Week’s Technology News – 27th February 2015

Boards acknowledge cyber risk on their 2015 agenda

Back in 2013, following a KPMG report that cyber leaks at FTSE 350 firms were putting the UK’s economic growth and national security at risk, the heads of UK intelligence agencies MI5 and GCHQ then asked leading businesses to take part in a Cyber Governance Health Check.  The results were a stark wake up call.

As we reported in our blog on 19th December, Board engagement is pivotal to the success of any cyber security plan and thwarting the eye popping 80% of preventable attacks in 2014.

The 2015 Cyber Governance Health Check has just been published and reveals that 88% of companies are including cyber risk on their Risk Register with 58%+ anticipating an increased risk over the next 12 months.  However, only 21% say their boards get comprehensive information and only 17% regard themselves as having a full understanding of the risks. This is clearly insufficient in the light of the continuing squeeze on data security and compliance measures.

You do not have to be a FTSE 350 to want continued trust from clients and the comfort of having up to date data security measures.   So wake up and smell the budding roses of 2015 and do your own health check review now:

  • Re-evaluate what the unique crown jewels of your organisation are (key information and data assets) as they may have changed in in the 12 months.
  • Review risk from any 3rd party suppliers and avoid contractual complacency – get into active compliance.
  • Be pro-active about risk and create a competitive advantage of rivals.
  • Arrange for a ‘pen test’ and get in shape to be security fit for purpose in 2015.

GCHQ


Windows Server 2003 is dying – but Windows Server 2012 will offer an elixir

With the forthcoming end of life for Windows Server 2003 and cessation of support from Microsoft on 15th July 2015, the effect will be severe for the many business still running this server in their data centre with exposure to cyber attack, unless considered steps are taken now to plan for upgrade.

Microsoft’s own survey recently confirmed that there were 22 million ‘instances’ (database environments) with WS2003 still running.

Organisations clearly need to plan their migration strategy – and quickly – if they are going to protect their infrastructure. End of support means no patches, no safe haven and no compliance.  Any company continuing to run WS2003 beyond July will fail regulatory compliance audits which could result in losing commercial contracts. So delays are not only expensive but highly risky.

The advances in the data centre with Windows Server 2012 RT offer integrated virtualisiation of compute, storage and networking along with enterprise class scalability and security.  The Cloud options of Microsoft Azure and Office 365 will deliver applications faster and increase productivity and flexibility – and take away risk.

Security implications

  • Software and Hardware compatibility – If you are running a mixture of physical and virtualised servers, then priority should go to addressing physical assets, as most WS2003 licences are tied to the physical hardware.
  • Compliance against many industry requirements has moved from a best practice ‘good to have’, to a mandatory requirement, so no option.
  • Payment Card Industry Data Security Standard (PCI DSS) v2, v3 – providing adequate assurance levels to meet the requirements of PCI will fail.
  • UK Government – connecting to the Public Services Network (PSN), whether through an assured connection or via an Inter Provider Encryption Domain (IPED) will be a headache if updates cannot be supported securely.
  • Industry standards Industry standards such as ISO 27001:2013 and the Cloud Security Alliance all require you ensure your systems and applications are up to date.
  • Disaster Recovery and Resilience  How do you re-start servers that are no longer supported? If DR is key to you business then migrating is a necessity will be fairly expensive.

Planning to move

  • Integrate your servers and their lifecycle into your strategy and risk management process.
  • Check what the servers do for you and do data mapping, flow and services exercise.
  • Identify your core assets and check them against confidentiality, integrity, availability and likelihood of compromise to help future design and investment decisions.
  • Create fit-for-purpose security architecture within your Cloud (ie should you need to retain legacy data which is rarely used – create security zones using layered firewalls, ingress and egress controls, file integrity and protective monitoring.
  • Test – lots – and then get a 3rd party certified security professional to conduct an ethical hack.
  • Failure to plan is planning to fail – do not let your business suffer by putting your head in the sand.

885284

This week’s technology news – 23rd January 2015

Are you into Cloud yet?

Offering peer insight, a recent 2015 survey of over 200 IT and security professionals by US expert ‘not for profit’ organisation The Cloud Security Alliance (CSA), found that 72% of companies questioned, didn’t know the number of shadow IT apps within their own organisation.

This has been blamed on a lack of knowledge about Cloud by both IT staff and senior execs in organisations.  CSA’s CEO Jim Reavis explains:  “The word “Cloud” means different things to different people in a company.  In IT departments, “Cloud” often refers to a specific type of server virtualization technology, or use of IaaS platforms such as Amazon AWS.  For everyone else, SaaS is also “Cloud,” including used tools such as Dropbox, Google Docs, LinkedIn and Facebook”.

Another problem is procurement.  Employees can readily sign up for cloud services without any input from IT at all.  The answer for this would be to monitor outbound connections, block access to certain sites and manage the increasing proliferation of BYOD devices.  Staff bypassing the IT department can quickly create potential headaches and security issues for organisations in ignoring governance and compliance.

Security of data remains the top barrier to cloud adoption, however organisations are still moving forward in adopting cloud services with 74% confirming wholesale adoption, or at least step migration into Cloud services. Part of the holdback remains a lack of knowledge and experience by IT and business managers.  49% of companies with fewer than 5,000 employees reported spending more than 20% of their IT budget on Cloud services.

One of the ‘progressive’ spin offs for companies witnessing the data disasters experienced by major retailers, banks and blue chip names in 2013 and 2014, is the increased involvement of executives taking the decision making around IT to the boardroom which has risen to 61%.  This according to Reavis is a good thing: “We think it will help close the gap on some of the problems we were talking about.”

CSA hopes to enable organisations to make better decisions and help confidently and responsibly accelerate the use of Cloud services in their environments.  The whole report can be accessed at:
https://cloudsecurityalliance.org/research/surveys

Organisations seeking to take their first step into Cloud Services and wondering about security, compliance, scalability and flexibility or cost savings can review the Cloud framework videos offered by Amicus ITS at http://www.cloudservicesframework.com or our dedicated Backup +Recovery options at http://backupandrecovery.amicusits.co.uk

Cloud 10@300

 

 

 

 

 

 

Windows 10 – The price for success is….Free!

This week Microsoft held a Windows 10 event, containing several big announcements that showed off a new Microsoft with fighting spirit. Press events are not usually Microsoft’s strong suit, but this latest event showcased a new mastery of showmanship reminiscent of Apple’s best product announcements.

The show started off with a bang; Windows 10 will be free to anyone running on Windows 7 or above if they upgrade within the first year of the Windows 10 release. This move alone will likely give Windows 10 the best launch yet.  Free upgrades of course will slash potential short-term profits on desktop licences but Microsoft is thinking bigger – and is a cunning strategy to grow Windows beyond the PC.

With Windows 8, Microsoft promised the same experience across all your devices, be they PCs, tablets or phones. This move did not play out as well as hoped. The idea was good but the execution left many feeling alienated, expressing they had been forced a mobile, touch-driven interface on their non-touch PC.

This time around the same strategy is in place but much of work has been done to tailor the interface to each particular device type, whether it is big, small, touch, keyboard and mouse, or even a mix.

If you are on a desktop you will see a new version of the much missed Start bar and on a tablet, the full Start screen Windows 8 introduced. These modes can also aquatically switch on hybrid PCs, for example detaching the keyboard on a Surface tablet will switch it from PC to tablet mode on the fly.

This is all well and good on an OS layer but it is apps that are hugely important today. During the event Microsoft demonstrated new universal apps like Office will run on Windows 10 from small phones to large PCs and these apps like the OS will also adapt to each.  This apps pitch alongside the free upgrade is Microsoft’s big play.

If Windows 10 gets the expected momentum, with users actively downloading new apps from the Windows store, app developers would be silly to ignore this huge new market. With these same new apps made for desktop, but also able to run on Windows Phones, this could give Microsoft’s mobile platform the shot in the arm it certainly needs.

What Microsoft is essentially doing is incorporating Windows Phone as a platform into just “Windows”, reflected in its new renaming; dropping the “phone” to simply “Windows 10” so it can reap the benefits from its desktop monopoly.

In addition, as part of Microsoft’s ‘Continuity’, they announced its voice assistant ‘Cortana’ will, for the first time, be branching out from just the phone to tablets and PCs also. This was demo’d by asking the PC with voice to find specific documents, search for photos from a specific month, dictate emails, control music and more.

As if this wasn’t enough, the much rumoured new browser was officially launched. Currently called ‘Project Spartan’, this browser will come alongside Internet Explorer which will be kept to handle legacy and corporate intranet sites. Project Spartan uses a new rendering engine alongside a different, newer look and feel. A new annotations feature lets you doodle on pages and share with others. Plus Cortana support is also built-in, letting you search with your voice and intelligently suggest searches as you start typing, based on previous interactions (such as showing flight details booked when typing in the airlines site).

All in all, Windows 10 is shaping up to finally live up to Microsoft’s ambitious goals which misfired with Windows 8. The free upgrade will ensure it gets the best launch possible, which will please consumers and developers alike, and give Windows Phone its best chance of success.

The sting in the tail is for hardware partners.  Obviously you cannot please everyone in this game – and with users getting free Windows 10 upgrades later in 2015, it is the hardware partners who will not be happy, as they will face that challenge of seeing their usual buyers staying away as for once they do not have to buy new PCs upon upgrade.

Microsoft’s Windows 10 event this week, wasn’t just about new software that was shown off.  There was also a big splash about the business implications for holograms and the persuasive use of collaboration technology with a new 84″ meeting display?   Interested – watch this space on Monday 26th January!

windows 10