Guest Post, Author at Cyber Secure Forum | Forum Events Ltd
Posts By :

Guest Post

Asset financing – and how to avoid getting stung by unexpected costs from hyperscalers

960 640 Guest Post

“To hyperscale or not to hyperscale” remains a key question for any CIO. And, while the majority of large organisations have already taken that step, for some, if not all, they question whether their IT infrastructure strategy is delivering the  cost and flexibility benefits expected. At a time when capex budgets are coming under ever greater pressure, pushing CIOs even harder towards the hyperscale opex alternative, Mark Grindey, CEO, Zeus Cloud calls on CIOs to read the small print – or pay the price…

Escalating Costs

Drivers for the adoption of public cloud platforms vary, but for many larger organisations, the agility, innovation and scalability have outweighed the expected cost benefits. The ability to spin up new systems has improved time to market, accelerated digital transformation and enhanced business resilience. For CIOs, the shift away from on premise to the hyperscalers has met objectives – in the main. There is one, very notable exception: cost. While cost control may not have been the priority, it is always a factor in any IT strategic change. Few businesses expected to incur the level of ‘additional’ costs associated with the public cloud. And, given the on-going economic challenges, this upward trend is raising serious concerns.

The biggest problem is that, despite the perception, the price of public cloud service is not ‘known’. Monthly costs are not consistent. The subscription model is just one element in a sliding scale of usage- based costs. Companies are discovering the additional fees demanded for extra security and support. They are incurring far greater storage costs, due to the tendency to charge for both storing and deleting data. Even a user inadvertently changing Active Directory settings can lead to an unexpected hike in costs.

Add in the limitations on bandwidth, the additional charges for cpu or RAM, plus the fact that if the business is using VMWare, it will be paying again based on those same usage factors. Therefore, it’s these further hidden costs of the cloud that have caught many companies by surprise.   

Security and Latency Risks

Of course, unexpected IT costs are nothing new. Big companies have deep pockets – if the public cloud is delivering the required agility and flexibility, is the higher price tag worth it? The problem is that the escalating level of security attacks on these high profile hyperscalers is also causing serious concerns, especially for organisations dependent upon 100% uptime and very low latency.

Financial services organisations cannot endure the increasing latency associated with essential additional levels of security. Key infrastructure providers, including telecommunications and utilities, are justifiably concerned about the risks associated with Distributed Denial of Service (DDoS) attacks occurring almost continuously on these organisations.

But what is the alternative? At a time of economic and geopolitical uncertainty, there is little if any desire to revert to the traditional IT finance model, however deep an organisation’s pockets. Add in new compliance demands and the need to adapt to a changing marketplace, and capex projects are already oversubscribed. Further, large businesses have embraced the flexibility and agility associated with scaling up and down in line with demand. New business innovation is now predicated on the ability to accelerate IT development.

Retaining Flexibility

The cloud model works on so many levels. The issue that organisations have to address is how to retain a cloud-based infrastructure without incurring unacceptable costs. Clearly, it is vital to read the small print. But it is also important to consider the alternatives. Would an on-premise private cloud option work, for example?

Using flexible financing, Service Integration & Management (SIAM) vendors can offer the agility of the cloud with the benefit of locating the kit either on premise or in a dedicated co-location centre. Unlike Managed Service Providers (MSPs), a SIAM doesn’t mark up the equipment. It will simply use its market buying power to access the best prices for the kit required.

Critically, when compared head-to-head with the equivalent hyperscaler cost, this model is typically 50% cheaper. And, with simpler, transparent contracts, companies can – finally – achieve the known monthly cost model that was one of the original promises of the cloud.

Photo by John Vid on Unsplash

New research from Vanson Bourne highlights cloud security concerns among IT professionals

960 640 Guest Post

Nearly all organizations are relying on the cloud to store sensitive data and run critical systems. But for many, cloud security hasn’t kept up.

New research from Vanson Bourne surveyed 1,600 IT and security decision makers across eight countries to discover that more than 60 percent believe their organization’s cloud security poses a significant risk.

What’s the solution? 93 percent agree that Zero Trust Segmentation is essential to their cloud security strategy.

Download the Cloud Security Index 2023 to learn:

  • Why cloud breaches and ransomware attacks are so widespread
  • The ways traditional cloud security tools are failing us
  • How Zero Trust Segmentation can increase cloud resilience

Ready for a demo? Contact the Illumio Team now.

Threat Predictions for 2024: Chained AI and CaaS operations give attackers more ‘easy’ buttons 

960 640 Guest Post

With the growth of Cybercrime-as-a-Service (CaaS) operations and the advent of generative AI, threat actors have more “easy” buttons at their fingertips to assist with carrying out attacks than ever before. By relying on the growing capabilities in their respective toolboxes, adversaries will increase the sophistication of their activities. They’ll launch more targeted and stealthier hacks designed to evade robust security controls, as well as become more agile by making each tactic in the attack cycle more efficient.

In its 2024 threat predictions report, the FortiGuard Labs team looks at a new era of advanced cybercrime, examines how AI is changing the (attack) game, shares fresh threat trends to watch for this year and beyond, and offers advice on how organisations everywhere can enhance their collective resilience against an evolving threat landscape…

The Evolution of Old Favorites

We’ve been observing and discussing many fan-favorite attack tactics for years, and covered these topics in past reports. The “classics” aren’t going away—instead, they’re evolving and advancing as attackers gain access to new resources. For example, when it comes to advanced persistent cybercrime, we anticipate more activity among a growing number of Advanced Persistent Threat (APT) groups. In addition to the evolution of APT operations, we predict that cybercrime groups, in general, will diversify their targets and playbooks, focusing on more sophisticated and disruptive attacks, and setting their sights on denial of service and extortion.

Cybercrime “turf wars” continue, with multiple attack groups homing in on the same targets and deploying ransomware variants, often within 24 hours or less. In fact, we’ve observed such a rise in this type of activity that the FBI issued a warning to organizations about it earlier this year.

And let’s not forget about the evolution of generative AI. This weaponisation of AI is adding fuel to an already raging fire, giving attackers an easy means of enhancing many stages of their attacks. As we’ve predicted in the past, we’re seeing cybercriminals increasingly use AI to support malicious activities in new ways, ranging from thwarting the detection of social engineering to mimicking human behavior.

Fresh Threat Trends to Watch for in 2024 and Beyond

While cybercriminals will always rely on tried-and-true tactics and techniques to achieve a quick payday, today’s attackers now have a growing number of tools available to them to assist with attack execution. As cybercrime evolves, we anticipate seeing several fresh trends emerge in 2024 and beyond. Here’s a glimpse of what we expect.

Give me that big (playbook) energy: Over the past few years, ransomware attacks worldwide have skyrocketed, making every organisation, regardless of size or industry, a target. Yet, as an increasing number of cybercriminals launch ransomware attacks to attain a lucrative payday, cybercrime groups are quickly exhausting smaller, easier-to-hack targets. Looking ahead, we predict attackers will take a “go big or go home” approach, with adversaries turning their focus to critical industries—such as healthcare, finance, transportation, and utilities—that, if hacked, would have a sizeable adverse impact on society and make for a more substantial payday for the attacker. They’ll also expand their playbooks, making their activities more personal, aggressive, and destructive in nature.

It’s a new day for zero days: As organisations expand the number of platforms, applications, and technologies they rely on for daily business operations, cybercriminals have unique opportunities to uncover and exploit software vulnerabilities. We’ve observed a record number of zero-days and new Common Vulnerabilities and Exposures (CVEs) emerge in 2023, and that count is still rising. Given how valuable zero days can be for attackers, we expect to see zero-day brokers—cybercrime groups selling zero-days on the dark web to multiple buyers—emerge among the CaaS community. N-days will continue to pose significant risks for organizations as well.

Playing the inside game: Many organisations are leveling up their security controls and adopting new technologies and processes to strengthen their defenses. These enhanced controls make it more difficult for attackers to infiltrate a network externally, so cybercriminals must find new ways to reach their targets. Given this shift, we predict that attackers will continue to shift left with their tactics, reconnaissance, and weaponisation, with groups beginning to recruit from inside target organisations for initial access purposes.

Ushering in “we the people” attacks: Looking ahead, we expect to see attackers take advantage of more geopolitical happenings and event-driven opportunities, such as the 2024 U.S. elections and the Paris 2024 games. While adversaries have always targeted major events, cybercriminals now have new tools at their disposal—generative AI in particular—to support their activities.

Narrowing the TTP playing field: Attackers will inevitably continue to expand the collection of tactics, techniques, and procedures (TTPs) they use to compromise their targets. Yet defenders can gain an advantage by finding ways to disrupt those activities. While most of the day-to-day work done by cybersecurity defenders is related to blocking indicators of compromise, there’s great value in taking a closer look at the TTPs attackers regularly use, which will help narrow the playing field and find potential “choke points on the chess board.”

Making space for more 5G attacks: With access to an ever-increasing array of connected technologies, cybercriminals will inevitably find new opportunities for compromise. With more devices coming online every day, we anticipate that cybercriminals will take greater advantage of connected attacks in the future. A successful attack against 5G infrastructure could easily disrupt critical industries such as oil and gas, transportation, public safety, finance, and healthcare.

Navigating a New Era of Cybercrime

Cybercrime impacts everyone, and the ramifications of a breach are often far-reaching. However, threat actors don’t have to have the upper hand. Our security community can take many actions to better anticipate cybercriminals’ next moves and disrupt their activities: collaborating across the public and private sectors to share threat intelligence, adopting standardized measures for incident reporting, and more.

Organisations also have a vital role to play in disrupting cybercrime. This starts with creating a culture of cyber resilience—making cybersecurity everyone’s job—by implementing ongoing initiatives such as enterprise-wide cybersecurity education programs and more focused activities like tabletop exercises for executives. Finding ways to shrink the cybersecurity skills gap, such as tapping into new talent pools to fill open roles, can help enterprises navigate the combination of overworked IT and security staff as well as the growing threat landscape. And threat sharing will only become more important in the future, as this will help enable the quick mobilization of protections.

For data privacy, access is as vital as security 

960 640 Guest Post

By Jaeger Glucina, MD and Chief of Staff, Luminance 

If you’re in the UK, you could hardly have missed the story this summer about Nigel Farage’s public showdown with the specialist bank Coutts. What started as an apparent complaint about a lack of service being provided to Farage quickly became a significant political talking point and, ultimately, resulted in the CEO of the NatWest-owned bank resigning his position.

However, if your work sees you taking responsibility for security, compliance, and business continuity, you may need to take stock of how this story highlights an approaching risk factor that all companies need to be aware of. While the details of Coutt’s decision to drop Farage as a customer were being launched onto the newspapers’ front pages, the actual way in which Farage obtained that information remained very much a secondary story.

Those details were obtained when Farage lodged a data subject access request, or ‘DSAR’, with Coutts. This legal mechanism, introduced as part of the EU’s General Data Protection Regulation, compels organisations to identify, compile, and share every piece of information that they hold relating to an individual. This could range from basic data like names and addresses in a customer database to internal email or text conversations pertaining to them.

The purpose, as with analogous legislation like the California Consumer Privacy Act, is to tip the scales of power around matters of data and privacy back in favour of the consumer. To achieve that, there is real regulatory muscle to ensure that DSARs are acted on. Upon receipt, organisations must respond within thirty days, and non-compliance can carry a fine of up to 4% of the business’s annual global turnover.

The reputational damage that a DSAR could trigger for some businesses should, by now, be readily apparent. Even benign requests can pose a serious challenge to an organisation’s legal resource.

While the potentially punitive results of non-compliance makes DSARs a priority issue, mounting a response is not easy as you might think. The breadth of the request demands an exhaustive and wide-ranging search through information systems, including records of Slack messages and video calls as well as emails, documents, spreadsheets, and databases. At the same time, of course, our usage of such systems is ever-expanding. Every new productivity tool in an organisation’s arsenal will represent a potential landing point for sensitive data which needs to be collated, analysed and appropriately redacted in a DSAR process.

You can imagine that for legal teams this is an onerous workload which saps capacity from higher-value areas of work that drive business growth. Worse, it is a highly labour-intensive, repetitive process which few legal professionals would ideally choose to engage in. Many external firms won’t take DSAR cases on, and if one can be found the fees will likely run to tens of thousands of pounds.

All of that adds up to a growing need for a new kind of data discoverability: not just a way for businesses to oversee data siloes, but to analyse and draw from them in a highly specific way which meets strict legal criteria.

Clearly, the repetitive and precise nature of the task makes it a perfect candidate for automation. With AI, teams can rapidly cull datasets down to just those items which are likely to be relevant before identifying any personal data which needs to be excluded or redacted. In one recent rollout of the technology, this resulted in UK-based technology scale-up, proSapient, halving the time taken to respond to a DSAR and avoiding £20k in costs while maintaining the robust level of detail which GDPR compliance demands.

Any data professional out there knows that a proliferation of personal data residing in systems is an almost inevitable consequence of our modern working practices: digital tools underpin our productivity, and information about people, whether they are customers, clients, or employees, is relevant to almost any process.

Anecdotally, we know that whenever a story involving DSARs hits the headlines, businesses experience a spike of requests. The GDPR may now be half a decade old, but awareness of how it can be leveraged will only continue to grow – far past the capacity of existing tools and team structures to cope.

That means that empowering legal teams with the tools they need manage this new data reality is of paramount importance, both to safeguard the organisation’s future resilience and continuity, and to enable them to focus on delivering the levels of productivity expected from them.

Where does GenAI fit into the data analytics landscape?

960 640 Guest Post

Recently, there has been a lot of interest and hype around Generative Artificial Intelligence (GenAI), such as ChatGPT and Bard. While these applications are more geared towards the consumer, there is a clear uptick in businesses wondering where this technology can fit into their corporate strategy. James Gornall, Cloud Architect Lead, CTS explains the vital difference between headline grabbing consumer tools and proven, enterprise level GenAI…

Understanding AI

Given the recent hype, you’d be forgiven for thinking that AI is a new capability, but in actual fact, businesses have been using some form for AI for years – even if they don’t quite realise it.

One of the many applications of AI in business today is in predictive analytics. By analysing datasets to identify patterns and predict future outcomes, businesses can more accurately forecast sales, manage inventory, detect fraud and resource requirements.

Using data visualisation tools to make complex data simpler to understand and more accessible, decision-makers can easily spot trends, correlations and outliers, leading them to make better-informed data-driven decisions, faster.

Another application of AI commonly seen is to enhance customer service through the use of AI-powered chatbots and virtual assistants that meet the digital expectations of customers, by providing instant support when needed.

So what’s new?

What is changing with the commercialisation of GenAI is the ability to create entire new datasets based on what has been learnt previously. GenAI can use the millions of images and information it has searched to write documents and create imagery at a scale never seen before. This is hugely exciting for organisations’ creative teams, providing unprecedented opportunities to create new content for ideation, testing, and learning at scale. With this, businesses can rapidly generate unique, varied content to support marketing and brand.

The technology can use data on customer behaviour to deliver quality personalised shopping experiences. For example, retailers can provide unique catalogues of products tailored to an individuals’ preferences, to create a totally immersive, personalised experience. In addition to enhancing customer predictions, GenAI can provide personalised recommendations based on past shopping choices and provide human-like interactions to enhance customer satisfaction.

Furthermore, GenAI supports employees by automating a variety of tasks, including customer service, recommendation, data analysis, and inventory management. In turn, this frees up employees to focus on more strategic tasks.

Controlling AI

The latest generation of consumer GenAI tools have transformed AI awareness at every level of business and society. In the process, they have also done a pretty good job of demonstrating the problems that quickly arise when these tools are misused. From users who may not realise the risks associated with inputting confidential code into ChatGPT, completely unaware that they are actually leaking valuable Intellectual Property (IP) that could be included in the chatbot’s future responses to other people around the world, to lawyers fined for using fictitious ChatGPT generated research in a legal case.

While this latest iteration of consumer GenAI tools is bringing awareness to the capabilities of this technology, there is a lack of education around the way it is best used. Companies need to consider the way employees may be using GenAI that could potentially jeopardise corporate data resources and reputation.

With GenAI set to accelerate business transformation, AI and analytics are rightly dominating corporate debate, but as companies adopt GenAI to work alongside employees, it is imperative that they assess the risks and rewards of cloud-based AI technologies as quickly as possible.

Trusted Data Resources

One of the concerns for businesses to consider is the quality and accuracy of the data provided by GenAI tools. This is why it is so important to distinguish between the headline grabbing consumer tools and enterprise grade alternatives that have been in place for several years.

Business specific language is key, especially in jargon heavy markets, so it is essential that the GenAI tool being used is trained on industry specific language models.

Security is also vital. Commercial tools allow a business to set up its own local AI environment where information is stored inside the virtual safety perimeter. This environment can be tailored with a business’ documentation, knowledge bases and inventories, so the AI can deliver value specific to that organisation.

While these tools are hugely intuitive, it is also important that people understand how to use them effectively.

Providing structured prompts and being specific in the way questions are asked is one thing, but users need to remember to think critically rather than simply accept the results at face value. A sceptical viewpoint is a prerequisite – at least initially. The quality of GenAI results will improve over time as the technology evolves and people learn how to feed valid data in, so they get valid data out. However, for the time being people need to take the results with a pinch of salt.

It is also essential to consider the ethical uses of AI.

Avoiding bias is a core component of any Environmental, Social and Governance (ESG) policy. Unfortunately, there is an inherent bias that exists in AI algorithms so companies need to be careful, especially when using consumer level GenAI tools.

For example, finance companies need to avoid algorithms running biassed outcomes against customers wanting to access certain products, or even receiving different interest rates based on discriminatory data.

Similarly, medical organisations need to ensure ubiquitous care across all demographics, especially when different ethnic groups experience varying risk factors for some diseases.

Conclusion

AI is delivering a new level of data democratisation, allowing individuals across businesses to easily access complex analytics that has, until now, been the preserve of data scientists. The increase in awareness and interest has also accelerated investment, transforming the natural language capabilities of chatbots, for example. The barrier to entry has been reduced, allowing companies to innovate and create business specific use cases.

But good business and data principles must still apply. While it is fantastic that companies are now actively exploring the transformative opportunities on offer, they need to take a step back and understand what GenAI means to their business. Before rushing to meet shareholder expectations for AI investment to achieve competitive advantage, businesses must first ask themselves, how can we make the most of GenAI in the most secure and impactful way?

Smart access: What if biometrics were the foolproof solution for infrastructure protection?

960 640 Guest Post

By Céline Littré, Product Marketing Manager at Linxens

Biometrics are already well known and used in sectors such as identity and payments, but their use could also be relevant to access control for both IT and physical infrastructures?

Access to IT infrastructures

As the number of reported cyber-attacks has multiplied, companies, which until recently were largely unprepared for the risks, have had no choice but to equip themselves to protect their IT infrastructures.

Today’s companies understand an attack can be costly and damage their business (compromising data, blocking production systems, etc.). According to Cybersecurity Ventures, in 2021 the cost of cyber-attacks was 6,000 billion euros…

Various technologies already exist to strengthen the security of digital access, in particular multi-factor authentication (MFA). However, these systems often rely on the use of a smartphone, which poses two main problems: firstly, not all employees have a work phone and may be reluctant to use their personal device to identify themselves, and secondly, the use of these devices in industrial or sensitive sites may be prohibited for security reasons. There are also USB key identification systems, but again the risk of theft or loss does not provide a satisfactory solution.

In this context, the biometric card can be a welcome alternative: paired with the holder’s computer, it unlocks access to all or some applications. Identity is verified by a biometric sensor on which the cardholder has previously stored his or her fingerprint. If lost or stolen, it’s useless.

Access to physical infrastructure

In addition to protecting digital space, access to physical infrastructure is also a security issue for organisations. Although access cards are the most common form of identification used by organisations, they do not guarantee infallible security. Cards can be lost or stolen and used to gain free access to the building. In this case, the biometric card offers additional protection. Its personalised use guarantees that the user of the badge or card is indeed its owner, thanks to a fingerprint recognition system.

A promising market waiting to grow

The use of biometrics in access control represents a real opportunity to strengthen infrastructure security. Considering what is at stake, and even though it costs more than a traditional card, companies are ready to take the plunge and protect their assets.

Thanks to the work already done for payment applications, cards are already available and in the customer testing phase, with only a few months to go before the first mass-produced models are available. The challenge for the use of biometric cards for physical access remains compatibility with the wide range of existing devices (card readers). Manufacturers are working hard to adapt these systems for rapid, simplified integration and adoption by businesses. 

Fintech: How financial technology is benefitting businesses, and impacting security

960 640 Guest Post

Is your business operating as efficiently as it could be? For smaller businesses and startups, maximising efficiency can be the difference between surviving and thriving. In today’s rapidly-evolving commercial landscape, being an early adopter of the latest technology can set your business apart from the rest, open the door to a wider market of potential customers or simply help cut costs.

Fintech – a portmanteau of “financial technology” – is helping both businesses and individuals to take better control of their finances. We spoke with Carl Johnson, UK Sales Director at Anglo Scottish Asset Finance, about some of the ways in which fintech is benefitting businesses – and how it could benefit yours…

How has fintech affected the market?

One of fintech’s most important impacts is its ability to democratise finance, making it easier for anyone to manage their money in a user-friendly way. Online banking and phone banking apps are one example of this – now it’s easier than ever for people to manage their money.

This brings about various advantages for marginalised communities, such as people with disabilities, can manage their money from their own homes. The ability to customise your experience on a PC or mobile banking device could alleviate the pressure on neurodivergent people who may struggle with the stimulating experience of going to the bank in person.

In many cases, fintech benefits both the business – who make their services more accessible and inclusive to a wider market – and the user, who can interact with the service in the way best-suited to them.

Johnson comments: “The same applies from a business perspective – fintech has helped level the playing field for smaller businesses. Amongst the current landscape of rising operating costs, fintech can help cut crippling overheads with increased automation or protect your business from online scams.”

Increasing cybersecurity

If you’re looking to increase the cybersecurity measures in place at your business, fintech can help you do so. AI-powered fraud detection algorithms can analyse user patterns to identify when a fraudulent transaction is happening in real time.

For large-scale transactions, advanced authentication features like biometrics and multi-factor processes can help put new clients at ease, and increase the security of your business.  This additional level of security can help put older customers’ mind at rest – people who are wary of tech can rest easy knowing their concerns are accounted for.

Digital wallets

In today’s world, businesses can maximise their revenue by accepting multiple forms of payment. Businesses which accept cryptocurrency as a form of payment are opening their doors to an entirely new revenue stream, which can set them apart from competitors.

There are plenty of other benefits for businesses which accept crypto – the currency is international, meaning no worrying about exchange rates. Transactions are processed more quickly than a traditional monetary transfer, which means cash flow problems can be alleviated with ease.

Customer experience

Fintech can also be used to help streamline the customer experience and increase your understanding of your audience base. Smaller businesses may not have the manpower to run a manned customer support service at all times – AI-powered customer service tools like Chatbots can help with more standardised queries.

In most cases, today’s customers like an immediate, personalised service. Using automated technology can provide this – advanced AI can address your customers by name, and recommend items based on their earlier buying habits.

Physical payments for small businesses

In recent years, the development and democratisation of card payment terminals has enabled small businesses to grow more easily than ever. Companies like Square have made it affordable for small businesses to accept card payments, thanks to a flat rate processing fee in lieu of monthly subscription or account maintenance fees.

This, in turn, attracts a wider customer base. With fewer people carrying cash – especially since COVID – businesses lose out on revenue if they’re unable to support card payments.

Sourcing funding

Looking for external funding to help take your business to the next level? Crowdfunding platforms are another form of fintech at your business’s disposal.

Look out for platforms like Crowdcube, a fully-regulated crowdfunding investment platform with over 6,500 investors. Businesses can choose whether they’re asking for seed funding (£150k-£249k), early funding (£250k-£750k), or growth funding (£750k+).

Streamlining

Another way in which Fintech can benefit businesses is through cost-saving. Greater potential for automation as a result of technology like AvidXchange has reduced the need for manual invoicing and payment processing, freeing up your employees to deal with more complex requests.

By streamlining your payment process, your business saves time and money – and your customers and partners will benefit by receiving invoices faster than ever.

The future of fintech

Johnson expects the booming fintech industry to continue expanding in the coming years: “With a growing number of businesses adopting fintech every year, we can expect the number of financial technologies – and their myriad potential applications – to continue to grow.

Expect to see new fintech innovations for both personal and commercial use. For small businesses and startups, it’s vital to stay on top of any new technologies that could help improve your operations.”

The changing role of partners in SAP’s new cloud mindset

960 640 Guest Post

Recent changes from SAP has left many partners wondering what the next steps are in providing cloud services, especially given  SAP’s insistence on developing a ‘cloud mindset’, and emphasising its Activate Methodology and Fit to Standard workshops to achieve this. 

Up until this point, a change of direction to the cloud has had little impact upon consultants abilities to facilitate a deployment, or to provide daily customer support services.  But the introduction of RISE with SAP S/4HANA Cloud, public edition or private edition, has brought with it a different way of working than its predecessor, HANA Enterprise Cloud (HEC). Given SAP is now driving software infrastructure delivery, the role that SAP partners play has now changed.

From initial consultation to implementation, support to maintenance, as Robert MacDonald, Innovation & Technology Manager at Absoft explains, partners need to adopt a new cloud mindset and skill set to enable them to adapt to the change, and to successfully deliver RISE with SAP…

Identifying the change

Over the last ten years, SAP partners have been moving away from providing on-premise ERP solutions to move toward cloud based systems, such as Microsoft Azure.  Even despite what felt like a significant change as a result of switching licences and adapting to more varied cost/flexibility models, partners were able to keep disruption to their business to a minimum..  This was owed in part to the fact that partners were still in control of key aspects of the process, from initial scoping all the way through to implementation, and as such, did not need to train their staff in any new specific skills.

RISE with SAP has ushered in a great deal of change. Irrespective of whether a customer opts for RISE with SAP S/4HANA Cloud, public edition or RISE with SAP S/4HANA Cloud, private edition, the entire approach has changed  – and partners need to change with it .

On the surface, the process has been simplified. SAP has created a standard infrastructure and offers customers small/medium/ large architecture options to streamline pricing. An ‘adopt not adapt’ mindset means customers are encouraged to avoid any customisation – indeed customisation or extensibility, if required, can only occur outside the core S/4HANA product, using Application Programming Interfaces (APIs) to link to complementary cloud solutions.  So where do partners fit into this new model?

Embracing new skills

One significant impact will be felt by consultants who specialise in providing more traditional expertise, offering services in scoping and implementation and outlining business-specific requirements. These services are no longer necessary, and have been replaced with SAP’s Fit to Standard workshops, negating the need for custom development specification and GAP analyses, should the SAP ERP solution not support a specific customer need.

The challenge for partners now is convincing prospective customers of the benefits of a standardised best practice approach, and emphasising that customisation should only be used to differentiate themselves from competitors when using a standard cloud based deployment.  Because of this, consultants need to learn new skills.  They need to learn to assess a customer’s processes, identify those areas of differentiation that would justify the development of extensible solutions and work with department heads to achieve the change management required to match the SAP standard process.

Partners must take their ecosystem of consultants with an extensive skill set based on identifying problems, writing development specifications and managing project delivery and help them make the transition to this new approach. They need to dedicate time and resources to changing the mindset of customers to fit SAP’s new cloud mindset, and learning new management skills.

Providing Support and Enabling Delivery 

The new skills set requirements extend far beyond the initial consultation stage. RISE with SAP is delivered using SAP’s Activate Methodology, which has been updated to support the implementation of this standard cloud project. This again requires that Project Managers learn a new set of skills. From provisioning systems to testing, connectivity to networks and configuring interfaces, every request has to go via SAP.  For Project Managers who prefer to work internally with their own teams on these processes, it will take time to get to grips with SAP timelines, processes and people.

For example, SAP may insist on providing a week’s notice before connectivity is turned on, which is something that could be achieved within hours if working internally.  If the Project Manager is not familiar with these processes, the entire project could become rapidly derailed. In essence, this new approach and mindset from SAP is both a move to a more modern standardisation method, working concurrently with a more old-fashioned service request system, over which partners have no control.  It also has implications upon where SAP’s influence exists and where it doesn’t, which muddies the waters in terms of determining which areas of the service which will incur an extra cost, and which areas do not fall under the remit of SAP.

The new skill set is not limited to implementation – the same issues arise during ongoing support.  From system patches to updates, it is vital to ensure changes fit in with business timelines – avoiding month ends, for example. Despite not being in control of these processes, partners still have a key role to play in liaising with customers when an update is set to occur The key to avoiding those increases in cloud expenses that have impacted organisations in the past is the availability of a service that can organise downtime, alert any affected business areas, handle change control, and oversee testing.

Conclusion

SAP recognises that significant change in skill sets and processes are required  to facilitate  this new generation of cloud solutions and is investing in supporting its partners. But partners themselves will have to buy into this new cloud mindset and meet them halfway, if RISE with SAP is to be deployed successfully.  Partners can no longer rely on the same on premise product that they have become familiar with over the last 20 years, and set it up all across the board. Every partner must now collaborate closely with SAP, use the company’s methodology, embrace the lessons learned and work with the customer success teams.

This is fundamentally changing every aspect of the SAP partner role and this is something that took some partners by surprise – especially those that did not expect RISE with SAP to take off in the first place. How many partners have proactively recognised and documented the new support and maintenance model to ensure customers understand the changing roles of suppliers  and partners  in this new cloud mindset? How many have been through their first SAP Activate project and now understand SAP’s processes and timelines? Critically, how many are genuinely committed to creating and embracing a new cloud mindset in terms of skillset to support staff and to enable the smooth transition to this new model?

Ultimately, the success of each customer’s implementation is now inextricably linked to the speed in which partners adopt and embrace the new cloud mindset.

Image by Patou Ricard from Pixabay

The importance of Zero Trust Architecture

960 640 Guest Post

By Cathal Judge (pictured), Founder and CEO of CISO Assurance Global

Zero Trust security architecture adoption is on the rise, and with good reason. The Network and Information Security (NIS2) Directive requires the adoption of best-practice security architecture, to ensure state of the art security of European networks and information systems.

Likewise, the GDPR requires state of the art security to be enforced for all organisations that process personal data.

Zero trust security architecture is the concept of securing the network from within, by applying layered security policies and controls. Access is monitored and restricted on an individual basis and continuous authentication takes place.

This enables organisations to verify user credentials and policy compliance at strategic points of the infrastructure, reducing the risk of malicious hackers gaining access.

It also paves the way for the adoption of AI, to create  self-securing networks in the near future.

Through the implementation of a zero trust architecture, organizations are also able to better manage their security resources. Such proactive security policies lead to the detection of suspicious activities or weaknesses early, before they can be exploited to cause harm.

Once threats are detected, organizations can respond quickly and efficiently to prevent major security breaches. Under the new NIS Directive, European organizations must ensure that adequate security policies are enforced. Such policies must protect the integrity, confidentiality and availability of their data and systems.

CISO Assurance Global provides managed consulting services around Zero-Trust architecture and NIS2 compliance.

Get in touch today at www.cisoag.com or info@cisoag.com.

The Cloud Revolution: A call for improved security measures

960 640 Guest Post

By Aleksandr Värä, Technical Sales Director of Crayon

Recent years have seen a significant shift towards the adoption of cloud services by businesses, and the pace is only accelerating. Over 80% of IT leaders already use hybrid cloud solutions, which combine the strengths of public cloud providers like AWS and Google Cloud with private hardware. This change is not just a phase for some, but the new norm for many.

However, the transition to cloud computing isn’t without its own set of challenges. As businesses increasingly adopt a cloud-first approach, the way we understand and implement cybersecurity needs a radical overhaul. Traditional cybersecurity measures that worked in the past are no longer adequate. In fact, a report from IBM revealed that the cost of a data breach has risen to $4.24 million in 2021, the highest in 17 years, emphasizing the need for effective security in the cloud era.

Rethinking cybersecurity best practices

The age-old image of a hooded hacker might seem to embody cybersecurity threats, but the reality is starkly different today. Many cybersecurity threats originate from within organizations due to unintentional mistakes that leave them susceptible to breaches. A statistic from Microsoft has stated that a whopping 98% of cyber attacks could be avoided with better security practices.

These risks become even more prominent in the cloud computing context. Rushing cloud implementation without solid security measures can open up a business to hundreds of vulnerabilities overnight, especially when businesses move their legacy, on-premises infrastructure to the cloud using an Infrastructure-as-a-Service (IaaS) model.

It’s apparent that we need to rethink cybersecurity best practices in the face of these risks. Traditional policies catering to on-premises infrastructure no longer suffice. Organizations need to prioritize cloud security and align their procedures with technology solutions capable of managing the security requirements of both on-premises and cloud infrastructures.

Adopting cloud-native security

Transitioning to the cloud doesn’t need to happen all at once. In fact, quite often – due to limited capacity or financial considerations – businesses will undertake a step-by-step approach. However, one aspect should not be compromised: establishing strong, cloud-native security measures in parallel with cloud transformation.

New vulnerabilities crop up as soon as a business operates in the cloud. Under resourced teams that are accustomed to on-premise systems may lack the skills and time to identify and mitigate these new risks. Therefore, speed is of the essence when it comes to cloud security. The longer you wait, the more security risks you’ll face.

To maximize speed, consistency, and rigidity, companies are starting to adopt security baselines as code. This shift in mindset reduces the time to implement security configurations, controls, tools, and policies from weeks or months to just hours or days. Importantly, this approach is scalable and adaptable to changes in your digital assets over time.

However, setting up such a baseline is a complex task that requires technical knowledge of cloud-related threats and cloud-native security technologies. Many security teams, especially those with limited resources, may struggle to know where to start.

The importance of support

When it comes to transitioning to the cloud, knowledge truly is power. Without a deep understanding of the field and cloud-native security technology, organizations cannot create an effective cloud security posture. In many cases, working with an experienced partner who has pre-existing security baselines can provide the required support.

With the cloud becoming an integral part of business operations and its significance set to grow even further, a strong cloud-native security posture that incorporates the right baselines and modern technologies is not just an option – it’s a necessity.