Networking: Trust Issues, Insecurity and How to Fix It All [Blog]

Product Manager Steve Burden gives practical, straightforward ways on how to keep your networks, your employees and your relationships with both on track.

67% of all cyber breaches involve credential theft, phishing, social engineering, or business email compromise[1]. Users are often the weak link in an otherwise secure environment; the unpredictable bull in the china shop of your security layer and this often creates an air of mistrust, which can sometimes lead to strained relationships between you and your employees.

But it isn’t their fault. They are fighting an uphill battle where they must perform every action relating to cybersecurity perfectly. It takes only one mistake to fall victim to a phishing attack, click on a link containing malware, or use the same credentials for multiple sites. This makes your organisation vulnerable to cyberattacks which completely bypass your expensive next-generation firewalls with complex policy configuration.

Training is important (and in fact is one of our main recommendations). However, deploying technology which complements human capabilities and bypasses human error is the most crucial step towards securing the workplace. There is no bad time to re-evaluate your end-user security technology stack but with today’s prevalence of homeworking and the increase in cloud apps, now is arguably a better time than ever.

Five key cybersecurity considerations:

Verify before you trust

Vulnerabilities can lie undetected for months – sometimes years.  Once one is discovered, attackers are quick to act before vulnerable end points are patched. Just because something is up to date today doesn’t mean it can’t be vulnerable tomorrow, and that means constant vigilance is paramount when dealing with end point security. Taking a zero-trust approach to security with technology such as Cisco Duo can help ensure every user and their device is properly authenticated and posture is assessed before accessing the network or applications.

Leverage the cloud

With more and more users working remotely, network-based security can only go so far. Protecting users as they roam, or even those working semi-permanently from home given recent events, is just as important as protecting them whilst they are in the office. Cloud-based solutions such as Cisco Umbrella make this easy, as well as allowing you to scale the solution up and down easily as requirements change, and protect users while they are on the move or on the sofa at home.

Train your staff

People make mistakes, we know this. However, it is pragmatic to provide regular and varied cybersecurity training to ensure these mistakes are minimised wherever possible. Make sure your users understand important preventative measures such as not reusing passwords, what not to share on social media and how to spot a phishing or malware website or email.

Don’t rely on passwords alone

The prevalence of credential theft and phishing shows the importance of not relying on password authentication alone and instead using multi-factor authentication (MFA) technology such as Cisco Duo. MFA requires multiple types of credentials before allowing access to a system – whether that is the remote access VPN or a particular application. Frequent additional authentication methods can include text message, hardware-based tokens (such as RSA keychains), or, as is now more frequently used, an application on a mobile phone.

Block the attack, not the consequences

It is significantly easier to prevent a cyberattack by stopping the payload rather than attempting to stop the result. For example, preventing an email with a phishing link from being delivered is more effective than relying on the user to identify a phishing attempt. And denying web traffic requests based on their reputation and content is more effective than relying on antivirus software to prevent a subsequent malware install. Cloud-based web security technology such as Cisco Umbrella, can provide a first line of defence in stopping threats as close to the source as possible.

How can Daisy help?

Daisy has many years’ experience in providing security technologies, with a longstanding partnership and accreditations with Cisco – as well as many others. If you know the solution you require, we can help scope and design it, before deploying and managing it on an ongoing basis. Alternatively, our Security Health Check is available to review your current cybersecurity policies and technologies, providing recommendations on which areas require the most attention. Please contact one of our security experts to find out more.

 

[1] Verizon 2020 Data Breach Investigations Report

If We Can’t Embrace Each Other, Let’s Get On With Embracing The Cloud

Can the lessons learnt from this year be used as foundations to build a better, more digitised future?

Many public sector organisations are still, despite some pretty encouraging steps in the right direction, hugely reliant on legacy solutions and processes –  even though most are aware of the benefits digitisation can bring. Now that isn’t just an assumption, in UKCloud’s 2020 survey, 87% of participants agree that they’d move all of their IT systems to the cloud IF the perfect solution existed. But what does perfect even look like?
Continue reading “If We Can’t Embrace Each Other, Let’s Get On With Embracing The Cloud”

Cloud-Managed Networking FAQs

Cloud Networking FAQs

Your ten most frequently asked questions about cloud networking – answered!

According to research from IDC1, more than 60% of organisations expect at least half of their infrastructure to be cloud-based by the end of this year. Undoubtedly, the driver behind this is that organisations are under more and more pressure to meet the demand for always-on connectivity and outstanding user experience, while being able to garner greater insights and control over user behaviour.

So what is the answer to this increasing demand for cloud-based infrastructure? Well, cloud networking can help turn this challenge into an opportunity for your organisation – but what exactly is cloud networking, and why should your business consider it as a means of managing its infrastructure?

We answer this and more below.

Cloud networking is a way of managing and controlling wired and wireless networks through a management platform based in the cloud. By taking advantage of the simplicity and scalability that the cloud offers, it makes it easy to manage all your network operations, users, devices, and distributed sites quickly and securely from one central place. This means you get total visibility over deployment, management, monitoring and diagnosis of issues on a network, which makes networking as flexible and effortless as possible.

If you’re weighing up the cloud options available to your organisation, it’s worth keeping in mind that not all cloud architectures are created equal. Cloud options should be evaluated using certain criteria; most importantly, make sure that the cloud-managed network isn’t dependent on a single cloud-hosting architecture because this can inhibit innovation and velocity, and make sure it’s available via different cloud hosting providers. All three of the major trusted cloud providers (Amazon, Google, and Microsoft) should be supported as a minimum.

One of the benefits of ExtremeCloud™ IQ is that we offer flexible deployment options with the choice of public, private, local and even hybrid cloud options. You can seamlessly change deployment models as requirements evolve, and the features and functionality remain the same between options. Built on a 4th generation platform, ExtremeCloud™ IQ is fully-operationalised to run on Amazon Web Services, Google Cloud Platform, and Microsoft Azure.

Many organisations are turning to the cloud for a simplified way to manage and optimise their network. Utilising the scale and flexibility of cloud networking and its ability to massively scale provides a highly robust and centralised way to perform day-to-day network lifecycle operations.  Couple this with the vast data pool that is gathered globally daily, then the ability to perform network insights, analytics and dynamic actions based on machine learning (ML) and artificial intelligence (AI) become incredibly viable. ExtremeCloud™ IQ leads the industry in this.

Using a cloud-based networking solution that automatically recognises and provisions new sites will ensure the quick and seamless setup of multiple remote or branch office sites. ExtremeCloud™ IQ, for example, allows you to manage multiple locations from one centralised management dashboard, and allows you to give control of certain things to remote sites while ensuring ultimate control of the network is retained within IT.

ExtremeCloud™ IQ offers unprecedented cloud choice and it is the industry’s most flexible deployment model and unlimited data source. Built with ML and AI to assist in collecting data to build, secure, and maintain agile distributed networks, ExtremeCloud™ IQ is the only 4th generation cloud platform on the market today. Extreme’s unlimited data offering sets a new standard for access to cloud data and insights that is unmatched in the industry.

Due to the containerised structure of the software architecture, ExtremeCloud™ IQ has maintained a no-nines uptime, which means it has met an operational state of 100% uptime and has not failed in the last year (zero downtime). Also due to its 4th generation architecture, ExtremeCloud™ IQ provides 11 nines of Data Durability.

Despite the various benefits and advantages that cloud networking brings to organisations, cloud security is an ongoing concern. Daisy and Extreme Networks take threats to the availability, integrity, and confidentiality of our customers’ information seriously, and ExtremeCloud™ IQ stores no customer personal information. It is also the only cloud networking management platform that is ISO 27001 compliant and adheres to GDPR standards.

It’s important to choose a management solution with flexible hardware and firmware agnostic architecture that can transform with your business — without requiring the purchase of new equipment. ExtremeCloud™ IQ leverages your existing infrastructure and can manage the same access points and switches for both on-premise and cloud deployments to eliminate architecture lock-in and allow you to move from cloud to on-premise (or vice versa) without expensive hardware and software rip-and-replace. This ensures that as your business changes, so can your architecture, but your hardware and firmware won’t have to.

The amount of data travelling over networks is so huge that it has become almost impossible for humans to process, analyse, and act on it. The cloud makes it easy for enterprises to leverage AI and ML capabilities to harness that data and process it faster, smarter, and more efficiently.

ExtremeCloud™ IQ uses AI and ML to automate routine and monotonous tasks, such as configuration, optimisation, and troubleshooting. This gives humans the ability to focus on higher-level projects that require greater intelligence, creativity, and decision-making. By detecting and correcting problems before they manifest themselves to the end-user, ExtremeCloud™ IQ’s AI and ML capabilities can also greatly enhance the end-user experience and reduce the maintenance and troubleshooting burden on IT.

Cloud-managed networks are often easier to deploy and manage than traditional on-premise managed networks, especially when deployed using Zero Touch Provisioning (ZTP). They remove the need for trained IT staff at remote locations, as deployments can be managed from one central location. ExtremeCloud™ IQ has been designed for simplicity, meaning anyone can manage the network from any device in just a few easy steps. ZTP allows devices to automatically locate ExtremeCloud™ IQ, instantly configure and become fully-operational without the need to reconfigure the local infrastructure.

Ask a cloud networking expert

If you have a question about cloud networking that isn’t answered here, or you want to discuss your requirements, please get in touch with one of our experts.

 

1 IDC Research
LAN Management for IT Professionals - Which Solution Is Right For You? [Blog]

LAN Management for IT Professionals – Which Solution Is Right For You? [Blog]

Head of Managed Service Product Management Liz Shaw discusses the benefits of enlisting help from network experts who can ensure your everyday operations run smoothly

So you’re currently running and managing a complex network environment made up of wired and wireless networks for your staff, guests and customers; a network in your data centre and a top layer of network security to keep your data safe. Sound familiar?

Juggling business demands, ever-changing user needs, a complex technical solution delivered within diverse infrastructure, and time-managing your resources is not easy. When things go wrong, or there are big projects on the go such as migrations and upgrades, your valuable time can often be hijacked. You find yourself working on all-encompassing projects, reacting to incidents and worrying about security threats when your time could be better spent on what you do best – driving your business forward. Now considered responsibilities of the modern IT professional, you should be driving digital transformation and improving productivity and efficiency whilst driving down cost.

Maybe you have a break-fix contract? Or maybe your local area network (LAN) is part-managed by a service provider? Whether this is the case or not, here we spell out the benefits of enlisting help from experts to proactively maintain the network for you, and why these benefits outweigh the outdated and productivity-sapping approach of reactive maintenance-only contracts or managing LAN solely in-house.

The challenges with purely reactive services

Basic maintenance services can be limiting. Agreements tend to have little intelligence applied around incident priority as hardware is all lumped together in a ‘one size fits all’ contract. Understanding the impact of a failure is a very reactive process which only takes place once the pain is already being felt by your users.

To maintain the necessary support for your business, you need to have a round-the-clock on-call resource that manages the lifecycle of all incidents at any hour without missing a beat (or getting much sleep), ready to resume business as usual (BAU) tasks the following morning. The pressure is always on to ensure appropriate cover for sickness and holidays too.

But surely there must be an easier way? Here are some additional management models which can overlay your existing break-fix and make you more proactive when managing your LAN:

Customer-led with expert assistance

For mid to large-scale organisations, you may have already built a capable support team who manage your LAN environment in-house. However, that team may occasionally be stretched to support the demands of your business or hit the ceiling of their skillset for a particularly tricky problem.

Daisy’s Essentials level support provides proactive access to LAN subject matter experts who are experienced in a variety of demanding environments. A team of certified engineers are ready to assist your business with remote technical advice for general guidance, help writing a change, or support an integration activity. We also have the highest-accredited cloud and communication specialists to engage and collaborate with too.

Co-managed

For organisations with internal support teams and the same challenges as customer-led models, our Enterprise support has all the advantages of the Essentials level support with the additional benefit of proactive monitoring and event management.

Monitoring gives IT professionals and their teams visibility of the LAN infrastructure to allow a proactive approach to support with reporting on alerts, availability and applications. With Daisy handling your event management you need not stare at a screen 24/7 waiting for something to happen or throw all resources at an issue which ends up being a false alarm. Our remote management centre will proactively monitor your environment and validate all alerts. Once identified as a service-affecting issue or potentially a service-affecting threat, we will notify you.

Fully-managed

Supporting a LAN environment is challenging, and organisations of all shapes and sizes can find themselves in a situation of having little or no internal technical skills or even have a need to focus efforts on tasks which require internal business knowledge.

Our Enterprise Plus offering provides the maximum level of access to Daisy’s support functions including monitoring, incident management, problem management and changes.

Incidents reported either by your service desk or raised by event management will be managed through to resolution with a fixed service-level agreement (SLA). Our highly experienced service desk team fix 80% of tickets at first contact. Where a more complex issue exists, an escalation is quickly made to subject matter experts. A major incident manager will be assigned to coordinate your Priority 1 (P1) incidents for you.

Daisy have got your changes covered. Tasks such as port configuration, firewall rules, service set identifier (SSID) changes, routing protocol changes and even VPN configuration can be implemented via a service request.

You can be safe in the knowledge that your environment is being monitored and managed, allowing you to fully focus efforts on your own business objectives.

So whether you just want to top up your skills on-site, or you want to let LAN experts handle the grunt work for you, there is an option for each and everything in between.

Speak to one of our experts today, and find out how we can help you get the most out of your LAN investment.

Questions You Should Be Asking About the Costs of Cloud Computing – [Blog]

With the rise and rise in cloud computing over the past years, there’s one myth that still prevails: public cloud always saves you money…

And while cost is not the only factor, or even the primary factor, when considering a public cloud migration strategy, research shows that cost is always a concern.
Continue reading “Questions You Should Be Asking About the Costs of Cloud Computing – [Blog]”

What’s Normal Anyway? The Future of Cloud-Driven Networking

What’s Normal Anyway? The Future of Cloud-Driven Networking [Blog]

Director of Product Richard Beeston explores how to get the most visibility and control over your distributed and evolving workforce

The uncertainty around what the future of the workplace will look like creates a significant challenge for IT teams in every industry because they need to be prepared for the unknown. But where there’s change, there is opportunity.

Organisations everywhere will need more control and better insights than ever before to ensure a secure connection for employees wherever they are located. The pandemic-induced working from home trend is expected to last for quite some time, and realistically, there will be no “big bang” where every worker returns to the office at once. Instead, employees will likely come in on staggered shifts, or on alternate days, to limit the number of people in the office at once. Additionally, organisations will need to prepare for a return to homeworking should another outbreak occur.

In a post-COVID environment, the network will be one of the most strategic technology a company has, as it connects workers and devices to applications, other networks and devices, and Internet of Things (IoT) endpoints. We know that the “new normal” is built on even more distributed connectivity, and this requires even greater levels of network control, assurance and insights.

So, what’s the answer?

It should begin with an assessment of the current network to see if it meets new requirements. This means taking a new look at IT hardware, security, services, and total visibility and control of a vastly distributed workforce from a centralised management system. It’s about being able to provide systems and services that enable the ‘work from anywhere’ requirement.

The challenge lies in the fact that most legacy networks are not designed for a world where many workers are accessing corporate resources from the outside. As we see more data, coming from more places, more connected devices, and more cloud-based applications, we deem cloud-driven networking technologies as a fundamental part of this shift in normal practice.

Secure cloud network management

Despite a widespread shift to cloud-based solutions in recent times, we understand security is an ongoing concern. With the frequency and sophistication of cybersecurity attacks on the increase as cybercriminals capitalise on the pandemic, the best cloud networking providers must keep up with the very latest in security standards and in order to stay steps ahead.

That’s where ExtremeCloud™ IQ can help. ExtremeCloud™ IQ is a machine learning (ML) and artificial intelligence (AI) driven cloud management solution, built on a 4th generation cloud platform. It’s the industry’s only ISO27001 certified cloud, supporting both GDPR and CCPA protections, ensuring the highest levels of regulation, compliance, and data privacy. Organisations can rest assured that their customer, employee, and business data is always protected with ExtremeCloud IQ™.

Integrated with Extreme’s end-to-end enterprise networking technology, ExtremeCloud™ IQ assists in collecting data to build, secure, and maintain agile and distributed work environments. Additionally, its RestFUL APIs enables network administrators to take advantage of third-party applications or scripts to provide additional insights.

Contact tracing enablement

As more workers return to the office, organisations must consider ways to track their employees to help prevent the spread of COVID-19 among their workforce. With a cloud solution in place such as ExtremeCloud™ IQ, organisations can enable contact tracing within buildings by delivering useful connectivity and identity data to the appropriate apps. Administrators can easily track where users connected, where they roamed within the facility, and what other devices were connected in those areas at the same time, then feed that data to third-party applications that support contact tracing.

Occupancy management

ExtremeCloud™ IQ can also assist in occupancy management for facilities, human resources, and legal teams tasked with reducing risk reduction via safe social distancing. Administrators can see which areas are most visited and which devices have the most users across various points in the day. The collected data allows third-party applications to alert on excessive levels of occupancy, the volume of traffic over time, no-go zones, violations of directional flows, or notify staff when areas require additional cleaning, for example. ExtremeCloud™ IQ is also the only cloud-based platform that has unlimited data storage so that administrators can go back over a very long history to determine patterns such as seasonal traffic.

IoT monitoring and robotics automation

ExtremeCloud™ IQ offers secure wired and wireless connectivity and simple, safe device onboarding and management. It can assist with connecting IoT sensors and automation tools, and scale-up agile work environments wherever those are needed, as well as pop-up locations, employee’s homes, or additional smaller workplace locations to reduce mass occupancy in a single space. It also helps to manage remote operations for unmanned manufacturing facilities that are using robotics assistance to minimise staff exposure.

Where do we go from here?

The COVID-19 pandemic has highlighted the importance of a strong, secure and versatile network. The new normal will be built on data and the ability to use machine learning (ML) and AI technologies to deliver the insights required for businesses to not only reopen, but to monitor the environment in order to continually protect employees and visitors.

Together, Daisy and Extreme Networks offer the ability to effortlessly and securely connect and support your organisation, your network, and your people with cloud networking, helping you transition your businesses and thrive in a changed world. ExtremeCloud™ IQ creates the ideal conditions for your business to flourish, now and in the future.

Daisy-Corporate-Services-IT-in_Teams

The IT in Teams

Head of Public Sector Sales Andy Riley applauds the NHS’s use of technology at the height of the COVID-19 pandemic.

There are moments in life when either something you’ve waited for or something you’ve predicted actually manifests without you realising. Distracted as we all are by the chaos a certain virus has left in its midst, it’s important to point out when those moments happen – especially when they are moments who provide us with some hope.
Continue reading “The IT in Teams”

IT Resilience: Challenges, Pitfalls and Tips [Podcast]

IT Resilience: Challenges, Pitfalls and Tips [Podcast]

We put David Davies, Business Continuity and IT Resilience Consultant, under the spotlight to answer questions on IT resilience.

IT resilience is not just about achieving ‘always-on’ systems, it’s also about being able to recover quickly and effectively when things go wrong – and it’s a central element of organisational resilience. In this recorded interview, David shares his insight into achieving IT resilience – what challenges need to be overcome, what pitfalls need to be avoided and lots of useful tips to help you get it right.

Listen to the podcast here, or read on for the article

Can you give us a brief overview of IT resilience?

If you think of an organisation’s IT systems such as email, databases and website, IT resilience is all about keeping those IT systems up and running, ideally without failures or interruptions. The ideal state is to never fail, but you also need to have the tried and tested technology in place to recover from IT failure if it does happen.

As an example, let’s say you have a primary data centre which runs all of your email and other business systems. If that fails, and it’s paired with a mirror image at data centre B, this should carry on running your systems seamlessly, if your primary data centre failed.

If both your primary data centre and your mirror image data centre B fail, your IT systems can be recovered from backups at data centre C – a more traditional recovery service.

An IT system that never fails is the ideal scenario but would come with a significant price tag that makes such a solution prohibitive for the majority of organisations. This is why it is important to do a business impact analysis (BIA) to understand exactly what level of downtime your organisation can tolerate, and then look to invest in a solution that delivers that level of resilience.

And it’s not just about buying and installing new technology. It begins with a willingness to understand the organisation and invest in improvement, so this needs support at board level, as part of an overall organisational resilience strategy.

Key Resilience Challenges:

What are the key challenges in IT resilience and how can businesses address them?

The IT resilience capability of many organisations has vastly improved over the last 20 years due to many factors. Disk storage and networking is comparatively much cheaper, which enables movement and storage of large amounts of data, and makes it more affordable to design for duplication of components and networking. Virtualisation technology has made IT systems and data more fluid across the IT estate it is housed in, rather than being stuck on single servers, and therefore much more resilient to equipment failure.  Replication and recovery software is much more sophisticated now.

This is all really good news but it presents some key challenges:

  • IT departments can trust the technology so much they stop planning for failure

This means they stop investing the time and effort into arrangements and knowledge for what to do if there’s a serious IT failure and it needs to be recovered from backups.

  • IT departments can get overly focused on the threat of physical failure

Cyberattack presents a different kind of threat. Going back to our earlier example, if a data centre has a second data centre with a mirror copy of the data, a virus or data corruption is mirrored as well, so the data in both data centres is compromised. The organisation needs to rely on backups stored at the third data centre, and crucially, these need to go back in time far enough, to before the virus or corruption occurred.

  • Does the IT department fully understand their IT environment?

They’ll need to during an IT failure, to know how to recover it.

  • Does the IT department fully understand the resilience and recovery of IT systems provided by suppliers?

Understanding what your suppliers are taking responsibility for and where the responsibility lies with you, for example cloud service providers.

What about resilience in the cloud?

Cloud’s a fantastic thing for performance, agility, and to improve the delivery of IT systems and reduce costs and so on, but ultimately it’s not a standard, or a rubber stamp – it’s a marketing term for remote data centres. I’ve witnessed a worrying complacency among organisations moving to the cloud, that, “it’s the cloud, it will work!”   The reality is that you need to investigate what you are buying and know what’s in the contract with your cloud provider. What would they do in a recovery situation for example, what resilience do they have in place? How would they back up data and recover it – and have they tested it? It’s important to observe tests if you can; at least ask them for test results, policy information and to see their incident management plan. Cloud providers may focus entirely on day-to-day projects, technology uptime and incidents, and not think about “bigger picture” technology outages, such as a complete data centre or site failure – it’s important to identify this mind-set (if it exists at the provider).

Managing Change:

How can businesses better understand their current IT environment, considering constant changes in the sector?

Continual technology improvements mean that IT environments are in a constant state of change to try and keep up. For the IT leadership team, it can feel like they’re forever pushing a piano up the stairs while being expected to play a tune! Each time you make it to the next floor, you realise there are more steps to climb.

Imagine you plan to upgrade to a brand new IT environment and network, but by the time you implement it, it’s not brand new anymore, and there are better options out there. This is frustrating for the IT leadership team, but it also means there’s a whole world of work to be done by the IT department to keep pace with change. Hardware upgrades, software upgrades, security patches, new IT servers and services coming online, old ones being retired. While you have the strategic view of where IT needs to go to take the business forward, there’s also so much maintenance work to be done to keep it running.

It’s a bit like living in a house from a horror film where the rooms and hallways and doors keep rearranging themselves. You can draw a map, but you have to keep redrawing it over and over again. It’s really difficult for IT departments to keep a detailed view of the whole IT estate and how it integrates, but it’s also really important to understand this and keep this up to date.

If you’re responsible for IT in some way in your organisation, whether an analyst, manager or CIO, you should ask yourself, “If it failed now, do I know what I need to do to recover it all and restart it?” If you think you’ll need to start with a whiteboard and sticky notes trying to figure it out at the time, that’s bad news. Instead, be aware that a lot of preparation can be done in advance:

Be prepared for resilience:

  • What are the IT systems and the services they deliver?
  • What are the servers and hardware?
  • What are the recovery interdependencies?
  • What involvement is needed from various IT and end-user teams to recover and validate IT systems?

Answering these questions will help you see where investment is needed to improve resilience.

Resilience and IT project management

Any significant IT change in your organisation will most likely be done through an IT project, such as significant IT system upgrades or new IT services. But, there are key IT resilience pitfalls that can happen with IT project management and it’s important to look out for these, as once the project is completed, it’s unlikely that the operational budget will have the capacity to fix it.

Avoid these pitfalls:

  • Has IT resilience or ITDR testing been allocated in the budget?
    If not, this needs to be escalated to C-level
  • Is ITDR testing limited to an isolated test of the IT service only, not an integrated test?
    If yes, this needs to be escalated to C-level
  • Is the project team asking for your sign-off (i.e. it is not self-certifying)?
    You should give the team a process to self-certify – your involvement is needed to make sure the proper process is being followed, but don’t let them sidestep responsibility
  • Are there promises to fix things in the “phase 2” that hasn’t been planned yet?
    Phase 2 may not happen! – This needs to be escalated to C-level
  • Are business continuity and IT continuity staff involved in strategic decision making?
    Don’t just involve them as an afterthought

Can you give us an overview of the shifting culture of IT usage and how it applies to a business’ expectations of IT resilience?

I’m old enough to remember that in the 1970s and 80s, when computers first made their way into our homes, there was still some sense of wonder and respect attached to them and what they could do.

However, it seems that over time, the better IT gets and the closer it is to our daily lives, the less impressed we are with it, and the more we expect it to do everything for us with minimal effort.

In our personal lives, we’re now all end users, whether it’s of smartphones, gaming consoles, or tablets. I think that as end-users we’ve become a bit spoilt, and expect IT to just work with little thought or effort on our part.

The problem comes when IT professionals take that mentality into work and apply it to the cloud computing IT services that they use, which may be absolutely core to the organisation.

It’s really important for organisations to not just expect cloud computing to work, and to keep questioning and keep challenging.

For example:

  • Read the contract to check exactly what the cloud provider is delivering
  • Make sure you understand the interconnectivity between cloud and all of your other IT systems
  • Make sure you know how your cloud provider manages backup and recovery of the IT systems
  • Find out if failover and recovery processes have been thoroughly tested

If no one in your organisation understands the detail and substance of the resilience of your cloud IT services, what’s going to happen if that goes wrong? Are you blindly trusting your cloud provider?

Remember that cloud is a marketing term, it isn’t itself a quality standard. A supplier might be doing an element of cloud badly, or not be doing enough for IT resilience in their cloud environment – so don’t take the cloud for granted!

Top takeaways

  • Take a step back and think about resilience, not just from a technology perspective but also a wider perspective as part of your organisational resilience
  • Involve continuity professionals in strategic decisions, for example when considering new platforms and technologies
  • Consider: what if something serious happened right now, how would the business recover from it?
  • Be open and transparent about resilience across IT environments, projects and the business
  • Don’t trust “reliable” technology to the extent you don’t plan for backup and recovery (including physical, virtual and cloud solutions)!
  • To achieve resilience you need to manage change effectively – keep your “map” updated

 

About David Davies

David Davies is an award-winning Business Resilience and IT Resilience Consultant at Daisy Corporate Services. He has worked in IT resilience and recovery for more than 20 years, starting in a technical role at IBM looking after data backups and testing disaster recovery on very large enterprise systems. David moved on to project management of disaster recovery testing, then left IBM to work in business continuity consultancy over the last 14 years. In that time, David has worked with more than 150 organisations as a resilience consultant, some medium-sized but the vast majority being enterprise-sized organisations.

 

Hybrid Cloud: The Ultimate Decision Makers Guide

Hybrid Cloud: The Ultimate Guide for Decision Makers [Blog]

Start with this guide.

Wherever you are in your cloud journey, this hybrid cloud ultimate guide helps you and your fellow decision-makers address your business challenges, and get the most out of your cloud infrastructure. We’ve provided structured, jargon-free pros and cons for different hybrid approaches, along with stats, facts and insights designed to chime with the priorities of key executives, from CEO and CFO to sales and operations directors and beyond.
Continue reading “Hybrid Cloud: The Ultimate Guide for Decision Makers [Blog]”