Industry news

The National Audit Office (NAO) has criticised Government transparency regarding work carried out by the Major Project Authority (MPA) worth £376 billion, while praising improvements carried out.

Of 205 projects under the MPA only 39 had confidence ratings in the red of amber/red, yet the MPA reported this year that only half of the 205 projects had been delivered effectively within budget.

Amyas Morse, head of the NAO, said: “If the new system is to be ‘built to last’, the Major Projects Authority needs to carry out the initial commitments to public reporting and be part of a more fully integrated assurance across government.”

German based SAP, the largest producer of enterprise software have tendered a contract to provide mobile marketing to Amazon.

The mobile market software called Afaria will provide customers with an economic way of managing smartphone and tablet devices.

SAP intends to double revenue from mobile products during the year from last year’s $145 million turnover. Yesterday the New York close saw Amazon fall stock fall by 0.1 percent while SAP fell 0.2 percent in Frankfurt.

Living in a day and age where technology is advancing so fast and companies are rapidly moving to the cloud, there is a growing importance to protect IT infrastructure and ensure that the security systems are in place to do this.

The fact that data and networks can be accessed anywhere in the world through cloud raises a number of concerns and security issues for many companies but there are a series of protocols that should be adopted to reduce the likelihood of security being breached.

The following steps can be implemented to protect your infrastructure when going to the cloud.

- Assuming that a suitable firewall solution has been put in place to protect the perimeter, you should then look to your servers, ensuring that they are constantly patched and up to date with the latest versions of programs and software.

There are processes that you can follow to ensure your server is kept up to date and has the necessary patches to keep it safe from known vulnerabilities. You should configure Automatic Updates to make sure you are getting the Critical updates as soon as possible. Things like feature changes and device driver updates won’t come automatically with Automatic Updates, but at least your infrastructure will be protected against the vulnerabilities most likely to compromise its security.

- Some viruses and other malware have symptoms noticeable to the computer user, but many are surreptitious or simply do nothing to call attention to them so it is advisable to ensure that any servers are protected from all types of malware to include computer worms and Trojans.

- An intrusion prevention system (IPS) should be used to monitor the network and/ or system activities to identify malicious activity, log information about said activity and attempt to block or stop, and report activity.

Once all of the above is in place, the data needs to be made secure. Encryption is commonly used in protecting information within many companies, both ‘at rest’ and ‘in transit’, for example, data being transferred via networks or stored on a hard drive. Some different examples of this are Virtual Private Networks (VPN), Full Disk Encryption (FDE) and Transport Layer Security (TLS) commonly used for email encryption during transmission.

As a business grows, it might expand to multiple sites across the country and around the world. To keep things running efficiently, the people working in those locations need a fast, secure and reliable way to share information across computer networks. In addition, travelling employees like salespeople need an equally secure and reliable way to connect to their business's computer network from remote locations.

One popular technology to accomplish these goals is a Virtual Private Network (VPN). The VPN uses "virtual" connections routed through the Internet from the business's private network to the remote site or employee. By using a VPN, businesses ensure security - anyone intercepting the encrypted data can't read it.

A strong authentication method is key to ensuring there is no unauthorised access to your network. Onyx recommends the use of Two Factor Authentication (2FA), which makes use of the principle “something you have (token), and something you know (PIN). There are other methods of authentication available today such as biometric data readers for fingerprint or even iris scanning.

In addition to all of this, regular vulnerability assessments need to be performed to identify, quantify and prioritise the vulnerabilities in a system. Finally a penetration test will evaluate the security of a system by simulating an attack. Effective tests will provide an assessment of the potential impacts to the organisation and outline a range of technical and procedural countermeasures to reduce risks.

When it comes to securing your data when moving into the Cloud, you can never be totally sure but you can take steps to reduce the risk of a security breach. Securing an IT infrastructure is an ongoing process that should always be reviewed.

Taking the Agile approach

Agile. Look it up in a dictionary and you’ll find it means ‘able to move quickly and easily, able to think and understand quickly.’ Try a thesaurus, and you’ll see ‘alert, lively, and energetic’ as some alternative suggestions. When you’re implementing an IT programme or software update, you need a way of working that is all these things. You need the Agile approach.

What is Agile? It’s an innovative, contemporary approach to IT solutions that brings speed and responsiveness, super productivity and rapid results. It makes traditional methods seem heavy and awkward, with their insistence on upfront schedules and predetermined outcomes. With Agile, small teams – a maximum of ten people – work in short bursts (sprints) on software projects. Small increments of the vertical capability and functionality are delivered at the end of each sprint, with the product owner fully involved at each stage and daily stand-ups keeping everyone posted.

This fast-paced, exciting way of working is perfectly married to the concept of near shore outsourcing. Constant, close communication is key, so working with a team which is a short flight away, or with just an hour’s time difference for phone calls, is reassuring. Issues can be raised and resolved almost instantly. Complex projects can be dissected into manageable chunks. You can easily review software on screen – not feasible with the type of time differences associated with offshoring.

Sprint periods offer a clarity of understanding that’s virtually impossible under traditional methods. Highly motivated team members work closely together to decide what they’ll deliver at the end of each sprint, guided by the scrum-master, who oversees the whole project.

There are some other clear benefits to combining near shore outsourcing with Agile:

• Projects are typically implemented in a third of the time and at half the cost of offshoring

• You’ll be able to access highly experienced technical staff with 15+ years’ experience

• The culture and education system in near shore locations like Barcelona are closely aligned to the UK, making it easier to adopt shared working practices.

Don’t just take my word for it – a recent Forrester survey shows that Agile speeds time-to-market, yields better quality results and enables early detection and mid-course correction of issues.

It’s a successful, interactive approach which keeps you informed and involved at all times. While offshoring makes the Agile approach impractical to say the least, near shoring makes it a pretty perfect way of working.

In my last post, I discussed the different levels of complexity associated with e-Invoicing using EDI and digital signatures. I concluded that while digital signatures are slightly less complex to set up than EDI, it’s important to decide which method is best for your company based on a variety of factors including your trading partners' preferred methods.

In this blog, I will focus on how effective EDI and digital signatures are at keeping your data secure.

E-Invoicing by nature involves transmitting sensitive data about your company. However, as VAT law doesn’t focus on information security, measures to protect sensitive data are left to trading partners themselves to manage. Invoices contain information such as pricing details, discounts or information relating to traded materials. These details are valuable competitive and commercial information so it is imperative that security is front of mind when an e-Invoice exchange takes place. With that in mind, how do the two e-Invoicing frameworks handle this challenge?

European Directive 1994/820/EC guarantees that security is intrinsic in correctly implemented EDI. It states that EDI networks have to be secure to ensure the authenticity and integrity of the document and that it is received exactly as sent. The network is therefore secure by default and e-Invoices can be transferred between companies in a safe manner without risk of a breach in data confidentiality, and the processes within the EDI network guarantee that any errors are captured and dealt with appropriately.

Digital signatures are flexible and less complex than EDI which means they can be sent through a variety of means, including over the internet or in an email. However, this simplicity comes at a price as these transfer methods are not necessarily secure and could lead to breaches in security. To ensure the protection of digitally signed invoices, businesses must send them over secure protocols, including a protected B2B portal.

EDI as a standalone remains the most secure platform out of the two due to its compliance with 1994/820/EC and the secure processes that are inherent within such networks. When evaluating data confidentiality within an e-Invoicing solution, consider the diversity in the marketplace. If both EDI and digital signatures are used by your trading partners the solution should accommodate this variation.

You can learn more about all aspects of e-Invoicing at www.einvoicingbasics.co.uk.

The vast majority of organisations across the globe heavily rely on software and applications to carry out their day-to-day operations. The smooth running of this software is something that cannot be taken for granted, especially when the consequences are considered. Not only can disruption heavily impact on a company’s ability to engage in its core activities, flawed or dysfunctional software can also lead to breaches in security.

This is the enduring relationship between software testing and information security. Without stable, quality software, chances of a security breach markedly increase. In short, software testing is a crucial part of the software development and update cycle.

Several different methods have been used by businesses to test their software – and there has been a gradual movement from one to the next.

One approach is to carry out all software testing in-house. This has its benefits, as the company has complete control over the process, but from an economic perspective, many organisations cannot employ a complete team of dedicated software testers, particularly during periods of high demand. An alternative tactic used by many companies is to appoint an independent testing firm, or freelance contractors to perform the testing at the client organisation’s offices, either independently or alongside their own testers.

This was followed by complete offshore outsourcing of the process, to firms with a dedicated workforce based overseas, where the process could be carried out using more cost-efficient labour. However, there are disadvantages associated with transferring such a sensitive process so far away, with regards to quality control and communication across what can be large time zone differences.

This gradual trend from one method to the next was predominantly driven by a desire to reduce outlay, while still ensuring rigorous testing.

It is the most recent technique, however, that has managed to combine the price reduction of international outsourcing, with the control and efficiency that comes with doing things a little closer to home. Software testing can now be undertaken by testing firms, remotely on their own site here in the UK. This ‘middle ground’ gives companies all the benefits of bringing contractors in-house, but without the cost of having them working on-site. Allowing assurance firms to work at their own offices significantly lowers costs, as work can be delegated to more testers meaning a more efficient and effective service.

As with any outsourcing, it’s essential to strike the balance between quality and cost – and this is an ideal halfway house for software testing. Organisations can keep expenses down, but ensure a professional and thorough service, all the while maintaining an element of control that is normally only associated with an in-house approach. It’s a method that’s well suited to software testing, but can surely also provide lessons to other business sectors as to the advantages of successful outsourcing.

ENDS

A new ad released yesterday for President Barack Obama’s re-election campaign condemns Republican candidate Mitt Romney of outsourcing jobs and slams him for keeping money in foreign bank accounts.

The ad asserts that Romney “shipped American jobs to places like Mexico and China” whilst lead at the investment firm Bain Capital, as well as stating that Romney “outsourced state jobs to a call center in India” when he was governor of Massachusetts.

The campaign has spent the considerable sum of $780,000 to place the ad in the three crucial swing states Virginia, Ohio and Iowa.

The Obama ad is in response to a spot released last week by the conservative political group Americans for Prosperity which suggested money from Obama’s $814 billion economic stimulus package went to overseas green-energy companies.

However, Obama’s ad fails to make the crucial distinction between outsourcing and offshoring, the lack of distinction seems to mirror American confusion towards the two practices.

Obama’s move away from offshoring and encouraging companies not to send work abroad seems to be dominated by the phrase ‘offshore outsourcing’. Whilst this is technically correct, ‘offshoring’ and ‘outsourcing’ are very different practices. However, the combined term muddles the practices, and ‘outsourcing’ to Americans becomes ‘offshoring’.

The reasons behind outsourcing, and even the advantages of it, are pushed into the background in favour of a more propaganda beneficial image of jobs being sent abroad contributing to the high unemployment rate, rather than companies engaging in more contracts and creating more work.

With all the hullabaloo about cloud floating around in the content management world, here’s a handy tool to help you evaluate your ECM vendor's cloud strategy, to see if it fits what you are looking for. So, without further adieu, here are the results of our extensive (web surfing) research:

The Check-The-Cloud-Box Strategy: This strategy is simply virtualization by another name. The thinking behind this strategy goes like this: oh fiddlesticks! We need a cloud strategy, because Gartner said so. Let's see if we can make this thing work on EC2. No way? Ok, how about a virtualized server or 16. Yes? Great… we'll put it in a hosting center - heck, we'll even host it ourselves for customers if they want us to. Shazam! Write the press release, Martha - We are in the cloud!

The DropBox-for-the-Enterprise Strategy: At first blush, this strategy seems rather useful and indeed generous. ECM vendor develops a tool - such as a desktop sync tool - that makes it super simple for people to get content into the on-premise ECM system. It turns your big ECM system into a corporate DropBox, because DropBox is evil and insecure and way too easy to use and must be banned. We can't have that type of productivity around here! So here's the rub: with open standards, you could do that like 7 years ago (WebDAV & CIFS). Another name for this strategy is: replace useful user tools that everyone uses and finds easy with "corporate approved" tools that keeps everyone locked-in to the ECM system. Now let me ask you - do you really want everyone's My Documents and My Photos and My Music folders copied into your corporate document management system? How much is that going to cost you next year?

The Red-Pill-or-Blue-Pill Strategy: Think of this as the market segmentation approach. Here's how the vendor thinks: so, we've been selling on-premise ECM to big enterprises for years, and we're not growing as fast as we want (or at all, or shrinking, actually). So, let's put a lightweight solution in the cloud, and sell it to SMBs! We'll position on-premise as the secure, safe choice, and we'll position cloud as the lightweight, SMB choice. We'll get to market fast by buying someone or building completely new cloud technology, that has very little to do with the on-premise tech. And, for the over-achiever customers who want to use both cloud and on-premise together, we'll wave our hands and shuffle forward a few partners who can develop connectors and migrators and syncher-magigs, but we secretly bet you won't actually try this.

The Ignore-It-and-Hope-it-Goes-Away Strategy: Not much to say here. If your goal is to embrace the status quo with reckless abandon, then you should definitely find an ECM vendor with this strategy and have some high-level meetings in big leather chairs.

The Cloud-Extensions Strategy: Okay, I can't make too much fun of this one, because it makes good sense. In this strategy, ECM vendor provides complementary cloud services that make owning their ECM platform better. Cloud back-up and archiving maybe? Cloud indexing? Cloud transformations? Some or all of these might make good sense. The problem is, nobody is actually doing this. This is the trick answer in this multiple choice quiz.

Here's what you don't see out there: choice and flexibility. The common theme here is: give the people a "cloud strategy", so that we can buy time and continue to protect our on-premise power base. Now, to be fair, all companies want to attract and keep customers, and most of these strategies are born out of good intentions - but legacy technology and proprietary lock-in creates frankenstein-style innovation. If you want play a little game, check out Gartner's 2011 ECM Magic Quadrant, and see if you can match the cloud strategy with the vendor.

There is a better ECM cloud strategy. At Alfresco, we have actually put our ECM platform in the cloud, so companies can have a choice about where they use it: on premise, in the cloud or both. For the 80% of content you want to keep behind your firewall, Alfresco’s enterprise platform fits the bill. For content you would like to use to collaborate with your business partners or agencies, Alfresco in the cloud is the perfect choice. And with Alfresco’s upcoming enterprise-to-cloud sync, you can push and pull content from the cloud into your enterprise based on policies you set up. Legacy, proprietary vendors either can’t (or won’t) deliver flexibility like that, because either their technology isn’t built for the cloud, or their business model is too threatened.

Here’s the bottom line: Don’t settle for Frankenstein innovation or a reactionary cloud strategy, when you can have choice & flexibility. Look for modern ECM platforms that work in the cloud or on premise, with business models that deliver consistent value to your organization.

The 100 day countdown to the London 2012 Olympics Games has started. With 10.8 million tickets on sale and an estimated population influx of up to three million people in London travelling at peak times – transport disruptions, public disorder, road closures or staff absences are likely to impact businesses this summer.

New research of 1200 organisations in the public and private sector by recruitment firm Badenoch & Clark highlighted that UK companies can expect high employee absences. One in six employees admitted they plan to take a ‘sickie’ to watch the Olympics and yet in spite of this, 30% of companies including FTSE 100 firms, public sector organisations and SMEs haven’t made any preparations to avoid the potential disruption. This is particularly surprising considering the fact two-thirds of organisations are expecting an increase in business during this three month period.

Currently, Transport for London (TfL) is campaigning to persuade individuals and businesses to change their commuting and working habits. TfL needs to reduce normal traffic by 50 – 60% at key hotspots such as London Bridge to accommodate the influx of spectators. Even then, there could be delays of up to half an hour. On peak days, there will be an extra 3 million people travelling on public transport in London. However, it seems that TfL’s campaign is having little impact on businesses – just 11% of companies have said they will allow staff to work from home.

It seems that UK businesses are underestimating the threat of Olympics’ disruption. However, there is still time for them to address these issues and put in place reliable contingency plans to safeguard business.

One way of ensuring ‘business as usual’ is by adopting Cloud Computing. Cloud has become a buzz word which represents many things; however, virtual hosted desktops in the cloud enable seamless remote working. Using Desktop as a Service (DaaS) technology, employees are able to access their company’s IT systems including emails, files and their own desktop securely from any location with an internet access. They don’t need to be in the office and they are not reliant on their organisation’s servers and technology to work. They can carry on as normal wherever they are based; they are not losing hours spent unproductively in transport delays and won’t have to battle in to the office on overcrowded trains.

From a corporate perspective, there are many additional benefits – including significant financial ones. Adopting cloud computing technology reduces the need for capital investment in IT and, all administration issues including software provisioning and updates, security, disaster/recovery are taken care of by the cloud computing provider. There is no longer any need for ‘energy draining’ servers in an office as everything is managed remotely.

Until now, one of the biggest barriers to cloud computing adoption has been fears about security. Understandably, companies have felt nervous about outsourcing their data and information to a third party supplier. However, serious DaaS providers will typically improve any company’s securities setting when compared to their existing situation.

If organisations want to move into the cloud, security considerations should of course be prioritised. For companies to have confidence in the security of their data, they should work with a trusted cloud computing provider that can manage and store their data in a secure UK data centre behind firewalls to ensure security is watertight.

Adopting DaaS is not only a good contingency plan for to minimise business disruption during the Olympics, it can help companies realise long term, strategic business benefits and cost savings. The cloud has the potential to enable companies to become efficient, responsive and innovative and gain a much needed competitive advantage in a difficult business climate.

Cisco’s Research and Development centre located in Galway, Ireland is to be expanded thanks to the Industrial Development Agency’s investment. The exact breakdown of funding has not been revealed, but together Cisco and IDA will put €26m forward.

Following the investment 115 R&D jobs will be created, in addition to a more comprehensive range of research topics.

The Taoiseach – Ireland’s head of government – Enda Kenny said “The decision by Cisco to expand its research and development capabilities here in Galway demonstrates the value of economic stability and Ireland's position in Europe when it comes to our ability to attract the overseas operations of world-leading multinational companies such as Cisco.”

Senior Vice President of the global collaboration business for Cisco, Barry O’Sullivan, said the talent pool in Ireland had a major part to play in the decision to extend the R&D capabilities. Cisco is not the only company who has expanded operations to Ireland, major players such as Apple, Microsoft, Amazon and Google have also set up data centres in Ireland.