The workspace of the future is exciting – but?

The digital tsunami and the move to mobile have changed the way we work forever. It is not all that long ago that we accepted our jobs as being part mobile – or at least where you could get a signal – and part tied to a desk. But no more; mobile is the new normal, it is here to stay, and the ‘workplace’ has become something altogether new and different.

At the heart of this workplace transformation has been an ongoing cycle of technological evolution. As networks have become faster and faster and support more apps and more data, the cloud has come into play. Cloud computing is now second nature to most people, and processing data through or storing it in the cloud has grown exponentially.

This faster computing power married to mobility’s always-on-anywhere nature has in turn led to richer content and applications at end-user level, for which end-users want ever smarter mobile devices, hence the astonishing rise in smartphone and tablet proliferation. Then, having faster, smarter mobile devices and ever-faster mobile broadband, end-users consume more and more data and digital content, which in its own turn has the knock-on effect of needing faster networks. This is the mobility and virtualization lifecycle, and its impact on the workplace has been revolutionary.

The point is that the traditional way of working has changed, and with it the workplace itself. And this has been powered not just by technology, but by people themselves. Mobile technology has empowered people to shape their workplaces to their own demands. It is a brave new world all right, and a truly exciting one.

How workers and ways of working are changing

Mobile has changed so much of what we’re used to. The typical ‘office job’ has transformed into something which through mobile empowers the employee and benefits the employer, in the form of greater freedom and increased productivity respectively. The consumerization of IT led us to bring your own device (BYOD) policies, with research showing that 87 per cent of employees have used a personal device in the workplace. Sales of smartphones and tablets now outstrip all PCs put together, including notebooks. 79 per cent of IT decision-makers say virtual desktops are in their current or future plans, while enterprise social networking is also high on agendas. The world of work went and got mobile, and employers have had no choice but to embrace it.

Buildings, ways of working and ICT strategy

The new workplace has become a seamless environment, where personal and professional crossover and interchange. Even workplace buildings themselves have become part of the mix; intelligent building projects are in place now which differ hugely from offices and factories of days gone by. The need for intelligent buildings now informs a company’s ICT strategy, as the new, mobile first way of working requires this new workplace to make it a reality.

When previously kitting out an office building IT departments generally focused on wireless connection models and protocols, wired and wireless access points and so on. There were no interfaces in place for seamless integration of multiple mobile devices, networks and platforms were largely proprietary (and not very interoperable with multiple different devices and protocols) and legacy services were limited. In short, the workplace was a relatively dumb environment.

The shift to new ways of working has created the need for new, intelligent buildings to support progressive companies. New working environments are looking to the Internet of Things as a driver, with its need for embedded systems with local computing. Next generation communications systems like MiFi and Zigbee must be worked into the mix, as must multimodal interactive interfaces like NFC, digital signage and all the various smart devices that now enter the workplace.

Intelligent buildings can also have a positive environmental impact thanks to increased numbers of sensors, monitoring systems and controllability of systems making them greener places to work. All of these elements are now making their way into organisations’ real estate acquisition strategies, making them part of an overall business strategy. Including smart intelligence to the building itself’s design makes for a smarter workplace and happier employees. This means thinking about your ICT strategy can separate digital, Business Intelligence and legacy systems while still looking to generate interaction between unified communications and collaboration (UCC) tools, human resources, security and suppliers.

In short, companies must now think not just from their own perspective but also from what their employees want and expect from a workplace. Take a technology-agnostic approach, and think ahead – use your building systems to deliver open, integrated services to workers – not just to manage your building. That’s the way to moving to the cloud-enabled, flexible and any place, anywhere, anytime method of working.

The security imperative

The new way of working is exciting, progressive and more productive – but it of course remains vital not to ignore the potential security risks. BYOD and smart building initiatives have helped empower workers in unprecedented ways, but they do bring with them traditional worries. Company data now resides on more devices in more places than ever, and IT departments have no choice but to accept this and mitigate it.

Lost or stolen mobile devices naturally remain a key concern for IT professionals, while employees placing data in cloud-based file-hosting apps such as Dropbox is also a potential problem. Traditional security threats like hacking and DoS (denial of service) attacks are still present too of course. So the IT department must manage both the old threats and the new.

They can begin by implementing a mobility policy which lays out the rules and precautionary measures needed to keep sensitive corporate data and systems as safe as possible. Employees bringing own devices into the workplace have to play their part and commit to safeguarding data and not abusing their newfound flexibility. Device management systems married to good quality encryption tools can help guard against data loss via stolen or lost mobile devices, but with both mobility and new, intelligent building systems to manage, companies should think about both hardware and software encryption policies.

The new workplace is a thrilling prospect, taking our now second nature mobility, partnering it to intelligent building environments and using it to help us enjoy greater freedom and flexibility in our jobs than ever. It’s an exciting time – but nonetheless one that requires good planning and the factoring in of expansive security measures at each step on the journey.

Technology predictions for 2014 & beyond

predicting technology futures – what’s in store for 2014?

Original publication

2013 has seen a number of technologies enjoy varying levels of success and growth, with mobile devices, cloud computing and enterprise app stores all continuing to gain momentum. As I have written about throughout the year on this blog, these technologies have all had that disruptive business model impact which makes them popular and shakes up the existing landscape.

As we approach the end of 2013, I see no reason to expect 2014’s emerging technologies and trends to be any different. So what do we have to look forward to?

wearable technology and absolute mobility

Mobile everywhere and mobile for everything. 2014 will be the year that mobile is ubiquitous, smarter, faster and our reliance on mobile connectivity becomes absolute.

2013 saw the emergence of bring your own device (BYOD) as a mainstream concept, with end-users pretty much eschewing the notion of work/life balance and taking their smartphones and tablets into the workplace as a matter of course and taking their work on the move with them, presenting companies with new security challenges. But the trend will continue and 2014 will see users expecting to be online in more places than ever, at high speeds and with more robust security levels.

This increased mobility will continue to be driven forward by the latest advances in mobile devices, with wearable technology to the fore. The announcement that Burberry’s chief executive has just jumped ship to join Apple is a good indicator of how technology and fashion will merge over the coming year.Google glasssmartwatches and other wearable devices will all connect to the internet and each other through the Cloud like never before. And speaking of the connected planet. . .

the Internet of things goes mainstream

The internet is dead, long live the internet of things. There are now more networked devices and machines on the planet than there are people and 2014 will see still more devices, appliances and vehicles come online and begin communicating with each other.

The internet as we know it has already changed the world and many aspects of our daily lives. It has benefited businesses, individuals and nations, often helping to transform the way governments deliver education, health and social services and making information more democratically available. The internet of everything addresses the next generation of networked devices, with machine-to-machine (M2M) communications powering new ways of doing everything. Right now our phones and tablets are our most common networked devices, but the internet of things will see the networking of cars, homes, appliances, televisions, meters, indeed most electrical and electronic appliances and devices. There is even a company in the Netherlands that has helped a farmer to connect his cows.

Forecasts vary, but recent research projects that by 2020 there will be 75 billion ‘things’ connected to the internet and communicating with one another. 2014 will be the year that everything being networked goes mainstream.

hybrid cloud and XaaS model

2014 will see IT architectures continue to evolve and bring greater flexibility to companies and end-users. In previous blogs I have written about the future impact of cloud computing on various IT disciplines, notably procurementstorage and business continuity and even the role of the traditional CIO.

The cloud will continue to transform throughout the coming year, and the direction it will take will be that of hybrid cloud. Companies with private cloud architectures in place should be ready to embrace personal cloud and make the shift to the hybrid model. The hybrid approach gives organizations greater operational flexibility and optimized costs without compromising security. Network performance is improved too.

The ‘as a service’ (XaaS) model will continue to grow in popularity as well, as organizations adopt its agility and flexibility benefits while also recognizing that the OPEX model carries major advantages over the traditional CAPEX, investment-up-front approach.

software-defined architecture

Software-defined architecture will also come to the fore in 2014 – a practice whereby the software or the application defines the purpose of the device itself. This can be a storage device or a server, or a personal device such as the music boxes or wristband and apps that tracks how you sleep, move and eat—then helps you use that information to feel your best. The function defines the form.

The software-defined approach can help revolutionize the way we program, use and interact with devices because it makes them completely customizable. Devices of any kind will become defined by their apps, making them directly programmable, more agile, centrally managed and configurable and giving us greater control.

share, share and share again

End-users are now, thanks to the rise and rise of social media, so used to sharing that it is second nature. There are now 1.15 billion active Facebook users and over 288 million active Twitter users, all sharing thoughts, information, news, opinions and more, all the time. There have been more than 16 billion photos shared on Instagram. And this is just the beginning.

3-D printing is one area where the sharing of ideas and designs is going to take off in a big way in 2014 and beyond. Sales of 3-D printers are forecast to grow by 75 per cent in 2014, as the technology takes hold in the mainstream. 3-D printing could have a massive impact on many industries, not least the manufacturing sector. It represents a new way of sharing, with companies no longer needing to produce things the same way. For example one company or individual can come up with a design or bright idea one day and that design can be shared and copied tomorrow. Manufacturing, product development, design and prototypes – all of these disciplines could be hugely affected. This does of course present a challenge similar to that faced by the music and movie industries; when you have moved from the physical world to the virtual, and people are so used to sharing, how do you protect intellectual property? Innovative smart machines may be the solution to that. But that’s for another blog post.

Happy 2014.

Original Publication

Managing trouble if your Cloud is in a Storm

Cloud computing comes with many key decision and considerations. There are decisions to be made around whom to choose, what to look for and what specific service it is that you ultimately need for your organisation.

When an organisation starts to think about moving to the cloud, the driving force is usually twofold: achieving a competitive edge in business and the cost saving benefits the cloud promises. While these are the incentives, the considerations when choosing a cloud service provider (CSP) need to be a lot more detailed. You are migrating your business from one form of technology to a newer and still developing one, and hence must consider scalability, control and security.

This can be a long, slow and painful process. CSPs are, ultimately, still subject the same cyber problems as your company was back when the humble server was the apple of the CIO’s eye. You may have decided on a CSP boasting near 100 per cent up time. But what about errors in the file system, misconfigurations, abuse attempts, programming errors and bugs? When they hit, service outages happen. Maybe not every time, but they can happen.

The Australian Government Department of Defence, Intelligence and Security have an online resource dedicated to advice for “Cloud Computing Security Considerations”. Aimed to assess the benefits and risk associated to cloud, the site also investigates the potential disasters associated when cloud provider drop outs occur.

The question the site raises is this: what happens if your data is housed in the cloud and your cloud service provider, for some unknown reason, becomes unavailable?

And this is one of the true problems of cloud computing. By placing your organisation’s data, information and trust in a service provider, you ultimately lose the ability to directly and independently fix problems if and when they occur. There is a whole world of security threats floating around that have the potential to wreak havoc with a business’ critical data and applications, and that can damage an organisation’s reputation and bottom line.

And, even more concerning, what happens if your trusted CSP unexpectedly goes out of business. Where does your data go? Who has rights to it? How do you recover it? Is it still secure? The plethora of questions that this potential situation brings up is enough to warrant serious concern, consideration and preparation.

So, below are five tips which you need to consider if and when, and ideally before, you migrate to the cloud to ensure that business can go on as usual if your provider becomes unavailable.

1. Demand connectivity and availability

The Cloud Computing Security Considerations highlights availability, bandwidth, latency and packet loss as the four key concerns when looking at network capacity from vendor to organisation. If there is inadequate connectivity, then ultimately your organisation will reduce its capacity to function as it should when working on the cloud. Similarly, you need to understand the provider’s availability. Availability can be affected by a host of things: targeted attacks, unsuccessful an ineffective maintenance, hardware problems and so the list goes on. As always, doing due diligence on your cloud service provider is critical. You need to ensure that the provider will meet your organisation’s cost, quality-of-service, regulatory compliance and risk management requirements.

The system housing your organisations information and identity must have capacity and ability to deliver a connected and available service, otherwise the CSP is redundant.

Ask yourself: is there any room to compromise on connectivity and availability when looking at my service provider?

Understand the service level agreement (SLA) so there is no confusion around the level and quality of service you are signing up for.

2. Be realistic – the threats are largely the same

Physical systems in offices can crash and fail – losing your data on site and in your office. Whether you have just migrated to the cloud, or have been a long-time resident, the risks you now face are the same as those you faced with a server purring in the back room. The loss of important data is another concern that businesses ignore at their own peril. A hacker or a disgruntled employee could delete important data. However, hackers and employees are not the only ones who might be responsible for such a circumstance. Important, mission critical data can be lost due to the negligence of a cloud service provider.

So what was your plan then? Assess the guidelines you had in place before migration, and then adapt these to the new technology.

Ask yourself: What are the bottom line security standards our organisation needs? Understand your key areas of weakness so you can develop a plan to protect them.

3. Back up. Again. And again.

Moving data to the cloud means it is no longer housed underneath your organisations roof. It is housed in a data centre somewhere across the globe. To future proof your data and ensure that you are not left in the lurch without important information and applications; your best option is to work with two cloud suppliers and house your data in both. This means that when one provider goes down its extremely unlikely the other will.

Either way, the cost is generally a good investment for peace of mind.

Ask yourself: is it worthwhile spending additional money on a second back up to ensure that business can run as usual if one CSP goes down?

4. Your SLA: The scheduled, the unexpected and the unsaid

Any service level agreement (SLA) will have listed the maximum possible unscheduled downtime that can occur without breaching it. The Cloud Computing Security Considerations notes that “typical SLAs that guarantee 99.9% availability can have up to nine hours of unscheduled outages every year without breaching the SLA”. 9 hours may sounds small in the scheme of things, but timing and deadlines could potentially render an ‘unscheduled outage’ catastrophic.

Likewise, your SLA should have an estimate on scheduled downtime, for key activities like maintenance. Understand what notice your contact says you will be given and what the parameters are here.

Another key consideration when it comes to SLA is compensation. Downtime can have huge effects on your businesses functionality and depending on severity could tarnish reputation.

By understanding your SLA you are more capable to assess the potential impact an outage could have, what you should expect in relation to downtime and if your organisation could manage this in day to day workings.

Ask yourself: how much time out can your business take without your business suffering. Is it an inconvenience or a hindrance?

There are huge discrepancies across SLAs for CSPs. Understand your SLA, and be aware that it is likely skewed in the providers favour. Knowledge is power.

5. Good relationships are founded on trust

You are putting sensitive data and critical applications in the hands of your provider. You need to have trust that if they can manage this data, they can manage to get you back on board in a reasonable time frame and without real stresses to your business.

Your provider needs to be reliable and secure, and ultimately be able to protect your data even when there is down time.

There should be minimal doubt when you sign that dotted line.

Ask yourself: what do you know about this provider, their history and their capacity. Understand your demands and their solutions. Do your research, and if you find any red flags, don’t hesitate to ask.

Original publication on CSO.

How to secure an outsourced project

Despite our desire for simplicity, IT continues to become more complex. Decentralised applications or client-server models have become the norm. Smartphones and tablets are pushing mobile computing into a new era and changing user behaviour. Cloud has significantly altered the way we provide IT solutions and how we meet business needs with technical solutions.

Long gone are the days when a single person could master and manage an entire enterprise network. Today, many businesses lack the dedicated staff and financial resources to manage their ever expanding IT needs. Faced with this situation, a growing number of companies contract out part of their IT to external suppliers.

While many articles have explored the security issues linked with cloud services, there are still many people who fail to recognise the same arguments apply to other outsourcing services. In fact, the challenge of managing risks and security in a diverse IT environment remains the same; whether it’s cloud, outsourcing or managed services, the reality is you are handing control of your business’ devices or applications to someone else.

The security challenge

The challenge for many businesses is deciding the level of security controls and risks your company is willing to accept – you can choose a fully-dedicated environment where security levels are dictated by your organisation, or you can use a public environment in which you accept the default setup.

Today’s Chief Security Officer is assigned the task of managing security risks associated with these changes and must come up with appropriate solutions to alleviate them. For many businesses, the move to an outsourced model presents an opportunity to increase the level of network security. It could even be the trigger for a security upgrade.

 Establishing an outsourced project

Outsourcers will generally set technical, physical and organisational security controls that will be applied across all of the outsourcer’s services. This creates a baseline and spreads the cost of security across its client base. It is essential to understand your outsourcer’s baseline and request additional security if your project requires it.

Before entering into an outsourcing agreement, it is also important to consider legal matters. If the outsourcer is providing a “standard” service, it up to your company to ensure that your legal requirements are met – for example, regional data storage compliance and confidentiality legislation.

 Managing multiple outsourcers

Outsourcer management is often neglected despite the fact that many companies outsource different parts of a project to a range of suppliers. For example, one company might handle the telephony infrastructure, while another manages WAN. In this situation it is essential to ensure both outsourcers deliver the same level of security for their services. It is also crucial to establish clear communication between the various outsourcers and internal departments – especially during periods of disruption or change.

 Incident management

Incident management (both poor and effective) has significant legal, reputational and operational impacts. It is essential to establish a process that dictates when a security incident is detected by your outsourcers, it is adequately evaluated, and reported to you within a predetermined timeframe.

Before entering an outsourcing agreement, ensure that the outsourcer’s obligations are clearly stated and check to confirm the outsourcer doesn’t have any legal constraints that are incompatible with your business.

Conclusion

Whatever part of your IT or process is outsourced, it is essential to ensure all security aspects are fully considered and met, and each outsourcer delivers the same level of security for their services. Detailed consideration of these challenges will allow businesses to benefit from the cost and productivity gains offered by outsourcing, while maintaining strategic security plan of the business.

Today’s CSO must take a 360 degree view of the project in order to ensure requirements are met and managed efficiently, and incidents will be detected and dealt with correctly.

Original Publication