Written by Richard Forrest, Company Secretary, SSP Business Continuity Sponsor – a customer’s perspective on Daisy services…

The Background

SSP is a leading global supplier of technology systems and services to the insurance industry. With more than 35 years of industry experience, and with a highly-motivated, experienced and talented workforce comprising more than 700 employees, we help shape the industry by enabling insurers, brokers and financial advisers to serve their clients more efficiently.

The Challenge

Over recent years, SSP’s operating model has significantly increased in complexity and the associated risk and impact profiles has also changed dramatically. Our business continuity management system needed an overhaul if it was to keep pace with our risk appetite, and the demands of our stakeholders. We decided to upgrade our business continuity management system to support the evolving requirements of our investors, our strategic objectives, our risk landscape and our customer base.

As an existing customer of Daisy’s business continuity and maintenance services, we approached our Daisy account manager to discuss the ways in which Daisy’s Business Continuity offerings could help us operate a robust, intelligent management system that would give us increased continuity competence and resilience across a growing organisation. We needed to increase our ability to respond successfully to disruptive incidents, as well as assuring ourselves and our stakeholders that we understood our operating model within our threat landscape. We also needed to know if we had sufficient controls in place to continue our business, to protect our customers’ businesses and to minimise the likelihood and impact of disruptions. And for competitive advantage we required demonstrable certification of management to international standards (ISO 22301).

Daisy met with us at our offices in Solihull and listened to the challenges we faced in relation to business resiliency. Over a period of time we had tried to put in place a business continuity system, however, without the luxury of dedicated resources this was problematic with key staff always being re-focussed onto more immediate priorities. Lack of consistent resource availability and experience in business continuity planning meant that results were inconsistent across the business and keeping things properly up to date was a real headache. Daisy consultants, using their Business Continuity as a Service (BCaaS) model, put together an initial scope of works which broke down the necessary activities so that with input from SSP, a programme of works could be developed.  This was further refined to balance requirements with budget and to create a fixed scope of service with a fixed price.

The Solution

We chose Daisy’s BCaaS solution which included design and implementation of an economical business continuity management system tailored to our strategic objectives and risk appetite. Owned and steered by us, the management system would be administered and improved by Daisy’s industry-leading consultancy team. This service also utilises Daisy’s business continuity software “Shadow-Planner” in two main ways. Firstly the mobile app would put key responder guidance available on our mobile phones and within reach at time of need, and secondly the Shadow-Planner management tool would be used to gather and analyse risk and continuity data, and to track and monitor the business continuity management system (BCMS) and its outputs against our strategic risks and objectives.

The Result

Most recently, the BCMS proved its worth in early 2020 in response to the COVID-19 pandemic, when we used our well-rehearsed command, control and communications framework and our BC intelligence to implement staff relocation and work transfer strategies to keep our business going despite denial of access to buildings and absences of staff caused by lockdowns in all of the territories in which we operate. We’re quite proud that we achieved it within 72 hours of the point of invocation. Earlier continuity risk analysis generated by the Daisy-administered BCMS had already allowed us to boost our command, control and communications capabilities and showed where we needed a range of mitigations for our risk scenarios of concern. Subsequently we used our BCMS and risk management system to put those mitigations in place, so when COVID-19 hit we were already ready to deploy a number of the necessary strategies.

Thanks to the structures, strategies and plans developed jointly over the last few years by SSP and Daisy and specifically our BCMS, we have successfully expedited responses to a number of other disruptions. Training and rehearsals have prepared our teams to more confidently take command and control of incident responses and to make faster and better-informed decisions so the outcomes of our real or rehearsed incident responses are improving.  Daisy’s Shadow-Planner mobile app has helped responders to access the guidance and contact details they need in the immediate term, and we’re now looking to extend its use by making technical recovery guidance and contacts available via the app too.

But it is the repeating lifecycle of BCMS activities that keeps awareness of threats and vulnerabilities on the management agenda and works to embed key management principles into SSP’s DNA. We saw immediate value during the first lifecycle as Daisy worked with us to standardise the approach to continuity risk management across our changing organisation. Standardisation allowed us a more consistent analysis of continuity risks and impacts and to access, leverage and spread responder and continuity expertise across the whole organisation. Daisy’s Shadow-Planner administration software does most of the administration for programme scheduling, document control and number crunching so our BC budget and people are released to focus on preparedness.  As a result, we have increased our control of continuity risks and improved our conversations about it. These conversations have matured over time and now form part of wider conversations about, for example, emergency preparedness, command, control and communications, crisis management, disaster recovery and risk management. Daisy’s promotion of group-wide understanding of these wider disciplines has improved our adoption of key principles of organisational resilience into our daily thinking, and we believe Daisy’s management systems approach has provided us with demonstrable improvement of our system, competence and capability to meet international standards (ISO 22301).

Banking & Finance: Addressing Four Business Challenges – [Infographic]

How to address the four biggest challenges of the finance sector so that when customers say “jump”, you’ll have already landed.

The finance sector is digitising at an astronomical pace, with a bewildering array of systems and software to help you differentiate your business, respond to snowballing regulation, stay productive and attract the right talent.
Continue reading “Banking & Finance: Addressing Four Business Challenges – [Infographic]”

Daisy’s CloudBridge Portal | Cloud Management Made Simple

The simple way to manage your cloud estate

Check out our 60 second video and find out how CloudBridge portal can save you time and give you the visibility and control you need to easily manage your cloud estate.

Manage your cloud services from a single dashboard

With the Daisy CloudBridge Portal, you can easily control your cloud estate from a single dashboard. Add Microsoft 365 licences, allocate them to users, view event logs, analyse billing and reporting, view usage of compute, storage, and network, plus get complete cost visibility including forecasts giving you a view into the future.

Self-serve Microsoft 365 subscriptions at the click of a button

No more requests and time spent waiting for Microsoft 365 subscriptions. With the Daisy CloudBridge Portal, you can add licences in just a few clicks with complete cost visibility, and quickly assign them to users.

Easily add and subtract users and simply allocate licences to each user

You can add users to Microsoft 365 quickly and easily, saving you time and making you more efficient and productive.

View event logs including user history, subscriptions information and subscription changes

View a historical list of events and approval requests, so you are never in the dark and always have an unrestricted view of what’s going on in your cloud estate.

Manage Azure subscriptions and usage

View your Azure usage, costs and reporting as well as all of your subscriptions and users.

Take control with complete cost visibility

The Cloudbridge Portal offers you complete transparency and visibility of your costs. View and export all of your invoices, billing and reporting from one easy to manage location.

View billing and reporting for each service

Dive into each service area for a more granular look at the billing and reporting for each service

View usage of compute, storage, and virtual network

You can easily stay on top of compute, storage, and network to ensure everything runs smoothly and there are no nasty surprises.

See into the future. Forecast future usage and costs

Use predictive forecasting to see into the future to help you make informed decisions without any guesswork.

To find out more about CloudBridge, visit our CloudBridge page or get in touch with one of our cloud experts.

Migrate To Hybrid Cloud [Blog]

Every cloud is unique when you look at them, every one different to its peers. But even in that uniqueness we can group them into types; Stratocumulus. Cirrus. Cumulonimbus and so on. Even more fundamentally, each and every cloud is constructed of water vapour. H2O.

It is the same when you are planning your journey to the cloud. You are unique, your organisation is unique, and your cloud strategy will be too – but that doesn’t mean that you can’t group what you are trying to achieve and distil it down to your fundamental concerns at the same as identifying the benefits and building your business case: organisational agility, productivity, efficiency, scalability and cost-effectiveness.

Every cloud has its silver lining but it is sometimes a little difficult to get it to the mint.

Don Marquis

Don’t think of the uniqueness of your organisation as being a barrier to adopting a cloud strategy – the bespoke nature of hybrid cloud architecture means you won’t be hammering a square peg into a round hole but creating an environment that fits your organisation.

So how do you mint that silver lining of a hybrid cloud strategy?

Which kind of cloud are you?

Firstly, it sounds simple but is often missed, we need to make an inventory of your current state. Identifying all the workloads, your user base and rate of usage for each of these workloads, calculating the cost of compute, storage and networking, defining the security, recovery and continuity needs and finally researching the all legal and compliance implications for these.

Sounds a lot but without this baseline we won’t be able to accurately assess what you have, what you need and what you want to change. Below are some pointers to help evaluate each of these areas and begin to build a picture of your estate.

Sound daunting? Our experts are on hand to help you with as little or as much of this process as you need. Get in touch to find out how we can help.

Make an inventory of workloads

The best place to begin? Making an inventory of all of your organisation’s applications and workflows, such as email systems, finance applications, databases, and CRM systems. Starting from the top and working down.

Next, we determine which workloads are business-critical, whether there is any sensitive data, which of these are prime candidates for public cloud, and which need to be highly available.

It’s a good idea to estimate the effort to move each workload to the cloud and the advantage of doing so; even a simple classification of high effort/low effort, high value/low value will give an idea.

High Effort/High Value Contact Centre High Effort/Low Value Dev/Test
Low Value/High Value Data Warehouse Low Effort/Low Value

Once a birds-eye view of these workloads has been established, the task of planning where each workload should reside becomes easier. This is something your internal teams may want to undertake or we can assist and help produce.

daisy cloudbridge consultation hybrid cloud

Identify User Base & Rate of Usage

Once we have mapped out all of your workloads, their importance to your organisation and where you can gain the most benefit from migrating them to the cloud, the next step is to identify the rate of usage and user base. This is important in order to know how you can go about executing a migration with as little effect on your users and customers as possible as well as what kind of configurations are needed.

Calculate costs

An essential part of any business decision is, of course, costing it out. What kind of level of compute is necessary? How much storage do you need? What are the networking costs? As we know the level of storage required is likely to grow and change, our cloud experts think ahead to minimise future storage costs and other hidden costs that may arise.

Define security & recovery needs

Identify your businesses appetite for risk and requirements to meet industry or customer standards is a vital part of the process; what kind of SLAs need to be in place? What sort of failover and business continuity considerations need to be taken? What are the security implications of the planned migration so far?

With more than 30 years’ experience in business recovery, we have experts on hand to assist with these critical considerations which can have some grey areas and intricacies.

Research legal

Just like for when you are assessing your security and recovery needs, make sure you are aware of the compliance and legal guidelines that your organisation must adhere to. What about future considerations? Getting all information available together at this stage is vital for planning your next steps.

Choose a type of migration

Do you need a platform-as-a-service (PaaS) where the virtual machines (VMs) are configured by the service provider? Or is this something you can do in-house with infrastructure-as-a-service (IaaS)?

What about considerations like rolling back from Public Cloud? Is there a path back? Make sure you have a strategy that includes optional paths in the future means that you won’t ever paint yourself into a proverbial corner.

Got some silver already?

If you are already utilising a hybrid cloud architecture and are interested in changing things up, this may still help. If not, get in touch with one of our cloud experts and we can talk through your requirements and advise you on the optimal path and how we can help.

Thinking of starting your cloud journey, or just need advice on your current cloud architecture? Get in touch today with one of our experts, and we can help talk through your requirements.

Digital Customer Experience (CX) in Financial Services

Mitel’s Head of Financial Services discusses how a solid CX strategy can drive revenue.

A solid customer experience (CX) strategy will not only ensure that customer expectations are exceeded in the digital era, but will also improve business processes and drive revenue.  In today’s environment, where customers are demanding even more from digital platforms, a superior digital customer experience is a must if you want to maintain a competitive edge.
Continue reading “Digital Customer Experience (CX) in Financial Services”

CX Whitepaper | Delivering a Digital Customer Experience (CX) for Today’s Mobile Consumer [Whitepaper]

In this customer experience white paper, we discuss the digital customer experience (CX) and how it has shifted from a “nice to have” to an essential service.

More than ever, customer experience (CX) is shaped and delivered through digital interactions. While the majority of customer communications are still voice-based, consumers now rely more heavily on digital methods, such as email, SMS, web chat and social media. They expect the flexibility to interact through the medium of their choice, wherever they are. And, they expect to be able to switch between one medium and another while they are on the move.

The latest market research puts this reality into perspective. 9 out of 10 consumers want absolute omnichannel service – they expect a seamless experience when moving from one communication method to another, such as phone to text or chat to phone. 57% of customers would rather contact companies via digital media such as email or social media rather than use voice-based customer support. At the same time, consumers are now empowered by social media. Over one third of the world’s population has active social accounts. These consumers are comfortable posting their opinions and observations about their experiences on social media. In this environment, a negative customer service story can easily go viral.

This whitepaper provides more stats like this, discusses the digital customer experience and how it has shifted from a “nice to have” offering to an essential service, before providing an overview of the digital expectations and habits of today’s consumer and offers practical next steps for transforming customer experience from dated to digital.

Guest Blog: The Biggest Threat to Security

Aruba’s Security Sales Specialist Richard Leadbetter discusses the role of security across wired and wireless networks.

Regardless of the changing types of attacks, one consistent threat regularly hits the top spot; people. The human factor all too readily providing misplaced trust and casual clicks that lead to media fanned disaster. It’s a valid concern but the problem I’m seeing rise the fastest is the worrying lack of trained cybersecurity staff to help businesses protect themselves, and to respond when things go wrong.
Continue reading “Guest Blog: The Biggest Threat to Security”

Digital Customer Experience (CX) in Financial Services [Whitepaper]

How financial services organisations can maintain a competitive edge.

Financial services institutions must have a solid customer experience (CX) strategy if they want to maintain a competitive edge. This will not only ensure that customer expectations are exceeding in today’s tech-driven world, but will also improve business processes and drive revenue.

Download your free copy of this whitepaper to learn:

  • How you can better personalise your customers’ experience
  • How to keep up with regulatory compliance
  • About the latest demands in automation and AI in contact centres
  • How to integrate a mobile workforce and greater collaboration

Enabling Mobility in a Highly-Regulated Environment

Head of Product Richard Beeston looks at IT challenges within the financial services sector.

Working environments have changed. The days of desktop PCs hardwired into dedicated network ports are moving away from many workplaces. More and more people and employers are moving towards mobile devices and flexible working locations. While this can often greatly increase employee satisfaction and productivity, it can open up new challenges for a company’s IT and security teams – especially in regulated industries such as the financial services sector.

Wireless networking has long been the enabler for the move to mobility. Many years ago it was often the privilege of the exec team to have WiFi devices, but now these devices are ubiquitous and expected. Visitors to offices also expect connectivity so they can conduct meetings, send emails and do business while they are there. This simple-use case kicks off the conversation about the network and its security. From an IT perspective, would we really want guest/visitors devices on the same network as our staff, our devices, our printers and servers? No of course not, we don’t know the visitors’ device, whether it’s safe, what it’s going to do and how it’s going to do it. So we need to separate them.

But how?

Firstly, we need to think about network design and probably give guests a separate network to join when they connect to WiFi. Next, we need to think about how these devices connect. We could have a shared key that’s given out by reception when the guests arrive. If that’s a shared key though, that won’t allow us to track individuals. Giving each guest a key is feasible but puts a burden on staff to create and hand out keys.

Introducing Aruba ClearPass

The logical answer is to use a self-service guest portal such as the one that can be created with Aruba ClearPass. With this tool, guests can be enrolled onto a network via a registration/login process, their traffic can be encrypted and policies can be enforced to make sure they can only do what they are supposed to do. All this activity is fully-auditable for compliance purposes and can be set up well in advance of an actual guest joining the network.

The same methods can be applied to employee devices as well. ClearPass can be used to identify specific device types on your network and apply policies to them. This can be used for guest, employee and IoT devices alike. In the case of employee devices, ClearPass can be used to authenticate the users’ device on the network and based on the users’ privileges give the user and their devices access to specific resources.

For instance, all authenticated employees may be granted access to printers, however, only finance employees are given access to the finance system. This allows for a much greater level of reporting and segmentation on the network. Other functions can also be performed on a device that really lends themselves to regulated environments.

For example, we may deploy a policy that states devices that don’t have encrypted storage won’t be allowed on the network, USB storage can be disabled automatically and patches and fixes enforced. Devices can undergo automatic remediation or quarantine based on your security posture to ensure your compliance policies are enforced across the network.

It’s often the case that organisations believe that wired connections are more secure than wireless connections. This is not the case though. There are often very limited security policies on wired networks and it’s very easy for unwanted devices to be plugged into the network. These devices may result in a compromise to network security. By employing ClearPass and its OnConnect feature, wired devices can easily be categorised and dealt with against specific policies.

For example, an unknown device can automatically be quarantined on the network, while a known device can be authenticated against its device profile. The ClearPass solution along with the Aruba Introspect technology fingerprints network activity allowing for a much more detailed description of what’s happening on the network. This can help quickly identify any security issues and provide a further audit trail which is important in a regulated environment.

Aruba ClearPass supports industry standards and works in multi-vendor architectures, meaning that you don’t have to replace everything and start again.

Written by Richard Beeston – Head of Product at Daisy Corporate Services.