Page 1

VOLUME 7 | ISSUE 6 | November - December 2013


An “augmented” future for wearable computing Can you envisage all the possibilities?

INSIDE VitAL Report Are online IT training courses the answer?

VitAL’s 2014 Predictions: Looking back on 2013

Discover the service management software that’s a perfect fit - straight out of the box. TOPdesk is a leading service management software that offers modules specially designed for different departments such as IT, FM and HR. This Shared Service Centre approach allows a synergetic company to work within one tool. Our modular structure combined with our out-of-the-box format delivers a powerful solution. Choose the components of software which specifically match your organisation’s unique requirements, creating a perfect fit - every time. •

Modular means best value for budget and cleaner interface

Access anytime, anywhere, no plugins

User-friendly tool with Train-the-Trainer Consultancy

Supporting millions of users across 45 countries

Find out more today. Call us on +44 (0)20 7803 4200 or visit


Contents 8 NEWS Contactless cards highlight

security concerns


The future of CIOs is unclear

14 VIEWPOINTS We are all in sales; you just may not know it According to Steve White, we’re all sales people, and that profoundly changes how we need to think of the ITSM business and our part in it…

15 Measure for measure – Top five IT trends in 2013

22. Hands up if you’ve been the victim of a cyber-attack

22 VitAL INTERVIEW Hands up if you’ve been the victim of a cyber-attack

Jonathan Westlake recaps on the IT trends and highlights of 2013…

Sophie-Marie Odum speaks to Ashley Stephenson about the UK’s impending legislation that will enforce companies to disclose cyber-attacks…

16 VitAL REPORT Are online IT training courses the answer? 18

CYOD overtakes BYOD


20 CIOs vs CMOs… let the battle commence!

NEWS FEATURE Banks given a year to tackle cyber threats As news reports reveal that the Bank of England and the Treasury have urged banks to draw up plans to tackle cyber-attacks, Sophie-Marie Odum explores the industry’s thoughts and comments…

26 VitAL’s 2014


16. A  re online IT training courses the answer? | November-December 2013

Looking back on 2013


From Shanty Town to Shiny Town

30 #ThumbsUp to social media in the workplace 3


Contents 32

COVER STORY An “augmented” future for wearable computing Avishek Mukhopadhyay discusses the growing interest and market for wearable technology and how it will affect your business in the future…


VitAL PROCESSES Support for County Council certainly worked Keith Hattee, from Warwickshire County Council, explains how Hornbill helped the Council amalgamate the IT services of its schools users into its wider IT infrastructure…





De-mystifying ‘the cloud’ for SMEs

PCI DSS 3.0: How effective will it be?

David Sturges addresses cloud security and privacy issues, which he believes are the main reasons why many are hesitant to adopt cloud computing…

Michael Aminzade speaks to Sophie-Marie Odum about the upcoming PCI DSS 3.0 compliance standards, which will be introduced this month...



Warning:The heat is on for your firewall pro


Reuven Harrison outlines how C-level people are making their firewalls professionals’ life difficult and risking security breaches by failing to appreciate the challenges that complex IT networks present…

VitAL MANAGEMENT Top 10 thinking glitches Being aware of how we think helps us to navigate decision making and creative thinking with more confidence, says Psychologist, Ros Taylor…


BREAKTHROUGH TECHNOLOGY Smart timing: “Beam me up, Scotty…”


We look to the past as a Star Trek-type gadget hits the headlines… and the shops. Sophie-Marie Odum investigates the latest Samsung device, the Galaxy Gear…


Leader EDITOR Sophie-Marie Odum Tel: +44 (0)203 056 4599 TO ADVERTISE CONTACT: Sarah Walsh Tel: +44(0)203 668 6945 DESIGN & PRODUCTION Tina Harris EDITORIAL & ADVERTISING ENQUIRIES 31 Media Ltd 41-42 Daisy Business Park, 19-35 Sylvan Grove, London, SE15 1PD Tel: +44 (0) 870 863 6930 Email: Web: PRINTED BY Pensord, Tram Road, Pontllanfraith, Blackwood, NP12 2YA © 2013, 31 Media Limited. All rights reserved. VitAL Magazine is edited, designed, and published by 31 Media Limited. No part of VitAL Magazine may be reproduced, transmitted, stored electronically, distributed, or copied, in whole or part without the prior written consent of the publisher. A reprint service is available. Opinions expressed in this journal do not necessarily reflect those of the editor or VitAL Magazine or its publisher, 31 Media Limited. ISSN 1755-6465 PUBLISHED BY: T H I R T YO N E

VitAL Magazine, proud to be the UKCMG’s Official publication. ITIL ® is a Registered Trademark, and a Registered Community Trade Mark of the Office of Government Commerce, and is Registered in the US Patent and Trade Mark Office. PRINCE2 ® is the Registered Trade Mark of the Office of Government Commerce. MSP ® is the Registered Trade Mark of the Office of Government Commerce.

Back to the future The end of yet another year is almost upon us. This time of year always begs the same question, “Hasn’t this year gone exceptionally quick?” This is especially true when working in the publishing sector (we plan winter issues in the summer!) but even more so for the IT industry. With the rapid speed at which ideas and concepts are quickly turned into products, what would have taken many years to come to market, now takes half the time – the multiple comparisons of today’s technological advancements to classic futuristic films, such as The Terminator and Minority Report are a prime examples. In this issue, we look back at the innovations that have blossomed this year, as well as what’s set to be big in the next. Although it’s hard to predict the future, we are confident that cloud computing has got a concrete place in 2014 – it’s even been compared to the Industrial Revolution! (please see page 26) a big claim, but do you agree? The cloud has been widely recognised as a cost-effective, simple and flexible solution for many companies that do not want to operate their own IT infrastructure, and has led the way for BYOD policies, and more. However, the general consensus is that many SMEs are still hesitant about the cloud; whilst the ITSM sphere is still grappling with the idea. Gartner predicts that by 2014, 30% of companies currently using cloud-based ITSM tools will revert to a premise-based solution. Furthermore, we recently published that 55% of IT executives prefer a hybrid ITSM model; 33% prefer a premise-based solution; and 13% opt for a pure cloud offering. We’ve reported that many companies are realising it’s not best to move all ITSM components to the cloud as it removes too much control, which could negatively affect the user experience, but to instead examine the business as a whole and decide if the cloud is the best solution. This is an area we’ll be keeping a close eye on next year – it will be interesting to see if more continue to opt for a hybrid ITSM model or if the cloud will conquer… In the meantime, enjoy the festive season! All the best, Sophie-Marie Odum

Editor | November-December 2013



Contactless cards highlight security concerns Warnings about the use of contactless payment cards and Near Field Communication (NFC) capable devices have been highlighted in a study published by the Institution of Engineering & Technology’s (IET) The Journal of Engineering. A team of researchers from the University of Surrey successfully received a contactless transmission from distances of 45-80cm using inconspicuous equipment, highlighting security concerns to personal data. NFC technology is in use on more recent mobile phones and on contactless debit/credit cards.

The team used portable, inexpensive and easily concealable equipment, including a pocket-sized cylindrical antenna, a backpack and a shopping trolley. Using this equipment, the team showed how eavesdropping could be carried out at various distances, with good reception possible even at 45cm when the minimum magnetic field strength required by the standard is in use. Lead academic supervisor, Dr Johann Briffa said, “The results we found have an impact on how much we can rely on physical proximity as a ‘security feature’ of NFC devices. Designers of

DID YOU KNOW: From 2011 to 2013, web chat has risen from 0.7% of all inbound traffic to UK contact centres to 1.7%, a growth of over 140%. 37% of UK contact centres currently offer web chat to customers, up from 14% in 2011, and 27% plan to implement this within the next 12 months. (Research from ContactBabel)

British businesses are paying a high price for the introduction of tablets in the workplace with 47% of users experiencing tablet failures in the past two years.

Jan Kaempfer, marketing director of Panasonic Computer Product Solutions, said, “The benefits of tablets are clear


Eleanor Gendle, IET managing editor at The Journal of Engineering, added, “With banks routinely issuing contactless payment cards to customers, there is a need to raise awareness of the potential security threats. It will be interesting to see further research in this area and ascertain the implications for users of contactless technology with regards to theft, fraud and liability.”

Cloud computing proves to be a valuable skill 39% of UK IT directors report that cloud computing is the most valuable skill for IT professionals to have in terms of career path and advancement, according to new research from Robert Half Technology. This was followed by security (37%), project management (33%), virtualisation (29%), network administration and engineering (27%), mobile and application development (27%), database management (24%), C# development (15%), business intelligence (14%) and Java development (13%).

Tablet troubles for British workers

Those with tablet troubles have experienced an average of three failures during this period and an average repair or replacement time of two weeks. The most common cause of failures was extreme temperatures, with 29% of tablets being left in a hot place and 11% out in the cold, such as in a car overnight. Aside from temperaturerelated issues, the most common accident was a fall, being dropped or knocked off a desk (21%). This was followed by spillages of water, coffee, tea and soft drinks (17%) and even total immersion in water (pool, sea, river, sink, bath, puddle) at 11%. More than one in 10 (11%) even reported seeing their tablet run over by a vehicle.

applications using NFC need to consider privacy because the intended short range of the channel is no defence against a determined eavesdropper.”

for all to see, but businesses must pay much more attention to the types of device most suitable for their mobile workers and the requirements they have for the device. For example, will the tablet be used inside or outside; will it require removable and exchangeable batteries with long life between charges, and will it be exposed to extreme temperatures, dust and dirt or poor weather conditions?” The research was based on responses from 500 British workers who use a tablet for work. The study was undertaken by Dynamic Markets Ltd and commissioned by Panasonic.

The huge rise in adoption of cloud computing initiatives is driving organisations to employ greater numbers of cloud experts, the research found. Almost half (41%) of IT directors said that they would hire additional staff to support cloud initiatives. Just 18% said that they did not have cloud initiatives in place, suggesting that the vast majority of companies (82%) have undertaken or will undertake cloud projects. IT directors are also investing in training and education to bring their current teams up to speed.  Almost half (49%) say that they deliver inhouse training and development, while a third (32%) invest in external training courses and 30% provide webinar and e-learning.  A quarter of companies deliver on-the-job training while a fifth (20%) rely on previous experience in another company. | November-December 2013


Strategy positions UK as world leader on data science A new strategy will ensure the UK is well-placed to take advantage of the opportunities for using data, Universities and Science Minister, David Willetts announced recently. Seizing the Data Opportunity sets out plans to create a skilled workforce in data analytics; develop the UK’s data infrastructure that will allow access to high-end computing; and help data to be shared and linked to support groundbreaking research. A strong data infrastructure will position the UK as a world leader for the development of projects such as “Smart Cities” and the “Internet of Things”. These new innovations require specialised computing facilities to manage large data sets, and are essential in developing new technologies such as transport management and specialised health care systems. Willetts said, “The next generation of innovation and scientific discovery will be data-driven. We need to ensure the UK does not get left behind, and that we have the skills and infrastructure to handle data on a large scale and stay ahead in the global race. By supporting businesses, researchers and the public to make better use of data, we will help them gain new insights so they can produce exciting new innovations.” Seizing the Data Opportunity forms part of the Government’s Information Economy Strategy, which was published earlier this year. The Strategy is a joined up approach between government and industry, making sure that there is a clear plan for growth across the UK’s information infrastructure.

The only way is... the cloud “‘The cloud’ is the only way start-up schemes can be effective in today’s economy with its tight credit and constantly evolving technology”, said Gary David Smith, founder of Prism IT Solutions. “There is no money to invest in young people starting businesses and the banks aren’t lending. A cloud-based business can be run on a shoestring with a king-hit result. Let’s embrace the cloud as a launch pad. “Young people don’t realise the opportunity before them. You can save 90% on the costs of a traditional ‘bricks and mortar’ business,” Smith added. According to Forrester Research, the global cloud computing market will grow from £25.2 billion in 2011 to £149 billion in 2020. In 2012-13, the UK’s cloud computing industry has generated around £5 billion in revenue, a 6.5% increase from 2011. Annual growth in the next five years is predicted to be 13.2%, reaching £10.8 billion. An estimated 18% of small and medium UK businesses use cloud computing and another 30% are expected to do so in the next year. By 2015, it is expected to account for 9% of the UK’s IT services and software market.

Several top websites use device fingerprinting to secretly track users

Meeting the demand for ITAM training

A new study by KU Leuven-iMinds researchers has uncovered that 145 of the Internet’s 10,000 top websites track users without their knowledge or consent.

APMG-International will begin accrediting training organisations to deliver the IAITAM Courseware, effective immediately, which will allow widespread adoption of the IAITAM Courseware and meet the growing demand for IT Asset Management training.

According to the company, the websites use hidden scripts to extract a device fingerprint from users’ browsers. Device fingerprinting circumvents legal restrictions imposed on the use of cookies and ignores the Do Not Track HTTP header. The findings suggest that secret tracking is more widespread than previously thought.

Dr Barbara Rembiesa, CEO of IAITAM said, “IAITAM is very excited about making this move to allow training organisations around the globe to star t teaching the IAITAM Courseware. One of many benefits of this par tnership is the additional focus IAITAM will garner to create new and critical content initiatives for the profession. “IT Asset Management has grown to the point where global wide spread adoption is eminent. The demand for the IAITAM cer tification is such that it forced IAITAM to make a decision. We had two choices, to become a training organisation or an organisation that will continue to lead the profession with exper t and practical content and strong and innovative leadership. “In partnering with APMG, we brought two world-class reputations and skillsets to work together to set the course for how IT Asset Management will be taught and viewed moving into the future.” Richard Pharro, CEO, APMG-International, added, “With the speed at which technology changes, we are excited to have a best practice in IAITAM that focuses on the technical aspects of IT, as well as business practices to manage that IT across the entire organisation.” | November-December 2013

Device fingerprinting, also known as browser fingerprinting, is the practise of collecting properties of PCs, smartphones and tablets to identify and track users. These properties include the screen size, the versions of installed software and plugins, and the list of installed fonts. Device fingerprinting targets either Flash or JavaScript. The researchers found that some Flash objects included questionable techniques such as revealing a user’s original IP address when visiting a website through a third party. The study also found that 404 of the top one million sites use JavaScript-based fingerprinting, which allows sites to track non-Flash mobile phones and devices. The fingerprinting scripts were found to be probing a long list of fonts – sometimes up to 500 – by measuring the width and the height of secretly-printed strings on the page. Device fingerprinting can be used for various securityrelated tasks, including fraud detection, protection against account hijacking and anti-bot and anti-scraping services. But it is also being used for analytics and marketing purposes via fingerprinting scripts hidden in advertising banners and web widgets.



The changing face of network security operations C-level managers and IT professionals are tackling increasingly complex enterprise networks, with trends such as vir tualisation, IPv6 and the cloud requiring more automation of network management, according to a recent survey. Tufin Technologies recently announced the results of a survey, which explored the changing face of network security operations. It also demonstrated an ever-changing IT network with companies from financial services, telecom, technology and public sectors facing frequent network configuration changes, and suffering from human error and recurrent firewall outages. The research, conducted by ResearchNOW, surveyed more than 500 C-level managers and senior IT professionals from companies of 1,000 or more in the US and the UK. The research found that end-to-end, coordinated security policy is vital as almost nine out of 10 IT and business decision-makers felt that coordination

of security policy across the entire network is “essential”. In addition, 67% of senior IT and decision-makers think security policy management across the network will become more automated over the next few years. Network configuration and server configuration are the IT areas most likely to become automated, the company believes. 71% had to adopt new processes, learn new technologies and interact with new people because of trends like the cloud, IPv6 and virtualisation. In regards to security, 55% report these new business initiatives require security’s input, and almost 1/3 report they require data from new stakeholders in order to design proper security policies. Also, 50% of all respondents said the cloud will have the most impact on network security in the short term. However, 56% said that system complexity was the number one root cause undermining and jeopardising IT security efforts; and 33% of UK and US IT and business decision-makers said

that their company had suffered five or more firewall-related outages in the last year – the equivalent of nearly one every other month. 17% of financial services companies reported 11 or more outages in the last 12 months. The research also found that human error is common as a quarter of UK and US business have had to re-do more than 60% of all firewall changes because they weren’t implemented correctly the first time.

The future of the CIO is unclear to guarantee that future CIOs will have the skills they need to ensure business success. Looking forward to the next generation, skill sets need to evolve drastically. Over two fifths (44%) of IT leaders surveyed suggest that the CIOs of 2018 will have to be financially savvy, innovators (33%), and will need to be able to act as a trusted business advisor (28%). Cross-organisational collaboration will also be centre place as it is a widely held view amongst IT leaders that CIOs will have to strengthen their relationships with other business heads, with the heads of legal (27%), CFOs (20%) and COOs (18%) identified as priorities.

73% of current IT leaders are unsure if the CIOs of today will be the right people to lead IT within UK businesses in the next five years, according to new research commissioned by Reconnix. The Future CIO study surveyed 100 UK-based IT leaders to aggregate their thoughts on the future of technology leadership in the enterprise. When asked why they felt today’s CIOs will not be leading IT in the next five years, 50% cited a lack of general knowledge of business strategy, while nearly half (43%) cited a lack of technical skills. 36% also felt that their knowledge of IT and their skill sets will not be suitable for the IT landscape of 2018. Even more worryingly for UK enterprises, over a third (37%) of those surveyed also do not believe that enough is being done within their organisations or the industry


Steve Nice, CTO of Reconnix explained, “CIOs naturally lead the charge in innovation, and our research shows that half feel that as new technological solutions are adopted, it will require a new type of CIO to work with various business heads. Since CIOs intrinsically understand the IT space, it stands to reason that to help drive technological and economic growth they must also understand business strategy. “Clearly the CIOs’ role must change if they are to become the business leaders of tomorrow. To do this they need to develop the skills that our report indicates they are currently lacking.” Duncan Wilson, principal investigator, ICRI Cities, Intel, added, “The Internet of Things is the next big wave of computing. It will touch more aspects of our lives and have a more profound effect on the workforce than we can begin to imagine. Intel is committed to helping today’s youth develop the skills they need to capitalise on the IoT and become the innovators of tomorrow.” | November-December 2013

Download your free ITSM Kit:


Tech sector witnesses employment growth

Industry needs to do more to help de-mystify the cloud

The UK technology sector has outperformed the rest of the UK private sector in terms of employment growth over the last 10 years, a new joint report by KPMG and Markit revealed. The research also shows that UK tech companies are more confident about the business outlook than firms in other industry sectors, with growth expectations at here well above UK private sector average. Tech Monitor UK features for the first time the Tech Sector Purchasing Managers’ Index (PMI), a new method for tracking job creation and economic growth at UK technology companies. According to the Index, job hiring trends over the last 10 years have consistently outpaced those of other sectors. UK tech sector job and output growth have been especially strong since the end of the recession, with larger tech companies reporting steeper employment growth than smaller tech firms. Tudor Aw, Head of Technology at KPMG, said, “Our new report Tech Monitor UK, the first of an ongoing series, reveals a number of key findings: importantly, it shows that the UK tech sector has generated solid rates of job creation over the last four years, and that it has consistently outpaced other UK private sectors in creating jobs since the global financial crisis in 2008/09.” The report also provides an in-depth geographical snapshot of the UK tech sector employment patterns. The research reveals that the 10 local authorities with the highest proportion of tech workers are all in the South East of England, and are all located close to either the M4, M3 or M25 motorways. According to the research, Wokingham, is the number one technology employment cluster in the UK, followed by Rushmoor and Hart. London has the second-highest proportion of tech workers nationally, with the footprint particularly large in the boroughs of Richmond-upon-Thames and Hounslow.

SMEs need to think big The Think Bigger: Innovation Champions Repor t, issued by SAP (UK), indicates that innovation is the greatest challenge for one in three (31%) SMEs over the next 24 months. The independent industry report of 254 senior business decisionmakers from UK-based SMEs explores the challenges businesses must embrace in order to achieve sustained growth. It found that just 40% recognise innovation is important for achieving growth. As many as 40% of SMEs believe greater access to technology has driven the need to innovate; reflected in the increased use of mobile technology over the last 12 months (66%) with over three quarters (77%) citing cloud as fairly

important or critical to achieving their business objectives. However, whilst technology proves to be the driver for innovation, cost (50%), time required to update new systems (41%) and the need to teach employees new skills (37%) are the main barriers to adopting technology. John Antunes, director SME & Channels SAP UKI & Netherlands, said, “Thinking beyond the confines of the business, SMEs need to focus efforts on external forces in order to be more innovative in their approach to growth. Whilst often it’s easy for businesses to get caught up with internal issues, external positioning is a core differentiator for SMEs moving into 2014.”

Follow us on Twitter @VitALMagazine


Though many businesses adopt cloud computing, proper understanding of this technology is still lacking, indicating that clear and accessible information is not being provided by the IT industry, according to a new study by Central Technology. Up to a quarter of senior directors and managers still don’t know what the cloud is or only have a vague idea of what it is, yet over 60% of businesses are using the cloud right now. What’s more, 15% of survey participants intend to start using it in the near future. However, the majority of respondents do not believe there is enough information available to make an informed decision about using the cloud. Over half of respondents said that information was lacking with comments saying that information needs to be non-technical and that the term cloud “means too many different things”. It’s clear that business executives are still tentative about trusting the cloud and the providers as the top concerns were to do with security; a third-party looking after data and a lack of control over infrastructure. Managing director of Central Technology, Ian Snow, said, “We are aware that cloud computing can be confusing, so we expected there to be some uncertainty about certain aspects of the cloud. It was a revelation, however, to find out that a massive 25% of senior business people – the decision-makers – still don’t even know what the cloud is. “As an industry we need to start taking responsibility for how we talk about the cloud and new technologies so that our customers are equipped with the knowledge to question us if we’re not meeting expectations, and push us to keep improving our service and industry standards.” | November-December 2013

Service Management excellence in The Cloud Compelling cost model Full system management, high availability and support all included No infrastructure or maintenance overheads

Any device, any location Accessible via your favourite device Contemporary Web 2.0 responsive user interface Available wherever there’s an internet connection

Gamify your Service Desk Compete in gamification challenges and improve team performance Gain experience and “Level Up” Show off your support prowess with badges and rewards

Wallboards, Dashboards and Wizards Service Desk Institute approved reporting suite for key performance management View trends and compare progress over time Improve decision making and efficiency

Service and Process Management beyond the IT department Think, create and extend beyond the IT Service Desk Automate and manage business processes and tasks across the organisation No need to be a coder to personalise and extend your solution

Telephone: Email:

020 8391 9000

Follow us on Twitter – @SunriseSoftware Find us on Facebook – Sunrise Software


We are all in sales; you just may not know it By Steve White Once upon a time, there was a problem management team in a large telco who were unloved by senior management. Bosses saw no value to the work they were doing. Every day they would “administer” the tickets, and chase people who had not updated tickets in time. One day, an individual problem manager wondered if he could take ownership of the problem himself, and instead of farming the responsibility out to the federated teams, he drove and managed an issue to root cause. Because of that one success, others in the group copied him and took personal responsibility for the resolution of the tickets. Then the group became central to the delivery of IT stability and profits in the company until finally they were recognised as experts in their field and got really interesting assignments all around the world, helping the CXO’s manage difficult business issues. I’m also working with some large organisations that see no value in having a problem management function. I believe that some contribution to the reputation is the way that problem management markets itself. Dan Pink’s recent book To Sell is Human1 has some cool ideas, and applying them to IT service management might be fun. One in nine Americans are traditionally selling stuff to the other 8/9ths. Recent economic and social forces have driven the 8/9ths to now be selling too. Wherever we work, we need to persuade other people to help, or release people to help us with our mission. While we might think that we’re not sales people, we really now are, and that profoundly changes how we need to think of the ITSM business and our part in it. In a survey of 7,000 US employees, an average of 40% of work time has been reported spent asking other people to give them something they value in return for something that they could offer. People who are convincing others to give up something in exchange for something else are in the business of “sales”. In most cases, no money is changing hands; the exchange is denominated in attention, energy and commitment.

While we might think that we’re not sales people, we really now are, and that profoundly changes how we need to think of the ITSM business and our part in it. •  Attunement: Can you take other’s perspective and see a position from their point-of-view? • Buoyancy: Can you be OK in an ocean of rejection? •  Clarity: Are you able to curate and distil information clearly to others? Chapter 7 is very helpful. It suggests to: •  Find out about the “Pixar Pitch / Story Spine” and then use it. •  Think about the subject line in your emails – either they need to be useful emails or they make people curious. Nothing else will do.

This is “non-sales” selling, and we are all in sales now.

• Use rhymes. Be the “Stability Facility”.

You may recoil at this new reality. The adjectives associated in people’s minds when thinking of “sales” or “selling” are overwhelmingly negative – “pushy”, “yuck”, “difficult”, “annoying” and so on… This attitude is outdated; a hang-over from an age when a seller knew a lot more than a buyer. Buyers can now research about the thing they are going to buy, and be as well informed as the sellers. “Sales” is suddenly not what it used to be.

•  Ask yourself how could you use more “Question Pitches” to begin a dialogue with others?

According to Pink, there are three foundational qualities needed in order to be effective at this new kind of sales.

•  Communicate using social media – tell people what you are up to. •  Take ownership of one word, so that when they think of that word they think of you… Then practise them. Perhaps this is an intriguing invitation to have a conversation.

Reference 1. Pink, D. 2012. To Sell is Human. Riverhead.

14 | November-December 2013


Measure for measure – Top five IT trends in 2013 By Jonathan Westlake As we draw to the close of 2013, I offer comments on some trends in the marketplace. Firstly, the landscape between IT and home continues to change with BYOD and connectivity to workplace systems on a 24/7 basis gathering pace. Whether this will lead to a cultural change with more working from home is debatable. My daily commute in the rush-hour seems just as busy as 2012, why we need to start and finish work at the same time has always puzzled me.

Tablets and smartphones Tablet sales continue to grow for both business users and social use. We’ve seen the growth of mini tablets and also the development of dual operating system tablets. But the vision of a device that can seamlessly connect to everything is still someway off! Similarly, smartphones have become the norm and IT can be increasingly seen as an essential utility. The apps market clearly has no boundary as apps for everything continues to emerge.

IT skills shortage Secondly, let’s address the new IT curriculum in schools. In addition, the BBC announced an initiative to encourage coding in UK schools, and the Raspberry Pi popularity has led to the millionth Pi rolling off the Sony production line in South Wales. To support this, I found that my outreach activity for my university is dominated by workshops for Raspberry Pi, and this is also reflected with the British Computer Society (BCS) as we get behind the rekindling of IT innovation in the young. With employers in the UK facing a skills shortage in the IT sector, such initiatives will hopefully stand the UK in good stead for the future.

The cloud Thirdly, cloud provision has become more established. The uptake of cloud technology; - whether it be software- or platform-based – is clearly on the rise. Whether UK SMEs are taking full advantage of this is debatable, however, and I will visit this topic in the New Year.

We’ve seen the growth of mini tablets and also the development of dual operating system tablets. But the vision of a device that can seamlessly connect to everything is still someway off!

Rise in security breaches Fourthly, the spectre of security still looms with cases of lost data or security breaches sadly widely reported throughout 2013. The scale of the problem is perhaps coming to light and the UK Government, in part, started the discussion on how online security could be improved for children. Following a long campaign by the Government to get ISPs to impose default filters for adult and sensitive subjects, David Cameron announced back in July that UK ISPs will be putting pornography filters on domestic Internet connections,. However, the Institution of Engineering and Technology (IET) thought this would be “ineffective” and “harmful”. The Institution publically said that such proposals to use legislation, which force ISPs to block access to pornography, will be ineffective and harmful, and there are better ways to protect children. So we will see what happens in the New Year. Self-regulation or legislation is still being debated and how to control the Internet, which crosses nation boundaries. I believe a solution of many facets is probably required. Allin-all, some of the content and ease of access to unsuitable content continues to be a worry.

Big Data Finally, what about all that data from Twitter and Facebook which now appears as common on a firm’s letterhead/ websites as an email address? “Why?” I ask, “what is in it for me?” But seriously, what to do with the data, how to mine it and turn it into information is the conundrum and Big Data was in the arena for that issue during 2013. Big Data was a theme I came across throughout 2013 and the questions which included how to store unstructured data and break it down are ongoing. 2013 was a year of continued technological and cultural change. But, it’s one thing to embrace technology but it’s another thing to actually use it. Providing feedback opportunities via hashtags is one thing but is anyone listening at the other end? Here’s to more IT fun in 2014… | November-December 2013


VitAL Report

Are online IT training courses the answer? Sophie-Marie Odum investigates the rise in online IT training courses offered by daily deal websites. Is there a negative stigma attached to these online courses, or will they really help address the IT skills shortage? you’re signed up to a daily deal website, amongst the I fmeal-for-two deals and bargains of discounted onesies, you may have noticed an increase in offers for online IT training packages; from IT technician courses to app design and social media training. More recently, I came across a cloud computing training course. The modules included: • Cloud computing and business value • Technical perspective/cloud types • Tips for successful adoption of cloud computing • Impact and changes on IT service management • Risks and consequences of cloud computing. The course, which was “suitable for beginners”, offered prospective students “approximately 50 hours of material”, “free phone and online technical support”, and “exam preparation”, all for under £40, a massive 96% discount. This was just one of many such courses I came across. Online learning is not a new phenomenon; in fact more and


more people adopt this learning method as it can fit around busy schedules easier. Jonathan Westlake, University lecturer in the Faculty of Sciences, Engineering and Computing, Stokeon-Trent, Staffordshire, commented, “Certification of IT skills is of course not new, but the proliferation of online training courses is new and, of course, that has arisen due to the pervasive nature of IT in the workplace and part of every job. “The courses online vary in level and depth and, of course, value. The convenience of online training, is also a factor as the demand for training which can be done in a self-service and outside working hours, has grown.”

Skills shortage and youth unemployment But are online learning courses as detailed above just satisfying the demand for convenience? Or are they also addressing the national IT skills shortage? If we rewind to the beginning of this year, the European Commission launched a “grand coalition” to address the region’s IT skills shortages. It was reported that 1 million euros (£860,000) will be invested into the coalition. | November-December 2013

VitAL Report The skills shortage also coincides with high unemployment rates across Europe, and the Cosmmission called for greater awareness of IT career opportunities. Its own figures suggested that there will be 900,000 vacancies for IT-related roles by 2015. Companies like Google have also launched programmes to entice students to undertake a career in IT. Although the number of digital jobs are growing by about 100,000 every year, the number of skilled IT graduates is failing to keep pace, according to research. More recently, City & Guilds reported that employers in the UK are facing a skills shortage and IT, digital and information services companies are amongst the worst affected. Findings published revealed that, whilst 60% of all employers are struggling to find new employees with the right skills, 74% of employers in the digital, IT and information services sector say they are facing a skills shortage. The research, which gathered views from more than 1,000 small, medium and large businesses, found that almost 50% of digital companies in the UK are considering looking abroad for potential new recruits. This is significantly higher than organisations in other sectors, which are more optimistic about finding strong candidates in the UK workforce. For example, only 25% of those in the public sector are considering looking abroad for new employees; 22% in the retail and sales sector; and 24% in hospitality and tourism.

Are online courses a positive? With initiatives such as Rasberry Pi and a change in curriculum to better prepare young people for jobs in the digital sector, it is hoped that the next generation IT workforce will be well equipped. But will online training courses, sold at dramatically reducted prices through daily deal websites and offered by many different providers, address the skills shortage now, or produce an unskilled workforce that will do more harm than good? Ken Gaines, portfolio manager at City & Guilds, said, “If they [the courses] are leading to an industry certification from Microsoft, CompTIA, Cisco, etc. then we know the quality of learning being provided is good and the tests are fairly robust. But questions of authenticity will always creep in when there is no direct connection between deliverer and learner when it comes to taking the test. There are great variations in learning content out there, but it depends on how well it is backed by tutor support.” Jonathan agrees that tutor support is of utmost importance. He added, “On balance, the availability of such courses has to be viewed as a positive thing and competition of learning opportunities is a healthy aspect. With regards to quality of the course, this has to be the judgement of the person/ firm seeking the training and what the expectations are, for example, some online courses have little support whereas some offer tutor support. I would argue that online material needs to be augmented with a tutor, particularly as IT is a technical subject. “The IT skills shortage is well documented and needs to be addressed using a combination of methods. Online technical training packages can no doubt improve the skill set of an individual and help get into an IT-based role or update the skills. The UK workforce needs to embrace life-long learning and adjust to the needs of the market. “Reputable online technician courses are a route for individuals as part of continuous professional development, but should also | November-December 2013

be coupled with wider educational qualifications offered by the further and higher education sector. ”

What’s the way forward? Ken believes online learning isn’t the best answer, and those wanting a career in IT may instead benefit from learning on the job, picking up recognised qualifications on the way. He commented, “If they [the courses] encourage people to look at ICT professions then this could certainly help, but on their own they may mislead over the requirements to get into the industry. We are seeing a growth in apprentices in this area, right across a range of roles that include programmers, systems support, network technicians and more.These provide employers with the ‘year-long interview’ and get people trained in their ways and with the skills they want.There is also a focus all around on programmers, but there is still a need for the ICT technician who can support the large data centres.” So are apprenticeships the key to fill some of the skill gaps whilst also addressing the youth unemployment pandemic? The City & Guilds research found that, almost 80% of employers from the IT and digital sector believe that work experience is essential to ensuring young people are ready for work while 70% would be more likely to hire a young person with work experience over someone with none. In addition, more than half of employers (55%) in digital, IT and information services have given a full-time job to someone they’ve taken on for a work experience placement; and 66% of employers believe that structured work experience should be mandatory for all 16-18 year olds.Young people with work experience are thought to be more employable because, they understand the work environment better and how to conduct themselves in it (69%); secondly they have a better understanding of industry and know what they are getting into (65%); and also because they have a better attitude towards work and learning on the job (63%), the research found - arguably, benefits that cannot be gained through online learning. With 50% of companies now considering looking abroad for potential new recruits, online courses and apprenticeships have a key role in equipping individuals with the right skills to protect and grow the UK economy. With fierce competition from the likes of China, for example, it’s important that the UK does all it can to fill the gap now rather than later, or it will lose out. IT skills shortage in numbers: • 60% of all employers are struggling to find new employees with the right skills. • 74% of employers in the digital, IT and information services sector say they are facing a skills shortage. • Almost 50% of digital companies in the UK are considering looking abroad for potential new recruits. • Almost 80% of employers from the IT and digital sector believe that work experience is essential. • 70% would be more likely to hire a young person with work experience over someone with none.

References available on request


VitAL Report

CYOD overtakes BYOD 2013 has seen the rise in CYOD policies as companies opt for choosing their own device over bringing their own device. CYOD is said to offer the best of both worlds: organisations retain control of the network environment whilst employees choose the device. VitAL Magazine investigates… ompanies are opting for Choose your own device C (CYOD) instead of BYOD to meet their communication needs in the real world, according to a new study, which found that 31% of organisations now run a CYOD policy compared to only 17% who run BYOD. In addition, 60% of organisations say CYOD is the best option for them vs. only 13% who say the same about BYOD. Companies that operate a CYOD policy own the SIM/ contract, but lets employees choose their own device from an approved catalogue. Whilst everyone is still talking about BYOD and how organisations should be implementing this policy, the study has found that companywide deployment of BYOD has grown at just half the rate (6%) of CYOD which grew by 12%. While token adoption of BYOD, where fewer than 10% of employees can connect their private devices to the network, has increased considerably in popularity in the last year (growing from 43% to 58%), companywide adoption of BYOD (where 75% or more of employees are included) is faring rather poorly. But with so much hype around BYOD, how has CYOD become the policy of choice? Rufus Grig, CTO, Azzurri Communications, answered, “Despite all the puff and promise of BYOD, the evidence shows that adoption is far lower than the hype would lead us to believe. BYOD promises the world, but in reality most organisations are left paralysed and confused by what BYOD can really offer, so in the end they stick to what they know and avoid large-scale, companywide BYOD deployments.”

Organisations are however warming to the idea of employees using a single mobile/work device, yet opinion still remains in favour of corporate provision. When asked to rate out of five whether they support the idea of employees using a single mobile device under a range of different scenarios (with five being ‘Completely Supported’ and 0 being ‘Strongly Opposed’), organisations still favoured policies in which they owned the device and/or contract. For example, support for a single device “If the business owns the device” has risen from 3.7 to 4.3. However support has grown in all scenarios since 2012, because, support for a single device ‘If the employee owns the device’ has risen from 2.8 to 3.3 since last year. “While we have found BYOD to be best policy in certain, specific situations (such as in hospitals where consultants usually own their own devices), overwhelmingly our customers find that the hybrid ‘Choose Your Own Device’ or CYOD approach is the best fit for their needs as it offers the right balance of choice and control,” said Rufus. “CYOD is therefore the best of both worlds; a controlled network environment that still offers employees the benefit of a single work/home device of their choice. CYOD is also less of a cultural leap for the organisation, since maintaining ownership of the contract is much closer to the status quo of corporate provision. So aside from the security and monetary risks, BYOD is often a leap too far for many, so it is only natural that they prefer to stick to what they know.”

Reference BYOD Peer-to-Peer Report, an independent study of ICT decision makers conducted by Shape the Future and commissioned by Azzurri Communications.


BYOD promises the world, but in reality most organisations are left paralysed and confused by what BYOD can really offer, so in the end they stick to what they know and avoid large-scale, companywide BYOD deployments | November-December 2013

VitAL Report

CIOs vs CMOs… let the battle commence! In 44% of organisations, the CIO has ownership of mobile web strategy but as the mobile web grows in popularity and influence, CMOs are becoming increasingly interested in how mobile channels can improve customer service.With this interest comes a desire to take ownership of mobile web strategies. … Let the battle between CIOs and CMOs commence! battle between CIO and CMOs is heating T heup on-going because they can’t agree on the mobile web. Over

half (51%) of CMOs believe that they should acquire more ownership of their organisation’s mobile web strategy ahead of the CIO, in comparison to only 9% of CIOs, according to a new study.1

Round 1: customer service vs more channels for interaction Revealing internal tensions between CIOs and CMOs, the Netbiscuits survey illustrated that each are driven by their different motivations when building for the mobile web and their beliefs on which function should be responsible for its ownership. While the CMO is focused on improving aspects of the customer experience, the CIO is much more aware of some of the technical challenges in delivering some of the CMO’s requirements. For example, 53% of the CMO respondents cited ‘provide customers with more channels for interaction’ as a critical factor, compared to just 35% of CIOs. 44% of CMOs said ‘improving customer online engagement’ was critical ahead of CIOs at 29%. Meanwhile 86% of the CIO audience were more concerned with the bottom line revenue improvement from improving sales via mobile platforms.

Round 2: Dual ownership vs single ownership Similarly, the survey also found that CIOs are likely to be more gracious towards joint ownership of mobile web strategy (23%). Other C-Level executives agree (30%), however, CMO’s completely disagree. Only 9% said that dual ownership was desirable. CMOs understand that they have the most to gain from wrestling ownership from the CIO. It enables them to gain greater control over some of the key performance indicators that are directly determined by customer experience on mobile platforms. However, the CMO has sole ownership of mobile strategy in only one in five (21%) organisations. Joint CMO and CIO ownership of mobile web strategy accounts for 27% of the total, while fewer than one in ten (8%) organisations has a dedicated function that is independent of CMO, CIO or other C-level function, such as a Mobile Center of Excellence.

Final Round 3: Advantages vs Disadvantages Netbiscuits research identified a number of areas in which both the CIO and CMO functions had clear advantages and disadvantages, which combined could create the optimal approach to developing a mobile web strategy. For example, only 50% of CMOs said that testing was critically or very important to improving customer experience. By contrast, 74% of CIOs said that testing was critically or very important. The CIO’s focus on the technology layer and standardisation of the process, mixed with the CMO’s bias towards the customer experience, creates a need for both disciplines to collaborate and come together. Daniel Weisbeck, CMO & COO for Netbiscuits, said, “Mobile web strategy must be based on clear, common business objectives with targets defined in both the CIO and CMO areas. “The real battle to watch therefore is not between the CIO and the CMO, but whether a joint CMO-CIO approach or a dedicated function approach provides the best mechanism to align customer experience objectives with the technical challenges of delivering these goals. A successful combination of their approaches and motivations provides the real basis for an extremely strong mobile strategy.”

Reference 1. Conducted by Vanson Bourne, the research asked a total of 300 CIOs, CMOs and other C-Level executives for their views on mobile web strategy in their organisations. All of the enterprises taking part in this survey were companies of over 100 employees and 25% were organisations of over 5,000 employees. 200 participants were interviewed in the United States, and 100 in the United Kingdom to compile this information. All organisations in the survey have customer-facing websites.

20 | November-December 2013


Subsribe FREE! News, views, strategy, management, case studies and opinion pieces Title


VOLUME 7 | ISSUE 6 | Novembe r-Decemb er 2013








The brains behind the software

An “augmented” future for wearable computing

Scientist explains how new software mimics the way the brain processes images

Mass customisation

Applying manufacturing principles to IT

The order behind INSIDE creative chaos VitAL Report Rolling out ITSM at the world’s biggest physics experiment


VitAL Report Are online IT training courses the answer?

Do you know your worth?

Breakthrough Technology Advertising industry detects a change | May-June 2013

Published by



The implications of wearable technology for business


The quantified self

Can you envisage all the possibilities?


VitAL’s 2014 Predictions: Looking back on 2013


Hands up if you’ve been the victim of a cyber-attack Sophie-Marie Odum speaks to Ashley Stephenson, CEO of Corero Network Security, about the UK’s impending legislation that will enforce companies to disclose cyber-attacks… this time next year, it could be law for certain B ycompanies to publically disclose if they have been a

victim of a cyber-attack.The European Union’s European Commission Cyber Security Strategy is a proposed directive that aims to educate organisations on common levels of network and information security, and it will also require organisations to disclose all cyber-attacks. If approved by the European Parliament and member states, it will become EU law.

Currently, without legislation in place, companies do not have to make this information available to the general public or to the appropriate authorities. Ashley Stephenson, CEO of Corero Network Security, explained why this disclosure regulation is heading our way. “Very few cyber security incidents are actually disclosed to the appropriate authorities.The ones that do make the news headlines are those that are visible and very hard to deny. So if a major corporation has a website outage or significant downtime as a result of a DDoS attack, more often than not, the incident is openly visible and widely publicised. However, many undisclosed attacks are also happening every day, impacting organisations large and small, across a wide range of industries.


“In a bid to get companies to disclose cyber-attacks, there has been a move in the US, driven by the Division of Corporation Finance Securities and Exchange Commission, to add cyber security incidents to the list of business relevant events that corporations should disclose. So just like companies might have to disclose that they suffered a break in, a theft or lost some critical intellectual property, they must also now disclose cyber security incidents. “Part of this comes from the Informed Investor perspective. As the SEC has outlined, these disclosures are predominantly focused around the cyber security risks and incidents that may have an impact on investor-related decisions. The EU has drawn up guidelines or recommendations that it hopes its member nations will then investigate and potentially adopt as laws in their own countries. With increased visibility into these incidents via an enforced disclosure mandate, we could look forward to national and international information sharing to be used in overcoming these cyber risks. “You could say the approach in the US has been driven more by the investment market where, in contrast, the EU has been driven more from a ‘public good’ perspective, where both approaches recognise that it’s important that the infrastructure needs to be protected.” | November-December 2013


New age communications The speed in which new technology and communication tools has risen has left security technologies trying hard to catch up. New communication infrastructure tools that people are using in their daily lives, such as social media for example, have run ahead and preceded the need for the regulations to draw level in terms of disclosing security incidents. Ashley said, “In Europe, we already have disclosure regulations for the telco industry, but they do not apply to the new communication companies like Facebook and Twitter. The regulations haven’t caught up with the fact that many of us mostly communicate through Facebook rather than via the telephone or fax for example. “In the recent decade, there has been fantastic innovation and forward progress with new applications, new media communications and social media, and we’re all eager to download the latest app to communicate with our colleagues and friends. We’ve moved so fast that we haven’t had time to secure a lot of those communication mechanisms and that’s what often allows the malicious cyber criminals to come in and take advantage of our infrastructures. The apps are all so new and haven’t stood the test of time from a security pointof-view.”

The need for disclosure rules There is a strong need to have disclosure rules in place especially when it comes to securing national infrastructures or other critical services, such as banking, for example, said Ashley. “Governments have realised that the ‘bricks and mortar’ banking system has effectively disappeared – and the stock exchange has gone electronic – so, in the past, what would have involved physically robbing a bank is now more likely to occur as a cyber-attack. Maintaining the ability to secure financial transactions is an important business, which is just as important for the nation’s economy as it is for a business or even an individual. “There is a very serious and dark side to cyber crime, with potentially dire consequences stemming from a failure to protect these important online resources and infrastructure. With recent attacks in the last few years, there is now a growing realisation that companies can’t afford to cut corners or take a chance that they won’t be a victim. It’s been demonstrated time and time again that if you have inadequate cyber defences, somebody out there will be interested in taking advantage of your unprotected online resources and steal, compromise, or potentially even destroy a critical information or infrastructure.” In addition, the absence of full cyber-attack disclosures makes it very difficult to estimate the true extent of cybercrime. It’s hoped that the new regulation will promote a sharing culture and enable businesses to take a long-term, preventive approach. “In our experience, the number of incidents that are publically disclosed is really just the tip of the iceberg. We don’t know the exact ratio, but I wouldn’t be surprised that if for every incident that’s publically disclosed, there are hundreds of others that nobody ever know about outside the corporation in which they occur. “The EU directive, will promote better information sharing across borders, to combat these threats. With a desired | November-December 2013

result of achieving cyber resilience, reducing cyber-crime, and allowing for better development for cyber defence policies in the future. It’s really about taking a cooperative stand against these attacks, and learning from them as a group. “DDoS attacks have been around for more than a decade. These attacks are an evolving sophisticated type of attack, designed to wreak havoc on organisations large and small across the globe. With access to more reporting, the analysis of data will help us to understand the true extent and costs attributable to these attacks. A by-product of this global effort could even drive additional legislation related to the punishment of those responsible for these crimes. Overall it’s a win-win in a global stance against cyber warfare.” So, why do we need a regulation to force companies to disclose cyber-attacks, even if in the long-run it will protect the nation’s infrastructure? It’s the simple economics of business, says Ashley. “I think it’s the simple economics of business. In the absence of a law, many companies, out of duty to their shareholders, do not spend the money if they’re not required to. If we look at the Health & Safety regulations, in regards to the necessity for hard hats as an analogy, if we didn’t have this rule many companies would probably cut corners. “As another example, those major companies who were in the news earlier this year for not paying enough tax, yes, ethically they should pay more tax, but there is not a law to say they need to – so if we need them to pay tax, we should change the law to reflect this, otherwise they’ll continue to offshore profits as they had been as it’s perfectly legal. It’s not a malicious act; we just can’t rely on the goodness of human nature to disclose all cyber incidents. It could also potentially, competitively disadvantage those that do decide to disclose such information against those that decide not to.”

When will this become law? Ashley was unable to specify when this law will take effect, but explained that there are proposals out there now. “We’ve seen an increasing amount of activity from the authorities and the pace is accelerating towards more protection and regulation rather than slowing down. I wouldn’t be surprised if something happens as early as 2014,” he shared. But when this does become law, what will companies need to do to comply? “There is a cost to improving and disclosing – companies may not necessarily need to add more equipment, but they’re often required to provide forensic information along with their report if they suffer an attack,” explained Ashley. “This is another of the many reasons why companies do not already disclose their cyber breaches. “In our experience, given the downside risks, it’s not an onerous or substantial cost to be better protected, but it’s a cost nonetheless. These regulations will take away the excuse that if you don’t look, you don’t know, and they will require corporations to monitor, detect and report security incidents,” added Ashley. “It’s just like retail stores having security cameras – it’s now widely recognised as a good business practise and they pay for themselves in the long run. That’s common sense physical security and, in the virtual world, we haven’t yet caught up in terms of common sense cyber security.”


News Feature

Banks given a year to tackle cyber threats As news reports reveal that the Bank of England and the Treasury have urged banks to draw up plans to tackle cyber-attacks, Sophie-Marie Odum explores the industry’s thoughts and comments…

he Bank of England and the Treasury have given Britain’s T banks six months to draw up a cyber-attack plan, amid fears that the actions of hackers could disrupt the financial

infrastructure that underpins the economy. This illustrates that IT systems are currently ill-equipped to deal with the evolving threat from cyber attacks. As part of the process, the Bank itself will be “reviewing its own resilience”, minutes of last month’s Financial Policy Committee (FPC) meeting revealed. In the minutes, the FPC specifically drew attention to “complex legacy IT systems” as a “potential vulnerability”, as well as the financial system’s “high degree of interconnectedness [and] reliance on centralised market infrastructure”.

“Cyber security is not just an IT issue, but a business issue” Peter Armstrong, director, cyber security sector, Thales UK, believes that this announcement recognises that cyber security is not just an IT issue, but a business issue. He said, “This warning from the Bank of England and the Treasury is by no means premature, and echoes the sentiments of the KPMG report earlier this year which highlighted the current high level of naivety in the market regarding cyber security. “The FPC have warned that this issue must be tackled at director level within the banking industry, and there is a growing need for companies to acknowledge that cyber security is not just an IT issue, but a business issue. If businesses haven’t realised this, their organisation is already on the back foot. The consequences of cyber-attacks are now so severe that cyber defence must become a board room discussion where companies explore what measures need to be put into place to ensure they are acting proactively – not reactively. “In order to remain poised to react to this evolving threat landscape, banks must continually assess their defence capabilities and employ best practice cyber maturity models to centre around continuous policy evaluation and adaptation. Organisations that prepare for the FPC’s 2014 compliance deadline now are the ones that will gain a competitive edge.”

“Emphasis has to be made in protecting key industry infrastructure” In the wake of this announcement, IT security firm MWR InfoSecurity has warned that defence plans should be made around an asset-based approach to avoid a major cyber-attack. Alex Fidgen, director at MWR InfoSecurity, commented, “Whilst the issue of improving security is a complex one, it should be focussed around an asset-based approach. Emphasis has to be made in protecting key industry infrastructure, such as payment systems, by blocking all attack paths leading to it,


and this can only be achieved by thorough assessment of a company’s assets.” “In order for the finance industry to understand where security can be improved, they must adopt assessments that replicate some of the attack methods used by more sophisticated attackers, which are often state sponsored.” “If they miss this stage out, they will not identify how best to defend, and will not only waste funds and resources protecting the wrong assets, but they will be at serious risk of being hacked.” However, Fidgen said that these sorts of measures should apply not only to UK banks, but also to any financial institution operating in the EU, especially as the EU still provides Safe Harbour. The adoption of advanced defensive programmes is likely to provide these financial institutions with a competitive advantage, he believes.

Operation Waking Shark 2 In related news, at the time of going to press, every major bank in the UK will begin participating in Operation Waking Shark 2. This aims to test their ability to deal with a crippling cyber-attack.; defend their assets; communicate amongst themselves; and protect the stability of the UK’s financial system. The exercise comes two years after the original Operation Waking Shark exercise, which was launched by the nowdefunct Financial Services Organisation (FSO) in order to harden banks against “the increasing frequency, intensity and sophistication of electronic attacks upon the IT systems of firms operating in the financial sector.” Operation Waking Shark 2 will go one step further, simulating a “very severe” attack on the UK financial system John Yeo, EMEA director at Trustwave, commented, “It’s great to see financial organisations such as the Bank of England, and the Treasury taking cyber-security so seriously, and, in particular, that they will be conducting a simulated cyber-attack on payments and markets systems. The Bank of England’s FPC has also ordered regulators to come up with ‘action plans’ in the event of a cyber-attack by the first quarter of 2014.  However, it is of concern that the FPC feels these need to be ordered in the first place, as one would have expected that all financial institutions should have robust and far-reaching incident response plans already in place. “According to our 2013 Trustwave Global Security Report, the primary data type targeted by attackers in both 2011 and 2012 was personal/customer data, especially payment card-related data. There is a well-established underground marketplace for stolen payment card data; it is bought and sold quickly for use in fraudulent transactions.  Having said that, we are starting to see sophisticated cyber-attacks aimed at penetrating banks and financial institutions, so the results of the stress test will certainly make interesting reading.” | November-December 2013

News Feature

OFT urges for fair competition The OFT has launched a market study into the supply of public sector ICT services to examine whether competition in this sector could work better, and the reasons why it may not be working as well as it could. VitAL Magazine looks at what this means for businesses… study has been launched into the supply of ICT A market goods and services to the public sector. The Office of Fair Trading’s (OFT) study will focus on the degree of competition between the companies which supply IT goods and services, and follows an OFT call for information (CFI), launched July 3rd 2013. This CFI aimed to understand more clearly the ICT products and services involved; who supplies them; the structure and operation of these important markets; and the degree of competition between suppliers. The OFT has published a summary report of its findings from the CFI and it highlighted a number of concerns. Most notably, concerns were raised that certain businesses appear to have a large share of contracts in some areas of the sector; that there are high barriers to entry and expansion (especially for smaller scale ICT businesses); and that public sector organisations face difficulties and high costs in switching suppliers. During the CFI, issues were also raised regarding public sector procurement practices. The market study will examine the extent to which these practices interact with the market structure and suppliers’ behaviour. Existing reports and ongoing initiatives to improve public sector procurement will inform the study, but the OFT aims to avoid duplicating other recent or ongoing work concerning public sector procurement. In looking at the supply of ICT to the public sector, the OFT will examine two parts of the sector in particular, which appear to demonstrate issues raised in response to the CFI and which, between them, make up around half of UK public sector ICT expenditure:

When competition works well, it can help drive down costs, encourage innovation and ultimately ensure that the taxpayer gets the best value for money. We want to look further into this market to understand whether it is really serving its customers’ interests

• Commercial off-the-shelf software:

All types of software commercially available to different organisations, which have not been individually tailored to those organisations’ needs. Examples which it may look at include management information, and revenues and benefits systems that may be used by a range of public sector organisations, such as schools and local authorities. • Outsourced IT: The contracting of private sector suppliers to build and/ or manage public sector IT infrastructure and applications (software designed for non-technical users). Examples which it may look at include the building, running and maintenance of IT systems and applications for public sector organisations. Nisha Arora, OFT senior director of services, infrastructure and public markets, said, “Information and communications technology is vital for the efficient and cost effective delivery of today’s public services and for many aspects of public service reform. “When competition works well, it can help drive down costs, encourage innovation and ultimately ensure that the taxpayer | November-December 2013

gets the best value for money. We want to look further into this market to understand whether it is really serving its customers’ interests.” While the focus of the market study will be on the supply of ICT to the public sector, the OFT has said that it would also be interested in hearing about the experiences of private sector buyers of ICT in the two previously mentioned areas of the sector. The OFT will be engaging directly with relevant parties, including ICT suppliers, central and local government and other public sector organisations, trade bodies, academics, business organisations and others across the UK over the coming weeks. According to the OFT, ICT accounts for a significant proportion of total public sector expenditure, with an estimated £13.8 billion spent in 2011-12.The OFT aims to complete the market study and publish findings in March 2014.


VitAL’s 2014 Predictions

Looking back on 2013 As we draw near to the end of 2013, VitAL Magazine looks at some of the successful IT trends and discusses possible developments for 2014… year in the world of IT moves faster than any A other profession when you consider the numerous technological innovations reported throughout 2013. But

would we expect any less? It’s IT that leads the way and now sets the precedence in companies today. IT infrastructure is what nearly all companies are built upon today. Reflecting on the past 12 months, we’ve seen many different innovations in IT, ranging from the well-received advancements such as the steer towards wearable computing with the announcement of Google Glass and the rise in smart watches, to the not so welcomed innovations such as the talking window campaign, which proposed to transmit adverts via train windows so that the sound appears to “come from inside the user’s head” when passengers lean against them… However, an area of IT which its business benefits have already been widely recognised and deployed by thousands is cloud computing.

Cloud computing Cloud computing may not be new in terms of innovation, but it has become widely recognised and gained mass appeal from many corporate companies. The benefits of the cloud are vast; most notably from a price point as no additional hardware is necessary. In addition, as the data can be accessed anywhere in the world, this has enabled many companies to open offices around the world or expand at a reduced cost as employees can work from anywhere. This leads us on to BYOD. Although not all companies exercise a BYOD policy, we expect this to really take off next year, enabling many more employees to work from anywhere, anytime. Recently, Peter Groucutt, managing director of Databarracks, publically compared cloud computing to the Industrial Revolution. He said “Cloud computing […] has the potential to do for today’s businesses what the Industrial Revolution did for mass production. We live in a world where we now have the ability to scale memory, processing and storage at the touch of a button while only ever paying for the amount we use. We really are at the dawn of an exciting era: the era of utility computing.” In regards to the public cloud, many game consoles i.e Xbox

Cloud computing […] has the potential to do for today’s businesses what the Industrial Revolution did for mass production


and PlayStation have utilised cloud technology. This has simplified and allowed gamers to access and play games that are on previous consoles. It also allows players to communicate with other players, share data and play games online around the world. Cloud computing has still not won the votes of everyone, as security is a speed bump for many, especially SMEs, according to reports. But, hopefully, 2014 will address this issue.

The end of desk top computers? It was reported earlier this year that global PC sales have fallen for the fifth quarter in a row, making it the “longest duration of decline” in history. According to research firm, Gartner, worldwide PC shipments totalled 76 million units in the second quarter, a 10.9% drop from a year earlier. However, with this decline has come a rise in tablet devices. Gartner confirmed that the introduction of low-cost tablets had hurt PC sales, especially in emerging economies. Even Microsoft has launched a new tablet this year, Surface 2. We will see how well this fares against Apple’s iPad Air and iPad Mini 2.

2014 trends We believe that NFC (Near Field Communication) technology will take off next year. We already see this technology used for contactless payments, which is currently deployed in many high-end android handsets and, of course, London oyster cards and bank cards – there are approximately 32.5 million contactless-enabled cards in circulation in the UK and over 147,000 terminals in use. We expect NFC technology to be more adapted to everyday use, where various outlets i.e. retail stores, transportation will utilise this technology. It will hold personal information and could see the end of tangible identification passports and driving licences. We look forward to how this will evolve and benefit organisations. However, as with any new technological advancement, the issue of security arises. This year, the newspapers have been awash with news of all different types of cyber breaches and cyber-attacks. So, will next year see a decline in such incidents as businesses do more to protect themselves? Or, by contrast, will they rise as attacks become more sophisticated? We’ll see… | November-December 2013

VitAL’s 2014 Predictions

From Shanty Town to Shiny Town Cities are old news now that the advent of megacities is in full swing, but how will our metropolitan areas function in 20, 30 or 50 years’ time, and what technology will be required to support them? Interxion’s Ian McVey explores what lies ahead for the smart cities of the future. Can London reinvent itself for the digital age? hundred years ago, as highlighted by the Global O neHealth Observatory (GHO), two out of every 10

people lived in an urban area. Fast forward to 1990 and just under 40% of the global population lived in a city but, 2010 was a landmark year with more than half of all people living in an urban area.

With such a steep curve in recent years, how can we predict how this will change in another 20, 30 or 50 years?

Is London the next megacity? On 20th September 1777, Samuel Johnson is famed to have said “…when a man is tired of London, he is tired of life.” Fast-forward 233 years and business consulting firm, Frost and Sullivan predicted in a 2010 report, Urbanization Trends in


20201 that, by 2023, there will be 30 megacities worldwide. A megacity is defined as a continuous urban development of over 10 million people. London has the potential, according to Frost & Sullivan, to be categorised as a megacity and compete on a global scale with the likes of Tokyo, Mumbai and New York; famously light years ahead of the rest of the world. However, could London’s legacy infrastructure hold it back from realising its true potential? South Korea, for instance, is already the smart city poster boy; WiFi on the tube is common place and passengers can order their groceries between stops with the swipe of a smartphone. When you look to London’s tube, Wi-Fi is patchy at best. Ultimately, a reliable infrastructure and technology-focused approach are the vital foundations upon which a megacity will | November-December 2013

VitAL’s 2014 Predictions build itself, which could prove critical to a nation’s economy and GDP. Without the infrastructure or technology, the potential for GDP growth may be limited. Seoul, one of the globe’s most developed megacities, today contributes more than 50% to the GDP of South Korea; a scary yet impressive reminder of how technology can support the economy of an entire country.

A step in the smart direction The availability of Wi-Fi on certain London Underground stations is certainly a step in the right direction, and the way technology was used at the Olympics showed that, when executed correctly, it can have a huge impact on our daily lives. For example, being able to make more effective use of travel times using Wi-Fi should make working hours more flexible and redefine the borders of the traditional working day. The question of whether this can be extended to the entire Underground network and work effectively at peak times still hangs over the project. If people get used to being able to access the Internet en-route to and from the office, then the network will have to scale up to cope with traffic loads at rush hour. It’s fair to say that we are now on the brink of a reality entirely controlled, infiltrated and enhanced by technological conveniences. In the not too distant future will it be the norm to wake up, put on our Google Glass, send an order to our coffee machine for the morning espresso, and have our daily routes planned out via GPS to correlate with what’s been booked into our smartphone? All of these technologies are here now, and all it will take for them to become part of our daily lives is widespread adoption. However, as adoption increases so will the demands on our infrastructure to support it and we will need a lot more than Wi-Fi to be ahead of the curve. IT infrastructure will be the backbone of megacities, which are all about making smarter connections between devices and people. The telecommunications network through which this communication will flow needs to be resilient and efficient, and connectivity is a pre-requisite here – between citizens, the government and business.

What does the future look like? To lay the foundations of the smart London of the future, it’s crucial to forward architect – to think today about how different systems may need to interplay down the line. UK businesses are measuring their goals on a scale of 12 months to two years, whereas in Asia, for example, the culture is much longer term so businesses can be measured on a 20-year scale. Although it sounds contradictory, this approach actually allows for faster, accelerated growth. Our time horizons tend to be governed by short-term return, which means we are very good at thinking about what’s right in front of us, but less so at foreseeing the problems of tomorrow. If London is to compete as a megacity in the future, and remain competitive with those in emerging economies such as Mumbai and Guangzhou (it comes as no surprise that four of Frost & Sullivan’s megacities of the future are Chinese), then we need to be thinking about the infrastructure to support this growth now.

“Shanty towns” which rely on a great deal of legacy infrastructure provide a far greater task in changing, as opposed to the already shiny towns, or cities, so it’s worth looking as far ahead as possible to consider whether certain technology infrastructure is sustainable in the long run. This filters down into the enterprise too; an enterprise with legacy IT is harder to change. Therefore, the key for London becoming a megacity is ensuring that the planning is done right the first time, over a long horizon as opposed to “death by a thousand cuts”. Once the infrastructure is right, megacity status can be achieved – ultimately boosting GDP.

The Big Data backbone With extreme technological innovation comes the need for adaptation. Technology is developing so quickly now, it’s no longer an entire decade-long generation gap which is separating the digital natives from the digitally naive, but merely years. Photo sharing, for example, has been totally transformed in the space of just a few years. Back in 2008 you’d use a digital camera to take photos on holiday, and then email them to your friends and family once you got back home. Now in 2013, everyone has smartphones and can upload their photos directly to Facebook whilst sunbathing on the beach. It’s a stark contrast of how quickly technology develops and the impact it can have on our lives. What consumers might not be aware of is that whilst connectivity is key today, quietly in the background playing a fundamental role in facilitating the development of these megacities is Big Data. Despite being dubbed a “buzzword”, Big Data puts you in the driving seat and enables governments, businesses and consumers the opportunity to predict future demands, avoid disasters from occurring and even cure diseases. As well as this, it’s only thanks to Big Data that smart cities exist. Whilst this may seem far-fetched, technology has advanced to such levels that we can accurately mine millions of megabits of data in a matter of seconds and relay the findings back to the end user in real-time. We’re already seeing Big Data become a reality with previous ‘unrealistic’ technological ideas like virtual billboards and targeted advertising which offers consumers deals based on their actual preferences and current locations, in real-time. Police forces are also using historical data to identify crimes before they happen with a high degree of accuracy; and retailers are automatically stocking up on hats and suncream the week before the weather forecasts a heat wave. As we continue to generate more data, we expect organisations and consumers to tap into this information swell. In the future, every aspect of life will be influenced by data. Our phones will be our mobile wallets and passports at immigration; and our finger prints will be our keys and credit cards. Once upon a time we saw futuristic concepts like these in sci-fi films like Blade Runner and Minority Report, but these are increasingly becoming our reality. Making the shift from Shanty Town to Shiny Town will not be quick and easy but by embracing technology now, supported by Big Data, underpinned by a long term planning horizon, we can ensure that London is the future poster child of Shiny Town. A city in which Mr Johnson would never grow tired.

References available on request | November-December 2013


VitAL’s 2014 Predictions

#ThumbsUp to social media in the workplace As we come to the end of 2013, Phil Smith, channel director at Ipanema Technologies, looks at how this year has seen companies become more accepting of social media use in the workplace… media is everywhere, and an integral part of how S ocial we communicate. Unsurprisingly, it’s a trend which

has followed us into the workplace, but, in the past, CIOs have been quick to block employee access to social media applications. Yet, recent research suggests that they are now increasingly warming to it. So, what impact can wide-spread social media use have on the corporate network, and how will this likely change over the coming year?

Social media and IT networks Unless managed efficiently, social media applications have the potential to disrupt the flow of applications across the corporate network. If large numbers of employees are streaming videos on YouTube, or viewing photos on Facebook, this limits the bandwidth available for businesscritical applications, such as video-conference calls. If critical applications are failing to work smoothly, then productivity is naturally reduced (73% of organisations see that poor app. performance decreases productivity1). An easy way of mitigating the negative impact of social media has been to simply ban access to it within the workplace. However, recent research from Ipanema Technologies and Easynet (KillerApps 2013) suggests that CIOs and network managers are increasingly becoming more accepting of social media within the workplace.

CIOs embracing social media The research revealed that the number of CIOs prohibiting Facebook has dropped by 15% when compared to last year; and blocking of YouTube has fallen by 17% within the same period. In 2012, 56% of CIOs banned all online TV and video. In 2013, only 28% of CIOs have chosen to block access. As social media becomes more prevalent, businesses increasingly understand the benefits it brings. Sites like Twitter and Facebook have proved themselves useful corporate tools, as well as key methods of communication amongst individuals. Creating a blanket ban on social media is no longer the most efficient approach for businesses. The line between “home” and “work” is becoming progressively blurred. The majority of employees are expected to check their work emails at home, so it makes sense for them to also check their personal emails whilst at work. It’s a give-and-take relationship between businesses and employees, and there needs to be a degree of flexibility. The popularity of social media sites will not diminish, so instead CIOs will have to adapt their approach accordingly. As a result, companies today are changing the way they are managing their networks. By allowing certain applications to have priority over the network, businesses can ensure that important applications

will be guaranteed good performance. Those applications deemed less important (such as Facebook or YouTube), will be the first to experience poor performance if there is too much pressure upon the network. In this way, social media can have a presence within the workplace, without undermining or detracting from business performance.

The future of social media The rise of the smartphone has meant that social media apps are just a finger-swipe away from the majority of users. 60% of UK mobile phone users have a smartphone, and this number will only increase over the coming years. With so many of those users taking their phone into the workplace and using the company’s Wi-Fi networks to access the Internet, businesses will need to ensure they effectively control the flow of social media applications across the network. There will be a step away from implementing a blanket-ban on apps like Facebook, which will risk ire amongst employees, and instead a shift towards more openly managing the applications. So what will 2014 hold for CIOs and network managers? More vigilance over their networks, certainly. Social media use within the workplace will increase (whether sanctioned by the business or not), and this will put additional pressure upon other applications forced to share the same networks. If CIOs are to manage access to sites like YouTube and Twitter, they first need to prioritise the running of their networked applications, and have a much clearer idea of the pressure they place upon the corporate network. The future of social media in businesses is complex. Yet, it’s a trend which isn’t going anywhere. Therefore, companies must prepare accordingly.

Table showing the varying levels of ‘social application blocking’ across all markets surveyed Application Facebook YouTube Twitter All online TV/video Private email Linkedin

% block in 2013

% block in 2012

52% 43% 42%

67% 60% 50%



25% 21%

32% 18%

Change -15% -17% -8% -28% -7% +3%

References available on request

30 | November-December 2013

Lasting change. Starting now. Further your career with BCS business analysis certification Wherever you are in your BA journey, we’ll help you develop your capabilities and confirm your position as a vital catalyst for business change.

Š BCS, The Chartered Institute for IT, is the business name of The British Computer Society (Registered charity no. 292786) 2013


Visit us at the BCS stand

Cover Story

An “augmented” future for wearable computing Avishek Mukhopadhyay, from Mindtree, discusses the growing interest and market for wearable technology and how it will affect your business in the future… towards his head, futuristic cyborg Arnold P ointing Schwarzenegger says “I have a chip here which must

be destroyed” these were the closing scenes of the iconic movie Terminator II released almost a quarter of a century ago.Today, wearable computing or computer powered devices that can be worn by users (inside or outside the human body) are just coming into mainstream daily life and the future is beyond imagination. Mankind has been in the race to attach a computing device to his body from the advent of watches back in early 16th century to the invention of pacemakers in 20thcentury. Today’s wearables include watches, shoes, clothes and glasses but in the distant future, wearables might be embedded inside the human brain. Indeed, one of today’s leading thinkers has already predicted that in 40 years’ time human beings will have the ability to download their brain’s data into a computer and it will be transferred using an embedded chip inside the brain.

expected rise in shipment numbers of wearable devices, but all of them agree that the rise is going to be phenomenal. ABI Research1 pegs the estimated wearable shipment to be at 485 million devices by the year 2018. To give one a perspective that is almost equal to the combined number of PCs and tablets shipped across the globe in 2012.2 Even today, though it is early days for this industry, we are already seeing venture capitalists and PE investors betting big money in this area. Fitbit, for example, which makes digital fitness trackers and health devices, recently raised $43 million3 of financing

Why is the wearable market so exciting? It is no coincidence that the biggest brands in our modern day world i.e. Apple, Google and Samsung are all in the race to capture consumer imagination in the wearable computing market. Gartner’s hype cycle for emerging technologies has placed wearable interfaces at the peak of the cycle along with other exciting areas like 3D printing and Gamification. The last few years have seen wearable computing move out of the realm of military research and high tech medical laboratories into the home of the ordinary consumer. In a few years from now, wearable computing could make our life as interesting as depicted in some sci-fi movies like Minority Report and Iron Man. The Wearables market as a whole is expected to witness a massive surge after the launch of Google Glass next year. Analysts are still grappling over the

32 | November-December 2013

Cover Story in August and a month later Jawbone, which creates fitness wristbands, was able to raise a second round of funding to the tune of $113 million.

Wearable market today The wearable computing phenomena has already started but what we are seeing today is version 1.0 of this space. One of today’s leading wearable devices is the Pebble, which is an early version of the smart watch and this can communicate with smart phones and comes with preinstalled applications. Other notable devices in the market today are Jawbone Up, Fitbit and Nike Fuel band, these devices have created ripples in the consumer market and millions of them have been sold over the last couple of years. Most of these target the fitness and health segments and have been extremely successful in being able to read body movements like pulse, sleeping patterns, blood pressure and the number of steps run and then transmit the data from the wearable device to a smart phone or laptop. The applications used by these wearables also have a strong social networking aspect to them which helps them thrive in the social media community. Another interesting development, which most of these wearables are doing, is exposing a set of device application programming interfaces (APIs) to the developer ecosystem at large. Innovative developers across the world can access these APIs and build a host of applications on top – in effect building a social ecosystem surrounding these devices. Battery life, bulkability and connectivity are some of the shortcomings faced by the wearables of today while a few of them also struggle to withstand the physical stresses of withstanding a fall, getting wet, being stretched, bent or undergoing big temperature changes. The larger, strategic disadvantages, of first generation wearables lies in the lack of devices being able to talk to each other in a seamless fashion. Today’s wearable devices do not communicate well with other electronic devices apart from the smartphone, although there are a whole host of devices like the car, television, refrigerator, washing machines and ATM which can potentially start talking to these wearable devices. This is an emerging area which some experts also call the “Internet of Things”. Once these communications channels are open, then wearables will find themselves in a much larger scope of things which occupy our daily life like security, automobiles, electronics and consumer durables. Some of the devices which are soon going to be launched will have the ability to open a house door, unlock a laptop, start a car and authenticate entry to a secured place like an office.

Wearable computing 2.0: Post launch of Google Glass With the official launch of Google Glass sometime in the next year, wearable computing industry is expected to move into a new level and enter mainstream life in a much larger way. Google Glass will be a transformational wearable because it will leverage the device within the existing ecosystem which Google already has around our lives in areas on search, advertising, video, chat and social networking.

In 40 years’ time human beings will have the ability to download their brain’s data into a computer and it will be transferred using an embedded chip inside the brain The ability of the Glass to communicate with each other in a seamless manner will be a potent force, which will have the power to disrupt many industries and force them to relook at their existing business models. Indeed, any industry which sells content today can be potentially be disrupted by the Glass. Take digital content like cinema, a paid TV channel or a newspaper on an iPad. If I am watching it wearing my Glass and switch on the sharing button then potentially 400 of my friends, scattered across the globe, can start reading the same content and in all likelihood most of them will not have paid for the content. One can argue that piracy laws will protect content owners from such situations, but if the Glass becomes mainstream and millions start having one of them it will be practically impossible to control these situations. The same threat applies for live content like sports, theatre or a concert. Another area which Google Glass is likely to expand into is in the field of augmented reality. Augmented reality is a mix of the real and virtual world where virtual data or images are placed over a real world view to get accurate and timely information. The full potential of augmented reality apps have not yet been realised today, because the user has to use augmented reality apps by leveraging smart phones. It’s a cumbersome task to take the phone out of one’s pocket and point it towards the road to see the nearest ATM or restaurant! However, with Glass these applications will have another meaning because everything which you view from the Glass can potentially be integrated with a virtual world. It is exciting to even imagine the kind of possibilities it can create. For example, imagine seeing a plot of barren land and in a second you can see the image of your dream house (virtual off course) standing on top of it or; you enter your house and see a new sofa in your living room which allows you to assess how it fits in with your other furniture.

Wearable computing of future Analyst and experts believe that, with time, wearables will start becoming less conspicuous and smaller. They will take power from the human body like heat, and will take the shape of a shirt button, pin or be even smaller. These devices might start talking to chips or microcomputers embedded inside us which will have a huge number of potential applications in medical field. Eventually wearables can turn our society into an army of cyborgs which has been imagined and depicted many times over by some popular Hollywood movies. We are living in tremendously exciting times and will be able to follow the development of this space which could eventually lead us to store our brain’s data and share it with others.

References available on request | November-December 2013


VitAL Opinion

Are CIOs now “outsourcing managers”? In less than 20 years, the CIO has gone from a one-person technology oracle to an outsourcing manager, who must handle vitally important strategic partnerships. Scott Goodwin, CEO of weavesys, argues this position makes them more important than ever, but they need to be prepared…

stablished less than 20 years ago, the role of CIO was E created to ensure a CEO’s technology vision would be optimised and delivered. But in the last few years, these best intentions have produced the opposite effect.

Despite envious investment profiles compared to other departments, IT has not delivered the efficiencies or business transformation promised. In fact, about 70% of all IT-related projects fail to deliver the desired benefits they had set out to achieve.1 Perhaps this is why high profile CIOs have left their positions halfway through projects in the last decade.The Royal Mail, BT Design, Unilever, Network Rail, Habitat and the London Stock Exchange have all experienced this.2 CIOs have been expected to deliver a company’s IT vision, but ended up fire fighting due to no fault of their own.This is because as businesses grow they make acquisitions, which require constant work to integrate. Ironically, the more successful the business, the more acquisitions are made and the more time and resources are required just to keep everything functioning. In the fastest growing organisations, CIOs have been left running just to stand still.

Telecoms industry Having worked in the telecoms industry for over 25 years, nowhere has this been more apparent than in our sector where mergers and acquisitions are the norm. More than ever, if a telco wants to create a new service or product, rather than delivering on budget and on time, the CIO is often unfairly seen as a barrier. By way of example, if a service provider plans to launch a new mobile service to complement its VoIP and broadband offering, it will require bespoke technology, integration with existing provisioning and billing systems, and a huge amount more.That takes time and money to achieve, but is fraught with challenges and needs to be balanced with existing demands on the CIO. As a result, by the time the project comes to fruition, it’s often too late for the business to gain a lead on its competitors. Equally, if an enterprise wants to introduce a new telecoms systems in-house, the path to success presents the same obstacles. Creating the technology and information infrastructure without external support is just too costly and cumbersome for the CIO to deliver effectively – especially in those fast-growing firms that are struggling with the influx of new systems and technologies that often sit in silos.

Advent of the cloud This has led to the advent of cloud and outsourced services that enable businesses to satisfy many IT requirements on demand. Knowing that their role is a tough one, CIOs have jumped at the chance to embrace these offerings. Nearly two-thirds (59%) suggest that enabling alignment business and IT strategies using cloud infrastructure is their

number one priority3.This is precisely because 53% say that launching new services and applications more quickly is a key request they receive from business units.4 With these services, CIOs have been able to make the most of their network and technologies. In the telecoms world, for example, they can open call centres at the signing of a contract, implement mobile working policies and technology in days, and offer unified communications over night. All thanks to the cloud. The impact is that the role of the CIO has transformed from leading and implementing a technology vision single-handed to managing outsourced contracts, which is arguably their saving grace.They can deliver a technology vision and add real value to the board. But doing so takes skill.The key lies in accepting the new reality and then implementing strict supplier governance.Throughout the financial crisis this has often meant beating suppliers down on cost. But this comes at a price. Forrester Research has found that endless focus on a cost-based procurement model has left companies with rock bottom prices, but poor delivery and execution track records5. Arguably, this leaves the CIO in as tough a place as they would be trying to deliver projects themselves.

A focus on business outcomes The answer, according to Forrester, is for IT leaders to avoid a centralised procurement process and focus on business outcomes, and then build a service that meets those needs rather than a rock-bottom price.They need to ensure they’re managing a portfolio of services that clearly drives value for the CEO. If they don’t, they will become marginalised. For CIOs in the telecoms space, this means looking for partners who offer real business value. Enterprises with new communications needs will require service providers that allow them to communicate effectively, efficiently, economically and securely with their staff, clients and suppliers – not just cheaply. In turn, the service provider needs partners that can make it simple and quick to create, tailor and sell new communications products and services. Only by doing so will the CIOs of both types of organisation retain their position as someone who can add real value to the entire ecosystem. In essence, the challenge faced by CIOs is one where specialist consultancies and third parties can do their job quicker and better than the CIO themselves.This is a huge shift – and one that completely undermines the CIO’s original role. But with the right approach to partnerships, CIOs can fulfil the demands of the business better than ever before. In doing so, they need to embrace cloud services and work with providers as an extension of their team.Trying to carry on unaided by third parties is no longer an option.

References available on request

34 | November-December 2013

VitAL Processes

Support for County Council certainly worked Keith Hattee, change and development manager at Warwickshire County Council, explains to Sophie-Marie Odum how Hornbill helped the Council amalgamate the IT services of its schools users into the wider IT infrastructure to ensure all users experience consistent levels of IT services and to minimise user disruption... a UK public sector organisation,Warwickshire County A sCouncil provides vital services to 530,000 inhabitants.

These services include education, environmental services, road maintenance, libraries, and other leisure facilities and social care.The council has 5,000 IT users spread across the county and its various services, from workers in the councils’ main offices to library staff and mobile workers, such as health visitors.The council also supports a further 8,000 users in the county’s schools.

Warwickshire has a core ITSM team of 20 staff and an additional 200 IT staff, and it has been using Hornbill’s Supportworks ITSM Enterprise platform and solution since 2008. But, since the start of 2011, Warwickshire has steadily updated its Configuration Management DataBase (CMDB), in order to better assess any changes made to its IT infrastructure and the impact this has on end users. As schools within the county operate on a different set of applications and infrastructure than the wider council network, and sit within their own IT department, Warwickshire also decided to amalgamate the IT services of its schools users into its wider IT infrastructure, with the help of Supportworks. Keith Hattee, Warwickshire’s change and development manager, explained “Back in 2008, we wanted to standardise our IT services for our end-users in all environments but the toolset we were using wasn’t suitable. So we looked at the alternative and that is when we came across Supportworks. Following on from that, in 2011, we needed to bring our two IT services together – the one supporting schools and the other which supports corporate customers – under the umbrella of one service desk. “The schools had been looking at alternative toolsets because they also wanted to join this service management journey and decided that Supportworks was the toolset for them too. It was positive that both sets wanted the same product, and we were able to bring the two together. Some modifications were needed within the toolset to ensure it was able to cope with both sets and by doing so, we saw many benefits, including the reduction in resources, all whilst providing a better service.”

Overcoming complexities Warwickshire now has tighter management of its CMDB and can more easily monitor and predict the impact of any changes


to the IT infrastructure, allowing it to better plan for IT projects and ensure that those projects cause the absolute minimum amount of disruption for users. Integrated with Warwickshire’s CMDB, the updated change management functionality allows Warwickshire to review and plan for changes to its IT infrastructure more effectively. It can associate every action taken and issue reported with the relevant hardware and software assets; the IT procedures that those assets influence; and the specific business services affected. The Council can therefore identify exactly where, when and how the actions it takes are affecting end users; reducing worker downtime on IT projects and eliminating lost productivity on each project. Keith said, “For the corporate side, we’ve been able to look at how we provide services from the user point-of-view all the way to the tools and software we use and what servers and infrastructure are behind those. All these are map-related to one another from end to end, so if there is any type of fault, we know which services will be impacted. Equally, if there are any changes needed to the infrastructure, we know who we need to tell and what services may be impacted by doing so.” The separation of school and council IT users added extra complexity to Warwickshire’s IT services. But, by using Supportworks to manage the transferral of IT services to a single unified IT department, Warwickshire has been able to streamline its IT service management, as well as provide full capabilities such as self-service to over 13,000 IT users. “The other thing we have in place for both sets of customers is a self-service facility,” explained Keith. “End users can log calls themselves via a web interface, and they can track those calls so they can see what’s happening and who’s dealing with it. This allows them to keep updated or see updates from the service desk staff or support staff that are involved with their query. “We are looking to improve this even further in the future through a Service Catalogue. We are publishing the service and defining it more to the actual individual services, such as what information might be useful to get from our customers to enable us to provide a better service. So an example might be what we are currently working on which is mobile telephony. “People who go abroad might want their call barring lifted. There are specific questions that our staff need to get from the customer, which might be missed in a phone call, but we can actually produce a form in front of the customer and ask them for information upfront, saving a lot of to-ing and fro-ing that | November-December 2013

HP Service Manager HP’s next generation IT service management solution Proven ITSM software, that works harder than the competition at an affordable price

For a free ROI report, contact us now on 0845 619 3111 – ask to speak with John Brookes or email us:

w w w. w m p r o m u s . c o m

VitAL Processes

can happen between telephone calls. We can put a work flow behind that and we know exactly what information we’ve asked for; what should be coming through; and what needs to be done with it so we can assign it directly to the correct team. We’ve taken a little bit of effort out of the service desk, and we’re streamlining the process of getting things done for their customers and reducing time scales. “On the calls that are put thorough the system, we send surveys out to a set number of calls to find out if people are happy, and currently about 95% of our customers are satisfied with the service. It’s a bit of a challenge for the more traditional customers who like a telephone chat with a person as, in the future, we want to drive as much as we can through the self-service to reduce the workload on IT staff and to also improve the speed of problem resolution for customers. It’s certainly something that we are looking to expand. “

Foreseeing issues Since the change management functionality automatically logs all changes directly to the CMDB, rather than having to manually log them through the IT support desk as previously, Warwickshire can analyse the effect on IT and business services much more quickly. Consequently, Warwickshire has been able to plan and complete IT projects such as upgrading of desktop computers to Windows 7; email replacement with Google; and the merger of the schools’ IT support desk with the rest of Warwickshire’s ITSM team.

updated on our system so the service desk can see if a call comes through from the person using that PC. “We also tie projects in to our support system so that our frontline staff are aware of who has been involved in a particular project recently, for example the upgrading to Windows 7, which may point to where the issue is, and this speeds up the process. “We also log all the calls against that project too, then view this at the end so that we can see which project generated the most calls and look into what issues were caused. We can then feed this into the next project and look at our training, for example, which will help with service improvements in the future.”

10% reduction in calls to the support desk Since 2008, 15% of calls are now routed through the Supportworks Self Service module, allowing users to log calls and check the progress of their issues independently. As a result, since the recent upgrade, calls to the support desk have dropped by 10% and the percentage of requests within SLA targets have been increased to around 95%.

“In regards to the Windows 7 upgrade, because we have an understanding of our infrastructure and the end-to-end service, when a machine is upgraded to Windows 7, it is

“When planning an IT project, it’s vital that essential, business critical services aren’t disrupted,” concluded Keith. “Having the ability to quickly record and analyse the effects of even the smallest changes to any part of infrastructure allows us to better understand and, where necessary, advise end users of any impact to their working day. Moreover, we are now in a better position to improve the quality and value of IT services without leaving our users behind.

We send surveys out to a set number of calls to find out if people are happy, and currently about 95% of our customers are satisfied with the service

“Projects such as bringing the schools IT support desk into the Supportworks fold and upgrading to Windows 7 can be a huge drain on an organisation in terms of time, money and disruption to on-going activities. As a result, it can be too easy for standards of IT service to slip. By using Supportworks to monitor these projects in line with ITIL best practice, we can guarantee that all public services in Warwickshire are receiving the same level of high quality support and services.”

38 | November-December 2013

VitAL Processes

Technology drives doorstep delivery services David Upton, managing director at DA Systems, looks at how the so-called Google Shopping Express service demonstrates a logistical diversification strategy… you heard the one about same-day couriers, H ave driverless cars and robo taxis? It’s all about the (Google) tech. Whatever’s next? Flying cars? (Well perhaps automated drones are the future of deliveries, but that’s another story).

Online retailing in the UK is set to reach a total sales value of £87bn in 2013, a 12% year-on-year growth, according to researchers IMRG Capgemini. As e-commerce matures and customer demand mushrooms, same-day delivery services will become more commonplace and are likely to become more cost-effective as competition grows. Increasing numbers of courier companies are now entering the same-day delivery market. And established courier companies are diversifying with new collections services. YodelDirect, for example, has just announced that for the first time it will collect from homes and individuals rather than just businesses. Courier companies either compete on price, or by offering a more exclusive service than their rivals – perhaps by providing very accurate delivery time windows or a luxury, ‘branded’ service to match the goods being delivered.

“Get it now” Regardless of the courier company’s individual business model, the key ingredient for a profitable same-day delivery or collections service is technology. As Google excels at exploiting this, the company’s anticipated move into this market is less surprising than it first appeared. In fact many brands are looking at the “get it now” attitude, including eBay that offers a same-day delivery service with a one-hour window in selected cities in the US. Offering a same-day delivery option is essential for any e-commerce company/retailer, and having this level of convenience is helping to make e-commerce more mainstream. One key driver behind the consumer demand for such fast delivery services is the rise of m-commerce. If you can buy goods anywhere on the go it becomes a natural expectation to have them delivered almost immediately too. Reports of Google’s strategy were originally published earlier this year and it is now expanding operations in the US, so look out for announcements in Europe in the near future. Maybe. Given the USA has over 39 times as much land as the UK, and its population density is over seven times lower, this means the average distance that goods have to travel are far greater. If they can make it work in the US, then surely there’s a great business case for the UK.

perceived or not. However you look at it, Google will soon “own” the complete ecommerce buying process, from search and browsing, through checkout and payment to fulfilment, and final delivery to your doorstep. Same-day delivery also opens the door to selling advertising and other technology to retailers, and building a loyal following of consumers who see Google or eBay as their daily shopping destination. It seems the so-called Google Shopping Express service is not only perfectly viable, but demonstrates a logistical diversification strategy focussed on technology and data. Technology underpins a profitable same-day courier service – from the courier logistics side right through to the communication with the consumer. You need real-time data feeds to manage the doorstep interface and real-time integration between retailers and delivery agents to make it work. Of course Google is already ahead of its e-commerce rivals with mapping technology – something that most courier and delivery companies use anyway. In addition, Google can now merge online and offline data. A delivery service provides Google with the ability to merge offline consumer data with the comprehensive data it already captures about consumer behaviour online. Consumers can expect more targeted product advertising and relevant communications in future.

Subscription-based delivery programme So how do you fund a same-day delivery service? The rationale behind Google’s business model seems sound – a subscription-based delivery programme – directly aimed at Amazon’s Prime Service, but for slightly less. In growing their respective same-day delivery programs, it has become a fierce race between the US tech giants. By linking this with existing Google technology, that of driverless cars, and the predicted “connected car” future, does this mean we will have driverless couriers in a fully automated process? More recently, it’s been reported that Google is planning robo-taxis, so don’t dismiss the idea immediately. Separately to Google, a network of automated drones could feasibly be delivering your small packages, but it remains to be seen if this idea will “take off ”. It’s certainly exciting times for doorstep deliveries – increased competition, diversification, better and faster customer service, new opportunities for e-commerce brands and interesting predictions for an automated future – all “driven” by technology, in a quite literal sense.

The complete buying process Google’s broad growth strategy means the brand touches many parts of our business and home lives, and it as adept at applying the technology to specific problems, whether

40 | November-December 2013

National Software Testing Conference


Coming May 2014. . .

• Two-day event • UK-based with a European reach • Speakers include winners and finalists from The European Software Testing Awards (TESTA) • High profile round-table debate sessions • A leading exhibition showcasing the latest products and services • Supported by the industry leading journal, TEST Magazine • Taking place in May 2014 • Multiple streams covering an array of testing subjects

Headline Sponsor

w w w . s oft w a re t es t i ng c o nfe re n c e . c o m

VitAL Processes

The future of ITAM is SLO A recent survey of CIO priorities showed that their leading business priorities were increasing efficiency and reducing costs, but with many organisations using legacy tools for license management this priority can sometimes seem only a pipe dream, according to Certero… research shows that Software License G artner Optimisation (SLO) tools can help organisations to

“gain better visibility into their license risk and exposure, information not provided from IT Asset Management (ITAM) tools”1. Due to the increasingly complex vendor licensing rules and models for delivery such as virtualisation, cloud and SaaS, organisations are seeking solutions which simplify the management of software from purchase to retirement. Yet, most ITAM tools lack the critical functionality needed for license management. So why is it that these traditional tools are failing to protect organisations from unexpected liabilities?

Licence to bill ITAM tools provide the discovery and inventory information on what assets they have; where they are; who is using them; the services they support; what they cost; and how they are configured. But all too often they fail to provide the functionality to match installations to licence entitlements – therefore missing a key step in the licence management process.


Without the ability to store licence documents, link purchases to deployments and provide information for contract renewals then there is an opaque licensing picture, a black hole in any compliance position. But, there are still many challenges in getting an accurate and complete inventory. This is especially true due to the growing use of technologies such as application or desktop virtualisation, organisations enabling employees to use their personal devices (BYOD) and heterogeneous, cloud or virtualised datacentre environments.

Cloudy with a chance of virtualisation There has been a huge focus on server virtualisation in recent years, with businesses consolidating their servers to reduce the hardware needed to run the software the business needs. Companies have also seen that virtualisation helps to realise further cost savings through the reduction of the physical space that a company needs for its servers and data centre and the streamlining of software licensing procurement. Undoubtedly, the virtualisation model presents a credible solution to many of the IT cost reduction challenges, but many | November-December 2013

VitAL Processes

Without the ability to store licence documents, link purchases to deployments and provide information for contract renewals then there is an opaque licensing picture, a black hole in any compliance position organisations overlook the licensing implications that are not found in a traditional PC and server environment.

to track and often more expensive to procure if not centrally managed.

Software licensing can be a complex area due to the fact that software is licensed and not owned, and it is a complexity that is compounded in a virtualised environment, where there is an increased probability that organisations will violate their existing licence agreements. Such violations are not taken lightly by software publishers, and could prove very costly. With such an uptake in server virtualisation and now desktop virtualisation, the size and frequency of large fines being issued for breaching license terms and conditions, are set to rise.

Organisations need to work closely with their IT teams to manage the contracts, usage, and price of their software assets if they want to not only minimise risks but costs to their bottom line in the process.

Virtual Desktop Infrastructure (VDI) can also reduce the administrative and management headaches introduced by user owned devices in the enterprise.The VDI model puts a user’s desktop operating system, applications and data on a virtual machine. But the consumerisation of IT brings its own challenges: User-owned devices are not licensed under any existing Enterprise Agreements (EA) and the user or device is licensable for each application being accessed. For example, access to an Exchange Server for email requires that the user or device is licensed with an Exchange CAL and a windows CAL.

Automate and innovate To keep up with this rapidly changing environment, it is essential to invest in technology which automates the software and hardware inventory and critically, license management processes. This helps to reduce excessive overheads with manual inventories and critically improves accuracy of data. Furthermore, automated toolsets reconcile inventory data with licenses bought to ensure risk management by pinpointing the location of any unlicensed software to drive SLO outcomes. Regardless of what toolset is being used, above all, greatest importance must be placed on the accuracy of the data it provides. It must cover the entire IT estate from PCs and Macs to Linux and servers. The primary question organisations must address is if their existing ITAM/Software Asset Management (SAM) solution is able to manage all software applications – be it Microsoft’s Office 365, Oracle E-Business Suite, Adobe Creative Cloud and so on. If this is not the case, the underlying data is liable to errors casting a large black shadow over licence compliance.

Fit for the future

When it comes to SLO, the success of the SLO tool is premised on the inventory data so by ensuring that this is accurate, the outcomes will be more reliable. For many organisations, the tools currently used to manage software licensing may be outmoded or inadequate for the task. If there is an existing ITAM repository tool or configuration management database (CMDB) in place, ensure that outof-the-box integrations are available with the SLO tool. But, critically, today’s SLO tools must be built for the future, so selecting a tool based upon its ability to support licensing models across the software portfolio, not just the vendors that are problems today will provide a solution that is dependable in the long term. SLO solutions need to provide several benefits which can help organisations to streamline processes from software procurement to retirement: •  Ability to harvest unused or unnecessary licenses and dynamically report on who is using what software, when, for how long and on which device.  •  To ensure software is only used in line with the T’s and C’s i.e. only used on named devices or by named users.   •  Understanding software product use rights i.e. 2nd use, development, test and training rights. Those functions, if performed well, will give businesses and IT leaders a clear snapshot of their current licensing position at any given time, to ensure that the organisation buys only what it needs and uses what it has. Of course, the best remedy is having an understanding of what optimised licence management means to the organisation. Like most strategic initiatives, gaining control over the software estate requires people, processes and technology. Beyond the use of SLO solutions, training IT staff in best practice licence management will not only reduce the risk of costly true up fees, but will also allow them to realise significant savings on software going forward. This allows businesses to free up valuable resources for business critical priorities.

As a company evolves and grows, it uses more types of software in greater volume, making licences increasingly hard References 1. Gartner Report: Software License Optimisation Vendor Overview, 2012. | November-December 2013


VitAL Security

PCI DSS 3.0: How effective will it be? Michael Aminzade, director of delivery for EMEA and APAC at Trustwave, speaks to Sophie-Marie Odum about the upcoming PCI DSS 3.0 compliance standards, which will be introduced this month... month welcomes an update to the PCI DSS T his(Payment Card Industry Data Security Standard).

The PCI DSS 3.0 compliance standards’ proposed updates are based on feedback from the industry since the last implementation of PCI in 2010. The standards evolve every three years, and this latest edition includes a “Business as Usual” section, which aims to help senior level executives understand obligations regarding negligence and duty of care.

Since the first cycle, companies have been filtering the standards into their compliance assessments. Back in 2010, companies completed a gap analysis, looking at the standards that they were complying with in comparison to the PCI DSS 2.0. Then in year two, they began implementing the standard and provided feedback to the PCI committee for changes and updates. Now, all this feedback and updates have been put into the creation of this upcoming standard. However, PCI compliance has been an issue. The general manager of the PCI Security Standards Council recently said


that the implementation and maintenance by businesses has been the biggest stumbling block in achieving PCI compliance. Michael Aminzade, director of delivery for EMEA and APAC at Trustwave, agrees. He said, “I agree that the biggest challenge we see is organisations taking the standard and then actually implementing and also maintaining it. “I think that the standard has lots of good changes and includes a ‘Business as Usual’ section, which informs senior level executives that PCI compliance is not a project, but needs to be part of the business culture, ethics and business as usual programme. “Senior level executives will now understand their obligations regarding negligence and duty of care. So if a company is non-compliant of the standard, and it ends up in a legal case, whereas before there was a gap between it being a technical standard and a business standard, this ‘Business as Usual’ section, and the guidance provided against each of the requirements, actually bridges that gap. “The standards enable the legal system to demonstrate that if a company hasn’t implemented a ‘Business as Usual’ | November-December 2013

VitAL Security

I think that the standard has lots of good changes and includes a ‘Business as Usual’ section, which informs senior level executives that PCI compliance is not a project, but needs to be part of the business culture, ethics and business as usual programme compliance programme, or if they’re are not complying with the standard or a requirement in the way it was intended, they will now be liable under duty of care and negligence because that guidance was issued.”

Risk assessments

“The changes that will come in 3.0 will move towards the risk-based model and specify the intent behind the requirement. I do believe we are moving in the direction, but I still see an area of concern. I would like to see the PCI committee issue a guidance document with more detailed levels of guidance regarding the risk assessment.”

The standards currently state that one risk assessment must be done annually, but as organisations and technologies change so rapidly, this needs to be increased, argues Michael. To better help businesses implement and understand PCI compliance and data security, Michael believes that PCI DSS 3.0 needs more of an emphasis on risk assessment as there is not enough detail on who can sign this off, as well as in-depth guidance on the frameworks.

So how can the standards fur ther benefit companies? Michael would like the standards to address three major concerns, in regards to the risk assesment section, that, if factored in, would greatly improve the standards. He explained that the standards should:

“The area of concern I have is the fact that even though the standards will reference risk management that must be met, the standard does not enforce companies to adopt one of them so I see concern in the risk management section of the standard,” he said.

1. Require companies to comply with an industry standard framework and specify which framework they are complying with and with which methodology. 2. Specify that the framework and methodology should have the appropriate, cer tified personnel at the correct levels of the business.

“I am also concerned that the standards haven’t specified that the risk assessments need to be completed by an industrycertified professional. In addition, the level within an organisation that the risk assessment should actually be reported to is not specified either. So even though they have made good changes in some areas of the standard, I still see that the risk assessment area of the standard is very weak, in my opinion. “I am a big believer and supporter of a risk-based approach to PCI and deploying the standard in a risk model, but the one element I see at the moment is that companies are doing it on the PCI DSS risk-based model rather than looking at the standard and the environment as an organisation, and deciding on the correct model for the organisation.” In short, moving to a risk-based model would help organisations understand and identify areas of compliance and data protection that may need improvement, as opposed to the more prescriptive standards model currently in use. “For example, it says ‘if you don’t need the data, don’t store it, but ‘if you do need it, store it encrypted’. Now, at a very high level, that sounds perfect, but when we look at certain organisations and the security methodologies that they are working towards and certain risk management that they have, removing the data might not necessarily be the first thing that they need to do if they are a security-mature organisation,” explained Michael. “I see that the risk-based approach works for merchants that are a level 3, or level 2, aiming for a level 1, for example, and, yes, this is a sensible approach, but those with a security-rich posture, the risk-based approach should be reviewed against that organisation’s environment. I think that as soon as this change happens and the standards move to a risk-based standard rather than a control standard, we’ll get more and more adoption. | November-December 2013

3. Define the reporting lines to management who are actually accountable for those risks and are liable at a business level.

New age technology As mobile devices are replacing POS devices in some stores, should the guidance also be extended to include mobile endpoints, or is there need for separate mobile data security standards? “From our own research, we found that mobile malware went up by 400%, which is huge challenge in the industry,” said Michael. “Mobiles are open to many third-party developers, who organisations have no control over, nor do they understand what the true intent behind the application is. In addition, it’s a very complex system which companies are then expected to use as a POS and put sensitive company and payment data through it. There are huge challenges inside this area. “All of the malware we have seen, we can put down to six organised crime groups who are trying to retrieve personal data. Yes there is mobile security guidance issued by the PCI committee, but what I would like to see is that data developed into mobile data security standards that organisations could become compliant to. “Are we as an industry, able to issue that data security standard for mobile at this moment in time? No. I believe we are a little while away from being able to issue an actual standard that people can comply with and be assessed against, so this remains a huge area of concern.” As more and more mobile devices are used as POS systems in the future, the issue of security remains unresolved and will become increasingly widespread. It’s therefore hoped that this issue is addressed sooner rather than later.


VitAL Security

Four approaches to DDoS protection Sean Leach, Vice President Technology,Verisign, addresses the four types of protection against DDoS attacks, which, in its most complex form, can negatively affect your customers’ online experience and your brand identity…

about DDoS quite often these days. It’s a topic I speak everyone wants to know about and yet, so few people

know much about it. It’s one of those topics where good information is not readily available, and I would like to fix some of that by addressing the four types of protection against a DDoS. As a quick refresher – a DDoS attack is a method an attacker uses to deny access for legitimate users of an online service. This service could be a bank website, e-commerce site, SaaS application, or any other type of network service (some attacks even target the VoIP infrastructure). An attacker uses a non-trivial amount of computing resources (either that they have built themselves or, more commonly, by compromising vulnerable PC’s around the world) to send “bogus” traffic to a site. If the attacker sends enough traffic, legitimate users of a site can’t be serviced (i.e. if a bank website can handle 10 people a second clicking the “Login” button, an attacker only


has to send 10 fake requests per second to make it so no legitimate users can login). There are a multitude of reasons someone might want to shut a site down: extortion, activism, competitive brand damage, and just plain old boredom! DDoS attacks vary in both sophistication and size. An attacker can make a “fake” request look like random garbage on the network, or, more troublesome, make the attack traffic look exactly like a real user of the site. In addition, if the attacker has enough computing resources at their disposal, they can direct enough traffic to overwhelm the target’s bandwidth. The simplest types of attacks are Layer 3 and 4 attacks (IP and UDP/TCP in the OSI stack). These simply flood the network and servers so that they can no longer process legitimate network traffic because the attacks have saturated the network connectivity of the target. A more complex Layer 7 attack “simulates” a real user trying to use a web application, i.e searching for content on the site, or clicking the “add to cart” button, etc. | November-December 2013

VitAL Security

DDoS attacks vary in both sophistication and size. An attacker can make a “fake” request look like random garbage on the network, or, more troublesome, make the attack traffic look exactly like a real user of the site Enterprises and providers of web applications naturally want to protect themselves and their customers from these types of attacks. Currently, there are four main types of “protection” from DDoS attacks, which are: • • • •

Do it yourself Specialised on-premises equipment Using your Internet Service Provider (ISP) Using a specialised cloud DDoS mitigation provider

Do it yourself This is the simplest and least effective method. Generally someone writes some Python scripts that try to filter out the bad traffic, or an enterprise will try and use their existing firewall. But, it is worth noting that firewalls are not built to withstand a DDoS attack. This will protect you from only the smallest and most trivial attack. Back in the early 2000s, when attacks were pretty simple, this could work. But these days, attacks are far too large and complex for this type of protection. A firewall will melt quite quickly under the load of even a trivial attack.

Specialised on-premises equipment
 This is similar to “doing it yourself ” in that an enterprise is doing all the work to stop the attack, but instead of the enterprise relying on some scripts or an existing firewall, they will purchase and deploy dedicated DDoS mitigation appliances in their data centre. These are specialised hardware that sit in an enterprise’s data centre in front of their normal servers and routers, and are specifically built to detect and filter the malicious traffic. However, there are some fundamental problems with these devices: 1. T  hese are very expensive CAPEX purchases that may not do anything until you get attacked. Not only that, you need very skilled network and security engineers to work these devices (there is no magic “mitigate DDoS” button) 2. T  hey must be constantly updated by your operations team to keep up-to-date with the latest threats. DDoS tactics change almost daily – it’s amazing how skilled the attacks can be. 3. T  hey can’t handle volumetric attacks. Remember that large attack I mentioned? Do you have that much bandwidth coming into your data centre? Didn’t think so – therefore, these hardware appliances are not any good when the attack exceeds your network capacity.

Internet Service Provider (ISP) Some enterprises use their ISP (the same network provider they get their bandwidth from) to provide DDoS mitigation. These ISP’s definitely have more bandwidth than an enterprise would have, which can help with the large volumetric attacks, but there are three key problems with these services too:


1. L ack of core competency: ISP’s are in the business of selling bandwidth; they don’t always invest the required capital and resources to stay ahead of the latest DDoS threats. It can become a cost centre to them – something they have to provide, so they do it as cheaply as possible. However, in the DDoS mitigation game, you have to constantly be on your toes, researching the latest threats, developing countermeasures, etc. This is not a service to do on the cheap, which unfortunately a lot of ISP’s do. 2. S ingle provider protection: Most enterprises today are multi-homed across two or more network providers. This removes the single point of failure of a provider going down and taking your site with it. Having two providers is a best practice to maximise uptime. ISP DDoS mitigation solutions only protect their network links and not the other link you might also have, so now you need two DDoS mitigation services, from two different providers, doubling your cost. 3. N  o cloud protection: Similar to the point above, a lot of web applications nowadays are split between enterpriseowned data centres, and cloud services like Amazon AWS, GoGrid, Rackspace, etc. ISP’s can’t protect your traffic on these cloud services.

Cloud mitigation provider Cloud mitigation providers are experts at providing DDoS mitigation from “the cloud.” This means they have built out massive amounts of network bandwidth and DDoS mitigation capacity at multiple sites around the Internet that can take in any type of network traffic (whether you use multiple ISP’s, your own data centre, any number of cloud providers, etc.), scrub the traffic for you, and only send “clean” traffic towards your data centre. Cloud mitigation providers have the following benefits: 1. Expertise: Generally, they have any number of network and security engineers and researchers who are constantly monitoring for the latest DDoS tactics to better protect their customers. 2. Lots of bandwidth: They have much more bandwidth than an enterprise could provision on their own to stop the biggest volumetric attacks. 3. Multiple types of DDoS mitigation hardware: DDoS attacks are extremely complex. There is a need for multiple layers of filtering to be able to keep up with the latest threats. Cloud providers should take advantage of multiple technologies, both commercial off the shelf (COTS) and their own proprietary technology to defend against attacks. Hopefully this article has been educational on the various types of DDOS mitigation. I may be biased, but in my view, cloud mitigation providers are the logical choice for enterprises for their DDoS protection needs. They are the most cost effective and scalable solution to keep up with the rapid advances in DDoS attacker tools and techniques. | November-December 2013

V ITAL focus groups

Helping you overcome obstacles

2014 • One-day event • Over 100 decision makers • 12 thought-leading debate sessions • Peer-to-peer networking • Exhibition • Cutting-edge content For more information, please contact Swati Bali on +44 (0) 203 668 6946 or email swati.

Organised by: T H I R T YO N E Publishers of VitAL Magazine

VitAL Security

Warning: The heat is on for your firewall pro Reuven Harrison, CTO,Tufin Technologies outlines how C-level people are making their firewalls professionals’ life difficult and risking security breaches by failing to appreciate the challenges that complex IT networks present…

that enterprises are going through a significant I tshiftis clear at the moment, as trends such as virtualisation,

cloud computing and BYOD take hold. As a result, the business leader’s expectation of IT has shifted, and the subsequent pressure on the network team to immediately respond to ever-increasing business changes is huge.

What you, as a senior manager, may not realise is that there are also a great number of common, but nerve-wracking snags – from PCI compliance to the constant network access requests – that leave your firewall professionals pulling out their hair. The consequences of the daily challenges faced by firewall admins can have significant impact on your business, resulting in downtime, increased costs and harmful security breaches. If a network isn’t managed effectively, “black holes” can easily appear in the network security policies that are supposed to be protecting confidential data – business, financial, personal, and, most significantly, customer information.


The Five ‘Cs’ So what are some of the hidden problems your network professional is facing every day? Among the chief complaints arise “The Five Cs”: 1. Complexity Enterprise organisations today deploy firewalls with as many as tens of thousands of rules. Take this case as an example: The midnight Saturday policy update process didn’t go to plan. This meant your firewall pro spent the weekend sorting through a bloated rule base to ascertain why the policy wasn’t updated, to find out it was simply a slight overlap of rule 847 with rule 73. Or possibly the network firewall rule bases have become so long that erroneous, obsolete and overlapping rules have caused unnecessary risk or degraded hardware performance because of redundant processing and hardware drain? 2. Communication A lack of communication between network security and application teams can cause the firewall pro a great deal | November-December 2013

VitAL Security

of stress. Let’s say that the firewall It’s time to raise a glass to our noble It’s time to raise a glass to changes on Monday didn’t work firewall professional friends. They our noble firewall professional when the policies were sent on deal first-hand with the never-ending Saturday because someone else’s network complexity, and because friends. They deal first-hand changes offset the change made. That their triumphs are measured in with the never-ending network leaves the firewall pro with no clue disasters avoided, they are rarely, if as to who made a change, what the ever, acknowledged. complexity, and because their change was or, for that matter, why triumphs are measured in So, how can you ease the pressure they made it. Added to this, their and eliminate unnecessary downtime, disasters avoided, they are rarely, predecessor had a different way of costs and security breaches? managing changes that was virtually if ever, acknowledged indecipherable to anyone else, with Orchestrate your no reference to the original request or business unit. Making the wrong network operations move could cut off access to a business-critical application like It’s no longer enough to rely on standalone firewall a CRM or SAP. management to effectively segment your network without 3. Compliance disrupting business operations. You need to ensure that all of your devices work in concert. Ensuring your organisation complies with regulations can be a headache for any professional in any industry. But for Security Policy Orchestration is your most efficient response to your firewall pro, it’s a particularly bad migraine. To please the snags caused by the five “C’s”. Through central, automated the auditors, permissive rules (rules with “any” and “accept” control of your network operations including routing, NAT, or “any accept”’) need to be rewritten because security security policies, load-balancing, business applications and change implications mean they are unacceptable. As a result, this processes, you can finally gain back control of your network and means the firewall pro is going to have to set up more deploy a proactive approach to network security management. specific rules every time. Orchestration enables you to: 4. Change •  Simplify complexity by automatically modelling your network And of course, all this work is being performed on a very tight and identifying weak spots based on your network security time schedule. The firewall pro has got a list as long as his/ policies. It also streamlines problem resolution through her arm and they can’t tell if traffic from a new rule change is firewall rule design and automated provisioning. already allowed so they’ll add it to the end of the list… and forget it. Alarm bells should be ringing by now – this small •  Improve communication among network teams and across mistake could open up a gap in your security network and organisational siloes by automatically and intelligently who knows what might get in as a result. You’re probably not translating business connectivity requirements into helping either – do you really need network access right now? network terms, and providing a standard platform for collaboration in implementing network security changes. 5. Connectivity Going back to the changing environment of the enterprise, consider how difficult it is for your firewall pro to manage access to multiple applications sourced from multiple vendors that now make up complex enterprise IT networks?

•  Maintain continuous compliance with corporate and industry standards by automatically and regularly comparing changes to your network device configurations against predefined policies, and alerting you to possible infractions.

Application connectivity is the name of this particular beast, and it’s a big one. Your firewall pro probably spends a huge amount of their time deploying new applications, updating access to servers and other components, decommissioning applications, and diagnosing connectivity problems with applications in the network. Lacking automated tools, they’ll have to analyse long lists of access rules on all the multiple firewalls and routers to do this. And most of the application owners don’t “speak firewall”, meaning frequent misunderstandings lead to errors, wasted time and even service disruptions. When things go wrong, both the application and security teams lack visibility into the correlation between the firewall policies and the application, resulting in longer problem resolution times.

•  Alleviate the pains and pitfalls of change by standardising change processes, automating change implementation, and alerting the security team to dangerous configuration changes before the business is exposed to a security crisis.

The heat is on Think all that’s bad? Consider this: it’s 3pm and your firewall pro’s manager wants to know if all 50 firewalls (with 1,000 rules) from multiple vendors across six countries are in compliance with seven distinct regulations from different countries that contradict each other. He/she wants to know by the end of the day because there is a board meeting.


•  Ensure connectivity by monitoring your network, all your network devices, and your applications in real-time and alerting you to problems. So take time-intensive, manual tasks off your firewall pro’s hands – like manually entering command lines for each change, tracking and authorising changes, cleaning up unused security rules, and preparing for audits – and free up his/her time for more important tasks. You’ll see improved security and better business agility for your business. Orchestrating network security can return direct cost savings to your business and help ring-fence the security network by addressing the pain points your firewall pro faces every second of every hour, every day. So before you add more headaches to the daily workload of your hard-working firewall pro, don’t forget the pressure they’re under to eliminate risk from your business. Help them to help you and your business. | November-December 2013

Improve customer service Free seminar - What is ITIL? Sign up today Onsite training: ITIL awareness | ITIL Foundation | Service Improvement Workshop Public courses: ITIL Foundation | ITIL Intermediates | ITIL Managing across the Lifecycle Visit

Service Improvement Manager • Assess • Baseline • Benchmark • Improve Assessment | Training | Workshops | Consulting Visit ITIL® is a registered trade mark of the Cabinet Office

Call 0845 838 2345

Cloud Technology

De-mystifying ‘the cloud’ for SMEs David Sturges, chief operating officer at WPL, explains how cloud computing can offer business growth, cost savings and more. On the other hand, David addresses cloud security and privacy issues, which he believes are the main reasons why many are hesitant to adopt cloud computing… investments are having a positive impact T echnology on business innovation, with 76% of SMEs citing investments into cloud computing, second only to software and online expenditures.This is according to research published by the Federation of Small Businesses, which was published earlier this year. However, it’s not understood by all and many do not fully understand what it means or how it would benefit their business.

Rise in cloud computing adoption There has been a steady rise in the number of SMEs adopting cloud computing. In April, the Quarterly Survey of Small Business in Britain* produced by The Open University Business School reported that more than 21% of respondents are now using ‘cloud-based’ providers to run their back office services, compared with two years ago when just 8% of respondents reported using them. This research highlighted that the “smallest” firms were first to adopt such technologies.


Commenting on the report, Dr Richard Blundel, of The Open University Business School stated, “These new communications technologies are enabling SME owners and managers to make radical changes to the way they do business,” and he added that, “the smallest firms are often among the most innovative in this arena, particularly in their willingness to adopt mobile Internet and cloud computing.” Cloud computing offers SMEs the ability to grow faster, access a global customer base and make significant cost savings. Indeed, a report by the European Commission2 last year found that adopting cloud computing resulted in 80% of organisations, reducing their costs by around 10-20%. Workplace trends such as remote working are also being enabled by technologies such as virtual desktop solutions. They allow people to work from any location in the world and access their emails, files and desktops using any device. The attractions for businesses include greater workforce flexibility; IT cost savings; reduced administration; and more free time to spend on innovation and business development. | November-December 2013

Cloud Technology

From our experience, key drivers for migrating to a hosted desktop service for many SMEs are improving their IT performance, introducing smarter ways of working that enable greater productivity and to offer mobile working options for employees. Offering flexible working is a great way for SMEs to keep their employees happy. Lloyds Commercial Banking published research this year that showed UK SMEs are leading large corporates in offering employees more flexible and home working arrangements and consequently are benefitting from having a happier, engaged and more productive workforce. Of course for every cloud computing convert, there are still some sceptics. Cloud computing can be seen as a bit of a “buzz word” and many business owners don’t fully understand what it means or how it would benefit their business. Some are also concerned about the security and the privacy of their data so are reluctant to take the plunge. As SMEs tend not to have IT specialists within their organisation, many business owners don’t fully understand the risks versus the rewards.

What is cloud computing all about? At its most basic, cloud computing involves the outsourcing of data and IT infrastructure, storage and security to a third party supplier who will host and manage it in a data centre and deliver it to users with Internet access as a service. Many organisations are already using “the cloud” to some degree, even though they may not know it. Solutions such as Hotmail’s Office 365, Google apps and Dropbox, all allow people to share files and enable remote working; however, there can be risks for businesses using these options. Companies may not know where their data is held and, in

recent months, the Information Commissioner’s Office, in the UK, issued a stark reminder to businesses that they are responsible for their data wherever it was held. A company would however be able to vouch for its corporate data security if it opted for a privately managed cloud computing service, such as a Desktop as a Service (DaaS), where data is managed and stored in a secure UK datacentre behind corporate grade firewalls. The provider would take care of all the data security and backups-assuming responsibility for the online and physical safety of the data. In this situation, once the customer enters his desktop, they are typically in an environment which is more secure than the previous local server set-up.

Business benefits If a company adopts a hosted desktop solution, they will reduce their IT administration by up to 50%; there will be no more expensive servers and costly maintenance charges and they will only have to pay one low-cost monthly fee per user. All their IT will be managed by a cloud computing provider who will ensure their business has the latest software and state-of-the-art security via a tier 3 data centre, meaning that all the data is backed up always and that disaster recovery is never an issue. It also means that IT costs can also be managed carefully. All providers offer a “pay-as-you-go” model, enabling companies to scale up or down in terms of users in line with their needs. For start-up companies it can be a more efficient way to set up in business by skipping hardware procurement and capital expenditure, and it can be a faster way for businesses to grow. It’s quick and easy to add new users or processes to the system.

Case Study: How hosted desktops have revolutionised financial planning business One company that has benefited from moving to a hosted desktop solution is Wingate Financial Planning, an awardwinning firm of Chartered Financial Planners based in Caterham in Surrey. The company is growing fast and recently acquired another business. With just 20 employees, the IT systems had always been managed internally. However, to prepare for future growth and reduce time spent on IT administration, the company decided to upgrade their IT system and move to a hosted desktop solution. Ben Clarke, managing director of Wingate Financial Planning, said, “We were spending an increasing amount of time managing our IT infrastructure – keeping it up-to-date and virus-free. The system was unreliable and out-of-date and our work was regularly interrupted by IT issues and downtime. As a growing business, we needed a more effective and robust system.” “We met with several IT companies to ascertain the best solution. Our main goal was not so much about money

savings, but more about finding a robust and consistent system that was also cost effective.” Wingate Financial Planning was running Microsoft software, client management software as well as licensed and nonlicensed software all of which needed to be moved into the cloud. This was done very quickly, over one weekend and all the systems were seamlessly updated to the cloud and working efficiently. Ben continued, “Moving to the cloud has taken the stress out of our IT management. We no longer have to worry about anti-virus software updates or that we have the latest software. We can also work seamlessly from any location as we can access our whole IT suite from anywhere with an Internet connection, which is hugely beneficial for our business. “We have also experienced less downtime in the last 18 months than ever before and now have the secure, robust, affordable and consistent IT system we need which has revolutionised our business,” he concluded.

References available on request | November-December 2013


Cloud Technology

As the switch to cloud-based applications continues to gain pace, this will upset the traditional view of software asset management (SAM) as being primarily concerned with delivering licensing compliance and widen the emphasis on cost optimisation

The new goal for cloudbased software Peter Bjorkman, CTO, Snow Software, discusses how the rise of the cloud repositions software asset management technologies as cost prevention has overtaken compliance as the goal for cloud-based software‌

56 | November-December 2013

Cloud Technology

half of a company’s IT applications are predicted O ver to be located in the “cloud” within the next two years, according to industry analysts.This requires yet another shift in asset management methodologies as the traditional WINTEL environments of the past continue to be superseded by heterogeneous platforms combining Linux, Mac,Windows, virtualisation and software as a service (SaaS) applications. As the switch to cloud-based applications continues to gain pace, this will upset the traditional view of Software Asset Management (SAM) as being primarily concerned with delivering licensing compliance and widen the emphasis on cost optimisation.

In the cloud environment, it’s necessary to consider the implications of companies having to manage a mixed estate of assets since some applications will reside locally or in a private cloud, and others will be hosted in a public cloud, for instance, as a virtual desktop. Analysts are predicting a significant rise in the use of mixed cloud environments, and it’s not clear where the responsibility for license compliance lays.

Proprietary licensing schemes Heterogeneous IT environments bring to the fore many technical and licensing challenges for enterprises to overcome. These are twofold. Firstly, new platforms require users to follow their own proprietary licensing schemes. Problems can arise when these new schemes do not easily align with the traditional direction of many Software Asset Management (SAM) programmes, which were to provide one-to-one device or user licensing verification. Secondly, the new platforms themselves often require new technologies to accurately track the deployment and usage of assets (both hardware and software). As an example of how licensing has become more complex, just look at a vendor such as Oracle. Analysts are predicting that the volume of customer audits which are performed by Oracle and its partners to increase significantly, with around 38% of Oracle users being audited in 2012. Oracle’s licensing models are highly complex and require users to factor into their calculations hardware processing power and indirect access – namely the way data held within an Oracle application is used by other applications, plus the numbers of named users requiring access. In a virtualised environment, things become even more complicated. Oracle differentiates between hard and soft partitioning of servers to calculate licensing requirements. Further, when organisations integrate cloud-based applications with Oracle, it becomes even more difficult to manage and isolate the interrelationships between the different applications and users who access them. One of the biggest problems with Oracle license management is gaining visibility of the data an organisation needs to independently assess Oracle software usage and licensing obligations. Without this data, they are unable to negotiate effectively during an audit, or estimate the correct licensing entitlement needed. The impact of this is having to “play safe”, and purchase unlimited license agreements even if they do not require this level of access. IBM is another vendor with a notoriously complex licensing model. It uses the PVU (processor value unit) metric instead | November-December 2013

of counting the numbers of users requiring access. For the user, having to navigate this kind of complexity means it is difficult to ensure they are compliant and purchasing the correct volume of licenses, let alone consider whether software contracts could be negotiated more cost effectively.

Traditional SAM Changing the traditional view of SAM as delivering licensing compliance is not necessarily a negative development, because it forces a shift towards proactive optimisation and cost prevention. IT asset managers have a new opportunity to make a more significant contribution to organisational effectiveness and demonstrate a tangible return on investment from software assets. Although definitions of cloud applications vary, one aspect common to all cloud software applications is that they cannot, by nature, create non-compliance problems. This is because although the exact delivery model can vary, the user purchases an entitlement to access the software, which is controlled directly by the vendor. For instance, Adobe’s version of Creative Cloud isn’t, strictly speaking, delivered via the cloud in the same way that Salesforce is. Adobe software resides locally on a device and it’s the license authentication component that is managed in the cloud. Contrast this with Salesforce, a “true” cloud application, since nothing is installed on the user’s device. Two different models but, in both cases, compliance is not an issue because it is automatically taken care of by the vendor. Further uncertainty exists over what is being termed the hybrid cloud, whereby organisations use a combination of publically hosted applications, for instance on a virtual hosted desktop with some applications hosted on their own private cloud. Analysts have suggested this will create problems over where the responsibility for compliance lies and how licensing obligations can be calculated. We have yet to assess the detail of exactly how this will create difficulties but can however imagine the increased complexity it will bring. For example, an organisation might use a public cloud service, such as Windows Azure Blob Storage Service for archived data (simply for the ability to scale), but continue to maintain in-house storage and software for operational purposes.

New opportunities For the enterprise, the shift away from software asset compliance creates new opportunities to precisely measure the value software investments are bringing and to minimise wastage. Users that have historically been hit by a compliance failure or software audit will find this particularly useful because they are more likely to err on the side of caution and over-buy their licenses. When software is accessed via the cloud, this tendency can be reversed because intelligence is automatically gathered to enable precise utilisation patterns to be identified. In the future, rather than helping to limit the financial impact of a software audit, SAM tools will be supporting companies with data to predict future consumption levels and provide ongoing intelligence about actual usage levels to ensure they are getting real value for money from their software purchases.


VitAL Management

Top 10 thinking glitches Psychologist, Ros Taylor investigates the downsides to speedy thinking, which can get in the way of good decision making, and presents her top 10 favourite glitches. Being aware of how we think helps us to navigate decision making and creative thinking with more confidence… neighbour recently told me that he had sold A former an identical flat to mine and revealed the selling price.

It was treble what I had received two years previously. So why had I sold mine when I could have continued to rent it? The resulting self-reflection was uncomfortable and revealed major glitches in my thinking and decision-making. It prompted me to investigate how our brains work and basically how we think, and produced very interesting results. I discovered that I was well and truly tricked by the “recency” effect.


1. Tricked by recency As I was saying, I had been renting out my London apartment with, latterly, the lodgers from hell: broken crockery, water damage (theirs), constant complaints and all with an amazingly aggressive attitude. So when I was made a reasonable offer for the flat I jumped at it. I had completely forgotten all of the other perfectly charming “rentees” and only remembered the last difficult ones. We are compelled by recent memory. For example, sales people tend to remember the latest product when selling to clients and not the one that might be best for you. With performance appraisals, both parties tend to remember the previous | November-December 2013

VitAL Management

Surely if you put enough intelligent people in a room you will get a sound rational result? No, not necessarily month’s performance and not the sweep of a year. Combine that with an emotional experience of the upsetting kind, and then the recency effect overrides rationality. So should we not just stick to the information? Well, not really as data produces emotions too. 2. Just the data Do you recognise this scenario? The figures are not looking good for the final quarter so an edict is sent from the board of the bank to reduce costs or “lose head count”. A recently appointed head of department is horrified as he can’t see a way to cut costs and just as he has hired his team, it now looks as if he will have to lose most of them. With a heavy heart, he writes an email inviting his team to a briefing meeting. No discussion, no thinking, just action. There might have been another way, and there was. They added 1p on to transaction costs and nobody noticed. Trying alternative solutions helps us see things from different perspectives. 3. The optimist Optimistic thinking is essential for success, but it can cloud decision making. Optimism is only one thinking style we can adopt given the circumstances and we all have the cognitive flaw of looking for evidence that confirms our beliefs rather than challenging them. We should be realists when making decisions and optimists when implementing them. 4. The way we do things It’s terribly tempting to think our ways are best and others are less rigorous. It stops us learning anything new. I remember speaking to a guy from Microsoft I met in an airport business lounge. He had just joined the board of a very much smaller IT company, and he was amused at how strongly they insisted that he went on their induction programme so that he learned their ways of doing things. Not once did they ask how things were done in Microsoft. He saw so many ways that they could have changed their systems to be more efficient and profitable but he nobody was interested. Our ways are not always best. 5. Group think Surely if you put enough intelligent people in a room you will get a sound rational result? No, not necessarily. Conformity to an autocratic leader, no matter how intelligent a group can be, will deliver a biased outcome. Everyone agrees then mutters disagreement in the bar afterwards. Recent research reveals that companies with more women on their boards outperformed rivals, with a 42% higher return in sales, 66% higher return on capital and 53% higher return on equity. So diversity challenges group thinking and aids good decision making. | November-December 2013

6. Low appetite for risk To increase the workplace appetite for risk, failures must be tolerated. It was Howard Schultz of Starbucks who talked of “fast failure” being the way to institute new ideas. Keeping a close eye on outcomes and a preparedness to pull the idea if it is not working is, according to Schultz, the way to progress. If we know we will not be blamed and publically humiliated then we are much more likely to take riskier decisions. 7. Polarised thinking Another thinking glitch beloved of individuals, organisations and indeed countries is polarised thinking. It tends to appear when something major has happened, generating extreme feelings. For example, take the recent banking crisis when mortgages were sold to people who ultimately couldn’t afford them, the banks then swung from massive risk to complete security. The answer to the crisis probably lies somewhere in between. So, to avoid this glitch, go for go for “both /and” thinking and stop relying only on “either/or” thinking. 8. Stress Now the kind of stress we were exposed to in prehistoric times was the sort that involved an animals intent on eating us so we fought this threat or ran away. So with evolution, we kept our middle and lower brain as it reacts more quickly to threats by preparing us for fight or flight mode. The logical, “thinking” part of the upper brain shuts down and good decisions are placed lower as a survival becomes a priority. Decision-making is impaired when we are stressed so relax then decide. 9. No review I think it goes without saying that it is the power of feedback, or review, that helps progress. So why for the most part do we not do it? Stress, work overload or perhaps there is a reluctance to look failure in the eye. Or what might be nearer the truth is that we embellish the past and put a positive spin on our errors. There are many ways of doing this. We distort our memory, deny all knowledge or blame others for our mistakes. So our thinking remains unchanged and errors are repeated. 10. No learning Experience is inevitable; learning is not. No review, no learning. At work, we log performance, sales figures, profit and loss but rarely our thinking and decision making. What I learned as a result of my research was that instead of thinking rationally, the majority of our thinking is emotional, knee-jerk and in a rut. William James put it succinctly when he said, “A great many people think they are thinking when they are merely rearranging their prejudices”. So relax, ask friends and colleagues for input, try new ways and monitor how effective they are and constantly challenge the decisions you are making.


Breakthrough Technology

Smart timing: “Beam me up, Scotty...” In the last issue, we investigated the launch of futuristic, Minority Report-style adverts, this time, we look to the past as a Star Trek-type gadget hits the headlines… and the shops. Sophie-Marie Odum reports on the latest Samsung device, the Galaxy Gear…

for the tech-savy professional, Samsung has introduced its I deal latest, the Galaxy Gear, an 800 MHz processor smart watch. The Samsung Galaxy Gear, which features 4GB Internal memory + 512 MB (RAM) notifies users of incoming messages, such as calls, texts, emails and alerts; delivers a preview of those messages; and allows users to accept or discreetly ignore messages. When an incoming message requires more than a quick glance, users can read the full content on their Samsung Galaxy device. JK Shin, CEO and President of IT & Mobile Division, Samsung Electronics, said, “Samsung Galaxy Gear frees users from the need to constantly check their smart devices while maintaining connections. It provides what we call ‘smart freedom’ by allowing users to choose how, why, when and where they are connected. “Samsung Galaxy Gear benefits consumers by integrating smart device technology even deeper into their everyday lives, and bridges the gap between the mobile device and fashion worlds to create truly wearable technology.”

Capture daily life from your wrist The built-in speaker allows users to conduct hands-free calls directly from the Gear, by speaking into the watch without touching the screen. Users can also draft messages, create new calendar entries, set alarms and check the weather.

It provides what we call ‘smart freedom’ by allowing users to choose how, why, when and where they are connected

The Memographer feature, a 1.9 megapixel camera, allows users to record both photos and videos to create quick, visual records of important information or events, and then share them on social networks. Extending the quick-record concept, Voice Memo lets users capture important thoughts or conversations from their wrists and save those voice recordings into texts on Samsung Galaxy devices.

beep, illuminate and vibrate. In addition, Galaxy Gear users can control the music played on their Samsung Galaxy devices; and use the watch as a pedometer to track physical activity via built-in sensor technology. This feature systematically and automatically monitors users so they can track personal data such as calories burned, steps taken and distance covered.

Security features

A fashion accessory

New security enhancement, Auto Lock automatically secures the companion smartphone screen any time that Galaxy Gear is more than 1.5m away from the smartphone, and then unlocks the smartphone when the companion devices are near each other again.

The Galaxy Gear also serves as a wristwatch and comes preloaded with 10 different clock options – more choices are downloadable via Samsung Apps. Furthermore, the Galaxy Gear is available in six colours, including jet black, mocha grey, wild orange, oatmeal beige, rose gold and lime green.

Find My Device helps users find the location of their smart devices when they have been misplaced by making them

60 | November-December 2013


Print | Digital | Online For exclusive news, features, opinion, comment, directory, digital archive and much more visit

Published by T H I R T YO N E




Co ex nf hi er bi en ti Wh on Ce 4 th en an 2 : 0 no 5 th 13 d v Wh em be in er r 20 Co ter e: 13 n n bi rm ven atio in tio na gh n l am Ce nt re ,

More than 50 experience-based service management presentations from organisations such as HM Land Registry, the Co-operative Banking Group, Virgin Media, Everything Everywhere, AXELOS, Jaguar Land Rover, Vodafone, Aviva, and UK Government. Interactive sessions with our Service Transition, Problem Management, Service Level Management and CSI special interest groups

Keynote speaker Jo Salter

The biggest and best dedicated IT service management exhibition in the country Annual ITSM project, team, innovation, trainer, contributor and student of the year awards Launch of The Big Four Agenda for 2014, a renewed focus by itSMF UK on the issues facing IT leaders today and in the future.

Platinum Sponsor

Awards dinner host edwina Currie

gold Sponsors

visit phone 0118 918 6500 or download the free itsm13 app for further information

The IT Service Management Forum

itSMF UK is the independent forum for IT Service Management professionals. The founding member of an international chapter network which now includes more than 50 countries and 70,000 individuals worldwide, itSMF UK offers an extensive range of services for its members. These include: • Free regional events and special interest groups; •  Industry-leading seminars and masterclasses with a worldclass range of guest speakers; • Professional development and credentialing through priSM; • ITSM publications, white papers and case studies; •  An online bookshop offering substantial discounts and special offers; • A full-colour quarterly magazine, ServiceTalk; •  An internationally recognised course endorsement scheme; •  Networking opportunities and industry thought leadership; • A celebrated annual Conference and Exhibition. As a not-for-profit organisation, our members are our business. Our membership provides a forum to exchange views, share experiences and participate in continuous development and the promotion of best practice and standards, both internally and through partnerships with other organisations.

Premier service management event At ITSM13, our Annual Conference in Birmingham, service managers can attend over 50 sessions covering both today’s


issues and tomorrow’s challenges and solutions. Sponsored by APMG International, AXELOS and FrontRange, ITSM13 is the premier event in the service management calendar, bringing together 1,000 ITSM professionals in six tracks of educational presentations, interactive sessions and case studies. The event will also be the launch pad for The Big Four Agenda for 2014, a renewed focus by itSMF UK on the issues facing IT leaders today and in the future. Check out the website or the free ITSM13 conference app to see the full agenda, featuring presentations from HM Land Registry, the Co-operative Banking Group, Virgin Media, Everything Everywhere, AXELOS, Jaguar Land Rover, Vodafone, Aviva, UK Government and many more. Join interactive sessions with our Service Transition, Problem Management, Service Level Management and CSI special interest groups, or find out what it takes to win the coveted Project of the Year award. Outside the conference sessions, you can catch up with more than 40 service management service and product suppliers in our major exhibition or network with other delegates in the exciting surroundings of the ICC. And, of course, there’s our celebrated awards dinner, where this year’s best service management project, team, innovation, trainer, contributor, students and submission will be announced, and the prestigious Paul Rappaport Award will be presented for outstanding achievement in ITSM. For further information about itSMF UK membership and ITSM13, visit


The BCS Agile Professional Certification programme takes a holistic approach to embedding agile across the business, securing the success of your agile transformation. Understand the principles of agile, to support your adoption of ITIL® best practices. © BCS, The Chartered Institute for IT, is the business name of the British Computer Society (Registered charity no. 292786) 2013 ITIL® is a registered trade mark of the Cabinet Office.

Talk on s to us tand




Headline Sponsor An independent awards programme designed to celebrate and promote excellence, best practice and innovation in the software testing and QA community.

Supported by

Taking place on Wednesday, 20th November at the Marriott Hotel Grosvenor Square, London For more information about the 2014 ceremony, please contact Swati Bali on +44 (0) 203 668 6946 or email

Category Sponsors:


Hornbill Systems



Ares, Odyssey Business Park,West End Road, Ruislip, HA4 6QD T: +44 (0)208 582 8282 W: E:

60 Lombard Street, London, EC3V 9EA T: +44 (0)207 464 8414 W: E:

Hornbill develops and markets ‘supportworks’, applications for IT service Management (ITsM) and business helpdesks. Hornbill’s ITsM & service desk software with a ‘Human Touch’, enables its customers to provide excellent service while benefiting from consolidation on a single technology platform..

iCore is the largest specialist IT service Management Consultancy in the UK. ICore has a long and impressive track record in delivering and embedding pragmatic IT service management, solutions, relying on the deep, real world experience of our mature and determined consultancy team.

17 High Street, Henley-in-Arden, Warwickshire, B95 5AA T: +44 (0)156 433 0680 W: E:

Kepner Tregoe

Netsupport Software

Moorbridge Court, Moorbridge Road, Maidenhead, SL6 8LT T: +44 (0)162 877 8776 W:

Towngate East, Market Deeping, Peterborough, PE6 8NE T: +44 (0)177 838 2270 W:

Kepner-Tregoe provides consulting and training services to organisations worldwide. We collaborate with clients to implement their strategies by embedding problemsolving, decision-making, and project execution methods through individual and team skill development and process improvement. Clients build competitive advantage by using our systematic processes to achieve rapid, targeted results and create

NetSupport provides a range of complementary Remote Support and Service Management solutions that help organisations deliver a productive and cost effective IT support service. Products include multi-platform Remote Control solution NetSupport Manager, IT Asset Management suite NetSupport DnA and web based ITIL Service Management tool NetSupport ServiceDesk.



Power ing IT ahead DLF IT Park, Block 7, Ground floor, No. 1/124, Shivaji Garden, Nandambakkam Post, Mount PH Road, Ramapuram, Chennai 600 089, India T: 91-44-22707070 / 66997070 W: E: ManageEngine ServiceDesk Plus is highly customizable, smart and flexible Help Desk Software used by more than 10,000 IT managers worldwide in 23 different languages. It helps you to implement ITIL best practices on the go and restore your IT services on-time. | November-December 2013

Riverside Business Village, Swindon Road, Malmesbury,Wiltshire, SN16 9RS T: +44 (0)166 682 8600 W: E: OpenText Service Management solutions are used by 2 of the 5 largest IT Service Desks in the world. Our clients include BBC Worldwide, British Transport Police, Qualcomm, Telenor and Tesco. OpenText will support you on a journey to Extraordinary Service Management. OpenText announced the acquisition of ICCM, a leading vendor of Service Management solutions, in July 2013.

BMC software’s #1 partner for service Desk express and the Alignability Process Model, delivering rapid implementation of proven ITIL aligned processes, procedures, work instructions and tool settings, and transformation to service-led approach in only 12 weeks!

Monitor 24-7

PO Box 4530, Maidenhead, Sl60 1GG T: +44 (0)208 123 3126 W: E: Over 13 years of customer experience bundled in one solution to help centralise information, prioritise issues aimed to increase control, productivity and improve communication and service excellence. 100% focus on support and development of IncidentMonitor Service Management software, Pinkverified for 10 ITIL processes

Sunrise Software

50 Barwell Business Park, Leatherhead Road, Chessington, Surrey KT9 2NY T: +44 (0)208 391 9000 W: E: Sunrise Software provides applications which underpin business processes across its customers’ organisations. Sunrise has a highly successful track record in IT service management, customer service management and business process management with fully configured applications designed around best practice guidelines.





61 Southwark Street, London, SE1 0HL T: +44 (0)207 803 4200 W: E:

Eagle House, Lynchborough Road, Passfields, Hants GU30 7SB T: +44 (0)207 419 5174 W: E:

Sword House,Totteridge Road, High Wycombe, Buckinghamshire T: +44 (0)149 445 2450 W: will take you to the forefront of service delivery with a suite of products designed to provide you with low cost web browser based action tracking and self-help, making your services instantly available 24 by 7.

As an accredited ITIL® Examination Institute, APMG offers our training organisations a range of benefits to help them demonstrate the quality and professionalism of their services. Call us to find out how your business could benefit from our accreditation services.

TOPdesk Service Management software seamlessly integrates Facilities, HR and IT processes in a single 100% webbased tool. TOPdesk’s affordable and ITILcompliant software has won several awards for user-friendliness. Secure more time for your colleagues and customers with TOPdesk.

Cherwell Software

Lime Kiln House, Lime Kiln,Wooton Bassett, Wiltshire, SN4 7HF T: + 44 (0)179 385 8181 W: Cherwell Service Management delivers ITIL v3 best practice ‘out-of-the-box’ including: Incident, Problem, Change, CMDB, SLA, Knowledge, Self-Service and is PinkVERIFY certified. Our unique CBAT development platform empowers users to fully customise screens, workflow processes and develop additional business applications.The Cherwell solution is available via a standard license model or ‘On Demand’ SaaS service.



T: +61 3 9999 8240 W: E:

Stone Lodge, Rothwell Grange, Rothwell Road, Kettering, NN16 8XF T: +44 (0)153 671 1999 W: E:

Service Improvement Made Simple! Solisma is a leading global provider of ITIL and ISO/IEC 20000 courseware, training, consulting and assessment services, with a global partner network to help you quickly and cost-effectively improve your ITSM capability like never before. To learn more, contact us today or visit

Marval is a major practitioner, innovator, thought leader and contributor to Best Practice and standards in ITSM and is co-author of ITIL and ISO/IEC 20000. Marval is an ISO/IEC 20000 registered company supporting internal and external customers to international standards.

Axios Systems



Axios House, 60 Melville Street, Edinburgh, EH3 7HF T: +44 (0)131 220 4748 W: E:

150 Wharfedale Road,Winnersh,Triangle, Wokingham, Berkshire, RG41 5RG T: +44 (0)118 918 6500 W:

Kilnbrook House, Rose Kiln Lane, Reading, Berkshire, RG2 0BY T: +44 (0)845 634 5170 W: E:

Axios Systems delivers on-premise and SaaS Service Desk and IT Service Management (ITSM) software to customers across the globe. We combine software, consulting and training to implement ITSM strategies tailored to meet the needs of our customers.


The itSMF is the only internationally recognised and independent organisation whose sole focus is on the on-going development and promotion of IT Service Management ’best practice‘, standards and qualifications. The forum has 14,000 UK members and official itSMF chapters in 44 countries

Oxygen Service Desk is a process automation engine that simply interprets your pre-defined business processes and then mobilises the actual process, pushing work tasks to people and to systems, streamlining how the processes run across your entire department or organisation. | November-December 2013

V ITAL executive debates

Offering you the key to successful solutions

• One-day event • Monthly • Lunch & refreshments provided • Central London venue • Network with like-minded individuals • Cutting edge content

For more information, contact Swati Bali on +44 (0) 203 668 6946 or email: swati. bali@31media.

Organised by 31 Media, Publishers of VitAL Magazine


Hybrid ITSM: Because having only one option isn’t an option. • Get the facts • Be prepared Start today by downloading our FREE eBook packed with valuable insights and resources.

Sta TCO nda Con rdiz sum atio Gre eri n z e n Sec IT ation urit Mo y bili ITIL ty Com plia Ser nce vice Ubi Del qui iver Dev tous y ice Net Big Evo wo Dat luti rkin Clo a on g & & P Pr ud roli oce Ana Comp lyti utin ferati ss Ris cs g on k


Who we are:

FrontRange Solutions is the global leader in Hybrid IT Service Management (ITSM) solutions for organizations of all sizes. FrontRange is the only ITSM provider in the world that delivers Service Management software with fully integrated Voice Automation and Client Management capabilities onpremise and in the cloud. FrontRange manages millions of service interactions a day for more than 15,000 leading organizations around the world. FrontRange enables customers to deliver world-class service while maximizing operational efficiencies with reduced cost and complexity.

Download your FREE eBook today

FrontRange Solutions

Benyon House, Newbury Business Park, Newbury, Berkshire, RG14 2PZ +44 (0)1635 516 700

VitAL Magazine - November - December 2013  

The November - December 2013 issue of VitAL Magazine