How trusting are local authorities today with the cloud?

Cloud computing is a necessary direction for all in the public sector as directed by central Government.  In 2017, leading industry body TechUK issued a peer paper called ‘Building Local Government Trust in the Security of Cloud’.   In this, the widely held concern around security of cloud services was addressed, providing information, advice and specific messaging for local authorities.

The drivers of the shiny digital future underpinned by cloud computing were identified as:

• Internet of Things (IoT)
• Mobile applications
• Big data analytics
• Artificial Intelligence (AI)

The opportunity of cloud adoption is to enable ready access to computing platforms, ‘on demand’, creating efficiency and cost savings, with flexibility to allow for greater innovation, productivity and operational effectiveness.

A GovNewsDirect survey of 2016 did quote a growing concern over security of data in the cloud.  The counter was for organisations to use the cyber security tools, solutions and educational initiatives to introduce secure cloud computing and inform the user.

General Data Protection Regulations (GDPR)
Added to this, GDPR in May 2018 made all organisations sit up and take notice around effective management and processing of data for EU citizens. With penalties of 4% of global turnover or €20 million for any breach, a more thorough and diligent approach has added to the configuration considerations for cloud architecture and storage.

Accepting a half-way house to cloud?
For many public sector organisations, a full blown ascent to cloud migration is not feasible, often because of complexity around their legacy apps or workload types and the cost implications as the ROI for cloud is poor.  In this scenario, we are seeing and hearing greater noise around the hybrid cloud format, Hyper Converged Infrastructure (HCI) solution.  This on-premise hybrid solution has garnered advocates in the public sector, as being a viable and desirable way forwards as part of their digital journey, better suited for workloads with higher GB volume where performance is needed.

Digital vision, a budget to transform – mixed with a healthy dose of reality
For even the most progressive Councils in England, the drive to digital transformation comes with various challenges.  Glyn Peach, Director of Digital Services & Corporate Programmes at Swindon Borough Council, commented to us: “As part of our Transformation Programme, Swindon has evolved a highly effective Software Defined Data Centre and we’ve made solid progress on front end citizen services, moving many services online and providing self-service capability.  But true end-to-end user integration is still a little way off.  We are seeing great opportunity in data analytics and assistive tech.  This is starting to have an impact through our ‘Community Navigators’ programme supporting Adult Social Care and using preventative technology which can identify the risk of isolation and spot abnormal behaviour that may indicate a problem for the elderly in our care homes in Swindon.  If we can more broadly implement interoperability opportunities and open systems, this will ultimately pave the way for common standards that in the long term will bring down the costs of new tech and save money for the tax payer”.

Helpful tools

Cloud journey checklist
• Ensure your cloud service meets your organisations’ needs aims and objectives securely.
• Understand what type of data is involved and what levels of assurance are required.
• Work with cloud providers who have their own independently audited compliance framework standards (eg. ISO27001, Cyber Essentials Plus etc.)
• Use the latest cloud security technology to solve issues or business problems (ie around remote working or revenues and benefits)

Is it safe?  What information do you want to share with the cloud?
The levels of data privacy and security from different providers will differ depending on the type of information you are sharing when using a cloud service.  Amicus ITS has a Cloud Services Framework for helping organisations determine their own path. Take a look at our Cloud Assessment

Glyn Peach added:  “While the IT department may not handle the physical infrastructure or management of Shadow IT applications and services, IT does carry the burden of ensuring security and compliance for the corporate data that employees create and transmit through Shadow IT sources.  This creates mixed feelings toward Shadow IT, as some enterprises are willing to embrace the innovation and increased productivity it can deliver, while others aren’t as willing to look past the increased risk of security and compliance complications of Shadow IT”.

~~

Councils moving their infrastructure to cloud is a positive first phase.  Embarking on the path of true digital transformation is a second, far larger project which requires input from everyone and requires a re-examination of the entire way of doing business.  It is exciting though and with both parts of the journey, relies on careful planning, a strong strategic vision, good leadership, buy-in from the board, plus trusted partnerships.  Firstly in fostering and directing the talent of inhouse IT teams and then identifying the areas where further support or specialist technological solutions are needed to drive higher performance, enablement and ROI, adding new frontiers of value that come with our brave world of tech.

Q What has been your experience of cloud migration?  Has your organisation been able to make the leap to digital transformation, or is this part of a longer strategy which has either started or is being planned?

 

Beware Santa’s horses bearing gifts

Tis the season to be crafty!   Just as Amicus ITS was reaping the results of its own competition for staff to design a winning Christmas e-card for 2018 incentivised with online gift card vouchers for prizes, came the news report issued last Monday by security firm Barracuda Networks that Santa’s gone a bit phishy in a Gremlins kind of way in the run up to Christmas.

The increasing sophistication of social engineering has created a new cyber security workplace scam targeting receptionists, office managers and executive assistants.   The report states: “These types of attacks are very hard for traditional email filters to pick up because they are targeted, have a high reputation, and do not contain any obvious malicious signals”. 

Here, hackers will pretend to be the CEO or senior managers, using tactics like implied urgency and directed emails asking specifically say, for Google Play gift cards.  Phishing emails can also include a ‘signature’ implying it was sent from a mobile device.  Alternatively, the scam can be built around a secret ‘reward’ for employees.  There are no malicious payload links, or suspicious file attachments and they are often sent from trusted email domains.

Spokesman for Barracuda Networks, Asaf Cidon commented: “When sending social engineering-based attacks, attackers have always used context and timing to their advantage – and the Christmas season has opened the door wide to a lot of cleverly designed executive impersonation”.

What can you do about it?
Organisations should have the relevant anti-malware, spyware and adware in place.  Other security tools can include more advanced spybot software and AI-based security solutions to detect anomalies in email addresses that the CEO would not use, or behaviours which would recognised be uncharacteristic.  But alongside all of these technical competencies, it comes back to having an educated and informed workforce across the board, vigilant and trained to spot attack efforts and know the right remedial steps to take:

• Use HR to work with IT to help with employee messaging to avoid falling for these scams and to understand what technology is needed to ward off the attacks.
• Awareness spread through the employee network should reduce the time between attack and detection and prevent more extensive damage.
• If a gift card email scam hits your organisation, why not set a procedure in place for employees to be required to gain direct management approval to verify any financial requests.

Have you experienced this type of attack?  How did you react.  Anyone seeking advice on security measures around their IT systems can contact Sales on 02380 429429.

What’s in our MSP crystal ball for 2019?

Amicus ITS has just completed its annual Technology Strategy Review to look at the trends and demands we have seen from our customers in 2018.  We have also taken the opportunity to look at the wider development of technology solutions affecting our public sector customers and those which we believe are likely to have a significant impact in our industry in 2019.

A recent CRN survey of a group of VARS captured interesting views on where they are spotting trends around datacentre technologies they believe are tipped for take off in 2019. Their key results included:

• AI (Automation) – driven by monitoring and decision making
• Hyperconverged Infrastructures (HCI) – single platform flexibility
• Intelligent Edge (IoT)
• Network Automation (underpinned by software defined networking (SDN) – Cisco and VMWare
• Data archive + data backup – hyperconverged backup (vendors like Rubrik and Cohesity)
• Cyber security

So what’s our view?

After 30 years, Amicus ITS recognises that our success centres on our core strengths offering 24×365 IT Managed Services.  This gathers together service desk and other disparate services and software management for each customer.  Customers can buy umpteen individual technology solutions, but it’s helping run the whole service, understanding the customer and being able to spot what adds value that makes an MSP’s role special.  Some customers are in an advanced state of cloud enablement, others undergoing the journey to cloud through us. Others are preparing to embark.  With so much technology out there, we are transparent enough to acknowledge we cannot do everything ourselves inhouse.  So strategy for us, is around consultancy, with regular health checks and the nurturing of our technology partner ecosystem to match what is best in breed and need, so we can tailor what’s right our customers.

Looking at the drivers for our customers and based around conversations that are resonating most strongly, we would identify Hyperconverged Infrastructure (HCI), cyber security and smart working around people-centric technologies as the key go to strategies for the public sector.

Whatever the dictats may be from Government, the price of an entire shift to cloud is beyond the reach of most councils (and is also too complicated and expensive for many), so HCI continues to form a happy medium.  Citrix Virtual Apps and Desktops Service on Citrix Cloud delivers secure, virtual applications and desktops from on-premises resources or from major public cloud providers such as Microsoft Azure.  HCI really lends itself well to this strategy, offering the ability to adopt a cloud-first architecture but maintaining complete control over your application and desktop resources.

Added to this, the protection and compliance offerings around cyber security rightly command attention (though better on the front foot than reactive), as organisations not only want to protect data, but interrogate it to analyse behaviours and manage systems better.  Ultimately, whilst local authorities continue to battle with legacy systems, true end-to-end integration will be challenge to achieving true digital outcomes and the rollout of 5G networks will underpin many advances, but the journey has begun, so the consultancy around the best routes through cloud and most effective spend will continue to foster development and progress for us.

What do you think is going to be a focal point for the industry in 2019?  Let us know?