Guest Post, Author at Security IT Summit | Forum Events Ltd
  • Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd

Posts By :

Guest Post

Mind the gap: Upskilling cyber security teams

960 640 Guest Post

By Matt Cable, VP Solutions Architects & MD Europe, Certes Networks, is of interest at all?

At the end of 2019, it was reported that the number of unfilled global IT security positions had reached over four million professionals, up from almost three million at the same time the previous year. This included 561,000 in North America and a staggering 2.6 million in APAC. The cyber security industry clearly has some gaps to fill.

But it’s not just the number of open positions that presents an issue. Research also shows that nearly half of firms are unable to carry out the basic tasks outlined in the UK government’s Cyber Essentials scheme, such as setting up firewalls, storing data and removing malware. Although this figure has improved since 2018, it is still far too high and is a growing concern. 

To compound matters, the disruption of COVID-19 this year has triggered a larger volume of attack vectors, with more employees working from home without sufficient security protocols and cyber attackers willingly using this to their advantage.

Evidentially, ensuring cyber security employees and teams have the right skills to keep both their organisations and their data safe, is essential. However, as Matt Cable, VP Solutions Architects & MD Europe, Certes Networks explains, as well as ensuring they have access to the right skills, organisations should also embrace a mindset of continuously identifying – and closing – gaps in their cyber security posture to ensure the organisation is as secure as it can be.

Infrastructure security versus infrastructure connectivity

There is a big misconception within cyber security teams that all members of the team can mitigate any cyber threat that comes their way. However, in practice this often isn’t the case. There is repeatedly a lack of clarity between infrastructure security and infrastructure connectivity, with organisations assuming that because a member of the team is skilled in one area, they will automatically be skilled in the other. 

What organisations are currently missing is a person, or team, within the company whose sole responsibility is looking at the security posture; not just at a high level, but also taking a deep dive into the infrastructure and identifying gaps, pain points and vulnerabilities. By assessing whether teams are truly focusing their efforts in the right places, tangible, outcomes-driven changes can really be made and organisations can then work towards understanding if they currently do possess the right skills to address the challenges. 

This task should be a group effort: the entire IT and security team should be encouraged to look at the current situation and really analyse how secure the organisation truly is. Where is the majority of the team’s time being devoted? How could certain aspects of cyber security be better understood? Is the current team able to carry out penetration testing or patch management? Or, as an alternative to hiring a new member of the team, the CISO could consider sourcing a security partner who can provide these services, recognising that the skill sets cannot be developed within the organisation itself, and instead utilising external expertise.

It’s not what you know, it’s what you don’t know

The pace of change in cyber security means that organisations must accept they will not always be positioned to combat every single attack. Whilst on one day an organisation might consider its network to be secure, a new ransomware attack or the introduction of a new man-in-the-middle threat could quickly highlight a previously unknown vulnerability. Quite often, an organisation will not have known that it had vulnerabilities until it was too late. 

By understanding that there will always be a new gap to fill and continuously assessing if the team has the right skills – either in-house or outsourced – to combat it, organisations can become much better prepared. If a CISO simply accepts the current secure state of its security posture as static and untouchable, the organisation will open itself up as a target of many forms of new attack vectors. Instead, accepting that cyber security is constantly changing and therefore questioning and testing each component of the security architecture on a regular basis means that security teams – with the help of security partners – will never be caught off guard. 

Maintaining the right cyber security posture requires not just the right skills, but a mindset of constant innovation and assessment. Now, more than ever, organisations need to stay vigilant and identify the gaps that could cause devastating repercussions if left unfilled. 

Breaking down AI’s role in cybersecurity

960 640 Guest Post

Data security is now more vital than ever. Today’s cybersecurity threats are incredibly smart and sophisticated. Security experts face a daily battle to identify and assess new risks, identify possible mitigation measures and decide what to do about the residual risk. 

This next generation of cybersecurity threats require agile and intelligent programs that can rapidly adapt to new and unforeseen attacks. AI and machine learning’s ability to meet this challenge is recognised by cybersecurity experts, the majority of whom believe it is fundamental to the future of cybersecurity. Paul Vidic, Director, Certes Networks, outlines how AI and machine learning will play a fundamental role in enabling organisations to detect, react to – even prevent – emerging cyber threats more promptly and effectively than ever before...

Why is Cybersecurity so Important?

Cybersecurity is important because it encompasses everything that pertains to protecting our sensitive data, personally identifiable information (PII), protected health information (PHI), personal information, intellectual property, data, and governmental and industry information systems from attempted theft and damage.

As the whole world is becoming more digitalised, cybercrime is now one of the biggest threats to all businesses and government organisations around the world.

According to recent reports, cyber criminals exposed 2.8 billion consumer data records in 2018, costing US organisations over $654 billion. Meanwhile, the 2019 Ninth Annual Cost of Cybercrime Study calculated the total value of risk as $US5.2 trillion globally over the next five years. 

The same report identified the use of automation, advanced analytics and security intelligence to manage the rising cost of discovering attacks.

Enter AI and Machine Learning

Artificial Intelligence (AI) and machine learning technologies address these challenges and are giving rise to new possibilities for cybersecurity threat protection. AI in cybersecurity plays an important role in threat detection, pattern recognition, and response time reduction. Adopting AI in cybersecurity offers better solutions when it comes to analysing massive quantities of data, speeding up response times, and increasing efficiency of often under-resourced security teams.

AI is designed and trained to collect, store, analyse and process significant amounts of data from both structured and unstructured sources. Deploying technologies such as machine learning and deep learning allows the AI to constantly evolve and improve its knowledge about cybersecuritythreats and cyber risk.

For example, by recognising patterns in our environment and applying complex analytics, AI enables us to automatically flag unusual patterns and enable detection of network problems and cyber-attacks in real-time. This visibility supplies deeper insights into the threat landscape which in turn informs the machine learning. This means that AI-based security systems are constantly learning, adapting and improving. 

Risk Identification

Risk identification is an essential feature of adopting artificial intelligence in cybersecurity. AI’s data processing capability is able to reason and identify threats through different channels, such as malicious software, suspicious IP addresses, or virus files.

Moreover, cyber-attacks can be predicted by tracking threats through cybersecurity analytics which uses data to create predictive analyses of how and when cyber-attacks will occur. The network activity can be analysed while also comparing data samples using predictive analytics algorithms. 

In other words, AI systems can predict and recognise a risk before the actual cyber-attack strikes.

Conclusion

Of course, fundamental security measures such as malware scanning, firewalls, access controls, encryption, and policy definition and enforcement remain as important as ever. AI does not replace these; rather, it complements them.

However, as AI and machine learning technologies continue to mature, it is possible to imagine a time when the cybersecurity industry – having long been at the mercy of the malevolent hacker – may finally have the tools to take the lead. 

Proving ROI in cyber security

960 640 Guest Post

Research shows that almost half of businesses have reported cyber security breaches or attacks in the last 12 months. Amongst these businesses that identified breaches or attacks, more have experienced these issues at least once a week so far this year.

Moreover, the unprecedented events of recent months have seen the number of attempted data breaches continue to rise, with cyber hackers using the increase in remote working and individuals’ fears over the coronavirus to their advantage. In fact, a survey showed that 50% of organisations were unable to guarantee that their data was adequately secured when being used by remote workers.

The issue is serious and many businesses are stepping up their cyber security strategies accordingly, with CIOs and their teams increasingly taking a seat at the executive board table. But one thing is still lacking: cyber security ROI. To truly engage with a strategy, board members need to see ROI from every department of an organisation, and cyber security is not exempt from that. However, demonstrating business value in areas such as compliance, risk management or data assurance, has always been challenging. 

Consequently, data security has historically been looked upon as a necessary cost of doing business. However, this no longer needs to be the case. As CIOs, CISOs and network security teams mature into their C-Suite role, proving the value of data security is now both a realistic and achievable corporate objective. Frank Richmond, Vice President Sales Europe, Certes Networks, explains just how CISOs and CIOs can get the Board on board… 

Cyber security as a strategic investment

Today’s current network and data security approaches focus primarily on keeping the cyber hackers out with threat detection and vulnerability management at the core. But modern CIOs and CISOs want – and need – more than this when reporting to the Board; they want “provable security”.

Securing data should be a strategic investment in an organisation’s risk strategy and should quantifiably contribute to the overall value of the business. CISOs expect their network security teams to be equipped with tools that will enable them to make real-time changes to applications based on observable network flow. They want to see that securitypolicies are being enforced properly and, most importantly, prove that their security strategy is actually effective.

To put this into practice, cyber security should be quantifiable, measurable and outcomes-driven. It shouldn’t just be a case of successfully keeping a cyber attacker out of the network after a single breach; a successful cyber securitystrategy is effective only when it is continuously putting data security first and measuring impact against key performance indicators (KPIs) that will instantly show Board members how imperative the strategy – and the technology behind it – really is.

In order to truly demonstrate the effectiveness of the organisation’s security strategy, CIOs and CISOs need to be able to visualise and understand their data, the associated applications, workloads and behaviour, with real-time contextual insight. This, in turn, will enable this understanding to be passed on to other executive Board members. 

The real value of cyber security

Armed with this insight, organisations can then take actionable steps not only to measure the effectiveness of their security strategy, but to gain deep understanding into how to enhance their security posture and to manage and enforce policies. With a data-driven approach to cyber security, the guesswork can be removed and CISOs and CIOs will be able to clearly demonstrate to the Board that ROI has been achieved.

With buy-in from the Board, data security is now more than a ‘necessary cost’, and is instead a fundamental of business operations. The businesses that succeed in enforcing this way of thinking will then truly be able to continuously evolve their cyber security practices to keep their data safe.

The first and last line of defence

960 640 Guest Post

As the frequency and sophistication of cyber attacks increase at an alarming rate, much attention has been paid to high-profile data breaches of enterprise companies. Just recently, EasyJet revealed that the personal information of 9 million customers was accessed in a cyber attack on the airline; and the examples don’t stop there. British Airways was fined £183 million in July last year after hackers stole data of half a million customers and in the same month, the Marriott hotel group was fined £99.2 million for a breach that exposed the data of 339 million customers. 

With media attention typically placed on data breaches of this scale, this could give the incorrect impression that the cyber security risk to SMBs is much smaller. It’s true that SMBs by their very nature don’t have thousands of employees or millions of global customers, but that doesn’t mean that they are not a target. Every business still has a combination of employees with personal data, payroll information, company credit cards, suppliers that use their systems – all valuable data that a hacker could potentially use to their advantage. Clearly, technology has a large role to play – but technology alone can’t prevent every type of attack.

Andrea Babbs, UK General Manager, VIPRE Security, explains how a combination of technology, regular training and tools that help the user to thwart potential hacks can provide a layered defence for organisations to mitigate the threats they face….

Technology alone is insufficient

Life and work as we know it is changing as a result of the Covid-19 crisis. Businesses were forced to implement a working from home policy (if they could) almost overnight, with many unprepared in terms of infrastructure and security. Cyber criminals have used this to their advantage, producing ever more sophisticated, convincing and dangerous methods to target businesses and individuals.

Technology, including solutions that provide a vital protection against email mistakes, can help users spot phishing attacks – such as the email that purports to come from inside the company, but actually has a cleverly disguised similar domain name. This technology can automatically flag that email when it identifies that it is not an allowed domain, enabling the user to cancel send and avoid falling for the phishing attack. In addition to email security and endpoint securitythat protects against emerging threats such as spyware, viruses, ransomware etc., this can be a valuable tool in an organisation’s armoury. 

But despite companies such as EasyJet investing significant amounts into essential cyber security software, the breach examples above clearly show that deploying technology in isolation is not enough to entirely mitigate the risk of cyber attacks. The key is to change the mindset from a full reliance on IT, to one where everyone is responsible. 

Employees are a key part of a business’ security strategy. Those that are educated about the types of threats they could be vulnerable to, how to spot them and the steps to take in the event of a suspected breach are a valuable and critical asset to a company. Employees are the soldiers on the front line in the battle against cyber criminals. They need to be trained to be vigilant, cautious and suspicious and assume their role as the last line of defence when all else fails. 

The threat landscape continues to evolve so rapidly that those businesses not conducting regular cyber security training for their employees are not secure. Relying on security software isn’t enough. But training shouldn’t just be a tickbox exercise either, a once a year session on cyber threats won’t be enough to keep the workforce sufficiently informed and vigilant. 

Security Awareness Training

Organisations cannot be expected to stay one step ahead of cyber criminals and adapt to new threats on their own. They need to recruit their employees to work mindfully and responsibly on the front lines of cyber defence. 

According to Verizon’s 2019 Breach Investigations report, 94 percent of malware is delivered by email, making it the most common attack vector. One element of ensuring that the workforce is alert to the threat of phishing emails is to conduct a regular internal phishing email campaign that can also provide analysis on which employees failed to spot the phishing attempt, and therefore, may require additional training. Would your employees know how to spot a scam attempt? What about the following real-world examples taken from actual events? 

  1. A scammer purporting to be a company executive sends an email to an employee requesting a wire transfer to be sent immediately to a supplier. With a senior colleague making the request, and added pressure at the moment to be seen as ‘working’ when working from home, the employee complies and wires funds to a fake account. 
  2. An email is sent to your outsourced HR provider claiming to be from the company CEO requesting personal employee data. Without spotting the fraudulent nature of the email, the HR provider complies and shares personal information with the scammer which could be used to create false documentation. 

Fortifying the defence strategy

The essence of a solid cyber security strategy is a layered defence that includes endpoint security, email security and a business-grade firewall for the security of your network. But even with the most sophisticated software in place, hackers make it their mission to stay one step ahead of IT defences. Employees can, therefore, be a proactive weapon in an organisation’s defence, or a hole in the fence for cyber criminals to pass straight through to the corporate network. That is why regular training, in addition to complementary security tools, can provide a fortified strategy for organisations to mitigate the threat of a cyber attack. The workforce should be trained to question everything, be cautious and double check anything that they think is suspicious. The difference between a trained and an uneducated workforce could mean the difference between an organisation surviving a cyber attack, or suffering the devastating consequences.

Without automation, security gets harder during a business disruption

960 640 Guest Post

FireMon’s 2020 State of Hybrid Cloud Security Survey found that 69.5 percent of respondents have a security team of just 10 people or fewer.  And  most manage both on-premise network security and cloud security.  

These teams are already bogged down with manual tasks at the best of times, so when a crisis  hits, it magnifies the risks of manual processes. Not only is it difficult to maintain essential network operations, but the number of misconfigurations that threaten compliance go up dramatically. 

Worse still, if unexpected interruptions to business continuity lead to team members being out of commission, security and compliance is further compromised because there’s not enough people to execute even the most basic steps of the business continuity plan — forget security configuration and compliance! An unexpected disaster scenario that already threatens data and compliance is further magnified, and so is the risk to the business, including the greater likelihood of lost revenues. 

IT’S ALREADY WAY TOO HARD TO KEEP UP ON A NORMAL DAY 

If you’re already short on people on a regular day, it’s going to be even harder to keep on top of everything that needs to be done when disaster strikes. Some of those manual tasks such as firewall rule updates may simply not get done, or if they do, they’re rushed and are more prone to human errors that lead to misconfigurations. Instead, the priority is to keep the business running and security teams must shift their focus to exceptional, specific user access issues that are cropping up, which are also being done in a hurry without enough attention to compliance because there’s no foundational best practices in place. 

Disruptions also mean some security team members are no longer available, so you’re even further short-staffed at a time when you need all hands on deck. Without automation and logs that provide insight into how and why things are done, you’re dependent on the knowledge of people who may no longer be available to share it.  

AUTOMATE WHAT YOU CAN SO YOU CAN MANAGE WHAT YOU CAN’T 

You can’t control everything, and it’s not a matter of if disaster strikes, it’s when.  Regardless of the cause, a “black swan” event tends to throw a lot of curve balls at security teams. However, if you’ve already automated most cloud configurations and global security policy, your team is in a much better position to deal with the expected.  

There are many things security teams can automate, including: 

  • Identity and access management, including cloud configuration 
  • Updates and patches 
  • Detection and monitoring 
  • Firewall rule updates 

Knowledge transfer through documentation also means you’re not dependent on specific team members to maintain compliance. 

You can’t automate everything at once, but if you start with low-hanging fruit, you’ll see immediate benefits. By establishing a global security policy and making it a baseline for any access configurations, including cloud services, you can be responsive to the lines of business change requests. Organizational knowledge is also quickly accessible, even when disaster strikes and if team members become unavailable. 

There are times when business isn’t as usual – it happens. However, it’s important to learn and adapt while things unfold during those times. In this case, many organizations will decide to lean into cloud migrations and automation to blunt the impacts of future black swan events. 

TLS/SSL Decryption – One of the main pillars of zero trust model

960 640 Guest Post

By Stephen Dallas AVP Emerging Europe / Africa Sales & EMEA Channels at A10 Networks

In a world where everything and everyone is connected to the internet, in one way or another, it’s hard to imagine a network that is truly secure. Data, large amounts of it, are at the centre of it all. With industries from healthcare to the education sector to the government using the internet to provide easy access to data, it is no wonder that cybersecurity teams are always working around the clock to try and come up with better ways of defending these networks and the data they store.

Insider Threats – Need for Security to Evolve from “Castle and Moat” Approach

Modern cyberattacks are not limited to just network intrusion from the outside. Internal threat actors can often be found at the centre of sophisticated attacks.

Initially, we had the concept of zones, perimeters and network segments – placing all the protected assets “inside” the secured network perimeter. However, attackers are always evolving the methods they use; always on the lookout for weak points in your network defences; and coming up with newer ways of infiltrating the perimeter. Keeping up with them is a challenging and ongoing struggle. We also need to realise that the “castle and moat” approach to our network defences was mostly effective against threats that resided outside the network. But what about the threats on the inside? What about modern attacks that work on multiple levels to try to bring your networks down? How do we protect our networks from people who have legitimate access to all its resources? How do we battle the ever-growing and ever-evolving modern cyberattacks? Add to these questions, regulations like GDPR, and the rising fines, and you will see that having your networks attacked and data breached is one of the worst things that can happen to your company. With these issues as the backdrop, we are forced to re-assess and re-think the way we defend our networks, users and data.

Zero Trust Model – a Modern Cybersecurity Approach

Zero Trust attempts to fix the problems, and patch the holes, in our cybersecurity strategies. At the core of it, the Zero Trust model is based on the principal of “trust nobody.” The Zero Trust model dictates that no one in your network should be trusted completely, that access should be restricted as much as possible, and that trust should be seen as yet another vulnerability that can put your network at risk.

Some of the precepts of the Zero Trust model are:

  • Networks need to be redesigned in a way that east-west traffic and access can be restricted.
  • Incident detection and response should be facilitated and improved using comprehensive analytics and automation solutions, as well as centralised management and visibility into the network, data, workloads, users and devices used.
  • Access should be restricted as much as possible, limiting excessive privileges for all users.
  • In multi-vendor networks, all solutions should integrate and work together seamlessly, enabling compliance and unified security. The solutions should also be easy to use so that additional complexity can be removed.

Danger of Security Blind Spots

In recent times, we have witnessed a phenomenal rise in the use of encryption across the internet. Google reports that over 90 percent of the traffic passing through its services is encrypted. The same is true for all the other vendors. This rise has been driven by many factors, including privacy concerns.

However, with encryption comes the creation of a “blind spot” in our network defences as most of the security devices we use are not designed to decrypt and inspect traffic. The Zero Trust model is not immune to this problem as visibility is considered as one of the key elements to its successful implementation. Without complete encrypted traffic visibility, the model will fail, introducing vulnerabilities that can be exploited by both insiders and hackers.

TLS/SSL Decryption – One of the Main Pillars of Zero Trust

A centralised and dedicated decryption solution must be placed at the centre of the Zero Trust model and should be included as one of the essential components your security strategy.

Many security vendors will make claims of the ability to decrypt their own traffic, working independently of a centralised decryption solution. However, this “distributed decryption” approach can introduce problems of its own, including inferior performance and network bottlenecks, and fixing these would require costly upgrades. In a multi-vendor, multidevice security infrastructure, the distributed decryption also forces you to deploy your private keys in multiple locations, creating an unnecessarily large threat surface in your network, which could be subject to exploitation.

Key features of a good TLS/ SSL Decryption Solution

It is important that a dedicated, centralised decryption solution provides full visibility to the enterprise security infrastructure for TLS/SSL traffic. Not only that, but the solution also needs to provide a multi-layered security approach, which then makes it the perfect candidate to be deployed at the centre of a Zero Trust network.

Below are some of the features to look out for when looking to implement a TLS/ SSL Decryption Solution:

  • Full Traffic Visibility – It needs to enable the entire security infrastructure to inspect all traffic in clear-text, at fast speeds, ensuring that no encrypted attacks or data breaches can slip through
  • Ease of Integration – It should be vendor agnostic and easily integrate with securitydevices already deployed within the network. This drives down additional costs and upgrades.
  • Multi-Layered Security Services – These are additional security services, including URL filtering, application visibility and control, threat intelligence and threat investigation, that help strengthen the security efficacy of the entire enterprise network
  • User Access Control – The product should be able to enforce authentication and authorisation policies to restrict unneeded access, log access information and provide the ability to apply different security policies based on user and group IDs.
  • Micro Segmentation – It should facilitate micro-segmentation through its ability to provide granular traffic control, user and group ID-based traffic control, and support for multi-tenancy
  • Securing Cloud Access – SaaS security is an important feature which can be provided by enforcing tenant access control and visibility into user activities.

In conclusion, without a centralised and dedicated TLS/SSL decryption solution, the Zero Trust model is unable to do what it was designed to do – protect our networks, users and data from threats residing inside and outside the network.

Top 5 business telecoms trends for 2020

960 640 Guest Post

By Laura Health, Head of Product Development at TSG

As with several business technologies, the 2010s saw huge advancements in telecommunications. Whilst VoIP (Voice over Internet Protocol) telephony had been around long before this decade, this is when it really took off as a viable, modern and futureproof solution for businesses around the world.

A lot of businesses saw it as an opportunity to realise savings from new internet connections or to move their voice services to new providers; but many didn’t really look at the benefits beyond that. 

High-quality internet became far more accessible in the 2010s; leased line internet services became more affordable, with many being able to benefit from 100Mbps and upwards connections; all for the same price of previous 10Mbps services. The internet evolved into an essential tool for any business with the shift towards cloud-based services.

As the decade progressed and many organisations got to grips with flexible working (an option afforded to us by this move to cloud services), consumers benefitted from better internet services. The fibre broadband rollout gained pace, and now an estimated 96% of the UK can access internet speeds in excess of 24Mbps download. It’s an added bonus for avid streamers, from Netflix binges to the festive football fixtures available on Amazon Prime.

What will telephony and telecommunications look like in the 2020s?

Now that we’ve taken a quick whistle-stop tour of the advancements in telephony in the 2010s, let’s look ahead. With the changing way we’re using the internet to consume more services, both personally and professionally, this decade is really exciting.

Hosted telephony is becoming the norm

In a business context, the shift to the cloud continues at an incredible pace. Many businesses, having completed their migration, are now adopting a cloud-first approach, utilising services like Office 365, Dynamics 365 and hosted voice services – all of which need great telecommunications infrastructure.

This is particularly important as businesses are changing how they want to consume their voice services. Typically, organisations are looking to remove the need for physical equipment (in the form of a PBX system – the key aim is to move to a softphone-only environment) and benefit from the advantages a hosted voice platform provides, namely:

  • Disaster recovery capabilities – traditionally, this was only afforded to organisations with a lot of money to spend
  • Flexibility – giving staff the ability to work from any location whilst still being part of the corporate system
  • Preparing for the ISDN switch-off – read more about this further down
  • Cost-savings – these can easily be achieved through consolidation; reduced call spend and typically a low capital expenditure when implementing a new system

Kick-started by the ISDN switch-off, thousands of UK businesses are replacing legacy phone systems – some of which are older than this millennium! Additionally, the rate of change in the hosted voice market continued to increase last year with the announcement from Microsoft about full voice services coming to its Teams platform, provided to organisations via Office 365.

Microsoft shakes up the hosted voice market with Microsoft 365 Business Voice

Microsoft 365 Business Voice could revolutionise how we approach voice services here in the UK. If you add to this the perfect storm of the death of ISDN in 2025 and many users already utilising Office 365, the next decade could see Teams providing an entry to hosted voice services to the many at just a small additional cost on top of their existing O365 subscriptions. 

One exciting innovation is the exploration of integrating artificial intelligence (AI) into voice services, particularly in the call centre space. This is likely to play a huge part during the next decade, providing efficiencies to call flow and improving customer service. Imagine being presented with all the information required by your device without having to type?

The ISDN switch-off – act now before it’s too late

ISDN voice services will be coming to their inevitable end in 2025, with Openreach making the announcement a few years ago. This will see the way in which we all consume our voice services change. It also means those business clinging on to the ageing traditional systems because “they don’t cost anything to run” will find that they need to upgrade or risk losing their voice services entirely.

Consumers will also be boosted again in the coming decade. Many will still require the copper cable, but this will be more for the provision of the broadband, not voice services. As networks are upgraded, Openreach has now adopted a fibre-first approach. In short, any new buildings or upgrades that it carries out will see superfast fibre FTTP (fibre to the premise) deployed instead of the FTTC (fibre to the cabinet) technology of the last decade. This will provide speeds of up to 1Gbps. Just imagine the streaming on that… 8K anyone?

Providers are upping their game

The introduction of Microsoft 365 Business Voice means providers need to adapt in order to keep up with the times and offer robust services. We’re already seeing this with Gamma’s introduction of its mobile convergence offering (Gamma Connect), giving you phone system functionality on your mobile phone without the need for a softphone. This technology is great for any business who has a very mobile workforce.

5G will give us endless mobile possibilities

The last area to touch on is the introduction of 5G. This is great news not only for consumers, but for businesses invested in mobile voice services. When on the go and not hooked up to WiFi, this means your mobile workforce will still be available and able to use voice services. There are also interesting implications for the IoT (Internet of Things) and AI. 

A final word

So, over the next decade we can expect businesses to move to IP telephony in their droves as they jump ship from ISDN before the costs become unmanageable and, in turn, reap a host of additional benefits. The Microsoft Teams telephony solution will give the market a much-needed shake-up and provides an entry-point into hosted voice for small to medium businesses.

TSG is a managed IT support company in London, offering expertise across a range of areas including Office 365, Dynamics 365, document management and business intelligence. 

Image by Ahmad Ardity from Pixabay 

Progress your career with a funded Cyber Security Apprenticeship

960 640 Guest Post

This funded Degree Apprenticeship programme from De Montfort University (DMU) is a great opportunity to work towards becoming a fully-competent cyber security professional.

Businesses often find their workforce has gaps in the specific digital skills needed to protect them from cyber security threats. The Cyber Security Technical Professional Integrated Degree Apprenticeship provides the essential skills and knowledge to ensure individuals can become independent cyber security professionals who can operate within business, technology or engineering functions across a range of industry sectors. Apprentices will develop skills which enable them to lead teams that research, analyse, model and assess cyber risks, design, develop, justify, manage and operate secure solutions, and detect and respond to incidents.

The great news is that if your organisation is a Levy payer, this apprenticeship allows you to utilise the funds within that Apprenticeship Levy. If your organisation does not pay the levy, up to 95% of the apprenticeship can be funded by the Government Apprenticeship Service. With this service you have the opportunity to reserve funds up to three months in advance of the start date for the programme. From now until autumn, up to 15,000 apprenticeships are available via this route.  

The teaching on this programme is underpinned by the work of academics from DMU’s Cyber Technology Institute (CTI). The CTI is a recognised NCSC Academic Centre of Excellence in Cyber Security Research as well as an Airbus Centre of Excellence in SCADA Forensics. This research and industry expertise provides the perfect environment for apprentices to develop the skills they need to respond to real-world cyber security challenges.

Key elements of the apprenticeship include; Risk modelling, analysis and assessment strategies, Cyber Incident Response tools and techniques, Secure software development, Malware Analysis, and understanding of the applicable laws, regulations, standards and ethics.

During this 42 month programme apprentices can expect to attend DMU for week-long blocks of teaching for each module, learning alongside peers from industry to encourage broad scope thinking. Integrating workplace training with academic learning provides apprentices with an increased understanding of their organisation’s unique business needs.

This apprenticeship is suitable for professionals employed by an organisation who will support their participation in the entire programme. This includes regular meetings with a work place mentor to support development of the professional skills they need to complete the programme successfully.

DMU works with organisations such as IBM, Siemens and BT delivering apprenticeships, where learning and skills are embedded back into the business from day one, adding real value and transferring fresh and innovative ideas.

The programme is based on the Level 6 Cyber Security Technical Professional (Integrated Degree) apprenticeship standard and is allocated Funding Band 27 (£24,000) by the Institute for Apprenticeships (IfA).

To find out more, click here.

Digital Transformation and Cloud Migration Initiatives Shouldn’t Leave Security Behind

960 640 Guest Post

Digital transformation can be a nebulous term, but for FireMon customers, it typically means shifting workloads to the cloud and streamlining business processes. 

This transformation should emanate from the inside out and is not simply adding transformational technology at the edge or remotely. Strategic initiatives around digital transformation should contribute to as many of the below areas as possible:   

  • Corporate cost savings 
  • People efficiency 
  • Customer satisfaction 
  • Infrastructure security posture 
  • Driver for meaningful innovation 

Most enterprises are on the journey now, albeit at different places. The destination is a cloud-first, more profitable, responsive, efficient and customer-centric organization. But the road ahead has obstacles. To avoid these, enterprises need complete visibility into the infrastructure they are transforming so they don’t replicate and automate inefficient processes. Empowering their people to be more productive should be top of mind.  

All this must be done with security at the forefront and not as an afterthought. Proper configuration of cloud deployments and automation of security policy management can move digital transformation efforts forward. 

Digital transformation needs a map 

If enterprises are to fully benefit from a cloud-first strategy, they not only need complete visibility into the IT they’re adding, but also their existing environments.  

Without a clear picture of what you already have, you risk lifting and shifting outdated processes and non-compliant security to the cloud. And you’re not necessarily going to move everything, so your digital transformation should move you toward a complete view of your infrastructure. 

At FireMon, we have been driving innovation that allows customers see their cloud deployments the same way they see their on-premise infrastructures, even though security configurations can differ widely. Digital transformation is an opportunity to create a dashboard that can travel with you down the road far into the future, even as the horizon changes — in this case, it’s wherever you decide to put workloads and digital assets. 

Clean before you automate 

Before you can embrace automation, there’s one key step you need to take in your digital transformation journey: ingesting and aggregating information to improve security posture. 

Visibility through FireMon Lumeta enables to you to see all the devices and endpoints in your existing environment, including what you’ve already put in the cloud, and every rule that’s attached to them. Before you decide what to automate, make sure it’s worth automating. Digital transformation is an opportunity to look at what you’re already doing and a chance to clean up or fix broken processes.  

Make sure your security controls go with you; you should have the same level of confidence in the cloud as you did on premise, and the same visibility, if not better. It’s also an opportunity to align teams responsible for security, especially if on-premise and cloud security duties are divided. Better still, bridge that gap and unify your team as so security is better positioned as part of your overall design process.  

Once you can see everything you have and have shored up your security policy, you can automate what should be automated and replicate the appropriate on-premise controls in your cloud environment. It’s a chance to discard redundant firewall rules and processes, just as you would have a garage sale before moving a new house — why take unnecessary junk with you? 

Digital transformation is more than making the business more efficient through cloud-first strategies; it’s a cultural shift for the entire organization. It means not doing things the same way just because they’ve always been done that way, but it also empowers people to take on new responsibilities by freeing them up through smart automation.  

And remember, there’s no point embarking on the digital transformation journey unless you take security with you.   

Find out more at www.Firemon.com

Taking online networking back to basics in IT

960 640 Guest Post

IT professionals are struggling to get value from online networking, knowledge-sharing and content driven platforms. Too many recruitment requests, questionable connections, and far too much time spent wading through promotional messages to reach the right content. Individuals need less noise, more relevance. Max Kurton, Editor in Chief, EM360 explains why it’s time for online networking to get back to basics...

Noisy and Confusing

It may be hard to remember but online networking platforms started with a simple model: to provide professionals within a specific market – such as IT – the chance to network and interact with like-minded individuals, sharing content relevant to each individual’s interests, background and preferences. That doesn’t sound anything like today’s experience. Over the past decade that simple but highly effective premise has been completely lost. While still essential for day to day networking and collaboration, the deluge of irrelevant content and connections online platforms serve up second by second is adding to workplace stress rather than supporting any effective or timely knowledge sharing and collaboration.

Just consider how much time everyone spends each day sifting through irrelevant and intrusive recruitment messaging, ignoring sales pitches or checking the credentials of people asking to connect. And that is before trying to locate content relevant to your business or interests. The need for trusted information and effective collaboration has never been greater – but current online networking platforms are no longer providing the quality or relevance required.

Relevant and Like Minded

It is time to take the concept of online networking back to basics and deliver the focused, timely content and collaboration that can truly leverage shared knowledge, experience and objectives. The first step is to create a true community of like-minded individuals. The next step is to leverage Artificial Intelligence (AI) to further refine the experience by ensuring individuals are only presented with truly relevant content – whether that is business continuity, security, data management, unified communications or AI.

It is also essential to avoid overt selling by ensuring content is focused on thought leadership and education. A strong editorial team creating a raft of white papers, podcasts and articles will reinforce both the quality and tone of content, enabling individuals to quickly and confidently access high quality, informative information. Members posting content must also conform to these quality standards, following a simple but effective posting guideline to guarantee that the educational essence of the online networking platform is retained.

Critically, people need to be able to gain fast but trusted access to like-minded individuals – whether that is a technology area such as data science or a market such as financial services. Combining a model that rigorously qualifies those signing up to ensure their identity with simple ways to make connections, network members can engage with new connections with confidence. 

Trusted Experience

In an online world awash with vast amounts of, often questionable, information every business professional needs to find a safe, trusted source of informative and educational content. If that high quality resource can be combined with an online networking platform that ensures the credentials of members, like-minded individuals can rediscover the value of fast, relevant information sharing and collaboration.

By eradicating the noise and removing the extraneous activity, online networking can get back to basics, enabling IT professionals to experience once again the value of focused, relevant and effective information sources, connections and collaboration.