The Weakest Link

Published by: Alastair Broom on March 10, 2017 in Security

As Logicalis’ Chief Security Technology Officer I’m often asked to comment on cyber security issues. Usually the request relates to specific areas such as ransomware or socially engineered attacks. In this article I’m taking a more holistic look at IT security.

Such a holistic approach to security is, generally, sorely lacking. This is a serious matter, with cyber criminals constantly looking for the weak links in organisations’ security, constantly testing the fence to find the easiest place to get through. So, let’s take a look at the state of enterprise IT security in early 2017, using the technology, processes and people model.

Technology

A brief, high-level look at the security market is all it takes to show that there are vast numbers of point products out there – ‘silver bullet’ solutions designed to take out specific threats. There is, however, little in terms of an ecosystem supporting a defence-in-depth architecture. Integration of and co-operation between the various disparate components is , although growing, typically weak or non-existent.

We’ve seen customers with more than 60 products deployed, from over 40 vendors, each intended to address a specific security issue. Having such a large number of products itself presents significant security challenges, though. All these products combined have their own vulnerability: support and manintenance. Managing them and keeping them updated generates significant workload, and any mistakes or unresolved issues can easily become new weak points in the organisation’s security.

The situation has been exacerbated by the rapidly increasing popularity of Cloud and Open Source software. Both trends make market entry significantly simpler, allowing new players to quickly and easily offer new solutions, targeting whichever threat happens to be making a big noise at the moment.

Just as poor integration between security products is an issue, so is lack of integration between the components on which they are built. Through weak coding or failure to make use of hardware security features – Intel’s hardware-level Software Guards Extensions (SGX) encryption technology is a good example – security holes are left open, waiting to be exploited.

The good news on the technology front is that we are seeing the early stages of the development of protocols, such as STIX, TAXII and CybOX, allowing different vendors’ products to interact and share standardised threat information. The big security vendors have been promoting the idea of threat information sharing and subsequent action for a while, but only within their own product ecosystems. It’s time for a broader playing field!

Processes

IT security is one of the most important issues facing today’s enterprise, yet, while any self-respecting board will feature directors with responsibility for sales, marketing, operations and finance, few enterprises have a board level CISO.

Similarly few organisations have a comprehensive and thoroughly considered security strategy in place, or proper security processes and policies suitable for today’s threat landscape and ICT usage patterns. A number of industry frameworks exist: ISO 27001, Cyber Essentials, NIST to name but a few; and yet very few organisations adopt these beyond the bare minimum to meet regulatory requirements.

Most organisations spend considerable sums on security technology, but without the right security strategy in place, and user behaviour in line with the right processes and policies, they remain at risk of serious breaches.

People

The hard truth is that some 60% of breaches are down to user error. Recent research obtiained through Freedom of Information requests found that 62% reported to the ICO are down to humans basically getting it wrong. People make poor password choices, use insecure public (and private!) WiFi, and use public Cloud storage and similar services without taking the necessary security precautions. They do not follow, or indeed even know, corporate data classification and usage policies. The list, of course, goes on.

Training has a part to play here, to increase users’ awareness of the importance of security, as well as the behaviours they need to adopt (and discard) to stay secure. However, there will come a point at which the law of diminishing returns kicks in: we all make mistakes – even the most careful, well trained of us.

We need to explore, discover and devise new ways in which technology can help, by removing the human element, where possible and desirable, and by limiting and swiftly rectifying the damage done when human error occurs. Furthermore, we need to leverage ever improving machine learning and artificial intelligence software to help augment human capability.

Enterprises need to work with specialists that can help them understand the nature of the threats they face, and the weak links in their defences that offer miscreants easy ways in. That means closely examining all aspects of their security from each of the technology, processes and people perspectives, to identify actual and potential weaknesses. Then robust, practical, fit-for-purpose security architectures and policies can be built.

For an outline of how this can work, take a look at Logicalis’ three-step methodology here or email us security@uk.logicalis.com to discuss your cyber security needs.

Leave a Reply Cancel reply

You must be logged in to post a comment.

WRITTEN BY Alastair Broom

Alastair Broom is Security Practice Lead for Logicalis UK where he is responsible for managing the UK Security Practice, defining the security strategy and roadmap and helping the Logicalis client base address their security challenges.

Alastair has held a number of senior Product Marketing and Product Management positions throughout his career and has lived through the evolution of the threat and regulatory landscape, helping customers protect their networks, data and brand.

Prior to Logicalis, Alastair was Security Line of Business Director at Dimension Data and managed the product & services portfolio at Integralis/NTT Com Security.

He has written several published articles/opinion pieces on a range of security related topics and has a degree in Electrical Engineering from the University of Nottingham.

All posts

Related
Most Recent
Most Popular

All the gear, no idea?

Dean Mitchell
January 18, 2018

In the previous blog post on Capacity Management, we explored why IT projects fail and what you can do to prevent it. What is even more important is to understand why, when it comes to securing your business, product alone isn’t the answer.

Ransomware, data breaches, insider threats, phishing scams… we’ve all seen the headlines. And, although these words, once reserved for IT departments, are becoming a part of everyday vocabulary, that doesn’t make them any less concerning. They have the power to derail your entire business- everything that you’ve built- within seconds.

Nowadays, cybercrime is big business, and you can guarantee that for every security solution churned out by vendors, someone, somewhere is creating a brand new malicious code to target other vulnerabilities you didn’t even know existed within your organisation. Add to that modern working habits, with more and more businesses needing to adopt cloud and IoT for day-to-day operations, to keep up with their competitors, but subsequently increasing the potential attack surface, and you soon see that organisations are under siege from all angles.

To state the obvious; cybersecurity is no longer optional.

And this is something that all CIOs are more than aware of. In fact, in our 2017 global CIO Survey, security was cited as the number one concern when it came to an increase in the use of cloud services, with 70% of respondents citing it as a challenge.

So the problem is common knowledge, but what’s the solution?

Well, if your automatic answer is ‘by investing in security products’, then you’re not alone. Many business leaders define ‘security strategy’ as lots of different solutions coming together to work as one protective shield. Each solution is built to defend against a single threat vector, so various email, cloud and web products all become separate pieces of a much larger security puzzle.

Given the sheer volume of security products readily available, it’s no surprise that this puzzle doesn’t come cheap and that certain pieces aren’t as effective as others. But, surely the more products you deploy- effective or otherwise- the more significant your overall security capabilities and the better the protection for your organisation. After all, it’s better to be safe, and slightly out of pocket, than sorry… right?

It’s an easy trap to fall into.

In reality, a growing number of point solutions patched together is no longer an effective strategy. Instead, this method compounds complexity and creates the very vulnerabilities that it is meant to be mitigating against.

This is because security devices raise an alert for each threat that they detect- that’s how they work. And when you have multiple tools in place, each detecting multiple threats, the chances are that alerts will be going off almost constantly. This is fine; it shows that the solutions are working.

But, it’s unlikely that a single organisation will have the manpower needed to deal with each alert simultaneously. Instead, overwhelmed and underresourced IT teams will probably try to prioritise and as a result many of the alerts, and therefore threats, are ignored, making your organisation vulnerable.

So, when it comes to protecting your business, spending thousands and thousands of pounds worth of your budget on product alone is futile. It’s clear that the ‘best of breed approach’ has had its day, with an increasing number of organisations coming to the realisation that it’s not about how many solutions you have in place, it’s about how you’re using them.

A problem shared is a problem halved

To simplify things, you can strip your security strategy back to three key areas that all need to be done well; threat insight, vulnerability management and managed endpoint security.

Then, you need to make sure that the solutions you have within these areas are being used correctly. The easiest way to do this, and to make the most out of your resources, is to undertake a collaborative approach.

Take the heat off your own IT team and share the security burden with a partner who can help you to plug the gaps with managed solutions like:

– Managed SIEM/SIRM- A Security Incident Event Management service working in conjunction with a Security Incident Response Management service will provide optimal threat insights. It will solve the biggest and longest headache for your internal IT team- the one that began when you started installing security solutions… External engineering teams will analyse and, effectively, filter the never-ending stream of alerts so that, before they even reach your team, they are prioritised in terms of risk to your business and have clear actions on how to stop them in their tracks.

– Patch management- By combining patch management services with existing vulnerability scanning in a single service you can achieve optimal vulnerability management. Believe it or not, this service will fill any gaps in your security wall automatically. This is because networks will be regularly scanned for vulnerabilities with any intel gathered then being rolled into a patching program. Obviously, this will significantly reduce the time between when a vulnerability is identified and when it is patched.

– Security device management- This incorporates all endpoint security, including antivirus solutions, firewalls and device control, as a single managed service. Delivered via software on laptops, desktops and servers, the service can also detect rogue devices attaching to the network and provide web filtering.

The bottom line is that cybersecurity is not about product. It’s about people, processes and technology working coherently to manage risk and protect your organisation. Often, working collaboratively with providers who can manage your security can be the better option. They will have the resourcing and the skillset to help you deal with any potential threats, while offering more peace of mind.

Today, a third of CIOs see security as the most prominent barrier towards digital transformation. Outsourcing can change that by granting your internal IT teams the gift of time… time that can be used to pursue other areas of your business’ IT strategy.

Talk to us to find out how we can help you.

Originally posted on CBR, 21 November 2017

Category: Security

5 Steps to Effective Ransomware Protection

Alastair Broom
December 13, 2017

Ransomware is a hot topic at the moment and the “attack du jour” for cybercriminals. The code is easy to obtain and campaigns simple to execute thanks to the industrialised infrastructure that supports it. The result – a rapidly growing market that is already estimated to be worth in excess of $1 billion.

Criminal gangs provide “ransomware as a service” with everything from code provision through to the monetisation of the attack making it easy to both execute and profit from. Other types of cyber-attacks may involve complex, time-consuming or risky steps for the criminals but ransomware profits are immediate, usually via Bitcoin payment into the criminal’s wallet.

The traditional approach to cyber security has been to deploy more and more technology to protect against the evolving threat. This has led to uncontrolled technology sprawl creating a security management nightmare. Throwing more technology at the problem implies more resources to manage the estate and security resources are hard to come by. According to research by the recruitment company

Despite the increased level of sophistication and frequency of ransomware attacks, by following the steps described below, organisations can significantly reduce their risk.

Step 1: Security Awareness Training

Although technology plays an important part, the majority of malware and ransomware attacks involve a user doing something they shouldn’t, such as clicking on a malicious web link, opening an email attachment or installing a new application. Usually this is due to a lack of understanding of the security risks associated with such actions. Phishing, a form of social engineering is a common technique used to get ransomware inside an organisation, effectively duping users into downloading malicious code or otherwise opening up the organisation’s network to cyber-attack.

Many organisations provide basic security training as part of company induction or as one-off exercises to address audit requirements. However, security training should be a regular part of users’ development and regularly updated. Training should be delivered at a pace and frequency that fits in with the employees’ work schedules with progress monitored and tested for effectiveness as part of the program. Security awareness is a critical part of any organisation’s security program and is fundamental to several security frameworks such as the UK National Cyber Security Centre’s “10 Steps to Cyber Security” program

Step 2: Vulnerability Management

Most malware infections, including ransomware, compromise our systems due to vulnerabilities in the operating systems and applications. All too often, these vulnerabilities remain unpatched for months or even years allowing criminals to exploit the same flaws time and time again.

In 2015, of exploited vulnerabilities have had a patch for more than one year and it doesn’t look as though that’s changing. In addition, IBM research shows that when new vulnerabilities are discovered, the average time taken for hackers to exploit them has decreased from 45 days ten years ago to 15 days today.

Effective vulnerability management is critical in ensuring that existing vulnerabilities are dealt with and new ones are patched quickly before they can be are exploited.

Step 3: Web Protection

Almost all ransomware is delivered across the web. Regardless of whether the initial infection is via email or a malicious/compromised web site, the malware will normally attempt to contact a remote server to download additional software such as exploit kits or encryption software. Web security solutions can be used to detect this suspicious activity, preventing the dangerous malware payloads from being downloaded – even if the initial infection is successful. Modern web security solutions make use of advanced threat intelligence to identify malicious domains and web servers and prevent the malware from receiving its instructions.

Step 4: Endpoint Protection

Ransomware infection inevitably happens at the endpoint. Typically, a laptop, PC or server will be compromised and used to propagate the malware throughout the network. Traditional signature-base anti-malware solutions are largely ineffective against modern malware due to rapidly changing code and the time taken by security vendors to identify new malware variants and create and distribute signatures. Behaviour-based endpoint protection is much more effective in dealing with modern malware as it will identify malicious behaviour such as file substitution and registry changes rather than looking for a specific malware fingerprint in an ever increasing signature database.

Step 5: Security Analytics

Steps 1 to 4 above will provide an effective defence against ransomware and malware in general. However, it is impractical to expect your systems never to be breached so it is imperative that you have visibility into the activity in your environment and the ability to identify breaches and react when they occur. This visibility and identification is provided by a Security Incident & Event Management (SIEM) platform. This software will ingest logs from your security infrastructure, servers, routers etc. and search for suspicious activity that could signal a breach. SIEM provides a “single pane of glass” view into disparate technology overcoming many of the problems associated with the technology sprawl mentioned earlier and enabling security events to identified so they can be dealt with quickly.

Ransomware is a plague that threatens the availability of the data we rely on for our businesses to operate. If successful, ransomware attacks can bring organisations to their knees and result in substantial financial loss in ransom payments, system restoration, clean-up and the growing impact of regulatory fines. Following these 5 steps will significantly reduce the risk of ransomware attacks. Logicalis can help you with solutions to address each of these steps helping you navigate to a more secure environment. For more details, please feel free to contact us.

Category: Security

Still waiting for your Amazon delivery?

Alastair Broom
December 15, 2016

Last week I read that you can now hijack nearly any drone mid-flight just by using a tiny gadget.

The gadget responds to the name of Icarus and it can hijack a variety of popular drones mid-flight, allowing attackers to lock the owner out and give them complete control over the device.

Besides Drones, the new gadget has the capability of fully hijacking a wide variety of radio-controlled devices, including helicopters, cars, boats and other remote control gears that run over the most popular wireless transmission control protocol called DSMx.

Although this is not the first device we have seen that can hijack drones, this is the first one giving the control Icarus works by exploiting DMSx protocol, granting attackers complete control over target drones that allows attackers to steer, accelerate, brake and even crash them.

The attack relies on the fact that DSMx protocol does not encrypt the ‘secret’ key that pairs a controller and the controlled device. So, it is possible for an attacker to steal this secret key by launching several brute-force attacks.

You can also watch the demonstration video to learn more about Icarus box.

There is no mitigation approach to this issue at the moment, other than wait for manufacturers affected to release patches and update their hardware embracing encryption mechanisms to secure the communication between controller and device.

Having seen this video and the potential impact of this hijacking technique, my first thought was about the threat for Amazon’s new service coming soon, which will allow drones to safely deliver packages to people’s homes in under 30 minutes.

This is just another example of how important is to define the right strategy around using encryption as part of the security in the digital era. Business data and the way we want to access this data from any device, anywhere and anytime just highlight the need of enhanced and clever security solutions.

There are different ways Logicalis can help our customers in the protection of data located in data centres and end points with the help of the ecosystem of partners like Cisco and Intel Security.

An interesting offering to mention is Logicalis Endpoint Encryption Managed Service. This service gives our customer’s devices and the data within them the level of protection that will give them peace of mind should a device be lost or stolen, and we Logicalis manage the service for them. This service is the market leader for data protection and it provides the highest levels of Confidentiality, Integrity and Availability. The service is part of the global strategy adopted by Logicalis Group across EMEA.

Category: Automation, Security

Forget hybrid IT, enter the era of hybrid business

Scott Reynolds
May 10, 2018

As the benefits of hybrid IT have become clear, it has evolved from a temporary state to the chosen environment for many organisations looking to thrive.

Every organisation, regardless of size or sector, has a digital strategy. In fact, it’s hard to believe that IT once lingered on the fringes of business operations and decisions when today it is front and centre – a driving force behind both individual projects and overall business objectives.

And for the vast majority of organisations, it’s difficult to speak about digital strategy without mentioning cloud.

In fact, cloud’s ever-growing role and potential benefits are so widely publicised that it can feel almost unavoidable. After all, if your competitors adopt ‘cloud first’ strategies and you chose not to- don’t you risk getting left behind?

But, cloud doesn’t have to be all or nothing…

Enter hybrid IT

With hybrid IT, organisations can bring in cloud-based services that will run in parallel with their existing on-premise hardware. This may not necessarily be a new concept. However, its full potential is rarely realised.

Instead, more often than not, hybrid IT is built into digital strategies as a stepping stone to cloud and, as such, considered the transitional phase on a much bigger journey. It’s useful, but it’s also temporary… Simply a vehicle to get you and your organisation where you need to be by enabling you to join the elite and become a ‘cloud first’ company.

And it’s true, hybrid IT is a very useful tool for organisations looking to make the first small steps into a new cloud-centric world. You can test the waters by investing in new cloud-based technologies, without being all-in.

But hybrid IT can also open up the door to a whole new world of possibilities, enabling businesses to operate in- and therefore reap the benefits associated with- both on-premise and cloud environments.

Many organisations have started to realise this and- as a result- the concept of hybrid IT is transitioning from a temporary phase to a preferred way to do business. In fact, according to Gartner, by 2020 90% of organisations will have adopted a hybrid infrastructure.

But what are the key drivers behind this shift?

The best of both worlds

Traditional IT or cloud technologies… it used to be a one-stop choice that organisations had to make. And once you made it, all your application workloads and databases were assigned to one environment. You were effectively tied into that environment until you actively decided to change and, with significant effort and probably financial cost, you made steps to convert.

But, by using hybrid IT, organisations no longer have to commit to a single environment. They can have the best of both worlds and benefit from aligning specific workloads and applications to specific platforms. hybrid IT grants:

The scalability and cost efficiency of cloud technologies

There’s no doubt about it, scaling a traditional infrastructure can be very expensive. By making the most of hybrid IT- and utilising the public cloud and private cloud environments, businesses can upscale IT operations quickly and at minimal cost – which is particularly useful for shorter-term projects. But, it doesn’t stop there… with hybrid IT, organisations can also downscale their operations. In effect, everything can be driven to reflect the actual demands being placed upon the business, saving both resource and money.

And if organisations are saving resource in those areas, it leaves more room for innovation. The exciting new projects that often have to be pushed aside due to more pressing concerns, such as keeping the lights on, can become a reality.

The security and consistency of traditional IT

IDC recently discovered that the number one barrier to adopting cloud-based technologies continues to be security concerns – with 72% of business leaders agreeing it was a real issue. Whether these fears are well founded or not, the fact remains that- sometimes- public cloud may not meet an organisation’s strict security requirements. Hybrid IT grants peace of mind, enabling organisations to benefit from cloud technologies while keeping their most valuable and sensitive data on premise.

Hybrid IT is also often used in disaster recovery strategies. In our digital world, suffering an IT outage is every organisation’s worst nightmare. Why? Because the downtime that organisations suffer as a result can have a devastating and lasting impact, both financially and in terms of future reputation. By having primary data copied and stored in two different locations, organisations can recover faster while keeping downtime to a minimum.

Above all, hybrid IT gives organisations the freedom to make their own choices. It merges the best of old world technology with new world thinking. And, just as digital is no longer the sole territory of IT departments, it’s set to infiltrate the boardroom and play a key role in all future business decisions.

After all, hybrid IT is an enabler, allowing business leaders to make the right digital decision for their business, whether that is traditional IT, cloud-based technologies or a mixture of the two.

Originally posted on Information Age, 24 April 2018

Category: Hybrid IT

3 areas beyond Finance to benefit from planning analytics

Ismail El Kadiri
April 4, 2018

Over the past decade or so, numerous planning and analytics solutions have come out in an effort to catch up with the complex business environment. Most solutions compete around speed, scalability, visualisation capabilities, scenario modelling and excel integration. Our recent Global CIO survey revealed that analytics is still considered ‘very important’ or ‘critical’ for driving innovation and decision-making across the business.

Traditionally, planning tools have been aimed at the department of Finance. Budgeting and forecasting needs, P&Ls, balance sheets and cash flows have been the bread and butter of planning and reporting solutions. However, this only scratches the surface of what can be achieved in the world of business planning. We are in an era when a truly successful planning practice is not solely based upon financial-focused analytics, but also includes customer, sales performance and workforce analytics.

Planning and analytics for the entire business

Although Finance is usually the right strategic area to begin implementing any planning solution, it should just serve as a starting point. A truly successful planning solution should incorporate your operational planning, giving you a more accurate and all-encompassing view of your business.

Apart from Finance, almost all business functions can benefit from agile planning processes and data analytics with payroll, sales and asset management at the top of the list.

Payroll analytics to decrease manual work

Payroll planning can be a very complex and frequently it’s a manual task for modern organisations. HR employees responsible for payroll face multiple components that influence the complexity of the payroll process, such as NI adjustments, complex bonus schemes, salary increases and benefits. Taking into consideration ongoing government changes, regulatory updates and HR related modifications, payroll can prove to be a stressful and time-consuming process.

The most effective way to evolve a historically manual process and increase the speed and accuracy of payroll planning is through data. By taking advantage of analytics, you can create timely, reliable payroll plans to put employee and business insight into action. You can benefit from faster processes and a uniform view of the data and simplify analytical processes, that HR employees might not be able to execute.

Accurate sales forecasting with planning analytics

Sales is another department of an organisation that can greatly benefit from planning analytics. For most organisations, sales planning and forecasting is their life-blood – as it directs the efforts of each department and helps define the overall strategy. Therefore, it is crucial to set realistic and accurate targets based on existing data.

With agile planning and analytics, businesses today can forecast sales volumes and adjust cost and price centrally to see the bottom line impact of the Sales department. More than in any other part of the organisation, this is the ideal area to take advantage of seasonality forecasting, what if scenario modelling and phasing. This will result in successfully steering sales activities, maintaining margins and delivering value, both to the client and the business.

Asset Management simplified through planning analytics

Often the biggest hurdle that companies face when managing their assets is the volume of data that needs to be collected, analysed and maintained. Increasing cost pressure, complex structures in supply chains and rising risks due to complex procurement mechanisms are just part of the challenge for modern businesses.

Effective and flexible networking of data is crucial in order to make fast and accurate decisions. With advanced planning and analytics, organisations can apply profiles to the assets to plan for depreciation and asset control.

At Logicalis, we have a holistic approach to planning analytics, moving beyond finance and helping you take data-driven decisions for the entire business.

Talk to our team of experts and discover how to make start your planning journey.

Category: Information Insights / IOT

Becoming Digital vs Doing Digital

Tim Wadey
March 19, 2018

What is your approach to Digital Transformation and is your business structured for it?

All modern companies are looking at digital transformation, and the key decision they need to make is whether to “become digital” or to “do digital”. “Becoming digital” is deciding to turn the whole business or business unit digital, re-engineering from the ground up to take full advantage of the benefits of technology across the value chain. “Doing digital” implies taking specific processes, maybe a customer interaction or a B2B transaction process, and making it digital. Depending on which of these options a business chooses to take, the approach and qualities of the Digital Transformation function will change.

Digital transformation has grown as a concept over the last few years, but in general, is taken to mean building additional business benefit on the data and data processes that a business owns. This can mean finding efficiencies through process improvement and automation, new opportunities buried within the value of corporate data or new digital routes to market. A full transformation embraces all of these and more; the emergence of a connected environment, now known as IoT, is opening new opportunities with every technological development.

Becoming Digital: starts with a solid digital business culture

If a business has chosen to “become digital”, the leadership team needs to embrace the objective and fully support the change initiative. That said, the scale of investment and impact of the programme means that a single point of oversight is essential. In some businesses this might fall to a CIO, in others a Chief Digital Officer, however, these leaders will need support from a team with excellent project and technical skills. In addition, the cultural change will require consideration throughout the process. Probably the most critical attributes that the transformation leaders will need to have are a clear vision of what digital looks like, the skills to understand how it will be delivered and, most importantly, the drive to sustain a multi-year transformational programme.

In many ways, the Digital Transformation Officer will have to lead the senior team through this programme, and these qualities combined with the soft skills to enable this leadership will eventually determine the success of the programme. This role is well suited to an interventional style – enabling the business to focus on BAU while the digital programme is delivered in a defined manner. There have been well-publicised initiatives similar to this in major UK retail banks and across industries, like the airlines, where all aspects of customer interaction have become fully digital.

Doing Digital: requires greater focus on technical skills

Alternatively, if the choice is to “do digital”, the transformation challenge is much more bounded. In this case, the challenge is more to do with having the technical understanding and project management skills to deliver tightly defined digital projects. While these transform the particular process involved, they do not require wholesale change across the business. For most organisations, this will be the chosen option as there is less risk and disruption in such an iterative approach. We are seeing programs like this often linked to IoT initiatives across our customer base.

Clearly the CEO will take a close interest in any of these initiatives, however with the choice to “become digital” he or she is betting the company and as such will want the transformation leadership to be part of his senior team and empowered to drive the vision to a conclusion. In choosing to “do digital”, the CEO contains the risk to particular areas and should use his management team to direct these initiatives through a skilled and technically able programme manager. Whatever the approach, there will be a material cost and the benefits realisation after go-live needs to be driven and measured with similar control and vigour.

No matter what direction you choose to take, speak to one of our experts to help you through your digital transformation journey.

Category: Automation, IT Service Management

Capacity Management: could it be the answer to your resourcing needs?

Dean Mitchell
October 24, 2017

Overspending on resources? We can all agree, it’s nothing new. In fact, it’s an issue faced by business leaders almost every day. In our increasingly digital world, overspending on technical resources, alongside the human resources (or skills) to back them up, is common. If you view over-provisioning as a necessary evil, you’re not alone. A recent independent study discovered that 90% of CIOs feel the same way, with the majority only using about half of the cloud capacity that they’ve paid...

Category: IT Service Management

Becoming Digital vs Doing Digital

Tim Wadey
March 19, 2018

What is your approach to Digital Transformation and is your business structured for it? All modern companies are looking at digital transformation, and the key decision they need to make is whether to “become digital” or to “do digital”. “Becoming digital” is deciding to turn the whole business or business unit digital, re-engineering from the ground up to take full advantage of the benefits of technology across the value chain. “Doing digital” implies taking specific processes, maybe...

Category: Automation, IT Service Management

Red Pill or Blue Pill?

Alastair Broom
December 13, 2016

Morpheus, in one of the most iconic scenes of the Matrix trilogies said, "You take the blue pill, the story ends. You wake up in your bed and believe whatever you want to believe. You take the red pill, you stay in Wonderland, and I show you how deep the rabbit-hole goes." Let me ask you something, what about taking decisions like the one offered by Morpheus based on additional information that can be used to evaluated better the two options? Would that influence Neo to change his mind on the...

Category: Collaboration, IT Service Management

Categories

Digitally Speaking

Latest Tweets