BROADScale – Cloud Assessment

Posted on : 30-04-2013 | By : jo.rose | In : Cloud

Tags: , , , , , , , , , , , , ,

0

We are well into a step-change in the way that underlying technology services are delivered.  Cloud Computing in its various guises is gaining industry acceptance.  Terms such as Software as a Service (SaaS), Platform as a Service (PaaS), Private Cloud, Hybrid Cloud, Infrastructure as a Service (IaaS) and so on have made their way into the vocabulary of the CIO organisation.

Cloud Computing isn’t new.  Indeed many organisations have been sourcing applications or infrastructure in a utility model for years, although it is only recently that vendors have rebranded these offerings ( “Cloud Washing” ).

With all the hype it is vital that organisations consider carefully their approach to Cloud as part of their overall business strategy and enterprise architecture.

Most importantly, it is not a technology issue and should be considered first and fore mostly from the standpoint of Business, Applications and Operating Model.

Organisations are facing a number of common challenges:

  • Technology budgets are under increasing pressure, with CIO’s looking to extract more value from existing assets with less resource
  • Data Centre investment continues to grow with IT departments constantly battling the issue of power consumption and physical space constraints
  • Time to market and business innovation sit uncomfortably alongside the speed with which IT departments can transform and refresh technology
  • Increases in service level management standards and customer intimacy continue to be at the forefront

Cloud Computing can assist in addressing some of these issues, but only as part of a well thought out strategy as it also brings with it a number of additional complexities and challenges of its own.

Considering the bigger picture, a “Strategic Cloud Framework”

Before entering into a Cloud deployment, organisations should look at all of the dimensions which drive their technology requirements, not the technology itself.  These will shape the Cloud Framework and include:

  • Governance – business alignment, policies and procedures, approval processes and workflow
  • Organisation – changes to operating models, organisation, interdependencies, end-to-end processes, roles and responsibilities
  • Enterprise Architecture – application profiling to determine which applications are suitable, such as irregular / spiky utilisation, loosely coupled, low latency dependency, commodity, development and test
  • Sourcing – internal versus external, Cloud providers positioning, service management, selection approach and leverage
  • Investment Model – business case, impact to technology refresh cycle, cost allocation, recharge model and finance
  • Data Security – user access, data integrity and availability, identity management, confidentiality, IP, reputational risk, legislature, compliance, storage and retrieval processes

The BROADScale service

At Broadgate Consultants we have developed an approach to address the business aspects of the Cloud strategy.  Our consultants have experience in the underpinning technology but also understand that it is led from the Business domain and can help organisations determine the “best execution venue” for their business applications.

Our recommended initial engagement depends on the size, scale and scope of services in terms of the Cloud assessment.

  1. Initial – High Level analysis of capability, maturity and focus areas
  2. Targeted – Specific review around a business function or platform
  3. Deep – Complete analysis and application profiling

At the end of the assessment period we will provide a report and discuss the findings with you.  It will cover the areas outlined in the “Strategic Cloud Framework” and provide you with a roadmap and plan of approach.

During the engagement, our consultant will organise workshops with key stakeholders and align with the IT Strategy and Architecture.

For more details and to schedule an appointment contact us on 0203 326 8000 or email BROADScale@broadgateconsultants.com

It’s official – the desktop is dead (well, nearly)

Posted on : 30-04-2013 | By : john.vincent | In : Innovation

Tags: , , , , , , , , , ,

2

Having spent much of my earlier career in the desktop engineering space (I took the Microsoft Systems Engineering exam in 1995 which included the now “antique-like” Windows NT 3.1, SMS 1.0 and Microsoft Mail), I have followed the whole desktop domain closely over the years.

Back in the mid 90’s, and probably for 10 or so years from that, a whole industry developed helping enterprises manage, optimize and migrate their desktop and associated server infrastructure from one version to the next. Very knowledgeable (and expensive) contractors and consultants advised on the best desktop roadmaps, how to package and distribute applications without conflicts, how to access the corporate network using RAS (cutting edge at the time), how to migrate from Novell Directory Services to Active Directory etc… Indeed, the “Windows Guru” strode majestically through the enterprise hallways.

However, the world is clearly a lot different today. Whether you lay the blame at the rapid rise of consumerisation, the move of compute power to cloud/virtual hosts, the economic decline or, more specifically, January 27th 2010 and the launch of the iPad, the fact is that the desktop PC (and to a lesser extent, laptops), is an industry in decline.

Recent sales statistics do not make for rosy reading. IDC figures for Q1 showed that PC shipments declined 13.9% last quarter, marking two quarters of significant decline with the Q4 2012 also being off 10% from the previous quarter. Fairly depressing news if you are one of the major desktop PC manufacturers.

The bottom line is that the role that the PC plays in peoples day to day lives is changing. Do you still come through the door and “fire up” the old desktop (positioned on a dubiously assembled Ikea workstation under the stairwell) using the time whilst Windows configures its updates to perform household chores? Probably not. Like the tablets and smartphones we carry, I guess you will have been “always on”, consuming important corporate updates, world news and dealing with the backlog of emails built up during the day (plus, multi-tasking on Level 33 of Candy Crush…).

The combination of the way we work, socialise and use applications/data has certainly meant that being physically tied to a desktop or laptop just doesn’t fit anymore. At the weekend I saw someone balancing their laptop on their forearm and attempting to type as they got onto a train – I remember doing the same myself but wouldn’t dream of it now.

What about enterprises I hear you cry? Our users need the compute power and richness of business applications that just doesn’t exist on IOS or Android based devices. This is true, today.

I certainly wouldn’t want to suggest that the PC market for desktops and laptops is dead. What it has done is lost its value. for most enterprises the PC has become a necessity for running certain business applications rather than something which is seen as a differentiator, productivity enhancer, or agile.

According to figures, end users have found that they can perform as much as 80% of their day to day needs on a tablet. With the other 20% requiring a PC, one outcome is that people are no longer looking for the latest and greatest desktops or laptops – choosing instead to opt for cheaper options for compute needs and where possible, switch productivity applications to hosted solutions such as Google and Office365.

With the release of Windows 8 Microsoft have sought to capitalise on (and protect) their market through closing the divide between desktop computing and the key features of tablets through mobility and the touch screen interface. It is a large transition and one which, so far, doesn’t seem to have convinced end users.

So what does the future hold for the PC? Well, at the top end of the enterprise market it’s not all bad. The volumes at the higher performance end (£700 plus) seem to be holding up better with greater margins. Plus the indications are that at the lower end they will continue to drive the price down for Windows 8 tablets.

However, we are in the final throes of the PC as we know it. Companies that can evolve their roadmap in line with the needs of consumers and business users will survive. However, at the moment this doesn’t look like an extensive list.

And what about the desktop gurus updating those certifications? Well, at a quick glance it might be best to leave it to Generation Y…

 

Who’s hacking your organisation? Seems like just about everyone

Posted on : 30-04-2013 | By : jo.rose | In : Cyber Security

Tags: , , , , , , , , ,

0

Last month we wrote about The Evolution of the Cyber Criminal and highlighted how they had developed from the lone (and often lonely) hacker, into organised and “employed” online assailants.

So where are the key locations orchestrating these attacks? Recently informed commentators have pointed towards China as the key driver behind cyber attacks with the primary goal to steal sensitive information, such as intellectual property. However, during 2012 FireEye, the leading solution provider to protect against Advanced Persistent Threats (APTs), monitored more than 12 million malware communications, thus creating a rich view of the threat landscape.

The key findings were;

  • Malware is truly multinational: callbacks were found to 184 countries which had increased 42% over the previous 2 years. The distribution of the countries has also evolved significantly, with the US, Ukraine and Russia top in 2011 whilst in the recent analysis the top countries were US, South Korea and China. The top 20 countries hosting command and control servers is shown below;

  • Asia and Eastern Europe hotspots: contributing 24% and 22% of the malware callbacks respectively. North America still actually topped the league but this was due to them hosting more control servers, both from an evasion and target perspective.
  • The majority of APTs originate from tools “Made in China”: by analysing the DNA of the malware families and matching with callbacks, FireEye some 89% originate from Chinese hackers.
  • Technology Organisations targeted most: there is a large concentration of attacks towards technology organisations, mainly due to their high level of intellectual property.
  • In-country callback evolution: in order to evade detection, malware is increasingly contacting control servers within the target nation (indeed, some 66% of servers were located within the United States).
  • Techniques to evade detection: control servers are using more and more advanced mechanisms to mask against capture, increasingly leveraging social networking infrastructure and embedding in common files.

To see an interactive cyber threat map and to download the full report, go to http://www.fireeye.com/cyber-attack-landscape/.

With such a dynamic landscape, APTs becoming more advanced and cyber criminals adopting a truly global approach to their activities, it is difficult for organisations to stay ahead.

Indeed, arguably it is really about staying close enough to limit the impact to your company sensitive information and assets.

Let’s look at some other key facts from the recent Advanced Threat Report for the second half of 2012.

On average, a malware event occurs once every three minutes within an internal company network. Whilst organisations deploy varying layers of protection such as Firewalls, Antivirus and Intrusion Protection Systems, the sophistication of malware has become so pervasive and successful at penetrating these defences, that without a new approach the fight will be lost.

Whilst some industry verticals are attached cyclically or consistently, such as technology organisations, others such as healthcare tend to be more experience more volatility within cyber criminals focusing on specific events.

Spear phishing remains the most common entry method for cyber attacks, with the initiators using more common business terms and associated file names to lure unsuspecting users into the attack. Indeed, they typically fall into three categories, those being 1) shipping and delivery (the top phrase in malware file names was “UPS”) 2) finance and 3) general business.

File-wise, ZIP remains by far the preferred delivery mechanism for malware over email, with it being used in some 92% of attacks. Also, attackers are avoiding the more common .exe file types as the infection propagates in favour of system files such as DLLs to avoid detection and be more persistent.

Cyber criminals have also spent a lot of time “innovating” in the way that the malware payload is delivered and to avoid detection. Example of these is malware executing when the user moves a mouse (hence duping some detection systems as it doesn’t generate any activity) or incorporating virtual machine detection to bypass sandboxing.

This is certainly a battle that will rage for many years to come.

If you would like more information on how FireEye can assist in protecting your organisation against cyber threats, please contact jo.rose@broadgateconsultants.com.