the cloud Archives - Cyber Secure Forum | Forum Events Ltd
Posts Tagged :

the cloud

Asset financing – and how to avoid getting stung by unexpected costs from hyperscalers

960 640 Guest Post

“To hyperscale or not to hyperscale” remains a key question for any CIO. And, while the majority of large organisations have already taken that step, for some, if not all, they question whether their IT infrastructure strategy is delivering the  cost and flexibility benefits expected. At a time when capex budgets are coming under ever greater pressure, pushing CIOs even harder towards the hyperscale opex alternative, Mark Grindey, CEO, Zeus Cloud calls on CIOs to read the small print – or pay the price…

Escalating Costs

Drivers for the adoption of public cloud platforms vary, but for many larger organisations, the agility, innovation and scalability have outweighed the expected cost benefits. The ability to spin up new systems has improved time to market, accelerated digital transformation and enhanced business resilience. For CIOs, the shift away from on premise to the hyperscalers has met objectives – in the main. There is one, very notable exception: cost. While cost control may not have been the priority, it is always a factor in any IT strategic change. Few businesses expected to incur the level of ‘additional’ costs associated with the public cloud. And, given the on-going economic challenges, this upward trend is raising serious concerns.

The biggest problem is that, despite the perception, the price of public cloud service is not ‘known’. Monthly costs are not consistent. The subscription model is just one element in a sliding scale of usage- based costs. Companies are discovering the additional fees demanded for extra security and support. They are incurring far greater storage costs, due to the tendency to charge for both storing and deleting data. Even a user inadvertently changing Active Directory settings can lead to an unexpected hike in costs.

Add in the limitations on bandwidth, the additional charges for cpu or RAM, plus the fact that if the business is using VMWare, it will be paying again based on those same usage factors. Therefore, it’s these further hidden costs of the cloud that have caught many companies by surprise.   

Security and Latency Risks

Of course, unexpected IT costs are nothing new. Big companies have deep pockets – if the public cloud is delivering the required agility and flexibility, is the higher price tag worth it? The problem is that the escalating level of security attacks on these high profile hyperscalers is also causing serious concerns, especially for organisations dependent upon 100% uptime and very low latency.

Financial services organisations cannot endure the increasing latency associated with essential additional levels of security. Key infrastructure providers, including telecommunications and utilities, are justifiably concerned about the risks associated with Distributed Denial of Service (DDoS) attacks occurring almost continuously on these organisations.

But what is the alternative? At a time of economic and geopolitical uncertainty, there is little if any desire to revert to the traditional IT finance model, however deep an organisation’s pockets. Add in new compliance demands and the need to adapt to a changing marketplace, and capex projects are already oversubscribed. Further, large businesses have embraced the flexibility and agility associated with scaling up and down in line with demand. New business innovation is now predicated on the ability to accelerate IT development.

Retaining Flexibility

The cloud model works on so many levels. The issue that organisations have to address is how to retain a cloud-based infrastructure without incurring unacceptable costs. Clearly, it is vital to read the small print. But it is also important to consider the alternatives. Would an on-premise private cloud option work, for example?

Using flexible financing, Service Integration & Management (SIAM) vendors can offer the agility of the cloud with the benefit of locating the kit either on premise or in a dedicated co-location centre. Unlike Managed Service Providers (MSPs), a SIAM doesn’t mark up the equipment. It will simply use its market buying power to access the best prices for the kit required.

Critically, when compared head-to-head with the equivalent hyperscaler cost, this model is typically 50% cheaper. And, with simpler, transparent contracts, companies can – finally – achieve the known monthly cost model that was one of the original promises of the cloud.

Photo by John Vid on Unsplash

The changing role of partners in SAP’s new cloud mindset

960 640 Guest Post

Recent changes from SAP has left many partners wondering what the next steps are in providing cloud services, especially given  SAP’s insistence on developing a ‘cloud mindset’, and emphasising its Activate Methodology and Fit to Standard workshops to achieve this. 

Up until this point, a change of direction to the cloud has had little impact upon consultants abilities to facilitate a deployment, or to provide daily customer support services.  But the introduction of RISE with SAP S/4HANA Cloud, public edition or private edition, has brought with it a different way of working than its predecessor, HANA Enterprise Cloud (HEC). Given SAP is now driving software infrastructure delivery, the role that SAP partners play has now changed.

From initial consultation to implementation, support to maintenance, as Robert MacDonald, Innovation & Technology Manager at Absoft explains, partners need to adopt a new cloud mindset and skill set to enable them to adapt to the change, and to successfully deliver RISE with SAP…

Identifying the change

Over the last ten years, SAP partners have been moving away from providing on-premise ERP solutions to move toward cloud based systems, such as Microsoft Azure.  Even despite what felt like a significant change as a result of switching licences and adapting to more varied cost/flexibility models, partners were able to keep disruption to their business to a minimum..  This was owed in part to the fact that partners were still in control of key aspects of the process, from initial scoping all the way through to implementation, and as such, did not need to train their staff in any new specific skills.

RISE with SAP has ushered in a great deal of change. Irrespective of whether a customer opts for RISE with SAP S/4HANA Cloud, public edition or RISE with SAP S/4HANA Cloud, private edition, the entire approach has changed  – and partners need to change with it .

On the surface, the process has been simplified. SAP has created a standard infrastructure and offers customers small/medium/ large architecture options to streamline pricing. An ‘adopt not adapt’ mindset means customers are encouraged to avoid any customisation – indeed customisation or extensibility, if required, can only occur outside the core S/4HANA product, using Application Programming Interfaces (APIs) to link to complementary cloud solutions.  So where do partners fit into this new model?

Embracing new skills

One significant impact will be felt by consultants who specialise in providing more traditional expertise, offering services in scoping and implementation and outlining business-specific requirements. These services are no longer necessary, and have been replaced with SAP’s Fit to Standard workshops, negating the need for custom development specification and GAP analyses, should the SAP ERP solution not support a specific customer need.

The challenge for partners now is convincing prospective customers of the benefits of a standardised best practice approach, and emphasising that customisation should only be used to differentiate themselves from competitors when using a standard cloud based deployment.  Because of this, consultants need to learn new skills.  They need to learn to assess a customer’s processes, identify those areas of differentiation that would justify the development of extensible solutions and work with department heads to achieve the change management required to match the SAP standard process.

Partners must take their ecosystem of consultants with an extensive skill set based on identifying problems, writing development specifications and managing project delivery and help them make the transition to this new approach. They need to dedicate time and resources to changing the mindset of customers to fit SAP’s new cloud mindset, and learning new management skills.

Providing Support and Enabling Delivery 

The new skills set requirements extend far beyond the initial consultation stage. RISE with SAP is delivered using SAP’s Activate Methodology, which has been updated to support the implementation of this standard cloud project. This again requires that Project Managers learn a new set of skills. From provisioning systems to testing, connectivity to networks and configuring interfaces, every request has to go via SAP.  For Project Managers who prefer to work internally with their own teams on these processes, it will take time to get to grips with SAP timelines, processes and people.

For example, SAP may insist on providing a week’s notice before connectivity is turned on, which is something that could be achieved within hours if working internally.  If the Project Manager is not familiar with these processes, the entire project could become rapidly derailed. In essence, this new approach and mindset from SAP is both a move to a more modern standardisation method, working concurrently with a more old-fashioned service request system, over which partners have no control.  It also has implications upon where SAP’s influence exists and where it doesn’t, which muddies the waters in terms of determining which areas of the service which will incur an extra cost, and which areas do not fall under the remit of SAP.

The new skill set is not limited to implementation – the same issues arise during ongoing support.  From system patches to updates, it is vital to ensure changes fit in with business timelines – avoiding month ends, for example. Despite not being in control of these processes, partners still have a key role to play in liaising with customers when an update is set to occur The key to avoiding those increases in cloud expenses that have impacted organisations in the past is the availability of a service that can organise downtime, alert any affected business areas, handle change control, and oversee testing.


SAP recognises that significant change in skill sets and processes are required  to facilitate  this new generation of cloud solutions and is investing in supporting its partners. But partners themselves will have to buy into this new cloud mindset and meet them halfway, if RISE with SAP is to be deployed successfully.  Partners can no longer rely on the same on premise product that they have become familiar with over the last 20 years, and set it up all across the board. Every partner must now collaborate closely with SAP, use the company’s methodology, embrace the lessons learned and work with the customer success teams.

This is fundamentally changing every aspect of the SAP partner role and this is something that took some partners by surprise – especially those that did not expect RISE with SAP to take off in the first place. How many partners have proactively recognised and documented the new support and maintenance model to ensure customers understand the changing roles of suppliers  and partners  in this new cloud mindset? How many have been through their first SAP Activate project and now understand SAP’s processes and timelines? Critically, how many are genuinely committed to creating and embracing a new cloud mindset in terms of skillset to support staff and to enable the smooth transition to this new model?

Ultimately, the success of each customer’s implementation is now inextricably linked to the speed in which partners adopt and embrace the new cloud mindset.

Image by Patou Ricard from Pixabay

The Cloud Revolution: A call for improved security measures

960 640 Guest Post

By Aleksandr Värä, Technical Sales Director of Crayon

Recent years have seen a significant shift towards the adoption of cloud services by businesses, and the pace is only accelerating. Over 80% of IT leaders already use hybrid cloud solutions, which combine the strengths of public cloud providers like AWS and Google Cloud with private hardware. This change is not just a phase for some, but the new norm for many.

However, the transition to cloud computing isn’t without its own set of challenges. As businesses increasingly adopt a cloud-first approach, the way we understand and implement cybersecurity needs a radical overhaul. Traditional cybersecurity measures that worked in the past are no longer adequate. In fact, a report from IBM revealed that the cost of a data breach has risen to $4.24 million in 2021, the highest in 17 years, emphasizing the need for effective security in the cloud era.

Rethinking cybersecurity best practices

The age-old image of a hooded hacker might seem to embody cybersecurity threats, but the reality is starkly different today. Many cybersecurity threats originate from within organizations due to unintentional mistakes that leave them susceptible to breaches. A statistic from Microsoft has stated that a whopping 98% of cyber attacks could be avoided with better security practices.

These risks become even more prominent in the cloud computing context. Rushing cloud implementation without solid security measures can open up a business to hundreds of vulnerabilities overnight, especially when businesses move their legacy, on-premises infrastructure to the cloud using an Infrastructure-as-a-Service (IaaS) model.

It’s apparent that we need to rethink cybersecurity best practices in the face of these risks. Traditional policies catering to on-premises infrastructure no longer suffice. Organizations need to prioritize cloud security and align their procedures with technology solutions capable of managing the security requirements of both on-premises and cloud infrastructures.

Adopting cloud-native security

Transitioning to the cloud doesn’t need to happen all at once. In fact, quite often – due to limited capacity or financial considerations – businesses will undertake a step-by-step approach. However, one aspect should not be compromised: establishing strong, cloud-native security measures in parallel with cloud transformation.

New vulnerabilities crop up as soon as a business operates in the cloud. Under resourced teams that are accustomed to on-premise systems may lack the skills and time to identify and mitigate these new risks. Therefore, speed is of the essence when it comes to cloud security. The longer you wait, the more security risks you’ll face.

To maximize speed, consistency, and rigidity, companies are starting to adopt security baselines as code. This shift in mindset reduces the time to implement security configurations, controls, tools, and policies from weeks or months to just hours or days. Importantly, this approach is scalable and adaptable to changes in your digital assets over time.

However, setting up such a baseline is a complex task that requires technical knowledge of cloud-related threats and cloud-native security technologies. Many security teams, especially those with limited resources, may struggle to know where to start.

The importance of support

When it comes to transitioning to the cloud, knowledge truly is power. Without a deep understanding of the field and cloud-native security technology, organizations cannot create an effective cloud security posture. In many cases, working with an experienced partner who has pre-existing security baselines can provide the required support.

With the cloud becoming an integral part of business operations and its significance set to grow even further, a strong cloud-native security posture that incorporates the right baselines and modern technologies is not just an option – it’s a necessity.

Worldwide public cloud end-user spending to hit $600bn in 2023

960 640 Stuart O'Brien

Worldwide end-user spending on public cloud services is forecast to grow 21.7% to total $597.3 billion in 2023, up from $491 billion in 2022, according to the latest forecast from Gartner.

Cloud computing is driving the next phase of digital business, as organizations pursue disruption through emerging technologies like generative artificial intelligence (AI), Web3 and the metaverse.

“Hyperscale cloud providers are driving the cloud agenda,” said Sid Nag, Vice President Analyst at Gartner. “Organizations today view cloud as a highly strategic platform for digital transformation, which is requiring cloud providers to offer more sophisticated capabilities as the competition for digital services heats up.”

“For example, generative AI is supported by large language models (LLMs), which require powerful and highly scalable computing capabilities to process data in real-time,” added Nag. “Cloud offers the perfect solution and platform. It is no coincidence that the key players in the generative AI race are cloud hyperscalers.”

All segments of the cloud market are expected see growth in 2023. Infrastructure-as-a-service (IaaS) is forecast to experience the highest end-user spending growth in 2023 at 30.9%, followed by platform-as-a-service (PaaS) at 24.1% (see Table 1).

Table 1. Worldwide Public Cloud Services End-User Spending Forecast (Millions of U.S. Dollars)

  2022 2023 2024
Cloud Application Infrastructure Services (PaaS) 111,976 138,962 170,355
Cloud Application Services (SaaS) 167,342 197,288 232,296
Cloud Business Process Services (BPaaS) 59,861 65,240 71,063
Cloud Desktop-as-a-Service (DaaS) 2,525 3,122 3,535
Cloud Management and Security Services 34,487 42,401 51,871
Cloud System Infrastructure Services (IaaS) 114,786 150,310 195,446
Total Market 490,977 597,325 724,566

BPaaS = business process as a service; IaaS = infrastructure as a service; PaaS = platform as a service; SaaS = software as a service
Note: Totals may not add up due to rounding.
Source: Gartner (April 2023)

Gartner predicts that by 2026, 75% of organizations will adopt a digital transformation model predicated on cloud as the fundamental underlying platform.

“The next phase of IaaS growth will be driven by customer experience, digital and business outcomes and the virtual-first world,” said Nag. “Emerging technologies that help businesses interact more closely and in real time with their customers, such as chatbots and digital twins, are reliant upon cloud infrastructure and platform services to meet growing demands for compute and storage power.”

While cloud infrastructure and platform services are driving the highest spending growth, SaaS remains the largest segment of the cloud market by end-user spending. SaaS spending is projected to grow 17.9% to total $197 billion in 2023.

“The technology substrate of cloud computing is firmly dominated by the hyperscalers, but leadership of the business application layer is more fragmented,” said Nag. “Providers are facing demands to redesign SaaS offerings for increased productivity, leveraging cloud-native capabilities, embedded AI and composability – particularly as budgets are increasingly driven and owned by business technologists. This change will ignite a wave of innovation and replacement in the cloud platform and application markets.”

The role of network cameras as sensors to support digital transformation

960 640 Guest Post

Axis Communications’ Linn Storäng explains how high-quality video data on open IT architecture might support the digital transformation of business functions…

To think of the network camera – an essential part of any company’s security infrastructure – as being a tool for security purposes alone could be a missed opportunity. Today’s cameras are versatile IoT devices capable of offering a number of additional benefits through analysis of high-quality video data that can be used to accelerate and enhance digital transformation efforts. The key to discovering that potential is to refocus; if a camera can see it, your systems can act upon it.

Digital video is not simply about security – it is also an extraordinary source of data. Over the years network cameras have been bolstered by higher grade image quality, improved bandwidth efficiency, and more powerful processing both on board and in the cloud, while the addition of advanced analytics and AI capabilities adds a wealth of functionality. And when wedded to open IT architecture that paves the way for ease of integration, a world of smarter possibilities awaits.

Benefits of the camera as a sensor

Thinking of network cameras as sensors and applying analytics to video data can help identify trends that develop over time, or highlight issues and insights in real time, all without requiring a human to constantly survey the output. Properly applied, that data may also be valuable in building predictive models which can help improve future efficiency or discover brand new directions for your IT provision or the business.

Cameras can provide secondary security reassurance, monitor critical systems for temperature changes, ensure production lines are running efficiently and even detect the early signs of an outbreak of fire. Ease of deployment and integration means cameras can be employed on a smaller scale, keeping a digital eye on otherwise difficult-to-access equipment, and simultaneously on a wider scale, using their vast field of view to monitor large areas.

Exploiting camera data in this way may reduce complexity, removing the need to install and administer additional banks of sensors. It may, conversely, help existing granular sensor data to be enhanced and contextualised. It can help the introduction of novel functions, adding value to digital transformation efforts without incurring further costs.

Important considerations for platform selection

However, the picture isn’t, perhaps, quite that clear. The ubiquity of cameras means they are theoretically straightforward to integrate into a digital transformation effort, but that all-important data must be reachable in a safe way. The camera’s hardware, firmware and ecosystem need to be flexible enough to support whatever application your business wishes to build – open enough to be useful, but robust enough not to present a risk.

They must also be accessible by all entities that need that access – be they personnel, third-party integrations, or bespoke applications – opening as many data points as possible without exposing security holes. To be effective, cameras should be deployed as part of an overall IT infrastructure rather than being siloed into merely acting as part of a security function or chosen without consideration of additional use cases. This also helps to guarantee that such hardware can be properly managed and updated over its lifetime.

To that end, today’s cameras should be backed by dedicated support whenever and wherever it is required. These devices must be cybersecure. Firmware that keeps pace with the latest threats is crucial when using IoT devices in a corporate setting, but rolling out a firmware update to a network of hundreds or perhaps thousands of mission-critical cameras is no trivial task.

Good network cameras are those which offer administrative control, a considered upgrade path which suits your business but can react quickly to new threats, and the tools to make applying such upgrades as simple as possible – all while leaving third-party integrations intact and unharmed. And these decisions must be made when considering product lifecycles too; long-term support and sustainability may be one of the most vital properties of a network camera given the expense and upheaval of purchasing and installing hardware.

A new generation of IP cameras

The network camera space has grown to meet the needs of its traditional users and this new set of wider IT use cases. Cameras can now routinely integrate neatly with, for example, DCIM systems to help the creation of bespoke applications. They can include features like visual overlays which make alerts and analytics clear and concise. Today’s cameras are built to be lean, with technology designed to minimise energy use, demand minimal network bandwidth, and even reduce the load on cloud servers by performing complex computation on the edge – all while simplifying maintenance through secure tools which smooth the process of managing large networks of IoT devices.

Cameras should not only be included in your digital transformation plan but should also become a core part of it. The potential of digital video, and the number of solutions edge processing and hardware integration can offer, is growing fast. Video analytics offers accurate, fast results – and even if your transformation is in the early stages, building a strong infrastructure now opens doors for a smarter future.

Learn more about how network cameras can support your digital transformation agenda

About the Author – Linn Storäng, Regional Director Northern Europe, Axis Communications
Linn has held senior positions within strategic roles at Axis Communications for the past 5 years, recently becoming Regional Director for Northern Europe. Linn is a strategic thinker who likes to be very closely involved with business and operations processes, leading by example and striving to empower colleagues with her positivity and passion for innovation. Linn relishes the ongoing challenge to find new ways to meet the needs of her customers, and strives to forge ever stronger relationships with partner businesses. Prior to joining Axis, Linn held senior sales and account management roles within the construction industry.

Only 8% of global tech workers have significant cloud-related skills

960 640 Stuart O'Brien

75% of tech leaders say they’re building all new products and features in the cloud moving forward, but only 8% of technologists have significant cloud-related skills and experience. Additionally, 64% say that they are new to cloud learning and are looking to build basic cloud fluency.

That’s according to Pluralsight’s 2022 State of Cloud Report, which compiles survey results from more than 1,000 technologists and leaders in the United States, Europe, Australia, and India on the most current trends and challenges in cloud strategy and learning.

According to McKinsey, cloud adoption is crucial to an organisation’s success, with more than 1 trillion dollars in potential earnings in the cloud up for grabs across Fortune 500 companies by 2030. Yet, cloud skills gaps exist for many technologists today. Pluralsight’s 2022 State of Upskilling Report, released earlier this year, found that 39% of respondents ranked cloud computing as a top personal skills gap.

“As organisations begin making heavier investments into the cloud, they must dedicate resources and time to ensure their technologists are up to the task of cloud transformation,” said Drew Firment, VP of Enterprise Strategies at Pluralsight. “Findings from our State of Cloud Report show that most technologists only have a basic familiarity with cloud technologies. Tech leaders need a cloud strategy that provides confidence and predictability in their ability to build cloud maturity at scale and that starts with ensuring they can upskill their teams on cloud technologies.”

The State of Organisational Cloud Maturity

Pluralsight’s State of Cloud Report gathered data on organisational cloud maturity and cloud strategy. Nearly half (48%) of organisations rate themselves as having high levels of cloud maturity, while only 7% of organisations have made no investments into the cloud. The study also revealed that technology companies are more likely than any other sector to rate themselves as having a high level of cloud maturity.

There are many different ways that organisations can drive towards cloud maturity. In the survey, 45% of organisations say they design cloud strategies for speed and business value. Additionally, 39% of organizations are working to optimise for cloud-native with containers and serverless, and 38% of organizations enable hybrid architectures with distributed cloud.

Security is a top challenge to levelling up cloud maturity, regardless of the organization’s current level of maturity with 45% of organisations saying that security and compliance concerns are the number one cloud maturity challenge.

Key Trends in Cloud Learning

As the data from this report suggests, most technologists are new to their cloud learning journeys. Twenty percent of technologists report having skills gaps in fundamental cloud fluency.

For technologists, the top personal cloud skills gaps are:

  • Cloud security (40%)
  • Networking (37%)
  • Data (31%)

Additionally, there are a variety of barriers that technologists encounter when trying to upskill in the cloud. These barriers include:

  • Budget constraints (43%)
  • Being too busy/lacking time for upskilling (38%)
  • Employers emphasise hiring rather than upskilling (32%)

This data shows that employers’ willingness to dedicate resources for cloud upskilling greatly affects the cloud-readiness of their organization.

Despite these sometimes limited upskilling resources, technologists are still finding ways to engage with cloud learning. Sixty-eight percent of technologists dedicate time at least once per week to technology upskilling. For those upskilling in the cloud, 62% find hands-on or practical exercises, such as cloud labs and sandboxes, to be the most effective way to learn cloud skills. Forty-eight percent of technologists use online tech skills development platforms to learn cloud skills.

Disconnect Between Cloud Technologists and Business Leaders

Findings of this report reveal a disconnect between organisational and individual cloud maturity. Business leaders reported high confidence in their organisations’ cloud strategies while individual contributors report feeling new to cloud technologies.

Despite employee skills gaps, growing cloud skills internally was not one of the top strategies business leaders used for reaching organizational cloud maturity. Only 37% of organisations use internal cloud upskilling as a key strategy for cloud maturity. However, cloud skills gaps rank as the second largest cloud maturity challenge, with 43% of organizations agreeing that cloud skills gaps in their organizations affect cloud maturity. Challenges arise when trying to balance organizational and individual needs for learning, as individuals desire personal enrichment and career advancement from training (46%), while leaders value outcomes that identify vulnerabilities (30%) and cost optimisation (28%).

In order to achieve cloud goals like higher levels of cloud maturity, increased cloud security, and cost optimization, organisations need to be creators of cloud talent. Cloud technology is fairly ubiquitous, with 46% of leaders overseeing one or more technical teams that work directly with cloud technology. Upskilling cloud proficiency should be a top priority, as most technologists are still new to cloud technology and are looking to improve their fluency.

Pluralsight’s State of Cloud report can be found here.

The four biggest mistakes in IT security governance

960 640 Guest Post

By Atech

Intelligent IT security and endpoint protection tools are critical components of security governance, and the stakes within today’s threat landscape have never been higher.

A lapse in identity protection or zero trust networks could spell financial disaster for a company. We know that attacks are increasing in sophistication and frequency, and in cost with research showing the average cost of a data breach at an eye-watering $4.24 million.

But what about the other end of the spectrum? How can companies identify and rectify issues in their security governance before they become a problem?

#1 Not realising you are a target with less-than-perfect cloud IT security

Many business leaders using cloud data storage mistakenly believe they are not vulnerable to security breaches from outside attackers. However, this is not the case.

The barriers to entry in becoming a cybercriminal are incredibly low, yet the cost to a brand’s reputation is staggeringly high. Furthermore, fines issued to businesses for not adequately managing customer data are also extremely costly.

Therefore, IT leaders need reliable security governance systems and full visibility over user data, secure identity and access management protocols, encryption, and more.

Businesses can update their IT security playbook by partnering with managed security service providers. By understanding the distinct accreditations that service providers display, solution specialisms can be distinguished from operating procedures, to build a real picture of how the service aligns with your business’ needs. You need to receive timely guidance on the latest cloud security threats and how to mitigate them and how to remediate fast. This can only come with in-near-real-time insights of behaviours and attacks and with the expert support of a security operations centre, carrying an industry recognised accreditation such as CREST.

We outline the biggest mistakes in IT security governance and provide a comprehensive view of today’s cloud security challenges and how best to tackle them as an organisation. Read on to identify the other critical mistakes you could be making.

OPINION: Local authorities shouldn’t be daunted when moving to the cloud

960 640 Stuart O'Brien

Local Authorities are under intense pressure to escalate Digital Transformation strategies while also dramatically reducing IT costs, achieving public sector sustainability goals and extending citizen self-service access to key services. With stretched in-house resources and a widely acknowledged skills shortage, the existing IT team is dedicated to keeping the lights on for as long as possible.

With many councils asking where they can find the time, resources or confidence to advance a cloud-first strategy, Don Valentine, Commercial Director, Absoft outlines five reasons for why embracing ERP in the cloud right now will actually solve many of the crisis facing public sector IT…

Unprecedented Challenge

Local Authority IT teams are facing incompatible goals. Is it possible to cut the IT budget by £millions per year over the next five years while also replacing an incredibly extensive legacy infrastructure with an up to the minute cloud based alternative? Or improve operational processes and ramp up citizen self-service while also ensuring stretched staff across departments have constant, uninterrupted access to the information and systems they need to be effective and productive?

With so many stakeholders to satisfy, the future looks daunting. But there are many reasons why Local Authorities should be confident to embrace a cloud-first strategy and the latest ERP solutions.

To read for article, hop on over to our sister site FM Briefing here.

Prepare for Battle in 2022: How hackers and the new world of work are shaping security models

960 640 Guest Post

By Atech

The main challenge in 2022 is data loss prevention (DLP) and it’s clear to see already from vendors’  such as Microsoft’s compelling propositions for compliance solutions. We are moving towards detecting data loss in real time. As we understand more about the human element in breaches and develop smarter controls and human-like detection of anomalies, we have the power to implement solutions that give us eyes and areas across our whole end user organisation. This extends from owned platforms to external platforms such as social media.

For example, organisations can monitor mentions of confidential projects and get notifications and visibility of messages related to it, including scenarios where any data has been shared on social platforms.

This increases the accountability within an organisation, and this is a fundamental shift in the new world of work. Organisations trust end users with a wealth of information, and we are expected to take care of it. We have smarter controls, and the AI behind this is human-like in detecting anomalies. Finding the right balance between security and privacy means that DLP is a key challenge for all business leaders.

Last month, the world saw hackers making thousands of attempts to exploit systems with a flaw in Log4j.

This flaw in Log4j, a Java library for logging error messages in applications, is the most high-profile security vulnerability on the internet right now and comes with a severity score of 10 out of 10. The library is developed by the open-source Apache Software Foundation and is a key Java-logging framework.

It is widely used in many applications and is present in many services as a dependency. This includes enterprise applications, including custom applications developed within an organisation, as well as numerous cloud services.

An application is vulnerable if it consumes untrusted user input and passes this to a vulnerable version of the Log4j logging library.

Read on about what Atech is doing to protect its customers, including the favourite weapons our team take to battle.

Are you still worried about your security posture? Reach out to and we will help you to implement military-grade security in your business.

Cloud applications put your data at risk — Here’s how to regain control

961 639 Guest Post

By Yaki Faitelson, Co-Founder and CEO of Varonis

Cloud applications boost productivity and ease collaboration. But when it comes to keeping your organisation safe from cyberattacks, they’re also a big, growing risk.

Your data is in more places than ever before. It lives in sanctioned data stores on premises and in the cloud, in online collaboration platforms like Microsoft 365 and in software-as-a-service (SaaS) applications like Salesforce.

This digital transformation means traditional security focused on shoring up perimeter defenses and protecting endpoints (e.g., phones and laptops) can leave your company dangerously exposed. When you have hundreds or thousands of endpoints accessing enterprise data virtually anywhere, your perimeter is difficult to define and harder to watch. If a cyberattack hits your company, an attacker could use just one endpoint as a gateway to access vast amounts of enterprise data.

Businesses rely on dozens of SaaS applications — and these apps can house some of your organisation’s most valuable data. Unfortunately, gaining visibility into these applications can be challenging. As a result, we see several types of risk accumulating more quickly than executives often realise.

Three SaaS Security Risks To Discuss With Your IT Team Right Now

Unprotected sensitive data. SaaS applications make collaboration faster and easier by giving more power to end users. They can share data with other employees and external business partners without IT’s help. With productivity gains, we, unfortunately, see added risk and complexity.

On average, employees can access millions of files (even sensitive ones) that aren’t relevant to their jobs. The damage that an attacker could do using just one person’s compromised credentials — without doing anything sophisticated — is tremendous.

With cloud apps and services, the application’s infrastructure is secured by the provider, but data protection is up to you. Most organisations can’t tell you where their sensitive data lives, who has access to it or who is using it, and SaaS applications are becoming a problematic blind spot for CISOs.

Let’s look at an example. Salesforce holds critical data — from customer lists to pricing information and sales opportunities. It’s a goldmine for attackers. Salesforce does a lot to secure its software, but ultimately, it’s the customer’s responsibility to secure the data housed inside it. Most companies wouldn’t know if someone accessed an abnormal number of account records before leaving to work for a competitor.

Cloud misconfigurations. SaaS application providers add new functionality to their applications all the time. With so much new functionality, administrators have a lot to keep up with and many settings to learn about. If your configurations aren’t perfect, however, you can open your applications — and data — to risk. And not just to anyone in your organisation but to anyone on the internet.

It only takes one misconfiguration to expose sensitive data. As the CEO of a company that has helped businesses identify misconfigured Salesforce Communities (websites that allow Salesforce customers to connect with and collaborate with their partners and customers), I’ve seen firsthand how, if not set up correctly, these Communities can also let malicious actors access customer lists, support cases, employee email addresses and more sensitive information.

App interconnectivity risk. SaaS applications are more valuable when they’re interconnected. For example, many organisations connect Salesforce to their email and calendaring system to automatically log customer communication and meetings. Application program interfaces (APIs) allow SaaS apps to connect and access each other’s information.

While APIs help companies get more value from their SaaS applications, they also increase risk. If an attacker gains access to one service, they can use these APIs to move laterally and access other cloud services.

Balancing Productivity And Security In The Cloud

When it comes to cloud applications and services, you must balance the tension between productivity and security. Think of it as a broad, interconnected attack surface that can be compromised in new ways. The perimeter we used to defend has disappeared. Endpoints are access points.

Now consider what you’re up against. Cybercrime — whether it’s malicious insiders or external actors — is omnipresent. If you store sensitive data, someone wants to steal it. Tactics created by state actors have spilled over into the criminal realm, and cryptocurrency continues to motivate attackers to hold data for ransom.

Defending against attacks on your data in the cloud demands a different approach. It’s time for cybersecurity to focus relentlessly on protecting data.

Data protection starts with understanding your digital assets and knowing what’s important. I’ve met with large companies that guess between 5-10% of their data is critical. When ransomware hits, however, somehow all of it becomes critical, and many times they end up paying.

Next, you must understand and reduce your SaaS blast radius — what an attacker can access with a compromised account or system.

An attacker’s job is much easier if they only need to compromise one account to get access to your sensitive data. Do everything you can to limit access to important and sensitive data so that employees can only access what they need to do their jobs. This is one of the best defenses, if not the best defense against data-related attacks like ransomware.

Once you’ve locked down critical data, monitor and profile usage so you can alert on abuse and investigate quickly. Attackers are more likely to trigger alarms if they have to jump through more hoops to access sensitive data.

If you can’t visualize your cloud data risk or know when an attack could be underway, you’re flying blind.

If you can find and lock down important data in cloud applications, monitor how it’s used and detect abuse, you can solve the lion’s share of the problem.

This is the essence of zero trust— restrict and monitor access, because no account or device should be implicitly trusted, no matter where they are or who they say they are. This makes even more sense in the cloud, where users and devices — each one a gateway to your critical information — are everywhere.

This article first appeared on Forbes.


Co-Founder and CEO of Varonis, responsible for leading the management, strategic direction, and execution of the company.