Industry news

Hacking and the issues that surround it are rarely out of the news at the moment – it’s a very current and pressing problem. Cyber crime has never been more of a threat, with websites and organisations great and small all at risk.

Having a high standard of information security is something that all businesses should strive to achieve, and for some companies, there are specific standards that must be hit.

The Payment Card Industry Data Security Standard (PCI DSS) was created by the five main card brands, and is a set of technical and operational requirements that protect cardholder data. All companies that store, process or transmit payments from these card brands must comply with these strict standards. They essentially ensure that cardholder data is processed securely, and that a system is in place to respond and react to any perceived threat.

PCI DSS also requires companies to regularly monitor and test their security systems and processes. These businesses therefore must find a cost-effective, yet comprehensive method of carrying out investigative security scans of their own systems.

Although adhering to PCI DSS is not a legal requirement, it’s in the best interests of organisations to make sure all confidential data is secure anyway – breaches of personal customer information can have devastating short-term consequences, and long-lasting effects.

There are two main options with regards to security scanning – buy in a technology solution and conduct scanning in-house, or employ an external firm to carry out the work for you.

Scanning and monitoring in-house gives companies complete control of the process. There are obvious benefits to this that come with a hands-on approach, but it also means having to invest staff and internal resources that could be better served contributing to core activities – security scanning is a time consuming, expensive and repetitive task.

Outsourcing the scanning process to specialist organisations can be a more economical solution, while making sure the process is as exhaustive and as thorough as possible. It can also avoid the bias, unintentional or not, of the staff who maintain systems effectively marking their own work.

Some security scanning firms can provide a managed service, handling all aspects of the scanning procedure. Scans can take place as often as is requested, depending on a companies specific requirements; from in-depth monthly scans to daily security checks.

An effective managed service offering would also regularly reassess the scope of the project, and react to changes, pinpointing vulnerabilities and suggesting improvements.

But most importantly, it’s a cost-effective solution for businesses that have to meet these stringent standards. Having a dedicated, efficient security team carry out the process will almost certainly reduce outlay.

Managed security services can also leverage additional benefits – rather like fitting a new door to keep out in intruders can also reduce a draft. Carrying out comprehensive reviews of business security will most likely highlight other flaws that can be corrected, and weaknesses that can be strengthened before they become a serious threat.

The introduction of PCI DSS was a step in the right direction for improved information security – but it’s up to businesses to use those standards as a platform from which to tighten their perimeters and ensure the safety of customer details.

Outsourcing Software Licence Compliance

It is generally accepted that the global financial crisis is affecting the revenues of all commercial companies, including all the largest software authors. Consequently, industry analysts predict a significant increase in vendor driven audits during 2012. Customer feedback and the rise in vendor required compliance consultancy seen over the last six months certainly seems to confirm these predictions.

So what are the risks of non-compliance and how do customers find themselves in a position where they are being reported as under licenced?

For most organisations, the financial risk from non-compliance will be secondary to the adverse publicity and damage to their hard earned reputation. However, the financial risks should not be under-estimated as fines can average around £1000 (*1) for each unlicensed software installation, and considering the increasing activity of the software authors and their enforcement agencies, there is bound to be adverse publicity. Considering the increasing complexity of software licensing schemes and the associated links to hardware type or user type options, it is understandable for organisations to get it wrong; but caveat emptor applies as the software authors seek to protect their investment and retain revenues. For these reasons alone, perhaps all organisations should consider prioritising the management of true software compliance in 2012?

(*1 Figure based on software costs plus a compensation element)

What else, besides avoiding fines, can an organisation expect to gain by initiating a true compliance commitment? It’s important to understand that it isn’t just a simple matter of ordering enough licences to cover your entire enterprise. Current installs need to be determined, followed by optimisation and re-allocation, as there is always the possibility of over-licensing. Knowledge is paramount in determining exactly what needs to be purchased, upgraded, transferred, removed or simply recorded throughout the life of any compliance commitment. Software Asset Management (SAM) service providers help clients optimise their software licence position and implement more effective management processes, reducing costs and increasing ROI.

Experience alone will not guarantee achievement of an acceptable compliance position as success also requires access to dedicated SAM tools. Partnering with an experienced SAM service provider to outsource the software licence compliance element of the SAM process can be very cost effective, with some service providers being able to leverage global resources (experienced consultants, private cloud technology, universal software libraries and mature software licence compliance / management tools) Each service element should offer stand-alone benefits or dove-tail into the next to allow maximum flexibility. Finally, costs should be directly related to device and data volumes to ensure predictable budgetary controls. As an example, SAM specialists BCS, provide a fully managed compliance service which charges an average of £5 per device per annum. After initial consultations, the service continues to identify and track all installed software, including internally written applications if required, an option which can prove extremely useful where service cross-charging applies.

There are numerous other advantages to working with an experienced partner including:

Use of existing tools and data – Investing in SAM tools alone generally fails to meet expectations: the implementation is poor due to lack of qualified resource, resulting in supportive SAM processes not being implemented; leading to frustrations and a failure to deliver expected results. However, specialist managed service providers have the experience, knowledge and resource to leverage those existing tools and provide the perceived value and ROI that the user originally expected.

Reduction in internal resource requirements – Often in-experienced internal staff are seconded to SAM projects, and they end up consumed by the complexity and legal terminology within software contracts, whilst attempting to establish and document the various licensing rules. Upgrades, downgrades and cross grades come to mind! The reality of SAM and software licence compliance is that there are many disciplines that are required to participate in a successful implementation; procurement, infrastructure, legal, HR, helpdesk, internal audit and most of all, senior management. Outsourcing software compliance reporting ensures that internal resources are free to concentrate on their core duties.

Joining up and implementing effective SAM Processes – The most important factor in the success of any software compliance project is to ensure that the correct processes are identified, implemented and ‘joined up’. When an external specialist provider implements a compliance service they will know exactly what is required to complete their actions, often removing previously undetected disconnects not apparent to the untrained eye, by initiating a single coherent rolling process or re-connect.

Conclusion

The outsourcing of a high profile deliverable such as software compliance could be seen as high risk, however, given the fact that most organisations have a very low level of SAM / licence compliance maturity, the risks associated with not engaging an experienced managed service provider to actually deliver what most organisations cannot do internally, could be much greater; remember the prediction from industry analysts for 2012?

Cloud based services have become ever increasingly popular, cloud services are now being employed by a global user-base from companies to individuals. The cloud market has grown rapidly and was worth $3.7 billion in 2011, web-based services are expected to be worth $10.l5 billion by 2014.

The cloud market has been attractive to companies who have expended revenue on large computing infrastructure to run a diverse set of applications to deliver and manage services. However web-based services are not without risks and their use has disadvantages as well. The NOA Cloud Special Interest Group discussed the merits of moving to cloud based infrastructure and in discussing the importance of weighing up the situation before the transition.

This roundtable discussed the situation on both sides of the fence, bringing together suppliers, support, agencies and end users to analyse the risks and challenges businesses will face when moving to the cloud.

Josh Cornejo is director of Sales Engineering EMEA for Verizon Business, said: “Verizon have acquired various organisations over the past few years to boarder their reach of the market. We provide an integrated global situation with all cloud models.

He acknowledged that security issues are intrinsically associated to the concept of the cloud. The definition of cloud is quite varied however it is extremely important to know where, what and how to choose a journey to the cloud.

John said that ““Not everyone will have the same processes, IT etc but the outline of the journey will remain the same for all organisations”.

The implementation of cloud computing should be carefully planned, taking into account individual business requirements and should follow the model laid out below:

Foundation

• Create the foundation for technical IT Governance

• Corporate and Technical Compliance

• Reduce the risk and impact of change

• Need to asses infrastructure as part of a compliance program (PCI/SOX)

Intelligence

• Make IT decisions based on facts, not assumptions

• Auto-populate the CMDB, avoiding costly manual audits

• Confirm your capability to scale effectively and reduce time to market

• You recently experienced a merger / acquisition and need to understand what you now have

Optimisation

• Architect next-generation business enabling solutions

• Enable rapid incident diagnosis and resolution

• Identify redundant equipment and software licenses

• Discover potential tactical fixes in IT

Support

• Clear the IT “forest” and create a path for decision makers

• Enable Operations by giving them a clearer view of their IT

• Improvements are necessary in the IT environment, but not sure where to start

Josh Cornejo, discussed how Amazon dominate 60% of cloud service with a product that provides lean, simple and clear contracts which are relevant for 1 person or 1000 people. Amazon’s market domination provides them with the advantages in training the people who are responsible for the next wave of software services.

Andy Rodgers of the NOA, said : “It is extremely important for a company to understand what is core to their business and what they feel can be placed in the cloud and also what can be outsourced. Security can never be guaranteed but it’s increasingly sophistication has encourage many organisations to adopt strategies which at one stage it would deem ‘too risky.”

The roundtable then discussed the development of the cloud and how cloud costs stemmed from applications and licensing, which represented 60% of costs, storage also represents a large percentage of overall costs.

The conference moved to future implications of cloud services, Andy Rogers pointed out that issues may arise from the transitional phase in the future when users want to migrate between cloud providers. Consumers are now savvy and lapses in security, connection and issues with the cloud are no longer tolerated. Security is still a big issue with cloud and trust over the services having been a limited factor in the service.

Rob Sumeroy from Slaughter and May detailed how old contracts are still being used for what is actually a new procurement model. Customers also feel that cloud process should be a lot simpler than it actually is in a lot of situations.

There needs to be a focus on cloud contracts, legal tender and the advisory process. Sometimes the cloud model does not meet the business risk and such cases demonstrate the need of analysis that should always be done before the contract

A Canadian advocacy group has said that open source software could save government hundreds of millions of pounds. Getting Open Source Logic Into Government (GOSLING) say proprietary software is wasteful and disadvantageous to governmental transparency.

They say that the Canadian government is spending $1.5 billion (£930 million) buying software when it should only cost a third of that. According to GOSLING, the disjointed and unnecessary development in governmental departments causes the waste.

Co-founder of GOSLING Russell McOrmond believes the issue is not one of adopting open source platforms, but using a shared services platform between different governmental departments. He also believes that procurement processes can favour large suppliers.

McOrmond stated: "Say the government of Canada decided, 'let's do an open-bidding process on support contracts for LibreOffice or OpenOffice. How do you do an open bidding process for licences for Microsoft Office? There's only one copyright holder. So you can't do three bids from three competing companies offering that code. But you can do three competing companies offering full source to support contracts to training, on free software equivalents."

Shop Direct has awarded a new BPO contract to Serco. The ten-year contract will start on 1 July 2012 and has a total estimated value to Serco of approximately £430m.

Under the contract, Serco will assume responsibility for managing customer contact across Shop Direct's brands. The partnership will work together to enhance service levels and efficiency through the investment in the latest technology, such as web chat and mobile digital services, which are designed to seamlessly integrate online and mobile into customer contact management.

Mark Newton-Jones, Group Chief Executive of Shop Direct, said: "The ways in which customers are shopping with us, contacting us and servicing their accounts have changed rapidly, driven by revolutionary advances in digital and interactive technology. We have chosen to work with Serco as they are an acknowledged leader in this field. Serco's expertise, coupled with their investment in technological innovation, will ensure that we have a customer contact programme that is flexible and adaptable for the increasingly online and mobile world that we live in."

Logica has reported impressive new figures. The technology firm posted new orders totalling £1.057bn in the latest quarter, 23% of the 2011 record of £4.6bn.

Income was stable at 2011 level and the firm are on track to deliver 2012 objectives and complete their restructuring programme.

Andy Green, CEO, said: "This is a solid performance underpinning our full year guidance. We have made good progress with clients in delivering against current contracts as well as winning and implementing new business. Our restructuring actions are fully on track and will help drive improvement in profitability in the second half."

European businesses plan to spend around a third of their IT budgets on cloud software over the next 18 months, according to new research.

The study by software firm VMware looked at IT leaders involved in the purchase process for cloud systems across seven countries, as well as the UK. It found that 31% of IT budgets are allocated to cloud software, an increase of 5% since the last study in 2010.

Chief cloud technologist at VMware EMEA, Joe Baguley said: “Cloud is no longer just about cost cutting and peripheral applications. We’re seeing a significant shift in the way enterprises think about their IT infrastructures, and cloud is at the absolute heart of that."

Advancing the company’s Converged Cloud portfolio, HP Cloud Services deliver an open-source-based public cloud infrastructure with business-oriented features that enable developers, independent software vendors (ISVs) and enterprises of all sizes to build the next generation of web applications.

Starting today, HP’s first publicly available beta services, HP Cloud Compute, HP Cloud Object Storage and HP Cloud Content Delivery Network, will be offered through a pay-as-you-go model.

"Whether you are an independent developer, ISV or the CIO of a major organization, the priority is to design your applications for today’s cloud economy,” said Zorawar ‘Biri’ Singh, senior vice president and general manager, Cloud Services, HP. “We will continue to build, integrate and deploy developer-focused features, designed to support a world-class cloud that enables our customers and partners to run and operate web services at scale, on a global basis.”

Google has increased spending in order to compete against Amazon in offering cloud services. Google will be playing catch up against Amazon Web Services with its high user-base in over 190 countries since its beginnings six years ago.

Google has placed focus on cloud-services as a means to move revenue away from dependence on online advertising which currently contributes 96 percent of Googles income. Google has recently increased the numbers of marketing, customer support and engineering roles as it looks to promote its web services.

Adam Selipsky, vice president of Amazon Web Services, said: “We’ve actually maintained and, in many cases, extended that early lead.” Amit Singh, vice president of enterprise at Mountain View, California-based Google, admitted that “We missed it,” in gaining an early lead.

Indian IT company Infosys has moved to create 100 apprenticeships within the UK in partnerships with the National Apprenticeship Scheme (NAS) in a five year scheme.

Infosys employs 150,000 people globally in a industry that has seen criticism for the employment of lower cost Indian workers in IT services at the expense of UK employees.

The apprenticeship will be created in marketing and human resources and comes on the back of a similar scheme earlier this year from Wipro which offered IT training internships to UK students.