Raconteur On IT Transformation Single

_ 06. October.
2011
ThE NEW vAlUE Of IT

Driving a new Technology innovaTion organisaTion
OVERVIEW Business transformation used to mean technology changing the way people worked. Now people can make the
technology work harder for the way they want to function the machines are no longer in charge, says Guy Clapperton
automate accounts, payroll, customer relationship management, clerical and managerial duties and to gather data for major business decisions with enterprise resource planning systems (ERP). This was excellent as long as a business was willing to work in the way the technology was structured so to take advantage of ERP a company needed to reach the right size then spend the requisite amount of time implementing the system.
Technology has the power to transform business, many companies told us in the 1990s and in the last decade. Theres a refinement to this, though; technology nowadays has the power to enable businesses to transform themselves. Its a small change to a sentence but its a vital one, and one which benefits everybody. A way of explaining this is that in previous decades, technology was a massive help to business. It became possible to
DIffERENT ROOMs
It was a bit like being in a hotel rather than your own home everything would be fine and designed to make your organisation comfortable but there would be that oddity of having to go check in to the whole building, then have a separate key for your bedroom, go into a specific room for dining and handing your key to someone to verify your identity yet again; its fine, were all used to it, but if
you go home then once the key is in the door youre in and you live like you wish. It was similar in business; youd have to work as the computing dictated you could or should. Prior to multitasking youd have to pull out of one program and shut it down before using another, then a little later you could do it all simultaneously but only if you were at a specific computer. This wasnt perceived as a problem because it essentially worked.
It still does, but the difference becomes apparent when a competitor is able to work differently. Technologies such as virtualisation and the cloud have consigned a great deal of that approach to history and freed the business customer to start putting the business need at the centre. An easy
CONTINUED ON pAgE 03
TWITTER.COM/RACONTEURMEDIA
RACONTEUR 01
iT TransformaTion
distributed in
CONTRIBUTORs
Guy Clapperton Guy Clapperton is a freelance journalist, broadcaster and author, specialising in technology and small business issues. He is a regular contributor to Raconteur reports and the author of This is Social Media and The Joy of Work. John lamb John Lamb is an editor and writer with broad knowledge of the IT business, who has edited a number of leading UK titles including Computer Weekly, InformationWeek, Sunday Business ComputerAge, Information Economics Journal, Butler Group Review, Datamation Europe and Ability. Kevin townsend Kevin Townsend is an Oxford University graduate and the original founder of ITsecurity.com. A technology writer for more than 25 years across dozens of publications, he is also author of several early computing books. JessiCa twentyman Jessica Twentyman is an experienced business and technology journalist. Over the last 15 years, she has been a regular contributor to some of the UKs most respected national newspapers and trade magazines, including the Financial Times, the Wall Street Journal, Director magazine and Computer Weekly.
publisher Dominic Rodgers
editor Guy Clapperton
design The Surgery
Your feedback is valued by us. Please send in your opinions to editor@raconteurmedia.co.uk For information about partnering with Raconteur Media please contact Freddie Ossberg: +44 (0)20 7033 2100, fo@raconteurmedia.co.uk, www.raconteurmedia.co.uk
The information contained in this publication has been obtained from sources the proprietors believe to be correct. However, no legal liability can be accepted for any errors. No part of this publication may be reproduced withoutthe prior consent of the Publisher. RACONTEUR MEDIA
someone not knowing what someone else is doing on the other side of the world. This happens in business as well, increasingly. As an enterprise goes, someone in the Dubai office is working on something someone in the London office has already solved. In many instances this has been reduced but there are still a lot of pockets of data around an enterprise, which if only they could be gathered and organised would make for a much more efficient company. The structure of data storage is allowing for easier access this sort of buried information, which currently looks like random trivia a piece on information alchemy looks at how buried nuggets of information in an enterprise can turn dormant data into something of value in a working environment.
JaVIER PIERInI
RIsK
CONTINUED fROM fRONT pAgE
example might be the scalable business, which either grows or shrinks depending on demand and might not want to buy X amount of computers and servers which will be used only Y amount of time. Previously if your business had needed scale at a given time you would have needed to buy into it the whole time. In previous Raconteur reports we have referenced the people at Comic Relief who are a classic example; previously they would have needed to buy physical computers and software licenses permanently to cater for a couple of huge peaks at a couple of times during the year. The organisation now virtualises and simply fires up additional servers during the major appeals these just vanish when they arent required.
pEOplE ChANgEs
This means change not only in technology but from the technologists and their colleagues. Elsewhere in this supplement is a discussion on how the relationship between CIO and CFO has evolved; by far the most fruitful of these relationships are the ones in which the CIO is understood to have a strategic role rather than simply that of a costly enabler, because he or she can explain what will now be possible to the business and make it happen. There are still organisations which regard the tech as a drain and the finance as a gate-
keeper and its not clear how theyre going to cope when their competition sees a more fruitful relationship happening. Put simply, both sides need to have the imagination to realise the potential benefits of teaming up with rather than fighting their counterpart. The technologist is precisely the person to say what can happen when a business needs to expand, doesnt want the overhead of more premises but can allow flexible working. A Catch-22, highlighted by one of the interviewees in this supplement, is that this can mean the technology team has to accept change. There is no room for fiefdoms in this new age; the IT team thats used to working on and indeed guarding all of the technology in its business will pass on relatively soon. A hosted solution in the cloud needs different skills to manage and there will be a transitional period in terms of internal politics this wont be popular universally. One it is achieved, though, the IT team and particularly the CIO will find their roles enhanced as innovators rather than as an in-house supplier. The implications for their own motivation are vast, even if we leave aside the enormous scope for productivity and lower cost growth a business can find with this new model.
KEEp CAlM AND CARRy ON
Disaster recovery also becomes easier; in this supplement we talk to a financial services company which has a near real-time backup of its work in a second building, so
if theres a problem the workforce is able to get up, walk into the other premises and continue as they were before. Not every business will be able to go this far but to have spoken to someone whose business was about to grind to a halt and simply instructed his team to walk down the road is quite something (then the power came back on otherwise the story would have been perfect!) If a company cant run to a separate building and thats quite an overhead to take on it can take on a mirrored infrastructure hosted by someone else, and have it running in real time so it can be restored or worked on as the real system in the event of a failure. Clearly there are implications for the partners someone chooses to work with as a result of these changes. The business a company chooses as its hosting partner or virtualised real-time backup has to be the most trustworthy company imaginable. It needs to be ultra-reliable and its data protection policies need to be scrupulous. The old idea of outsourcing to anyone overseas to save money will work only if overseas understands the UKs Data Protection Act (DPA) completely and can understand all of its strictures and restrictions (and will therefore turn down certain business because of data jurisdictions). The onus is on the data handler typically the business looking to virtualise or otherwise have its information hosted to ensure this
is the case. The IT department will now have to understand, for example, the Patriot Act in the US, which gives the Authorities carte blanche on access to stored information something which clashes directly with the DPA.
Changes: a business can work better because technology can run the way it requires, not the way the technology designers decide
WhERE DO yOU WORK?
Workplaces are changing as a result of all this and elsewhere we examine how. In fact we challenge the existence of a fixed workplace any longer (for what its worth this article youre reading is being finished off in a hotel lobby in Amsterdam but it doesnt matter, on the Internet this is a work-
The cio is no longer just the enabler but the person who explains what is possible for a business and how to make it happen
place for the moment!) but argue that its being outmoded and replaced by a workspace which has different aspects to manage. Certainly the colleagues working in remote environments will need a whole different set of skills from their managers if they are to remain productive. Science is full of stories of discoveries happening in labs which could have happened earlier but for
It would be glib to say there are no new risks attached to this new scenario. Hackers and other miscreants have been quick to adapt to the way people are working so there is an analysis of the developing risk scenario and how a number of companies are working their way around it. New risks have been measured and as always where security is concerned its not purely a matter of technology; colleagues need careful management and they need to be informed that the nature of the threats their business face have changed. Last years security education needs an update so that the human side can keep pace, and in this supplement we explore some of the changing nature of corporate threat the new technology has uncovered. Overall, though, the change in the nature of technology is to put the business owner and manager back in charge of an organisation. Scalability, the ability to be flexible as to location because cloud computing allows for remote workers to behave as if they were in the office, having large business applications hosted for smaller installations, all of these things help businesses to focus on where their imagination says they could be rather than where a computer builder says they have to remain constrained. It starts by bringing the technology in line with the core aims of the business and aligning its structures and methods so it serves the enterprise, which no longer has to compromise. Its a whole new means of business transformation and the technology is enabling it rather than forcing it.
RACONTEUR 03
iT TransformaTion
The evolving ThreaT landscape

ThREaT LandscaPE The move into the cloud and into other
transformational technologies hasnt eliminated any technological threat but shifted it. Kevin Townsend talks to some experts about the new risks
If we look at security today there is one conclusion we simply cannot avoid: it is not working. Despite the $20bn invested in IT security in 2010, the cost of cyber crime to the UK economy alone is estimated to be 27bn per annum according to Detica figures. We need to understand what is going wrong in order to reverse this. And to understand that, we need to examine the evolving threat landscape. It is tempting to blame the emergence of the advanced persistent threat (APT), a highly targeted, sophisticated attack aimed at large corporates. Hardly a week passes without news of a new APT attack on a household name: Google, Sony, Nintendo, RSA, Mitsubishi. And it
is easy to support this idea with current statistics. FireEye divides current threats into two primary categories: wide and shallow, and narrow but deep. The first is the traditional approach: a wide net is thrown to catch as many targets as possible; but the actual loss is relatively small. The second is the specifically aimed attack on an individual organisation that goes deeper and steals more the APT. Its a description that is recognised by Deticas Henry Harrison. Of the 27bn annual loss to the UK economy, he comments, 17bn comes from theft of intellectual property and espionage the typical narrow but deep targets of APT attacks. But while we must be aware of
the threat of APT, we should not be diverted by it. The exploits and methodologies used are not new. Only the manner in which they are combined; the targets at which they are aimed; and, it has to be said, the
There are two categories of attack, wide and shallow and narrow but deep
almost military intelligence and precision with which they are controlled, is new. (Its worth noting that APT is a military term first coined by the US Air Force.)
PauL BRadBuRy
15 - 20 word four line pull quote please nis quamet abor aute no bisa vidiorem quo ipsaece somuinter
04 RACONTEUR
iT TransformaTion
INDUsTRy vIEW
27bn
$20bn
INvEsTED IN IT sECURITy IN 2010 EsTIMATED yEARly COsT Of CyBER CRIME TO ThE UK ECONOMy
$17bn
COMEs fROM ThEfT Of INTEllECTUAl pROpERTy AND EspIONAgE
going to a compromised website or opening a poisoned attachment. The malware itself stays ahead of us by rapid and automatic changes designed to defeat, and is successful at defeating, signature-based defences. FireEye points out that 90% of malicious executables and malicious domains change in just a few hours, and that todays criminals are almost 100% successful at breaking into our networks.
Know your enemy and know yourself and you can fight a thousand battles without disaster
(From The Art of War, by General Sun Wu Tzu)
Tackling advanced Persistent Threats means giving up the idea that it is possible to protect everything. This is no longer realistic and security teams need to work with the business and executive team to identify the critical assets and focus on protecting them. This means a fundamental shift from focusing on the perimeter and keeping attackers out to attackers are going to get in, so detect them quickly and minimise the damage. assume that your organisation is already compromised and go from there. Deep knowledge of the threat landscape as it relates to your own organisation must be the cornerstone of your information security strategy. intelligence gathering needs to go beyond researching malware and include monitoring at all layers application, host, network and data, with the ability to associate events from multiple platforms. correlation of events that take place across the environment may detect complex attacks that is, if you know the threats to your own assets. monitoring network traffic requires more than just intrusion detection systems; network-forensics tools can capture and inspect full packets and collect, process and store all activities. visibility into your core infrastructure is critical. it is also well worth revisiting access control: the most sought-after credentials are those of privileged users, so organisations would do well to consider multi-factor authentication while tightening-up least-privilege policy. an organisations greatest vulnerability is its people. social engineering is the key ingredient in todays brand of aPTs, so training the end-user in new and innovative ways may pay great dividends. a novel approach could be to simulate phishing and spearphishing attacks in order to give your employees real-life examples and help them recognise tell-tale signs. finally, government agencies and organisations must work together to overcome their reluctance to share information and, instead, build communities of trust. in todays threat landscape, an organisation cannot afford to sit in isolation and expect to be able to defend itself. The mantra should be to prevent, detect, respond and share.
Successful security should stop APT just as much as it should stop common-or-garden malware. Consider the banking trojan Zeus. Worldwide, RSAs security and fraud expert Uri Rivner said, there are some five million PCs infected with Zeus. Clearly our security defences stop neither wide and shallow nor narrow but deep attacks; and we need to understand the reason. One clue can be found in PricewaterhouseCoopers 2012 Global State of Information Security Survey. A clear majority of [9,600 CEOs, CFOs, CIOs, CISOs, CSOs worldwide], it states, are confident that their organisations information security activities are effective. This is despite the unambiguous empirical evidence to the contrary. The problem is that we are stuck in an old security paradigm when the paradigm itself is changing. We grew up with our servers in the computer room and our users in the same building. The concept of security was simple: we put a barrier around our IT infrastructure to keep the bad things on the outside and the good things on the inside. Since the good things were all in one building it was conceptually simple. And since the technology to achieve this barrier is mature and effective firewalls, anti-malware, intrusion prevention, content filters and since we have all installed this technology, we believe we are secure. It is a false sense of security that leaves us terribly exposed. Comput-
ing is no longer that simple. Cloud computing means that our data could be anywhere. Mobile computing means that our users could be anywhere. Consumerisation means that our access devices could be anything that has internet connectivity. Where now can we effectively place a barrier? Its not impossible, its just different; and were not keeping pace. But all of this pales into comparative insignificance in the face of a major new weakness: us. The rise of social networking combined with the consumerization of devices and mobile computing means that we are as like to socialise at work as we are to work at home. There is no longer even a virtual boundary between work and home.
sEIsMIC shIfT
absolutely central to insulating against the latest threats is a program of continuing staff awareness
The criminal no longer seeks to find a way through our security defences; social engineering has shown him a way round them. The difference with APT is that the criminal will now try to hide his presence and will take his time to find and steal what he wants. Unless we change our approach, and adapt our security to the changing threat landscape, the cost of crime will continue to escalate.
Rashmi Knowles Chief Security Architect EMEA RSA, The Security Division of EMC
There has been a seismic shift in the threat landscape, explains Rivner. The criminals are no longer attacking the IT infrastructure. They are attacking the users. It is social networking that provides the information that allows the criminal to bypass our security defences and get into our networks via our users. We have become nonchalant over the amount of personal information we effectively broadcast to all and sundry: our likes, our dislikes, what we do, what we want, where we are, where were going... Armed with this information and basic social engineering skills it is easy for the criminal to trick us into doing something we shouldnt, like
TACKlINg ThE ThREAT
As things stand today, any company targeted by APT or simple spear phishing will almost certainly succumb. But it doesnt have to be that way. There are things we can do.
Absolutely central to this is continuous staff security awareness training to defeat that initial social engineering. It would be best not to do this yourself use an expert to test both your defences and your staff. First, says David Hobson, Sales Director of Global Secure Systems, the security practice of MTI, we test/audit your security systems and bring them up to speed. Then well test your staff and bring them up to speed. But thats not enough; security awareness will not prevent all people-hacking. This summer RSA and TechAmerica hosted an Advanced Persistent Threats Summit in Washington, D.C. One of the takeaways is this: Organisations should plan and act as though they have already been breached, according to RSA. Statistically, you probably have. So if exist-
ing defences arent working, go back to basics and start again. Security is not an end in itself: it is the risk mitigation aspect of risk management. Use risk management techniques to understand what is of most value. David Hobson uses an analogy with medieval castles. You take your crown jewels and keep them separate in the best defended part of your castle, in the Keep. One method of segregating your networks is to colocate, wholly or partially, with a specialist data centre provider. Its a way of providing greater physical security for your servers than you could probably do alone. We use 24-hour manned security and biometric
RACONTEUR 05
iT TransformaTion
CONTINUED fROM pAgE 05
authentication (palm readers) for access to our data centres and to individual client suites, cages or racks, explains Brian Packer of provider BIS. Theres a second implication from the APT Summit: if you are already breached, it would be good to know about it as soon as possible. You need to shine a light inside your network, to see what is happening, to look out for anomalies and recognise any intrusion before any data loss. There are several new and very advanced security products that can help you here from companies like Detica and FireEye.
vIRTUAlIsATION
WIRElEss sECURITy sTANDARDs / pROCEDUREs EMplOyEE sECURITy AWARENEss TRAININg pROgRAM ClOUD sECURITy sTRATEgy MOBIlE DEvICE sECURITy sTRATEgy sOCIAl MEDIA sECURITy sTRATEgy sECURITy sTRATEgy fOR EMplOyEE UsE Of pERsONAl DEvICEs NONE Of ThE ABOvE
INDUsTRy vIEW
10 15 20 25 30 35 40 45 50 55 60 65 70
% Of REspONDENTs
Security Threats and the Cloud an industry overview

The cloud provides many business benefits. cost savings, flexibility and so on. it also provides threats and risks that must be considered and mitigated. security is defined as confidentiality, integrity and availability. first things first, if you put your business data in to the cloud you must ensure you have a highly resilient network connection. isPs may provide 99% uptime but even this means you will lose 4 days work a year. so consider resilient links into different isPs. having given your data to an isP, how easy is it to get it back? you may wish to move to a different service provider next year, how difficult will that be? what would happen if the service provider went bust? is this security? certainly it is a major risk. you must consider the nature of the data you may be wanting to host in the cloud. are there any legal requirements to consider? where is the data going to be stored? cloud services may mean you have no idea where you data is, or is backed up to. Do you know who can access your data? if anyone can see it, then confidentiality has gone out the window. overseas service providers have been known to sell client data. if a service provider has lots of data, they by default become a much bigger target for hackers. They should be able to invest in providing better security than many small businesses, but they are rich pickings. and most major names admit to having had some issues in the past. security needs to be considered both in the cloud and the end point if your Pc is infected with malware, it can steal log ons and passwords and access your data! There are many layers of defence to be considered. Two important things to remember a. it is yoUr data, look after it b. you need to be lucky all the time... a hacker only needs luck once.
glOBAl
A DEfINITION Of ADvANCED pERsIsTENT ThREAT

There is no definition. But there are common characteristics. aPT is a complex attack using multiple techniques: social engineering to open the door; possibly zero-day exploits to defeat current detection; covert channels to secretly steal data. But above all it is patient and persistent. Behind it is a well-organized, wellresourced organisation attacking a specific target. operation shady rat, exposed this summer by mcafee, is reputed to have been in operation for five years, and to have stolen intellectual property from 70 government agencies and international corporates in 14 different countries. Drawn from intelligence information we discover later, comments rsas security and fraud expert Uri rivner, 90% of aPT attacks go undetected. if you are already breached, it would be good to know about it as soon as possible. you need to shine a light inside your network, to see what is happening, to look out for anomalies and recognise any intrusion before any data loss. There are several new and very advanced security products that can help you here from companies like Detica and netwitness.
David Hobson Director Global Secure Systems the security practice of MTI
isPs with 99% uptime means 3-4 days downtime a year, so its worth considering robust links into another isP
TWITTER.COM/RACONTEURMEDIA RACONTEUR 07
source: PricewaterhouseCoopers The 2012 Global State of Information Security Survey
Rivner believes that virtualisation can also help. A virtual desktop infrastructure (vdi) could prevent malware getting onto the desktop and from there to the server; and it certainly makes patching and upgrading the entire infrastructure an easy task. Bear in mind that the Google Aurora hack would not have succeeded if the target were not still using an old and outdated version of Internet Explorer. Patch your software should be a way of life.
But virtualisation is only as good as its implementation and your understanding of its components. An APT or any other security threat, explains Mike Atkins of Orange IS Security Solutions, is likely to focus on the weaknesses that can be found in the target systems and processes, and then seek to leverage 0-hour exploits. The key to protecting a virtualised environment is to similarly focus on the weaknesses of the system and then mitigate as fully as possible any attackers ability to leverage those weaknesses. There is, however, one weakness in all of these approaches. Necessary and good though they be, they effectively use the same old security paradigm: wait for, recognise and respond to an attack. And that might be too late. In this new security paradigm we need to accept that our attackers are more sophisticated, better resourced and organized, and more patient and persistent than are we. We need, says RSAs Uri Rivner, global information sharing. It will be difficult, coping with the different privacy requirements in multiple jurisdictions, but it can be done. The banks are already doing it. When we all do it, we will have the necessary intelligence to cope with todays evolving threat landscape.
OUR CURRENT sECURITy sTANCE - AND ITs jUsT NOT WORKINg

OvERAll INfORMATION sECURITy sTRATEgy EsTABlIshED sECURITy BAsElINE fOR pARTNERs / CUsTOMERs / vENDORs CENTRAlIsED sECURITy INfORMATION MANAgEMENT pROCEss EsTABlIsh sTANDARDs / pROCEDURED fOR INfRAsTRUCTURE DEplOyMENT IDENTITy MANAgEMENT sTRATEgy BUsINEss CONTINUITy / DIsAsTER RECOvERy plANs pORTABlE DEvICE sECURITy sTANDARDs / pROCEDUREs AUThENTICATION BAsED ON UsER RIsK ClAssIfICATION
iT TransformaTion
informaTion alchemy: Trivia inTo gold

TypEs Of DATA COMpANIEs ARE COllECTINg As BIg DATA
substantial size will have pockets of information all over the place, doing nothing. John Lamb looks at ways of turning these neglected bits and pieces into unhidden gems
InfORmaTIOn aLchEmy Businesses of any
92%
sTRUCTURED DATA (TABlEs, RECORDs) EvENT DATA (MEssAgEs, UsUAlly IN REAl TIME)
OThER
5%
sOCIAl MEDIA DATA (BlOgs, TWEETs, sOCIAl NETWORKs)
34%
spATIAl DATA (lONg/ lAT COORDINATEs, gps OUTpUT)
29%
COMplEX DATA (hIERARChICAl OR lEgACy sOURCEs)
54%
sCIENTIfIC DATA (AsTRONOMy, gENOMEs, physICs)
45%
UNsTRUCTURED DATA (hUMAN lANgUAgE, AUDIO, vIDEO)
35%
sEMI sTRUCTURED DATA (XMl AND sIMIlAR sTANDARDs)
54%
WEB lOgs AND ClICKsTREAMs
31%
6%
MAChINE-gENERATED DATA (sENsORs, RfID, DEvICEs)
28%
source: TDWI Research
The volume of data generated by increasingly powerful enterprise systems and by a flood of emails, text messages and online transactions is increasing at an exponential rate, now companies are looking to turn the information locked up in it to their advantage. Some bigger organisations can boast of holding as much as 200,000 gigabytes per employee, enough to hold 30,000 hours of high definition TV recording, but even smaller enterprises are racking up data about their businesses at a rate of knots. Technology is one driver for the
extraordinary growth of data, increased regulation is another. In many industries a thicket of regulation has grown up in recent years requiring organisations to collect data and hold it for long periods. Often there are rules about how information should be presented and how quickly it must be made available. In some markets, such as pharmaceuticals, participants are obliged to invest in complex systems for tracking, recalling and proving the provenance of products. Businesses are burdened by data. They view it as something theyre
obliged to maintain, rather than as a strategic asset, argues Chris Downs, founder of levelbusiness. com, an online company information service. You need to understand whos using the data and how to unlock its value. Data isnt just there for compliance purposes; you need to be more imaginative with it. Increasing numbers of companies are doing just that; mining the buried nuggets contained in the growing spoil heaps of data. Indeed, the ability to analyse and act on so-called big data, gathered in the course of business will be a key competitive edge for
some councils are gathering information from dustbin lorries to see who is recycling properly
08 RACONTEUR
iT TransformaTion
INDUsTRy vIEW: comPUTacenTer
companies in the future, according to a report called Big data: The next frontier for innovation, competition, and productivity by management consultancy McKinsey & Company. Big data is already being applied to give companies an edge. For example, network surveillance in the telecommunications industry to enable mobile phone companies to record when and where a call was made, web analytics in e-commerce, smart grid management in the energy sector, or the detection of credit card fraud in the financial world.
UNlOCK yOUR DATA
How can businesses unlock hidden value from their data? First, by making it more transparent; for instance, information about the whereabouts of goods gleaned from tracking technology such as barcodes and other sensors shared among companies in a supply chain can speed the flow of goods and ensure they are directed to the place they are needed at the right time. Similarly, in manufacturing, integrating data from R&D, engineering and production lines to enable concurrent engineering can significantly cut the time to get products to market and improve quality. As organisations create and store more transactional data in digital form, they can collect more detailed performance information on everything from how much product is in stock to how many sick days employees take and use the knowledge to make continuous improvements. Leading companies are using data collection and analysis to conduct controlled experiments aimed at improving their management decisions; others are using data to take better business decisions on the fly. Analysis of data garnered by tracking the buying patterns of customers allows businesses to get a better understanding of who and where customers and prospects are, ensuring better-quality sales leads and longer-term customer relationships. Companies can identify customers more precisely and develop tailored products or services for them. Tescos use of loyalty card data to send customers offers based on their previous purchases is a classic example of how seemingly anonymous sales data can be used to personalise the buying process. Sophisticated analytics can also be used to boost decision making. At one end of the spectrum this may involve applying parallel processors to crunch the huge quantities of data to decide where to prospect for oil or which drug looks most promising, on the other hand analytic tools can be applied to quite mundane problems. Some local councils, for example, are applying analytic techniques to
information gathered from dustbin lorries about which residents are not recycling their waste properly. The information is being used to mount campaigns to persuade them to be greener citizens. Finally, big data can be used to improve the development of the next generation of products and services. For instance, manufacturers are using feed-back obtained from sensors embedded in products to create new after-sales service offerings such as preventative maintenance. Governments too are bent on using big data to reform and cut the cost of public services. In the UK, the Coalition has floated the idea of a Public Data Corporation intended to open up opportunities for developers, businesses and members of the public to generate social and economic growth through the use of data. The UK Government says it is determined to have the most ambitious open data agenda of any government in the world. The Public Data Corporation will, for the first time, bring together government bodies and data and provide more freely available data at the point of use, announced Business Minister Edward Davey. In the developed economies of Europe, government administrators could save more than 87bn in operational efficiency improvements alone by exploiting big data, claims McKinsey & Company. Extra savings could come from using big data to reduce fraud and errors and boost the collection of tax revenues.
There are an increasing number of tools aimed at tackling untapped data coming from sensors, devices, third parties, web applications, and social media, often arriving in real time. Big data is not just about high data volumes; it also includes many different types of data. The variety of data creates its own difficulties. The biggest problem is not simply the sheer volume of data, but the fact that the type of data companies must deal with is changing, says Clive Longbottom of advisory firm Quocirca.
Whats in store for storage?

Computacenters Datacenter Solutions Director, Neill Burton, outlines how making the right technology investments now can help increase utilisation and decrease costs
with organisations producing 60 per cent more unstructured data every year, theres one area where the iT spending axe cant fall: storage. optimising organisational investments in more effective data storage and assorted management has never been so important. with the demand for storage capacity set to intensify, organisations need to find an optimally strategic approach to cope with this growth. identifying the right approach, however, is a challenge in itself. as the storage vendors vie to position their version of storage nirvana, believing the future lies in integrated infrastructure stacks, or virtual datacenter solutions (vDcs), many cios are not yet ready to take the leap. The challenge potentially increases further as cios endeavour to optimise service outcomes and costs across disparate storage solutions. This integrated vDc approach to storage will eventually go mainstream. cios are already investing their storage budget in interoperable solutions that position themselves closer to vDc. for example, emc Data Domain and vnX offer compelling roi and performance benefits as well as offering a route towards the world of integrated storage. cios not only need to prove that savings can be realised by their business but also understand the current state of their storage environment. with utilisation rates often as low as 30 per cent, iT departments may be able to delay or avoid hardware purchases by optimising their existing storage assets and processes. an independent and experienced delivery partner can help cios quickly identify optimisation opportunities and establish a cost-effective storage roadmap whether it involves vDcs or not. and if they are ready to embrace vDc, cios can be confident as partners like computacenter offer predictable service and roi across integrated and optimised technology. By making the right technology investments now organisations can control costs, increase agility, as well as safeguard business continuity, agility and compliance.
in the developed economies of europe, government administrators could save more than 87bn in operational efficiency improvements alone by exploiting big data
BlOBs
When it was rows and columns of figures held in a standard database, life was relatively simple. It all came down to the speed of the database and the hardware it was running on. Now, more and more binary large objects (BLOBs) are appearing in databases, which require a different approach to identifying and reporting on what the content actually is and in identifying patterns and making sense out of what this means to the user. As efforts to come to grips with big data begin to move out of the science lab and into company data centres, another problem is looming: a lack of people with the right skills. People with the know-how to exploit big data will be in short supply for some time to come. Nonetheless 38% of organisations surveyed by TDWI Research reported that they were already practicing advanced analytics, whereas 85% said they would be practicing it within three years. Over half of the organisations are contemplating platform replacements to get a platform that performs well, handles diverse big data or satisfies modern requirements for ease-ofuse or self-service, notes Philip Russom, a director of TDWI Research. While exploiting data effectively may be the modern day equivalent of the alchemists dream of turning base metal into gold, it also carries risks. The increasing incidence of cyber
fOR All sIzEs
Although big data defined as information that is too much to be analysed in a conventional database - is generally amassed by larger organisations, all sizes of organisation can benefit from the intelligent use of data. Five or ten years ago, a company with a data warehouse that was used to make quarterly planning decisions was considered a data driven enterprise, says Matt Scarbrough, Head of Service Delivery, search software company Coppereye Labs. Today, that level of solution is nothing more than a good starting point. Business intelligence applications are also no longer the exclusive territory of big companies, but are also present in smaller firms without the big budgets or information technology staff required to run multi-terabyte database implementations. Not surprisingly, providing the tools to manage and make sense of business data is itself big business. Suppliers have developed a raft of new online analytical products and added analytical features to existing systems to enable organisations to mine their data more productively.
Neill Burton Director Computacenter Datacenter Solutions
crime means that corporate data is more than ever under threat from hackers bent on industrial espionage, sabotage or fraud. Greater use of mobile devices and social networking are major factors in a rising tide of cyber crime, according to security software company Norton. Malware and viruses remain the commonest type of activity, followed by online scams and phishing messages. There are now over 280m different varieties of malware in circulation, a rise of nearly 20% in one year, says Norton. Cyber crime cost the UK an
estimated 27bn last year, according to the Governments Office of Cyber Security. Companies looking to exploit big data will need to secure themselves against these threats if they are to exploit the huge volumes of detailed information they are already capturing. It will be worth the effort: if McKinsey & Company is right big data is set to become a key basis of competition, underpinning new waves of productivity growth, innovation, and consumer surplus.
RACONTEUR 09
iT TransformaTion
hyBriD cloUD: poles aparT?

hyBRId cLOud As cloud computing grows in importance people
are looking at whether they should go for a private or public infrastructure John Lamb asks whether it has to be one or the other
JETTa PROducTIOns
Cloud computing has been heavily hyped as a way for organisations to ditch their own IT systems and move to a cheaper style of computing over the web or on a virtualised system in house, but there is now a hot debate about how far and how fast it is possible to move to the public cloud. Many organisations are resolving the question by creating hybrid clouds that combine public and private services; sorting applications into those that can be entrusted to
the public cloud and those that must be kept securely in-house. The hybrid cloud is a combination of different technology and service elements that allow you to shop around, says Neil Thomas, Cloud Product Manager at Cable&Wireless Worldwide. We are moving into a situation where applications are just a workload that can be moved from one cloud service to another, wherever they are, in a private or public cloud. There are good reasons why organi-
sations should keep applications in house using their private cloud. First they may have may have made big investments in their existing technology infrastructure or be committed to long term service contracts. They may also have security concerns or be bound by regulations that prevent them from using a third party cloud provider. One of the key challenges for corporate IT departments, in fact, lies in making the right decisions about
what to hold onto and what to let go, writes Nicholas Carr in his book, The Big Switch. There is little doubt that the number of companies choosing to commit their information and IT resources to third party cloud providers is growing: cloud adoption is set to double in Europe and North America over the next two years, reports the Forrester advisory company in a recent report called Building a Roadmap to Cloud Computing.
BEgINNINgs
INDUsTRy vIEW: Cable & wireless
An evolving landscape
we have implemented both public and private cloud solutions, and its clear from our work with customers in the hosting and cloud space that there is no one size fits all approach for cloud computing. customer challenges are different, which is why we recommend the hybrid approach. By hybrid we mean a combination of multi-tenant infrastructure with dedicated hosting solutions. from research we commissioned from industry analysts ovum, we see a rapidly changing landscape for iT infrastructure. as companies need to stay competitive and grow their businesses they are asking cable&wireless worldwide for guidance on how to integrate their communications, hosting and networks to support their business objectives. we also recognise that our customers want to do this at different speeds, ensuring that moving to a cloud infrastructure minimises disruption to their business critical systems and applications. recognition of the importance of the network in cloud services is increasing - seamless integration between the network and hosting is essential. when customers take the decision to move their hosting infrastructure off premise, there is often a worry that no one else will look after their data as securely as they could do themselves. enterprise grade networks that ensure customers can still access the data and computing power they need, reliably, quickly and securely are paramount. it is also essential to have the ability to monitor and report application performance with end to end service level agreements and automated provisioning. Despite the challenging economic conditions - both the private and public sector are facing radical budget cuts or rationalisation programmes - investment in cloud services is growing. our customers are rapidly embracing this new way of working. They strongly believe that moving to a hybrid cloud infrastructure can not only help them save money, but also improve the end to end user experience on applications and speed up the way they deliver services to their employees and customers. for more information please visit www.cw.com/cloud
Dominic Jones Director Products & Marketing Cable&Wireless Worldwide
Initially, cloud computing was seen as a replacement for both infrastructure, such as servers and networks, as well as basic software applications. The prospect of moving applications off in-house computers especially has appealed to smaller companies that lack IT expertise or the capital to invest in expensive systems. For this reason much of the interest in cloud computing has focussed around individual desktop applications; typically bookkeeping, customer relationship management, collaboration, online storage, sales force automation and so on. The cloud service most commonly used by small and medium sized enterprises is storing data remotely rather than on PC hard drives, according to a survey commissioned earlier this year by virtualisation supplier VMware. Many of public cloud applications, such as Google Docs, are new personal productivity, solutions designed to make office work more efficient. Larger organisations are keen to use these applications too: cashstrapped IT departments see them as a way of reducing their capital overheads by moving to a pay-asyou go model which allows workloads to expand and contract with demand and reduces capital expenditure on IT. However, many organisations remain concerned about the reliability and security of cloud-based services and they are loath to hand mission critical services to third party suppliers. For smaller organisations, products such as Google Docs are very useful, but for larger ones they dont provide a one stop solu-
10 RACONTEUR
iT TransformaTion
tion because of integration issues or security concerns, explains Thomas. Another issue that worries IT managers is the ability to comply with regulations such as the Data Protection Act or the banking industrys Basel II rules that may require data to be stored in particular places and available within particular timescales. It is difficult to satisfy those requirements when data is held by a third party and could be physically stored anywhere.
fIT TO BURsT
For many organisations the prospect of putting their mission critical applications in the hands of a third party provider is a step too far, acknowledges Forrester. Cloud computing is seen more of a complement to traditional IT and less of a replacement. Proponents prefer to see the move to cloud computing as a journey that begins with an organisations systems working in separate physical silos. They prevent applications from being shared and keep a lot of processing power idle much of the time. The first step for organisations is to
virtualise their server estate, so that the server hardware can be used at higher levels of utilisation, applications can more easily be transferred between hosts and also deployed more quickly and easily. It is a process that is well advanced in the UK public sector where up to a fifth of the services run by the UKs 2,000 public bodies are virtualised already. Among local authorities the proportion runs as high as 40%. Virtual systems are a key element in using clouds of either sort since they allow applications to run independently of hardware and to be scaled up and down to handle peaks and troughs of demand. The first step is virtualisation; it underpins all cloud applications, observes Thomas. It increases the mobility of your workload and allows you to move your computer services to the best place. Managing virtual environments requires users to set rules or policies about the priorities that a system should follow how it allocates resources according to demand. Once an organisation has got used to this quicker, policy driven way of
working with virtual systems, says Forrester, it can move to a private cloud: a cloud run either by a third party or in-house for the use of a single organisation. Some commentators believe that by virtualising part or all of your server infrastructure you have effectively created your own private cloud.
INDUsTRy vIEW: Colt
Physical silos prevent applications from being shared and keep a lot of processing power idle much of the time
Some organisations are now combining public and private clouds to create a hybrid using a technique called cloud bursting: a way of loading up a private cloud with critical applications and moving some of the processing to the public cloud when demand is excessive. Cloud bursting ensures that a private cloud is always used to full capacity. (Whether you adopt a hybrid cloud) comes down to the question of do you really want to write new applications. Many say IT is not close to my business; others live on the web, says Steve Hughes, Principal Cloud Specialist at Colt. We work with financial services and media companies that are looking at time to market rather than cost. Most of these companies have a foot in both camps. They use cloud services for version control, prototyping and proof of concept and internal cloud services for computer intensive applications. For cloud bursting to work successfully, applications must first be categorised into highly sensitive ones such as back office processes and financial bookings that must remain in-house; semi-critical workloads, for example those involved with order management, that can be passed to a trusted public cloud provider; and non-sensitive applications that can be handled by any public cloud provider. No doubt there will continue to be a shift to the public cloud, with the hybrid cloud model assisting with this transition. A lot of businesses are apprehensive about pushing business critical or sensitive information into the cloud. Though for many businesses a hybrid cloud model offers the benefits of both worlds/ clouds, providing them with associated flexibility and cost savings, says Simon Seagrave, a vSpecialist at EMC. The Isle of Man appears to have had little problem with its decision to move to the cloud. The Government of the island has just transferred its entire public services IT infrastructure - running over 1,000 critical government applications such as email, financial accounting, customer relationship management and health services - onto a hybrid cloud service in a move expected to cut operating costs by 15%. Implemented over five months, the new public service infrastruc-
The point of hybrids

it all started in the Us national institute of standards and Technology (nisT) back in april 2009 when the four deployment models (Private cloud, community cloud, Public cloud, hybrid cloud) were first announced. when the public cloud definition was hijacked by the consumer iT world to mean any service you can access from the internet companies were attracted to the idea of building their own private clouds. it was especially attractive to the vendors selling them the hardware and infrastructure needed to do it. But you still need to have a certain scale to benefit from the economies and elasticity in owning your own cloud and you still need to transform your in-house iT into an internal, fully-costed service department. not easy tasks and as much a people and organisational problem, as a technical one. enter hybrid cloud. hybrid is not about cloudbursting the mythological capability for applications to seamlessly overflow from your own premises to another and back again. hybrid cloud is about control and management. you can deploy your iT applications in the most appropriate infrastructure while still being in control of the process. you can move them and you can get them back. your applications are managed by the service provider in the same way you would manage yourself. This is predicated on the belief that not everything will go to the cloud you will always have to manage some applications in house. By implementing the hybrid model, cios can look to answer the key question is iT our core business or does it support our core business. from this they can work with their service provider to decide what stays in-house and what goes elsewhere and most importantly - why.
INDUsTRy vIEW: VMware
Steve Hughes Principal Cloud Specialist Colt
Concerns over wholesale move

for iT to provide value to businesses, it has to become more flexible and responsive. To this end, many companies are increasingly turning to cloud computing to provide a cost-effective model for computing, that allows iT to operate more efficiently and respond faster to business opportunities. however, although the benefits of the model have been proven, there are still concerns around moving an organisations full infrastructure into the cloud. in fact, a study we conducted with iDg research showed that two-thirds of enterprises are adopting or planning to adopt cloud computing, primarily driven by the need to deliver improved business agility. yet the study also revealed major concerns over security and control, which are still the biggest barriers for business leaders when it comes to moving their infrastructure into the cloud. This is where the hybrid cloud model comes into force. Using virtualisation, the model allows businesses to extend their internal infrastructure onto public cloud platforms, and offers what we might call the best of both worlds. Then, as companies phase out these old systems, the cloud ultimately becomes the prime architecture to deliver iT services. By addressing the ever-present cloud security concerns, the hybrid cloud unifies the benefits of private and public cloud offerings. Businesses can therefore achieve the scalability and flexibility of a public cloud model, while achieving the consistent security, compliance, management and quality of service that comes with using their own data centres via a private cloud approach. enterprise-class cloud services have the potential to revolutionise iT, but they have to come with the reassurances that enterprises demand.
Mark Newton Regional Director UK and Ireland VMware
ture has increased data availability and system performance by a factor of eight, according the Isle of Man, while reducing operating costs by 15%. Storage utilisation has risen by 40 per cent using the same amount of hardware as before and the capacity of the Governments storage area network has tripled. The Isle of Man bought an EMC VPLEX virtual storage platform with EMC Unified Storage. VPLEX analyses system usage patterns and automatically moves applications that are in-demand to flash drives for increased availability. Demand for the Isle of Man Governments public service infrastructure varies due to factors such as seasonal tourism, shift work in government offices and annual events such as the islands TT motorcycle race. By virtualising our entire server platform and all service applications, the Isle of Man Government has significantly increased service levels as well as data flexibility and availability, said Peter Clarke, Chief Technology Officer at the Isle of Man Government. Nonetheless, the move to the hybrid
cloud is likely to be a slow process made all the more so by long term commitments which hamper quick change, not to mention turf battles and fears about security. It is not easy to turn on a dime. The pace isnt fast because lots of this is tied in with long term contracts, says Andy Tait, Head of UK Public Services Strategy at VMware. Managing what are in effect public clouds implemented internally is a highly technical process and tools are vital to manage techniques such as cloud bursting. Earlier this year, VMware launched free software called vCloud Connector that is designed to help businesses transfer virtual applications between private and public clouds. It is a real enabler for businesses that want to use the hybrid model, comments Seagrave. For the moment, few data centres have the expertise to manage such challenging cloud applications, says Forrester. There may be some time to go before appreciable numbers of businesses are mixing their clouds as a matter of routine.
RACONTEUR 11
iT TransformaTion
noT so DiviDeD The cio and cFo

would ask for budget and the CFO would refuse. More recently they are discovering that a strategic partnership makes both worlds better off. Jessica Twentyman investigates
50 %
WORKInG TOGEThER Historically the CIO
Per centage of It budget currently sPent on cloud servIces

35 %
Per centage of It budget exPected to be sPent on cloud servIce In fIve years
For Peter Birley, former CIO at law firms Eversheds and Browne Jacobson and now a freelance interim IT director, the relationship between the finance function and the IT department can be likened to a game of American football. The chief financial officer [CFO] generally has a defensive strategy to ensure shareholder value, while the CIO has an offensive strategy to use technology to gain an edge. You have to ask: still? Steve ONeill, Senior Business and Finance Operations Director for EMEA North at EMC, believes this sort of conflict should by now be history. The relationship has gone through a fundamental change over the last 5 years, he says. CFOs and CIOs are now a much more strategic part of an organisation. Rather than being all about costs, they need to understand the strategy of their business and how to drive growth with new goto-market initiatives. The big issue now for them is to jointly understand how IT can be an accelerator to business growth. Others reinforce this idea. CIOs finding concordance with finance departments might even be a gamechanger in career terms, according to Hunter Muller, management consultant and author of the 2011 book, The Transformational CIO: Leadership and Innovation Strategies for IT Executives in a Rapidly Changing World. In todays hyper-competitive economies, its simply not acceptable for C-level executives in the same organisation to be competitive [with each other] they must strive to collaborate, he says. Poor or sub-par relationships between the CIO and the CFO cannot, and should not, be tolerated by senior management. Frankly, the relationship between the CIO and the CFO is absolutely critical to the overall success of the enterprise, he says. EMCs ONeill believes it should go even further. The relationship between CIO and CFO should be completely aligned with a common focus on providing basic operational support through to clear strategic leadership to their businesses. Whilst cost will always be a driver, its not the be-all and end-all. They should be jointly thinking about how their processes and systems provide oxygen to their organisations through harnessing IT to provide scalability and agility whilst reduc-
ing total cost of ownership in a green and sustainable way. In fact the sort of radical change technology enables is often best seen between the CIO and CFO, so there can be a really transformational strategy if they are working closely together, he says. But are technology leaders getting the respect and fair hearing that they deserve? Recent research conducted by IT market research firm Gartner, the Financial Executives Research Foundation (FERF) and Financial Executives International (FEI) suggest not. In their survey of 344 senior financial executives, these organisations found that the CFOs influence over IT is growing. In more than one-quarter of IT decisions, the CFO is the person who signs off investments, compared to only 5 per cent of CIOs who have the final say. And while one-third of IT departments report directly to their organisations CEO, 42 per cent are answerable to the CFO. This high level of reporting to the CFO, as well as their influence in technology investments demonstrates the need for companies to ensure that their CFO is educated on technology, and underscores just how critical it is that the CIO and CFO have a common understanding on how to leverage enterprise technology, says Gartner analyst John van Decker.
45 % 30% 40 %
35 %
25%
30 % 20% 25 % 15% 20 %
15 %
10%
10 % 5% 5%
0% 0 30 50 70
0% 30 0 50 70 90 RACONTEUR 13
% Of BUDgET
% Of BUDgET
20% 40%
60% 80%
20% 40% 60%
80% 90%
IMAgE pROBlEM
cfos and cios are now a much more strategic part of the organisation. The key is for them to jointly understand how iT can promote growth
In turn, he adds, IT organisations must understand the CFOs views of technology investment decisions and must work towards developing a relationship with the CFO that resembles a business partnership. The ability of an IT department to interpret its relative strengths and weaknesses as opportunities for improvement, he suggests, will be a deciding factor in improving poor perceptions of the IT function and developing a closer working relationship with finance.
The image problem that IT departments face is an issue that was also highlighted in another recent survey of finance professionals, this time conducted by US-based management consultancy firm Oliver Wyman. Less than half of respondents (47 per cent) said that they viewed IT as strategic, while 28 per cent said that the IT department merely fulfills what is asked of it. To boost the IT departments profile, the CIO or IT director must lead the charge, CIOs must acquire the social and analytic skills share by their peers at the C-level, says Muller. They must also be able to speak in terms that the boardroom understands, adds Birley. To gain the respect of the CFO and other senior decision-makers, the CIO must take the time not only to understand business drivers and business financials, but also to put them into context in relation to how IT can support the business, he says. The CIO needs to be able
to talk the language of business. With the CIO predominately project-based in their outlook, and the CFO value-based, he adds, a key challenge from both sides is understanding the value in projects and how the right projects can increase value. One key strategy for the CIO to interact with the CFO and senior colleagues is to ask for their input on the IT plans and ideas before presenting them for approval, he suggests. By including the feedback in the final presentation, they will gain the respect of their colleagues and are more likely to get backing for those plans. Costs are still a factor but are sometimes over-emphasised. That kind of approach made sense 18 months ago, but as competition heats up, it doesnt seem like a formula for growth, writes Muller. As an old boss used to say, you can never save your way to greatness. Instead, he suggests a new formula: one that balances innovation and
value created. For the next couple of years, at least, the role of the CIO will be to navigate a practical course away from the old paradigm, which forced every IT investment to be counterbalanced by anticipated savings, and move towards a new paradigm in which IT investments are justified by how much value they will create. EMCs ONeill says both roles have evolved, and the best CIOs as well as CFOs are adapting. People coming into the workplace now have a completely different view of IT than my generation had, he says. The Y generation are used to Apps ondemand being the new normal its taken as read that applications are plug-and-play with access to data being 24x7. Provisioning that is what businesses are struggling with. Where CFOs and CIOs need to assist is in doing the old school stuff of good governance, process and security in a cost effective way but also enabling the creativity that goes with that new normal.
iT TransformaTion
afTer The sTorm: geTTing back To work

connections to waste. Guy Clapperton looks at what can be done to stop a crisis becoming a drama
Occasionally there are disasters in a business, or around it. For this article Raconteur spoke to people who were just near the World Trade Centre on that terrible 11 September; we spoke to people who had been involved in Hurricane Katrina and about how they managed to keep going. Probably nothing like that is ever going to happen to your business but dont relax just yet. We also spoke to people whod been involved in instances where a builder went through a data cable outside their premises, and the recovery and the strategies to avoid this becoming a crisis were similar. The headlines were grabbed to a smaller extent but the sense of a business facing a potential crisis was just as real. Naturally if youre likely to be involved in a disaster then the best time to start planning for it is well before it happens. Kelly Ferguson, EMCs director of marketing for the backup and recovery systems division, looks at the backup options in the first place. What we do is encourage customers to use next generation backup technologies for disaster recovery readiness, she says. What I mean by that is being able to store a copy of everything off site so whatever the cause of a disaster you can recover from the alternative site. The idea is to replace tape with disk. Tape involves physically moving tapes to an external site for disaster recovery, then in the event of a problem returning the tape to the office and loading it up again; there are a lot of possible issues in this scenario, not least of which is damaging tapes in transit or during storage. What were doing is deduplication from a backup perspective so you only move data thats changed. It helps your disaster recovery because youre sending only a fraction of the data over your bandwidth. EMC clearly does more than this and is very active in the cloud area and virtualisation, but for people who dont want to put everything in the cloud next generation backup technology is a good option to help you prepare for a recovery in the case of a disaster. Jiro Okochi is CEO and co-founder of Reval, itself a SaaS provider for integrated enterprise treasury and risk management but also a company which was based very near the World Trade Centre when the planes hit and also a company operating when Hurricane Irene hit, as well as the New York blackout in the middle of the last decade. His company was able to help customers through with Revals core product, Asterisk. Our clients were able to default back to an Asterisk-based recovery centre, he explains. This enabled cellphones as well as IT to continue for a while. They were able to work in a lights-down-but-not-out way, he says. The trick is to ensure that all of your data is religiously backed up and that hosted applications work. Closer to home, in London, the same principles apply. Simon Bailey is head of IT at independent stockbroking and banking service Numis Securities, confirms that the companys building behind the London Stock Exchange is secure but that a business continuity plan is vital. The first prong of this is to look into virtualizing the office systems with supplier Virtustream, and the second is a parallel, mirrored office system working on an offsite data centre. We have that replicating in near real time from our primary to our backup site. So literally, if theres some sort of major disaster, headline-grabbing or otherwise, as long as people are still mobile they can walk to the second site and continue work with all of their networks and data intact. And if all that fell apart we do backups every night to a data centre we hope never to have to resort to using those backups, we want to rely on the real time replication. Use of the backup office has become essential only one time during Baileys time with the company. In our last rather more rudimentary offices we lost power for about four hours, and we were just on the verge of leaving the building when the power came on. It was a powerful reminder of how the beltand-braces approach can be totally appropriate. There are a few things every company should be doing. Virtualising and going into the cloud will protect against a lot of disasters, but as EMCs Ferguson points out, that doesnt reflect where a lot of companies are in their technology just at the moment. This being the case, the important thing to do is to check on backups. Ideally replace disk with tape for media reliability; use deduplication that makes it cost effective to replicate data to another location, and make sure testing is carried out too many companies lose data and business because they find, too late, that their backup media is faulty.
BacK TO BusInEss Earthquakes, terrorist attacks, cut cables all can lay a companys
no matter how bad the storm appears, forward planning will enable you to keep going
make The move: REAlITy ChECK

in spite of fergusons comments that not all companies are ready to commit to the cloud yet, people are watching whats possible. according to research from Precise in august this year, in 2011, 39% of organisations moved email and collaboration systems to virtual infrastructure, followed by iT management (33%) sales & marketing (20%) finance/ hr/erP (21%) and security (13%). in 2012, 33% of respondents report that they will move finance/erP /hr applications to the cloud, followed by e-mail and collaboration software (23%) and iT management applications (21%). over time, 37% of companies say they will migrate 61% or more of their applications to a private cloud environment, while only 6% of companies will do the same on a public cloud service. of course this will bring different forms of headache and Precise is the first to point to, for example, application support, becoming more complex. But the risks are diminished, and the ease of getting back to some sort of normal business after a crisis is improving dramatically.
The first step is to look into virtualising all of the office systems, and the second is to run a parallel real-time mirror of the data
RACONTEUR 15
iT TransformaTion
worksPaces: The new word For workplace
is your workplace really a fixed place any more?
case sTUDy gREEN lIghT fOR TRANsfORMINg TRAffIC

at the Uks air traffic control organisation, naTs, head of is gavin walker is hard at work on a new strategy that promises to transform the way that its 6,000-strong workforce accesses vital information and applications. That strategy is called our future workspace and, once delivered, staff will be able to access the applications they need, wherever they are, and will have a consistent experience, regardless of the device they are using, says walker. one of the most important aspects of the project is the transfer of all desktop iT services to a cloud-based infrastructure. By creating a secure virtual desktop environment, naTs expects to shrink iT costs by 9 million over the next four years. That doesnt mean that air traffic control staff will be guiding airplanes out of the skies from Pcs in their spare bedrooms. Theyll continue to work on computers in naTs operations centre, but older Pcs will be replaced by faster, more reliable thin clients and these new devices will be secured with a cloud-based identity and access management system. where they will see a change, however, is in the pre-tactical planning applications that each controller uses before starting their shift. right now, the task of familiarising themselves with expected traffic patterns for the next eight to 12 hours is usually performed by controllers using an on-premise Pc. when our future workspace is up and running, controllers will be able to perform that pre-shift due diligence before they even leave home. for other staff, meanwhile, our future workspace means enhanced accessibility of information, according to individual roles and responsibilities. walkers aim is to create a customized experience for every employee, whether theyre a business analyst analysing airspace capacity or runway allocation patterns or a manager who needs email access and meeting minutes from their smartphone at all times. The technology behind this bold plan includes a private cloud infrastructure hosted and managed on naTs behalf by amor group. This will provide the foundation for a microsoft sharePoint environment for collaborative document and records management, accessible through browsers on a laptop, tablet or smartphone, and a desktop virtualisation environment based on technology from citrix and appsense. The aim is to be more agile, more flexible and more collaborative as an organisation, says walker. Different people within naTs require different levels of access to different systems and services. our future workplace has been designed to provide rolebased computing that gives them the best experience possible.
PauL JacKsOn / aLamy
be a single place than it used to be. Jessica Twentyman looks at some of the changes taking place right now
Workspace, not workplace: thats the new mantra of forward-thinking companies where business leaders know that its not where their employees work, but how they work that makes the difference. Whether they are in an airport departure lounge, a conference centre, a clients offices or simply in the study or spare bedroom of their own home, a new breed of employee a group sometimes referred to as workshifters - is increasingly demanding access to corporate information from a huge variety of physical locations. In fact, say workshifters, flexibility is key to their job satisfaction. In a recent survey of 3,100 mobile workers at over 1,100 enterprises worldwide, conducted by mobility services provider iPass, almost twothirds (64 per cent) report improved work/life balance and more than half (51 per cent) say that they feel more relaxed because of more flexible working arrangements. Those that arent offered ways to work more flexibly will vote with their feet, the survey suggests, with one-third stating that they would seek employment elsewhere. To bosses, that may sound like a threat but its an opportunity, too. Study after study suggests that employees that work this way are not only more satisfied in their jobs, but more productive too. At BT, for example, flexible workers are judged to be 20 per cent more productive than their office-based colleagues. At American Express, teleworkers handle 26 per cent more calls and produce 43 per cent more business. Bosses at Dow Chemicals, meanwhile, have calculated that average productivity has increased by around 33 per cent since the introduction of its flexible work programme. In all these cases, contributing factors seem to be fewer interruptions and more effective time management, because better connectivity means less time is wasted while sitting on a train, for example, or in the odd free hour between conference sessions.
ThE mOdERn WORKsPacE The space where you work is less likely to
WhO, WhAT, WhEN AND Why?
From an IT perspective, however, much work is needed for a business to tap into the potential boost in productivity that the concept of the modern workspace promises. Above all, CIOs and their IT teams must have the right technology strategy in place to nurture and support the virtual workforce, rather than present hurdles that stand in the way of them getting work done. The first priority is deciding how to develop the corporate IT infrastructure in line with the workshifting trend, according to TJ Keitt, an analyst with market research company Forrester Research. If business leaders and their counterparts in IT are to get in front of this trend, they have to understand their mobile and remote workforce, he writes in a recent blog.
much work is needed to tap into the potential boost in productivity that the concept of the modern workspace can offer
RACONTEUR 17
iT TransformaTion
The desktop virtualisation market will make significant gains in both revenue and total customer count well into the second half of the decade
INDUsTRy vIEW: BT ineT
PauL JacKsOn / aLamy
CONTINUED fROM pAgE 17
For example, who is shifting between office and home? What technology are they using to do so? Do they believe that the company is doing a good job of providing them with the policies and technology to work this way? Its a dangerous business to make any assumptions when seeking the answers to these questions, according to Lisa Hammond, CEO of enduser computing specialist Centrix Software. When you start out on this kind of transformation, you should always start with a true understanding of users and their work styles, not devices and applications, she says. In order to help companies achieve visibility into who uses what, when and why, Centrix Software offers an analytical tool that surveys all of the various devices (or end-points) that employees use in their day-today work. The results of such an exercise often come as a big surprise to customers, says Hammond. For example, users may think that a corporate laptop is the optimum device for them, but its increasingly likely that their on-the-move productivity is based more on smartphones and increasingly tablets. One Centrix customer, she says, found that three-quarters of corporate laptops were never used outside of its own office premises. Similarly, up to 50% of applications installed across an enterprise desktop estate are never used at all, she claims. These forgotten applications remain part of the desktop
infrastructure; time and money is spent on supporting and maintaining them; they add unnecessary complexity to any desktop transformation project. Companies that know exactly what they have installed and how, when and where it is used are in a better position to rationalise the software portfolio. In the process, they recover budget that can subsequently be used to fund their transformation projects, she says.
yOUR vIRTUAl DEsKTOp
Having made a comprehensive audit of employee needs, its time to consider how appropriate levels of access might be delivered to each worker, regardless of their location or the device that they are using. Virtual desktop integration (VDI) technology provides a solution, by allocating each user a virtual desktop running on a server in the corporate data centre that can be launched, viewed and used as easily by a sales executive using a laptop in a coffee shop, or a marketing executive using their smartphone at a conference, as it can be by an office-based end-user. Because the virtual desktop remains in the data centre, VDI offers the right blend of freedom for the user and control for the IT team, says Dave Wright, vice president of technology services for EMEA at VMware. For some users, accessing softwareas-a-service (SaaS) and other web apps is possible through a simple web browser running on any device, says Wright. For others, whats needed is a highly personalised, full desktop experience capable of running across sessions and devices and in a variety of network conditions, he says.
Desktop virtualisation delivers that but at the same time, keeps desktop images, applications and sensitive information on servers behind the corporate firewall to eliminate the risk of a security breach arising, for example, from the theft of a laptop. Its one of the main drivers of desktop virtualisation, a market that has not yet achieved the same market penetration or visibility as server virtualisation, but which promises to transform that environment as it has done the corporate server farm. At analyst firm IDC, Ian Song expects the desktop virtualisation market to make significant gains in both revenues and total customer count well into the second half of the decade. Customers are intrigued by the possibility of a better desktop management model and the operational savings that desktop virtualisation could deliver, he says. And one of the most attractive use-cases, it seems, will be keeping remote and mobile workers productive, but at the same time, compliant with their employers rules on information governance.
The moDern worksPace: ThE OUTCOME Is OBvIOUs, BUT ThE jOURNEy Is ThE KEy.
Technologies like unified communications (Uc) and the latest cloudbased services, including virtual data centres, help organisations to give their staff a completely different way of working. This has led to the introduction of workspaces, rather than workplaces. its the next natural step and those were talking to see it as vital to be a competitive and profitable business. however creating an effective workspace, with secure mobile and remote access to corporate information and applications for all employees, no matter where they are, can be a real challenge. while remote working is arguably the business topic of the moment, creating a modern workspace, is not to be rushed. attempts have already been made to adopt technologies turned on at the click of a mouse, but for a truly modern workspace, that delivers flexibility, efficiency and productivity gains, is important to see it as more of a journey than a single project. one of our customers has seen a 20 per cent productivity increase and hugely reduced costs by doing exactly this for its sales team. as a first step, you need to develop an understanding of what you want your workspace to look like and what you have in place already, then build a clear and achievable route to realise your goals both in terms of business and technology. some projects have failed because organisations havent considered what they have in place already. one example is a company that bought mobile working software, but hadnt factored the impact on its legacy security systems from a time before widespread mobile working existed. cultural change is also often overlooked; educating the team from the outset about new tools and the benefits they bring is essential, as is the buy-in of everyone who will help to quickly deliver the desired results. it sounds simple, but planning ahead is the critical element to the success of any project. Do that, and build your systems on a robust infrastructure, and youll reap the benefits of creating a truly modern workspace.
Do employees and colleagues who work from home believe their company is doing a good job of providing them with the policies and technology to function this way?
Neil Pemberton Managing Director BT iNet
RACONTEUR 19

Raconteur On IT Transformation Single

Transféré par

Informations du document

Description originale:

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Raconteur On IT Transformation Single

Transféré par

Droits d'auteur :

Formats disponibles

_ 06. October.

ThE NEW vAlUE Of IT

publisher Dominic Rodgers

editor Guy Clapperton

design The Surgery

CONTINUED fROM fRONT pAgE

KEEp CAlM AND CARRy ON

WhERE DO yOU WORK?

The evolving ThreaT landscape

TACKlINg ThE ThREAT

CONTINUED fROM pAgE 05

Security Threats and the Cloud an industry overview

A DEfINITION Of ADvANCED pERsIsTENT ThREAT

source: PricewaterhouseCoopers The 2012 Global State of Information Security Survey

OUR CURRENT sECURITy sTANCE - AND ITs jUsT NOT WORKINg

informaTion alchemy: Trivia inTo gold

InfORmaTIOn aLchEmy Businesses of any

sOCIAl MEDIA DATA (BlOgs, TWEETs, sOCIAl NETWORKs)

spATIAl DATA (lONg/ lAT COORDINATEs, gps OUTpUT)

COMplEX DATA (hIERARChICAl OR lEgACy sOURCEs)

UNsTRUCTURED DATA (hUMAN lANgUAgE, AUDIO, vIDEO)

sEMI sTRUCTURED DATA (XMl AND sIMIlAR sTANDARDs)

WEB lOgs AND ClICKsTREAMs

MAChINE-gENERATED DATA (sENsORs, RfID, DEvICEs)

source: TDWI Research

INDUsTRy vIEW: comPUTacenTer

UNlOCK yOUR DATA

Whats in store for storage?

fOR All sIzEs

Neill Burton Director Computacenter Datacenter Solutions

hyBriD cloUD: poles aparT?

INDUsTRy vIEW: Cable & wireless

Dominic Jones Director Products & Marketing Cable&Wireless Worldwide

INDUsTRy vIEW: Colt

The point of hybrids

INDUsTRy vIEW: VMware

Steve Hughes Principal Cloud Specialist Colt

Concerns over wholesale move

Mark Newton Regional Director UK and Ireland VMware

noT so DiviDeD The cio and cFo

WORKInG TOGEThER Historically the CIO

Per centage of It budget currently sPent on cloud servIces

Per centage of It budget exPected to be sPent on cloud servIce In fIve years

20% 40% 60%

afTer The sTorm: geTTing back To work

make The move: REAlITy ChECK

worksPaces: The new word For workplace

is your workplace really a fixed place any more?

case sTUDy gREEN lIghT fOR TRANsfORMINg TRAffIC

PauL JacKsOn / aLamy

WhO, WhAT, WhEN AND Why?

INDUsTRy vIEW: BT ineT

PauL JacKsOn / aLamy

CONTINUED fROM pAgE 17

yOUR vIRTUAl DEsKTOp

Neil Pemberton Managing Director BT iNet

Vous aimerez peut-être aussi