The conversation was kicked off by guest speaker Steve Deakin, Head of Development and Operations at Lloyds of London, discussing his experiences of Cloud and the client perspective. Next followed Nick Robinson, Systems Engineering Manager at Palo Alto Networks, who provided a view of real world innovations and shared Cloud success stories that he has seen from his clients across EMEA.
Here is a high level summary and description of the quick wins that were discussed:
The Process:
- Learn -> Hack -> Iterate
Horizon Scanning & DevOps with an AGILE mind-set
- Microsites and Micro services that are already trialled, tested and robust from an architecture and security perspective - this enables one to rapidly deploy new products and services, websites etc. with security peace of mind.
- Serverless - just focus on writing codes and you can make changes in microseconds! It is easy to deploy, low cost, gives you more time to focus on UX and is more efficient for developers by ensuring you are keeping code backed up and in a secure environment.
- Grid Data Analyst - overcome floods and complexity of big data and unlock the power of analytics with the right data in the right place.
Cybersecurity
- OWASP Top 10 - whilst the threat landscape remains consistent year on year, everyone should make sure they are aligned to the latest as it evolves. Assuming the top 10 remains unchanged or that changes are incremental such as low priority to action, can lead to vulnerabilities. www.owasp.org
- NCSC - The National Cyber Security Centre is an organisation of the United Kingdom Government that provides advice and support for the public and private sector on how to avoid computer security threats. www.ncsc.go.uk
- Ethical Hacking - this should be continuously implemented - leverage Pen testers and vulnerability scanning as much as possible in order to follow best practices and processes - Learn -> Hack -> Iterate.
- Social Engineering was also discussed, not so much as a quick win due to the complexity (get the simple things right first) however, advised to leverage Pen testers to protect your business from bad actors that use social engineering tactics.
- Multi Factor Authentication – we discussed how this is a very low hanging and important measure to put in place. Leverage MFA to 1) require individuals to provide two or more authentication factors to confirm their identity for online transactions or to gain access to corporate applications, networks and servers and 2) insight and reports on the user's activity. Identity (IAM) and Privilege Access Management (PAM) were also mentioned as a further way to secure your business.
- Security Information and Event management (SIEM) - leverage SIEMS as a means to log attacks. An IT Service Provider can provide an important layer of service to proactively manage, monitor and report on what the SIEM is seeing on a 24/7 365 basis.
- Security Operation Centre (CSOC) - further to SIEM, a CSOC can strengthen your security posture and enable you to be more proactive in your approach - https://www.exponential-e.com/services/cyber-security/advanced-monitoring-management
Cloud Patterns
- Cloud Patterns are a widely used concept to describe solutions to reoccurring problems - for building reliable, scalable, secure applications in the cloud. Best examples are as follows;
- Azure https://docs.microsoft.com/en-us/azure/architecture/patterns/
- AWS https://aws.amazon.com/architecture
Data Lakes
- Building out centralised repository for enterprise data, for tasks such as reporting, visualization, analytics and machine learning - leveraging cloud partners to build out big data solutions.
A debate for another day
- DevOps and Open Source software is and will continue to be the main target for bad actors, they hold the code (the crown jewels). Should such resources have locked or unlocked internet access? On one hand it offers flexibility and agility, on the other it is more locked down and has a stronger argument from a security perspective.
#Azure #AWS #CloudPatterns #Cybersecurity #OWASP #NCSC #DevOps #HorizonScanning #EthicalHacking #Digital Transformation
Now more than ever, effective collaboration and communication are the keys to success. Throughout 2020, we saw a widespread shift in how we interact with each other, both in and out of work, and how we stay connected to our colleagues and customers. Just consider the following:
With the flexible office model slowly but surely supplanting the traditional working environments in favour of dynamic co-working spaces for a number of years now, we have seen many organisations reconsider the way they think about commercial real estate.
The past year has challenged the UK's education sector in ways that would previously have been inconceivable, with children learning from home the majority of the time since March.
The relationship between cloud technology and the Legal sector has been something of a slow burner. Understandably, legal firms have previously been reluctant to adopt cloud technology due to the sensitive data they hold. Through the Cloud, data is able to flow freely to and from recognised enterprise endpoints, but also from mobile devices belonging to employees.
Technology is omnipresent in young people's lives and is opening up new channels of learning across the education sector, with pupils, students and staff utilising Cloud and video calling platforms both in and out of the classroom.
At the same time, cyber security is evolving at a rapid pace to answer ongoing concerns about pupils' safety online and the integrity of confidential data - concerns that have become even more critical with the move towards remote learning and virtual classrooms. Our full range of solutions provides schools, colleges and universities with the means to ease this transition to new ways of learning, ensuring IT infrastructure continues to put learning at the centre of everything, while meeting all compliance requirements and enabling more effective use of the available budgets.
Please explore these case studies for examples of what we have already achieved for customers across the education sector, helping them sustain their profitability and growth while keeping the learning experience at the centre of everything.
Any organisation delivering professional services of any sort - from architecture and accountancy to engineering or recruitment - relies on its IT infrastructure to maximise employee performance, engage with customers, and deliver exceptional services and solutions. There are a number of challenges here.
Compliance requirements, particularly around how customer data is handled, are becoming increasingly complex, which means infrastructure must be designed from the ground up with compliance in mind. Furthermore, the transition to a distributed workforce has forced many organisations to rapidly adopt new tools for communication and collaboration, between both employees and customers.
Exponential-e understands these challenges, and works closely with companies around the UK to deliver innovative solutions that allow them to focus on their services, solutions and customers rather than their IT.
New health secretary Matt Hancock has been beating the technology drum. As well as announcing that almost £500 million would be made available for technology, he's also asserted that the service needs more apps. However, it’s fair to wonder: is this the right avenue to funnel resources?
In our last blog, Jonathan Bridges talked about how Exponential-e’s Cloud Management Platform (CMP) could simplify your Cloud estate by providing a single-pane-of-glass view of different Cloud environments.