Making sense of the Cloud-buzz: what quick wins are available to establish Business and Security value?

On Thursday 25th April, Exponential-e held a Financial Services and Insurance roundtable event at 'M Restaurant' in Victoria, London. The event brought together leading figures from these two sectors to share their experience of Cloud adoption and the benefits it can provide to businesses.

The conversation was kicked off by guest speaker Steve Deakin, Head of Development and Operations at Lloyds of London, discussing his experiences of Cloud and the client perspective. Next followed Nick Robinson, Systems Engineering Manager at Palo Alto Networks, who provided a view of real world innovations and shared Cloud success stories that he has seen from his clients across EMEA.

Here is a high level summary and description of the quick wins that were discussed:

The Process:

  • Learn -> Hack -> Iterate

Horizon Scanning & DevOps with an AGILE mind-set

  • Microsites and Micro services that are already trialled, tested and robust from an architecture and security perspective - this enables one to rapidly deploy new products and services, websites etc. with security peace of mind.
  • Serverless - just focus on writing codes and you can make changes in microseconds! It is easy to deploy, low cost, gives you more time to focus on UX and is more efficient for developers by ensuring you are keeping code backed up and in a secure environment.
  • Grid Data Analyst - overcome floods and complexity of big data and unlock the power of analytics with the right data in the right place.


  • OWASP Top 10 - whilst the threat landscape remains consistent year on year, everyone should make sure they are aligned to the latest as it evolves. Assuming the top 10 remains unchanged or that changes are incremental such as low priority to action, can lead to vulnerabilities.
  • NCSC - The National Cyber Security Centre is an organisation of the United Kingdom Government that provides advice and support for the public and private sector on how to avoid computer security threats.
  • Ethical Hacking - this should be continuously implemented - leverage Pen testers and vulnerability scanning as much as possible in order to follow best practices and processes - Learn -> Hack -> Iterate.
  • Social Engineering was also discussed, not so much as a quick win due to the complexity (get the simple things right first) however, advised to leverage Pen testers to protect your business from bad actors that use social engineering tactics.
  • Multi Factor Authentication – we discussed how this is a very low hanging and important measure to put in place. Leverage MFA to 1) require individuals to provide two or more authentication factors to confirm their identity for online transactions or to gain access to corporate applications, networks and servers and 2) insight and reports on the user's activity. Identity (IAM) and Privilege Access Management (PAM) were also mentioned as a further way to secure your business.
  • Security Information and Event management (SIEM) - leverage SIEMS as a means to log attacks. An IT Service Provider can provide an important layer of service to proactively manage, monitor and report on what the SIEM is seeing on a 24/7 365 basis.

Cloud Patterns

Data Lakes

  • Building out centralised repository for enterprise data, for tasks such as reporting, visualization, analytics and machine learning - leveraging cloud partners to build out big data solutions.

A debate for another day

  • DevOps and Open Source software is and will continue to be the main target for bad actors, they hold the code (the crown jewels). Should such resources have locked or unlocked internet access? On one hand it offers flexibility and agility, on the other it is more locked down and has a stronger argument from a security perspective.

#Azure #AWS #CloudPatterns #Cybersecurity #OWASP #NCSC #DevOps #HorizonScanning #EthicalHacking #Digital Transformation

  1308 Hits
1308 Hits

What kicked off at the Exponential-e Channel Charity Cup

A few weeks ahead of the Champion's League mania, we hosted our annual Channel Cup event, which saw nine teams competing in a 5-a-side football tournament at Crystal Palace's Selhurst Park homeground, all vying to be crowned the winner.

Would early favourites Silver Cloud (last year's champions) walk away with the trophy? How would the rivalry - now in its fourth year - between Sprout IT and Exponential-e's team play out? On the big day, Vonage, The Phone Co-Op, Sprout IT, Natilik, Silver Cloud, Net Premacy, and Blue Saffron all came together to 'channel' their inner Messi.

Natilik's No.10 Omar was the standout player on the day, scoring the most number of goals and coming inches away from hitting the bar in the Cross Bar Challenge. No mean feat from the halfway line into the wind! Silver Cloud came close to another place in the final, but their dreams were snatched away by Natilik.

Clearly enjoying the glorious sunshine, our Head of Channel Alp Kostem stepped up for the Cross Bar Challenge in his linen jacket and Ray-Bans, much to the amusement of the players. A valiant effort,but the general consensus was that he ought to stick to his day job. Once again, Exponential-e's own Eric Ascott took control of the microphone and nimbly guided everyone through the day with matchless witty banter. A weekend radio DJ gig should definitely be on his bucket-list.

In the end though, Vonage were crowned the winners, looking on course for a campaign to rival Liverpool's recent success. We look forward to seeing the team next year as they mount a defence of their title -- no doubt training's already well underway.

Each year we sponsor a different charity. This year, we chose Great Ormond Street Hospital (GOSH), a globally renowned centre of excellence in child healthcare founded in 1852. Working with the UCL Great Ormond Street Institute of Child Health, GOSH forms the UK's only academic Biomedical Research Centre specialising in paediatrics. A clear reminder of how precious life is, we're tremendously proud to have raised £7,500 to help the organisation with their mission to fund research into children's healthcare and to finding new and better ways to treat childhood illnesses.

As the game ended, the Crystal Palace Hospitality Team did not disappoint. Hot showers, cold beer, and solid meal were provided after the tournament. Our Managing Director Mukesh Bavisi wrapped up the day by handing out the well-deserved awards to the teams and, more importantly, the presentation of the cheque to Amy from the amazing GOSH. For die-hards, the evening rolled on atWesthow House pub in Crystal Palace, recounting tales of their sporting prowess and dreaming of playing in the Premiership next Season. No doubt there were some sore limbs and heads the morning after, but it was all worth it for such a successful day.

Thanks to everyone who helped make this happen and for their generous donations to such an important cause. The amazing life-changing operations and treatments GOSH carries out every single day to children is just outstanding. We are delighted to be able to contribute to this and help the many GOSH children patients and their families. Till next year!

  1403 Hits
1403 Hits

Post-GDPR: key learnings for housing associations


The GDPR deadline day of 25th May has been and gone, but sticking to the legislation remains as important as ever. This is because GDPR is, in fact, not something that can just be 'done'; instead, it is ongoing and needs to be constantly changed and updated. The onus is on housing associations to comply with GDPR not just today, but in six months, a year, two years, and beyond. 

Continue reading
  1041 Hits
1041 Hits