simplified down, a unified communications system should have five core capabilities: email, telephony, real time communications, calendars and directory services.

Originally, UC was the natural progression for a world where multiple communications channels could be accessed all at once. Now, however, it is a strategic business choice which enables easier workflows and more efficient workplace operations. According to a report by Frost and Sullivan, globally, the UC market is expected to grow from US$1144.8 million to US$2287.6 million by 2019.

The network effect

Regardless of the catalyst, as an organisation moves to UC, a platform can be adopted to integrate with existing frameworks – be it emails with a particular provider or a cloud solution. The UC platform, Unified Communications as a Service (UCaaS), intrinsically changes processes within an organisation. As UCaaS takes hold, employees begin working more efficiently, adapting to the ease of communicating in real time via a single interface, but across multiple communication styles.

This hyper connectivity will benefit performance and capability but could also cause network performance issues. Things that need to be considered are:

– An increase in network traffic and applications and the need to address incidents
– Monitoring UC components to assess if they are working correctly across the network
– In-depth or packet level monitoring

With the growth of unified communications and additional new applications, the management of each new service is becoming far too complex for IT departments. Finding the right UCaaS provider can actually address all of these issues, by generating a customised and optimised solution strictly for your business.

If UCaaS is running optimally, the benefits to the end user and the broader business are extensive. Shorter time frames and less follow-ups results in increased productivity. The allowed interactivity can also increase decision making, reducing time lines, and increasing satisfaction and budget delivery.

Data, cloud and the security conundrum

These benefits are undeniable, which largely explains why 88% percent of enterprises have deployed or are planning UC deployment. Increasingly, UCaaS is deployed across a hybrid cloud scenario. In any business running UC, unstructured data is being created, and at a rapid pace. When UC is run either wholly or partially via the cloud, this data and the security risks alongside it increase.

The cornerstone of a successful UC implementation is having up-to-date accurate user information. This raises the question of security and privacy. Do I really want others to see my personal details?

The implementation of UC also changes business workflow and the need of a middle man to assign telephony UC. Some other core security threats include:

• Host and network-based intrusion – something that we have lived with since the dawn of computer technology.
• A VoIP-enabled form of phishing – basic phishing techniques are applied to the UC suite, meaning confidential information can be revealed over the phone by appearing to call from an official location, but actually infiltrating the organisation.
• Toll fraud – the incorrect lodging and pricing of media traffic (images, videos etc.) and voice and video calls. Toll fraud means that attackers can create a video call, but it appears as a telephone call. This misrepresentation means incorrect charging and scamming the system.

The top concern for organisations is the tapping of endpoint UC devices – laptops, smart phones etc. These breaches could infiltrate VoIP, IM or other traffic, potentially unleashing not only sensitive organisational information in the form of documents, but intercepting telephone calls, and sensitive emails. While this is the base level risk of unauthorised access, the next step is an organisation’s full network security being compromised. If a hacker infiltrates the network, there is the potential to not only access information but launch attacks and alter network settings – jeopardisinge the organisation on many levels.

These kinds of malicious attacks can come in many forms. Two common ones are denial of service attack and platform compromise. While different styles of attacks, both disrupt the communications infrastructure on different levels and in different manners.

Companies of all sizes are adopting unified communications and the collaboration capabilities it fosters to boost productivity and innovation, increase mobility and enhance flexibility. However the risks apparent in the cloud environment are also booming in.

UCaaS is the turning point for communications as we know it, and the way the cloud is utilised. At the beginning of this, the cloud revolution, we are looking to a more interactive, available yet accommodating time. To ensure that as UC takes hold of business it maintains the same robust nature and safety standards we are used to, the same considerations need to be at play. The same guidelines need to be put in place, including:

1. Develop a strong defence strategy
Assess the enterprise infrastructure and identify where vulnerabilities lie and how infiltrations could occur. Look at servers, endpoint UC devices and the actual network. Your security strategy should already address these core areas, but launching into the field of UC only enhances the demand.

2. Secure your infrastructure
As UCaaS becomes a reality, your organisation needs to build a secure infrastructure. This includes all aspects of ‘locking down’ your organisation, from data regulations, to securing PCs and tablets to the phone network and the protection, integrity and confidentiality of calls.

3. Check the legal side
The platform that you deploy UC on might be stock standard or could be strategically developed for your organisation. In any scenario, you need to ensure that the platform complies with all relevant laws and regulations of your region.

 

Next-generation IT procurement

I’ve blogged several times recently about the impact of ‘disruptive’ technology on the world and on the IT industry, and with good reason; disruptors are the new trends and practices which re-define the ways in which we work, communicate and pretty much conduct our daily lives.

One of the latest disruptive developments in the IT world is in consumption – how we acquire and utilizeIT products and services. And as with so much else just now, it is being disrupted and driven forward by cloud computing.

a shift in procurement thinking

Traditionally IT procurement has been driven by the CAPEX model, whereby vendors agree deals with customers for products or services which see the customer pay around 70 per cent of the project cost up front. Great business for product vendors, guaranteed money up front and happy vendor CEOs. This has meant that the risk and the responsibility lie with the customer to leverage the product capabilities.

The industry is now fast headed in the direction of the OPEX consumption model – essentially pay-per-use – which puts things very much more in favour of the customer who is buying the technology, rather than the vendor.

As with all things in IT, the shift in thinking and evolution of business practices faces a number of key barriers to implementation – in this instance, cost, complexity, adoption and risk. And it is in addressing these barriers where success in next generation IT procurement lies.

changing the model

What this OPEX consumption approach does is to change the game from a vendor perspective and make services more important than product sales. The saying was always that ‘the customer is king’, but that has become ever more true today thanks to cloud computing and services empowering customers and end-users like never before.

This new subscription model, powered by the cloud, has transformed IT provision into a service versus product approach. The OPEX model reduces both customers’ costs and risk, and allows them to experiment in a more risk bounded environment. They can start small and try solutions and services out, and if they gain business benefit, then they can and will expand their usage of that technology. This is the beauty and attraction of the cloud computing and managed services approach – simplicity. In the age of the iPhone, IT mobility and personal empowerment, end-users just love simplicity.

So vendors need to change their thinking in response to this shift in procurement mentality. There are examples in the market now of vendors offering a ‘try before you buy’ approach to encourage potential customers in. Customers no longer want huge implementation costs – smartphones for example don’t come with a thick user manual – and simplicity is key. The simpler the user engagement, the more managed the service such as SaaS or IaaS, the lower the risk from the customer perspective, the more likely the increase in adoption.

the consumption gap

Much of this new procurement thinking has been driven by the consumption gap. Customers grew tired of wasting money on products and services features they simply never used, or in fact, ever really needed in the first place.

Under the CAPEX model, all the challenges and the risk were placed on the customer. They had tointegrate the solution into their operation, maintain it and so on. They were forced to buy separate layers of systems and applications for a premium price and then only used a small percentage of their capabilities, since many of its functions might not be necessary to their business. The move to the cloud-based model, or try before you buy, reduces the impact of this and gives organizations much more agility. In effect, the iPhone apps model has been duplicated within enterprise IT. So customers find that they have more choice – and they are responding to that.

The demand is undoubtedly there; IDC recently surveyed organizations in Australia and found that 86 per cent of Australian enterprises are now using cloud computing, up from 71 per cent the previous year. The global cloud market will be worth $240 billion by 2020. As IDC called it, cloud is now “business as usual.”

staying at the cutting edge

The old adoption model also meant engaging in a long procurement cycle – often several years – to specify, commission, build and integrate an IT solution into operations. The consumption model enables organizations to circumvent this. If they spot a trend they have the agility to respond to it immediately and get systems in place more quickly.

This is one of the key benefits to customers under the managed services and cloud delivery model; they can enjoy fast adoption based around mobility and rapid roll-outs. Companies can always enjoy the most up to date models and versions – for example many organizations remain locked in to out of date email applications. The cloud enables them to always be in a state of upgrading, always enjoying the benefits of the latest and greatest version.

customer simplicity, vendor complexity

So the next generation procurement model makes life easier and more predictable for the customer – but for product vendors, there are challenges to overcome. Under this service versus product approach, customers are able to keep things as simple or as complex as they choose. They can procure and use a device or technology at the top level and enjoy value from it, or delve further down into its capabilities and enjoy much greater benefits. Vendors will need to adapt to this.

Similarly, the managed services approach also gives customers simplicity in support terms; end-users don’t like complexity and prefer simplicity in IT support. Under the subscription model, their provider can use in-depth analytics and Big Data to provide them with the quality of service and support that they demand. The cloud even means that IT support has moved online, and all these new provisions are being powered by end-user demand. The consumer is making the decisions now. And cloud delivery and the subscription or pay-for-use model is how they want their IT.

Original Publication

The Ins and Outs of Cloud and Outsourcing

The speed at which IT is developing and the general nature of modern business means that many enterprises rely on specialists to manage our systems and applications. Economic and competitive pressures have made it imperative for organisations of all sizes to focus on their core competencies and turn to third-parties to assume responsibility for key corporate functions. The most common form of outsourcing is the cloud. The cloud simplifies many aspects of IT and the business services world.

Outsourcing is by no means a new or revolutionary concept and to date, it continues to deliver consistent financial benefits. By engaging a cloud service, a small organisation can have access to leading technology without large investments, while global enterprises can ensure that business sectors are managed effectively and efficiently.

Aside from obvious financial benefits, the list of incentives continues to grow: service quality, access to innovation, the removal of non-core functions, access to leading IT skills and resources, and forecast future IT spending all contribute.

For any enterprise, the benefits of outsourcing to the cloud are only guaranteed if certain guidelines and precautions are put in place, and in order to do this, you must understand the challenges:
• Potential loss of control over certain business functions
• Rigidity and a general lack of flexibility in the services received
• Time and effort involved in managing the service provider

The key is to select a provider whose cloud portfolio is as flexible and varied as the workloads it may handle—today and into the future. For many enterprises, the cloud is no longer a curiosity, but an opportunity to transform IT. As they think beyond one or two isolated workloads, their criteria in selecting a cloud provider become more stringent. To meet business goals for efficiency, cost-reduction, and simplification of processes, enterprises must look for a cloud provider that offers a range of services that meet today’s needs and can grow with the business.

Understanding the organisation you are outsourcing to is pivotal in addressing potential security problems, so below are some basic guidelines:

Understand the current security model

It sounds obvious, but often it is taken for granted. Evaluating the security controls currently in place in your organisation and what risks they should be eliminating, is important in knowing what you need to ask for when you seek a cloud service. This process also helps identify what is working and what isn’t, and provides you with the ability to request the same security standards in your cloud service provider (CSP). If this assessment uncovers gaping holes, you have the opportunity to rectify this with your new CSP, or if your security is up to scratch, then you have a benchmark by which to measure. Ensuring that internal security measures and your new CSP security credentials matchup is critical in delivering the safest environment possible for your organisation.

The variety of cloud solutions available – from infrastructure through to network – your cloud choice may need to integrate with existing security standards. In such cases, firewalls and other traditional security measures can be adapted to integrate with new security policies. In theory, this is the case; however a full assessment and understanding of these traditional measures may uncover non-compatibility with current systems. Understanding the full scope of your business, your requirements and your current security measures will direct you to what you need from your CSP.

Keep in mind: Change can be difficult, and risky. Have a safety net in place. Your security systems are going to change in your organisation, and to make sure it is for the better means you need to understand the security bottom line.

Don’t be afraid to: Take this security investigation as an opportunity to give your security system an overhaul.

 Ask tough questions and assess the risks

Managing your outsourcers’ security levels should not be overlooked. The CSP’s internal security policies, regulations and laws (if you are looking offshore) need to be understood and evaluated. They will help develop a picture of what the security spectrum of your business will look like in an outsourced environment and most importantly identify any current gaps.

A cloud has different avenues for attack than would otherwise be available in a traditional data centre. The increased surface of a cloud increases its vulnerabilities which puts your organisation at higher risk. Things such as virtual switches, the item connecting virtual machines with virtual networks by directing communication and data packets, and software programs that allow machines to communicate with each other, are characteristics that previously your organisation may not have been exposed to, so it is critical to understand the potential impact of this new environment.

Transferring part or all of your organisations IT footprint to the cloud is a big change with sometimes unpreventable mishaps. If a problem arises based on an unexpected incident, who is to blame? The organisation or the provider? Allocating the right responsibility needs to be determined in the initial phase to avoid any confusions in the long run. Responsibility here is in relation to your organisation and the outsourcer. Be upfront when embarking on this new relationship and opening the doors between your current IT staff and your future provider to ensure that expectations and responsibilities are measured and tracked.

Keep in mind: What you expect your outsourcer to deliver may not always be clear. Define and determine responsibilities. Ensure that your CSP offers the levels of customer service you are accustomed to, with access to expert technicians (either on-staff or through a certified partner network). For additional levels of support, find a provider that offers a range of managed and professional services to help you develop a cloud strategy, migrate to the cloud, and maintain optimal cloud performance.

Don’t be afraid to: Look up specific international security standards and be informed and aggressive when dealing with your future (or current) CSP.

 Investigate the environment

Knowing what needs to be outsourced is very different from knowing what the ripple effect will be when that segment of your organisation is actually outsourced and placed on the cloud.

Your cloud provider is now the first line of defence in your external incident management process. They must be able to detect, evaluate and report any incident in a suitable timeframe and in the process already expected by your company. Consider, too, the legal and operational impacts. By outsourcing, you are in a way, joining with another organisation, so be sure of the overall compatibility.

Consider this, too: Multi tenancy. You could be one of numerous companies that the CSP is providing service to. There is no physical separation. Investigate whether you are entering into a multi-tenant environment, and what exactly this means for your organisation and its information.

The outsourcer will be retaining a lot of information about your internal organisation workings, too. If any internal incidents occur, accessibility around records must be agreed upon and understood. Identifying individuals within the outsourcing organisation will help increase transparency and reaction around any issues.

Keep in mind: Your information is now housed inside other organisations (metaphorical) walls. This is an integrated service, designed to know the ins and outs of your organisation. Don’t be afraid to: Look for evidence that shows whether each service provider has experienced serving enterprises like yours. These include sample customer lists, reputation, track record, and existing customer base. Service providers with experience in your company’s industry or have similar customers are likely to understand your business and technology needs.

Original Publication

The Five Traits of the thriving IT Organization

To thrive in this new competitive environment, IT and business leaders must actively develop five new organizational traits:

• A Learning Organization
• A Disciplined Organization
• A Transparent Organization
• An Intimate Organization
• A Dynamic Organization

Read more …….

The Five Traits of the Quantum IT Organization

…………………………….

Managing trouble if your Cloud is in a Storm

Cloud computing comes with many key decision and considerations. There are decisions to be made around whom to choose, what to look for and what specific service it is that you ultimately need for your organisation.

When an organisation starts to think about moving to the cloud, the driving force is usually twofold: achieving a competitive edge in business and the cost saving benefits the cloud promises. While these are the incentives, the considerations when choosing a cloud service provider (CSP) need to be a lot more detailed. You are migrating your business from one form of technology to a newer and still developing one, and hence must consider scalability, control and security.

This can be a long, slow and painful process. CSPs are, ultimately, still subject the same cyber problems as your company was back when the humble server was the apple of the CIO’s eye. You may have decided on a CSP boasting near 100 per cent up time. But what about errors in the file system, misconfigurations, abuse attempts, programming errors and bugs? When they hit, service outages happen. Maybe not every time, but they can happen.

The Australian Government Department of Defence, Intelligence and Security have an online resource dedicated to advice for “Cloud Computing Security Considerations”. Aimed to assess the benefits and risk associated to cloud, the site also investigates the potential disasters associated when cloud provider drop outs occur.

The question the site raises is this: what happens if your data is housed in the cloud and your cloud service provider, for some unknown reason, becomes unavailable?

And this is one of the true problems of cloud computing. By placing your organisation’s data, information and trust in a service provider, you ultimately lose the ability to directly and independently fix problems if and when they occur. There is a whole world of security threats floating around that have the potential to wreak havoc with a business’ critical data and applications, and that can damage an organisation’s reputation and bottom line.

And, even more concerning, what happens if your trusted CSP unexpectedly goes out of business. Where does your data go? Who has rights to it? How do you recover it? Is it still secure? The plethora of questions that this potential situation brings up is enough to warrant serious concern, consideration and preparation.

So, below are five tips which you need to consider if and when, and ideally before, you migrate to the cloud to ensure that business can go on as usual if your provider becomes unavailable.

1. Demand connectivity and availability

The Cloud Computing Security Considerations highlights availability, bandwidth, latency and packet loss as the four key concerns when looking at network capacity from vendor to organisation. If there is inadequate connectivity, then ultimately your organisation will reduce its capacity to function as it should when working on the cloud. Similarly, you need to understand the provider’s availability. Availability can be affected by a host of things: targeted attacks, unsuccessful an ineffective maintenance, hardware problems and so the list goes on. As always, doing due diligence on your cloud service provider is critical. You need to ensure that the provider will meet your organisation’s cost, quality-of-service, regulatory compliance and risk management requirements.

The system housing your organisations information and identity must have capacity and ability to deliver a connected and available service, otherwise the CSP is redundant.

Ask yourself: is there any room to compromise on connectivity and availability when looking at my service provider?

Understand the service level agreement (SLA) so there is no confusion around the level and quality of service you are signing up for.

2. Be realistic – the threats are largely the same

Physical systems in offices can crash and fail – losing your data on site and in your office. Whether you have just migrated to the cloud, or have been a long-time resident, the risks you now face are the same as those you faced with a server purring in the back room. The loss of important data is another concern that businesses ignore at their own peril. A hacker or a disgruntled employee could delete important data. However, hackers and employees are not the only ones who might be responsible for such a circumstance. Important, mission critical data can be lost due to the negligence of a cloud service provider.

So what was your plan then? Assess the guidelines you had in place before migration, and then adapt these to the new technology.

Ask yourself: What are the bottom line security standards our organisation needs? Understand your key areas of weakness so you can develop a plan to protect them.

3. Back up. Again. And again.

Moving data to the cloud means it is no longer housed underneath your organisations roof. It is housed in a data centre somewhere across the globe. To future proof your data and ensure that you are not left in the lurch without important information and applications; your best option is to work with two cloud suppliers and house your data in both. This means that when one provider goes down its extremely unlikely the other will.

Either way, the cost is generally a good investment for peace of mind.

Ask yourself: is it worthwhile spending additional money on a second back up to ensure that business can run as usual if one CSP goes down?

4. Your SLA: The scheduled, the unexpected and the unsaid

Any service level agreement (SLA) will have listed the maximum possible unscheduled downtime that can occur without breaching it. The Cloud Computing Security Considerations notes that “typical SLAs that guarantee 99.9% availability can have up to nine hours of unscheduled outages every year without breaching the SLA”. 9 hours may sounds small in the scheme of things, but timing and deadlines could potentially render an ‘unscheduled outage’ catastrophic.

Likewise, your SLA should have an estimate on scheduled downtime, for key activities like maintenance. Understand what notice your contact says you will be given and what the parameters are here.

Another key consideration when it comes to SLA is compensation. Downtime can have huge effects on your businesses functionality and depending on severity could tarnish reputation.

By understanding your SLA you are more capable to assess the potential impact an outage could have, what you should expect in relation to downtime and if your organisation could manage this in day to day workings.

Ask yourself: how much time out can your business take without your business suffering. Is it an inconvenience or a hindrance?

There are huge discrepancies across SLAs for CSPs. Understand your SLA, and be aware that it is likely skewed in the providers favour. Knowledge is power.

5. Good relationships are founded on trust

You are putting sensitive data and critical applications in the hands of your provider. You need to have trust that if they can manage this data, they can manage to get you back on board in a reasonable time frame and without real stresses to your business.

Your provider needs to be reliable and secure, and ultimately be able to protect your data even when there is down time.

There should be minimal doubt when you sign that dotted line.

Ask yourself: what do you know about this provider, their history and their capacity. Understand your demands and their solutions. Do your research, and if you find any red flags, don’t hesitate to ask.

Original publication on CSO.

The rise and rise of the “as-a-service” (XaaS)

I recently blogged about Unified Communications as a Service (UCaaS) and how its cloud-based communications and collaboration tools can help companies be more productive. The “as-a-service” (XaaS) approach is really at the heart of so much business transformation at the moment and it is fair to say that it is becoming a strategy in its own right. It is creating a whole new paradigm for customers and service providers.

XaaS: what’s new?

In the past we typically used to ship or download physical products as we needed them, but the introduction of cloud computing as a heavyweight enabler has given rise to the XaaS model. The XaaS approach brings with it an ongoing relationship between customer and supplier, in which there is constant communication, regular status updates and a genuine two-way, real-time exchange of information.

Original Publication

This makes XaaS an attractive approach for customers, they really seem to be buying into it – the managed service nature of the relationship means they have to commit less money up front while enjoying less risk and still keeping up-to-date with the very latest technologies and product developments. Plus companies can also scale up or down, depending on their needs at a given moment in time – another important influencer on costs and another of those flexibility enhancers.

how mobile is helping power the XaaS revolution

So in the same way that the cloud itself has been a disruptive development for conventional IT’s ways of getting things done, so the as-a-service model is also changing the game. It is fair to say that the cloud is effectively the next step in the evolution of the internet, and the cloud is the conduit through which everything will in future be delivered as a service.

The XaaS model is changing everything in that it is both taking over applications and also taking over service delivery channels and basically cutting out the traditional middle man. With mobility becoming the new norm and the standard way of doing things, people can access the services and applications they want no matter where they are. Mobility, mobile device proliferation and the shift to faster mobile broadband connectivity are all helping to accelerate the process.

XaaS going mainstream

Software as a Service (SaaS) was arguably the first area in which the cloud delivery XaaS model found its way into the commercial mainstream, and the sector has gained significant momentum since then. Gartner predicts that the worldwide SaaS market will exceed $22 billion in 2015, almost double its value in 2011.

The benefits that SaaS brings to companies are true of all the other XaaS alternatives, such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Storage as a Service, Security as a Service, UCaaS and others. The big data revolution is seeing more organizations look into the possibilities offered by storage as a service – companies are creating more internal and external communications data, more video and so on, which means that storing data securely becomes an increasingly significant legal and compliance issue.

So by outsourcing these service provisions to a qualified expert partner, organizations immediately get lower “Total Cost of Ownership” (TCO) than with traditional, on-premises solutions. Deployment of services and applications is faster and easier which means that companies can reduce OPEX and get new offerings and services to market faster. The initial CAPEX is lower, IT support expenditure is reduced through the XaaS model and scalability is built-in to the proposition. Design obsolescence is also a thing of the past under an XaaS model. So it becomes another major disruptor for suppliers.

Overall people are switching on to the XaaS model because it takes the TCO and converts it from being a concern into something which is more controllable, and which has agreed service levels. Traditionally, IT initiatives were known for suffering from project overruns, where companies didn’t know what they would get at the end of a process which took longer than intended and which of course cost more. Those types of incidents were what cost CIOs their jobs. The XaaS approach removes this risk and while there can be a worry about having less control over the whole, companies have come round to seeing the benefits as outweighing this.

but the network remains key

So while the benefits and reduced risks of the XaaS model are clear, the network backbone is what powers the proposition forward. Cloud services all rely on a robust network to give the reliability that services need and that end-users expect, so as companies make the shift to the XaaS paradigm, they must always think about their networks too. If reliable, high speed connectivity is not available then the user experience declines and the proposition weakens.

innovation acceleration

Perhaps the real proof point of the XaaS model is that it genuinely accelerates innovation. No customer likes deploying something and then finding that a new version of the software, hardware or whatever has come along a few months later and they are already behind the curve. Under the XaaS approach, innovation can occur in real-time, customer feedback can be gathered and acted on immediately, organizations – and their own customer offerings – are able to stay at the cutting edge with minimal effort.

This is where XaaS distinguishes itself from the traditional thinkers who still believe that it’s better to build things themselves – the traditionalists will end up spending a lot more money to be locked into something that could pretty soon be out of date. Open integration environments that encourage application development are flourishing. And through this kind of innovation the smart providers of today are set to kill off the old paradigm by opensourcing this ongoing innovation and new ideas.

This new paradigm, now has a number of competing labels emerging. We will see with increasing frequency XaaS from our industry, no matter which label the industry adopts, the ‘Everything as a Service’ or ‘Anything as a Service’ label. One thing is guaranteed, we will continue to see the rise and rise of the “Everything-as-a-Service” /  “Anything-as-a-Service” (XaaS) model.