Sipgate Team review: Cost-conscious cloud calling


Dave Mitchell

25 Mar, 2020

An affordable hosted service for small businesses, with flexible licensing plans and good call-handling features

Price 
£15 exc VAT

If you’re looking for a simple, practical, cloud-hosted VoIP service, Sipgate Team could be your perfect solution. It comes with a solid track-record too, as Sipgate has been going strong since 2004.

One reason it’s lasted so long is value. A Light contract starts at £14.95 per month for three users, and can be upgraded in small increments, so your VoIP outgoings can scale organically with your business. To be clear, the headline price doesn’t include calls, which are charged on a pay-as-you-go basis; if you anticipate heavy usage, optional UK or EU add-on call packages can be added, with prices starting at £44.95 per month. 

Another extra to consider is the £20 porting service, which migrates your existing landline numbers over to your new VoIP account. Alternatively, you can request local, 0845, 0870 and international numbers – or settle for whatever Sipgate assigns to you.

Making the switch isn’t quite instant: you need a “start code” to authorise the process, and for security reasons Sipgate insists on sending this by post. We only had to wait three days for ours, however, during which time we were able to get a head start on configuring our users and phones.

That’s just as well because Sipgate doesn’t offer an import function, which means you’ll need to create each individual user account by hand. It’s not too tedious, though, and whenever a user is registered the system will automatically send them an email with login details for their personal web portal. 

The same applies when it comes to provisioning phones. Sipgate provides plenty of help with this – we were pleased to find clear screenshots showing exactly how to configure our Yealink handsets – but you’ll have to do the actual work yourself. 

With this done, the main web portal offers a handy administration page for quick access to all features. In the customisation section, you can brand the portal by uploading your company logo and providing an MP3 file for hold music, and there are plenty of call-handling features, including forwarding and hunting.

 To use these features you need to set up a user group, which gets its own phone number, voicemail and extension. You can then select whether you want all members’ phones to ring at once, or set them to ring in a specific order after a certain number of seconds has elapsed. For more advanced behaviours, you can configure multiple rules and set the time periods they should be active for. Voicemail and call forwarding can also be applied on a per-user basis with personal rules.

Another way to help callers reach the right person is by setting up an IVR (interactive voice response) service; this add-on feature, starting at £10 per month, can read out a list of up to ten options, to ensure calls are directed to the appropriate extension. You can create your own announcements either by uploading MP3 files, or by using the portal’s Click2Record feature, which lets you use a phone handset to record outgoing messages. Other optional features include group call queuing, presence (so you can see who is calling) and integration with Google’s G Suite.

If you want to take the app route, you should be aware that Sipgate doesn’t offer its own softphones, but the service works happily with a wide range of third-party products. For example, we found Zoiper quick and easy to configure and use on both Windows and iOS.

It all adds up to a hosted VoIP offering that’s well suited to small businesses. Don’t be put off by the manual phone provisioning and user setup – plenty of help is provided, and flexible licensing plans make Sipgate Team very cost-effective too.

Gradwell Wave review: Fuss-free phoning


Dave Mitchell

24 Mar, 2020

Easy deployment and great call features make this a likeable cloud VoIP service – and it’s good value

Price 
£10 exc VAT

UK-based Gradwell has been in the business communications market for over 20 years, and at the end of 2019 it launched its own cloud-hosted VoIP service. Wave has been designed from the ground up to address the needs of busy SMBs: it’s simple to deploy, easy to manage and packed with call-handling features, while offering per-user pricing that’s ideal for growing businesses.

Wave is hosted on Amazon Web Services (AWS), so it offers good reliability and can scale easily to cope with heavy demand. And in case you’re worried about having all your eggs in one basket, be assured that Gradwell has deployed Wave across two different AWS sites as protection against unplanned outages.

Costs are easily managed: there are three Wave packages to choose from, which include different numbers of monthly call minutes to landlines and mobiles. The cheapest package is Wave 100, which costs £10 per user per month and includes 100 minutes of calls. Obviously that will cover only very light usage; if you need more, Wave 1000 starts at £13 and allows 1,000 minutes, while Wave 3000 costs from £18 and offers, you’ve guessed it, 3,000 minutes.

When you’re ready to sign up you can expect a personal service, with a Gradwell agent on hand to talk through your needs and help you pick a call package and choose phone numbers. Very little technical knowledge is required: Gradwell offered to handle the process of porting over our existing numbers, and creating a base set of users for us. To make sure we hit the ground running, the company also assigned a personal agent to take us through a detailed on-boarding session.

If you need them, Gradwell can even supply your VoIP handsets. Wave is currently geared up for Yealink phones, and we’ve no complaints about that as it’s the brand we choose for our own testing. A good range of models is on offer, from the basic T19 up to the slick CP960 conference phone. We went for T42S desk phones, and found that provisioning was almost a non-issue, as by the time they reached our offices their MAC addresses had already been added to our portal. All we had to do was connect the phones to our network, assign them to users and reboot and we were ready to go.

For those who prefer the soft approach, Gradwell has also created mobile apps for Android and iOS. We tried the iOS version on an iPad and were impressed by how easy it was to connect to a user’s account: all we had to do was enter the right username and password, or scan in a QR code from the user portal. There’s also a browser-based softphone for Google Chrome, which can be used to make calls, receive desktop notifications for incoming calls, create an address book and record calls to local storage.

Wave doesn’t currently offer users their own personal portal, but the administrative console contains all the user and phone-management tools you’d expect, along with a wealth of call-handling features. Hunt groups are easy to create: you simply pick an extension, then define a series of steps determining where to route calls if they go unanswered.

There’s also a good spread of features that some providers charge extra for. A flexible call queuing system includes options for advising that calls will be recorded, playing hold music and presenting reassuring messages to ensure callers don’t hang up. Voice menus are just as versatile, as you can record voice prompts from a phone or by uploading a WAV file to the portal. Calendar routes redirect calls during specified date periods (such as weekends or bank holidays), calls can be routed according to caller ID and pickup groups can be defined so that colleagues can answer other users’ phones.

If you’re looking for the smoothest possible transition to VoIP, Wave has you covered. It’s very easy to set up and manage and offers plenty of features for the price, making it a great fuss-free VoIP solution.

Five key takeaways from RSA Conference 2020: Cloud SIEM, Zero Trust, API-based security, and more

Bottom line: Passwordless authentication, endpoint security, cloud-native SIEM platforms, and new API-based data security technologies were the most interesting tech developments, while keynotes focusing on election security, industrial control systems’ vulnerabilities and the persistent threat of state-sponsored ransomware dominated panel discussion.

This year’s RSA Conference was held February 24 to 28 in San Francisco’s Moscone Center, attracting more than 36,000 attendees, 704 speakers, and 658 exhibitors unified by the theme of the human element in cybersecurity. The conference’s agenda is here, with many session recordings and presentation slides available for download.

Before the conference, RSA published the RSAC 2020 Trend Report (PDF, 13 pp., no opt-in). RSA received 2,400 responses to their call for speakers and based their report on an analysis of all submissions. The 10 trends in the RSAC 2020 Trend Report are based on an analysis of all papers submitted to the conference. It’s a quick read that provides a synopsis of the main themes of the excellent sessions presented at RSAC 2020.

The following are the five most interesting takeaways from the 2020 RSA Conference:

Endpoint security products dominated the show floor, with over 120 vendors promoting their unique solutions

There were over 50 presentations and panels on the many forms of endpoint security as well. Instead of competing for show attendees’ attention on the show floor, Absolute Software took the unique approach of completing a survey during RASC 2020. Absolute’s team was able to interview 100 respondents, with most holding the position of a manager/supervisor or C-level executive. 

More than three in four respondents reported their organisations are using endpoint security tools, multi-factor authentication, and employee training and education to protect data, devices, and users. You can review their survey results here.

The number of vendors claiming to have Zero Trust solutions grew 50% this year, from 60 in 2019 to 91 in 2020

There continues to be a lot of hype surrounding Zero Trust, with vendors having mixed results with their product and messaging strategies in this area. A good benchmark to use for evaluating vendors in the Zero Trust market is the Forrester Wave: Zero Trust eXtended Ecosystem Platform Providers, Q4 2019, written by Chase Cunningham and published on October 29, 2019. I’ve summarised the lessons learned in the post, What’s New on the Zero Trust Security Landscape In 2019.

Over 30 vendors claimed to have passwordless authentication that met the current FIDO2 standard

In keeping with the theme of this year’s RSA Conference of Human Element, vendors offering passwordless authentication were out in force. Centrify, Entrust Datacard, HID Global, Idaptive, ImageWare, MobileIron, Thales, and many others promoted their unique approaches to passwordless authentication, leveraging the FIDO2 standard.

FIDO2 is the latest set of specifications from the FIDO Alliance, an industry standards organisation that provides interoperability testing and certification for servers, clients, and authenticators that meet FIDO2 specifications. I’ve written a separate post just on this topic, and you can find it here: Why Your Biometrics Are Your Best Password.

Cloud-based security information and event management (SIEM) systems capable of integrating with third party public cloud platforms reflect the maturity nature of this market

Of the several vendors claiming to have cloud-based SIEM, Microsoft’s Azure Sentinel’s demo showed in real-time how fusion AI technology can parse large volumes of low fidelity signals into a few important incidents for SecOps teams to focus on. Microsoft said that in December 2019 alone, Azure Sentinel evaluated nearly 50 billion suspicious signals, isolating them down to just 25 high-confidence incidents for SecOps teams to investigate. The following graphic explains how Azure Sentinel Fusion works.

Five Interesting Takeaways From RSA Conference 2020

One of the most interesting startups at RSA was Nullafi, who specialises in a novel API-based data security technology that combines data aliasing, vaulting, encryption, and monitoring to create an advanced data protection platform that makes hacked data useless to hackers

What makes Nullafi noteworthy is how they’ve been able to build a data architecture that protects legacy and new infrastructures while making the original data impossible for a hacker to reverse engineer and gain access to. It desensitises critical data so that it’s useless to hackers but still useful for an organisation to keep operating, uninterrupted by a breach to your business. Nullafi is built to AWS GovCloud standards.

The Nullafi SDK encrypts the data before sending it to the Nullafi API. It then re-encrypts the data within their zero-knowledge vault in the cloud (or on-premises). The result is that no sensitive data in any format is shared with Nullafi that could be used or lost, as their architecture doesn’t have visibility into what the actual data looks like. The following graphic explains their architecture:

Five Interesting Takeaways From RSA Conference 2020

Main picture credit: Louis Columbus

https://www.cybersecuritycloudexpo.com/wp-content/uploads/2018/09/cyber-security-world-series-1.pngInterested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

Dame Jayne-Anne Gadhia steps down as Salesforce UK lead


Daniel Todd

17 Mar, 2020

Dame Jayne-Anne Gadhia has stepped down from her role as Salesforce’s UK Chief Executive, calling time on the former Virgin Money boss’ brief six-month stint in the job.

Announcing the change, the US software giant said Gadhia had made the decision to focus on her price comparison startup Snoop, which recently won financial backing from Salesforce’s venture investing division, but will remain as an adviser to the firm.

Paul Smith, executive vice president and general manager for Salesforce UK and Ireland, will now take on the business responsibilities in the region, the company confirmed.

“I would like to thank Jayne-Anne for her vision and passion in leading Salesforce UK and Ireland,” said Marc Benioff, Salesforce CEO. “We look forward to continuing to work with her in her role as a strategic advisor to Salesforce and wish Snoop enormous success.”

Gadhia co-founded Virgin Direct in 1995 and became CEO of Virgin Money back in 2007, spending the next 11 years at the business. She joined Salesforce on 1 October last year, tasked with leading the firm’s UK&I business through the next stage of its growth, and was recognised in the 2019 New Year’s Honours list for her contribution to financial services and women in the finance sector.

As reported by City A.M., Gadhia had turned down a prospective role at the Bank of England to lead Salesforce’s UK arm, following the launch of a $2.5 billion investment programme as part of its commitment to the country.

Gadhia said she will now be focusing her time on comparison start-up Snoop – which has hit the ground running since its inception back in February – but will remain on hand in an advisory role.

“Snoop launched last month and has exceeded our highest expectations in all respects,” she commented. “As a result, I am delighted to be able to focus my efforts on making Snoop an enormous success and on making all of our customers better off.

“My thanks go to Salesforce and to Marc Benioff for supporting me in this decision. I look forward to working with both Marc and Salesforce in a senior advisory role.”

The development follows the recent promotion of former BT chief executive Gavin Patterson to the role of president and chief executive of Salesforce International.

Dame Jayne-Anne Gadhia steps down as Salesforce UK lead


Daniel Todd

17 Mar, 2020

Dame Jayne-Anne Gadhia has stepped down from her role as Salesforce’s UK Chief Executive, calling time on the former Virgin Money boss’ brief six-month stint in the job.

Announcing the change, the US software giant said Gadhia had made the decision to focus on her price comparison startup Snoop, which recently won financial backing from Salesforce’s venture investing division, but will remain as an adviser to the firm.

Paul Smith, executive vice president and general manager for Salesforce UK and Ireland, will now take on the business responsibilities in the region, the company confirmed.

“I would like to thank Jayne-Anne for her vision and passion in leading Salesforce UK and Ireland,” said Marc Benioff, Salesforce CEO. “We look forward to continuing to work with her in her role as a strategic advisor to Salesforce and wish Snoop enormous success.”

Gadhia co-founded Virgin Direct in 1995 and became CEO of Virgin Money back in 2007, spending the next 11 years at the business. She joined Salesforce on 1 October last year, tasked with leading the firm’s UK&I business through the next stage of its growth, and was recognised in the 2019 New Year’s Honours list for her contribution to financial services and women in the finance sector.

As reported by City A.M., Gadhia had turned down a prospective role at the Bank of England to lead Salesforce’s UK arm, following the launch of a $2.5 billion investment programme as part of its commitment to the country.

Gadhia said she will now be focusing her time on comparison start-up Snoop – which has hit the ground running since its inception back in February – but will remain on hand in an advisory role.

“Snoop launched last month and has exceeded our highest expectations in all respects,” she commented. “As a result, I am delighted to be able to focus my efforts on making Snoop an enormous success and on making all of our customers better off.

“My thanks go to Salesforce and to Marc Benioff for supporting me in this decision. I look forward to working with both Marc and Salesforce in a senior advisory role.”

The development follows the recent promotion of former BT chief executive Gavin Patterson to the role of president and chief executive of Salesforce International.

Microsoft Teams goes down at start of mass remote working


Bobby Hellard

16 Mar, 2020

Microsoft Teams went down across Europe for two hours on Monday, causing mass frustration for the many remote workers now increasingly dependent on the service.

Users experienced issues signing into the service and also trouble sending messages. 

Although Microsoft managed to fix the problem within two hours, the timing could not be worse as millions of people across the country began remote working amind the outbreak of COVID-19

As users from various European countries began reporting issues, Microsoft tweeted that it was looking into the problem.

“We’re investigating messaging-related functionality problems within Microsoft Teams. Please refer to TM206544 in your admin centre for further details,” the company said. 

This is the second major outage to hit Microsoft in as many years after Office 365 went offline in 2018. There is a suggestion that Monday’s faults could be due to more people using the services as businesses encourage workers to stay home.

Just a week ago, Microsoft offered a six-month free trial for Teams, according to Businesses Insider, to help those soon to be self-isolating. Google has also offered up parts of its remote working services in a bid to work around the coronavirus outbreak. 

Microsoft’s outage is a poor start to what could be a big opportunity for cloud computing.

With mass remote working and many business events going “virtual”, video linkups, VR and other similar technologies will become a crucial element of everyday life. 

Outages and service disruptions are common occurrences with new technologies, but as the world begins what looks like a prolonged period of self-isolation, it’s these kinds of services that will keep many industries ticking along.

Add to that, the need for us all to stay connected to one another during a pandemic and Microsoft Team’s and services like it have suddenly become vital. 

 

IDC finds how organisations investing in cloud-based quantum computing seek to gain competitive edge

IDC, in its recent study titled ‘Quantum Computing Adoption Trends: 2020 Survey Findings’ has found that organisations currently investing in cloud-based quantum computing technologies are expecting to see improved AI capabilities, accelerated business intelligence, and increased productivity and efficiency.

During its initial stage, the study indicated that as cloud-based quantum computing is still at its nascent stage and the allotted funding for its initiatives is limited – somewhere between 0%-2% – the end-users are very much positive that they will realise a competitive advantage owing to early investment. At present, the manufacturing, finance, and security industries are at the forefront as they are experimenting with more potential use cases, developing advanced prototypes, and implementing the technology.

Limited skills, lack of available resources, complex technology, and cost are some of the factors that discourage some organisations from investing in quantum computing. However, these strands, combined with a large interdisciplinary interest, have compelled vendors of quantum computing to develop the technology that addresses multiple end-user needs and skill levels.

Last year, researchers at Google claimed that their quantum computer has solved a problem in some minutes that would otherwise take even the very best conventional machine thousands of years to crack. They termed this milestone as ‘quantum supremacy’, as it took a very long time to realise the immense potential of quantum computers. On the other hand, IBM has criticised the claim stating that the same problem can be solved by its machine in 2.5 days with sophisticated classical programming, arguing that Google has not yet reached the milestone in actuality. 

https://www.cybersecuritycloudexpo.com/wp-content/uploads/2018/09/cyber-security-world-series-1.pngInterested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

What is cyber insurance truly worth? Analysing the risks and responses

Analysis Cyber risk has overtaken financial risk as the greatest threat that we all face, according to PwC’s 2019 global crisis survey. There are also concerning parallels between the global financial crisis of 2009, and the current cyber threat landscape

The question is, to what extent is cyber insurance the answer?

Currently most companies don’t have any cyber insurance. Coverage is only 40% in the US, and 10% in the UK. Elsewhere, it’s even lower. Many cyber insurers boast that they can provide an insurance quote in under an hour. If they are able to provide cover for such a complex policy in such a short period of time then this should ring alarm bells. You should be concerned with their ability not only to accurately assess your risk position, but also to price the policy accurately.

Some insurers base their risk assessment on cyber security risk ratings. Some of these ratings are produced by firms that use web crawlers that check externally facing endpoints for known vulnerabilities. This is a fairly crude method, but it’s probably still the best way to address the mass market at low cost. The problem is, it’s a bit like evaluating fire-safety risk by looking at a photograph of a building taken from across the street. You can get an idea of the building’s shape and size, but you can’t tell if there’s flammable material inside, or if the building is equipped with fire alarms, or sprinkler systems. A photo like this is better than nothing; but it still provides only a basic, limited idea of the real risk.

The reason that some insurers can probably afford to base premiums on such crude risk metrics is that cyber insurance policies often include a host of provisions and exclusions that in effect make it impossible to claim for almost any incident of any kind. If they want to refuse to pay out, they're probably going to find a way of justifying this. Indeed almost the only reason they would pay out at all is to encourage other clients to sign up.

So if there is a global cyber crisis they may well refuse to pay out on any policies and consider withdrawing from the market entirely.

Examples of common cyber insurance terms or exclusions are as follows:

  • Policies tend to only cover 'a hacker who specifically targets you alone'. Unfortunately, cyberattacks are rarely focused on a single victim. Often either the same attack vector is used on many victims in a scattergun approach (phishing attacks) or malware is used that is contagious in nature (WannaCry)
     
  • Policies tend not to cover 'any failure…by a cloud/infrastructure provider…unless you own the hardware and software'. Unfortunately, this would not only exclude almost all cloud use, but also exclude almost anything other than hosted services which exclusively use kit you own
     
  • Policies tend not to cover incidents involving a 'third party…not unduly restricted or financially limited by any term in any of your contracts'. This is meant to ensure that the insurer is able to pursue any third party involved for unlimited damages. Unfortunately, this excludes almost all service providers as they themselves tend to specify some limitation to damages in their contracts, such as damages being limited to the value of the contract. No service providers these days offers unlimited liability
     
  • Policies tend not to cover incidents involving 'any individual hacker within the definition of you'. Unfortunately, this would exclude all insider threats
     
  • Policies tend not to cover 'the use by you of any software or systems that are unsupported by the developer'. This clause rarely specifies that the unsupported software needs to be part of the attack vector, which means that you could be excluded if you had a single instance of something like Windows XP on your technology estate, even if this was not part of the attack at all
     
  • Policies tend not to cover incidents 'attributable to any failure…by the Internet Service Provider (ISP) that hosts your website, unless such infrastructure is under your operational control'. Unfortunately, this would exclude all incidents involving any ISP as it is unheard of for ISP infrastructure to be under your operational control
     
  • Policies tend not to cover 'acts of foreign enemies, terrorism, hostilities or warlike operations (whether war is declared or not)'
     
  • Policies tend not to cover 'any error or omission arising out of the provision of negligent professional advice or design'. Unfortunately, if at any time you have tested or assessed your security (as is required under GDPR), but then failed to implement all the resulting recommendations then your cover could be void. So, if you have had penetration testing or certification audits (for ISO 27001 or PCI say) then you need to address every single recommended revision or recommendation or you risk voiding your cover
     
  • Policies tend not to cover 'anything likely to lead to a claim, loss or other liability under this section, which you knew or ought reasonably to have known about before we agreed to insure you'. This is the pre-existing condition provision. This means that if in any business case that your team make for adopting cyber insurance, you cite potential vulnerabilities as reasons for this adoption, then these very vulnerabilities could then be excluded from any cover

For these reasons we have already seen that some claims are not being paid. For example, several major insurers have declined to pay for damages caused by the NotPetya ransomware attack a few years ago. They say it was a “hostile or warlike action” and therefore not covered.

On top of this other claims have only been paid in part. For example, Norsk Hydro received an insurance payout of $3.6 million. That’s only about 6% of the overall damage that was estimated to be as much as $71 million. It covered the cost of the technical fix, but that was it.

Cyber insurance, while important, simply isn’t a substitute for prevention or for crisis preparedness. You need to have all three.

Here are a few measures to consider:

We need increased adoption of cyber insurance cover, with organisations being far more discerning about the policies they adopt:

  • Clients need to understand their risk appetite – you could spend an almost infinite amount on cybersecurity, but you don’t necessarily need to do so
     
  • They need to be far more aware of the exclusions in the policies on offer and to base their choice on the nature of the cover rather than purely on price – there’s no point in paying for a cheap policy that won’t pay out
     
  • They need to choose policies that are appropriate for their business and for their risk position – specialist brokers can help you find a policy that is right for you
     
  • They also need to consider separate specialist incident response cover if this is not included in their cyber insurance policy (most don’t include it) – while an elite team could save you from disaster, the wrong team won’t just fail to fix the problem, they could actually make it worse

What we tend to find is those organisations who have incident response cover tend to call in the experts straight away, while those without it often attempt a DIY fix before calling for help. By the time they do call for help though it’s often too late – the impact and exposure have magnified significantly – and they call in the wrong people, not having time to accurately select the right experts.

Almost worse than a policy that won’t pay out is one that won’t provide top quality incident response. Whether your insurer is footing the bill or you are, here’s what you will really need:

  • The technical fix: Get expert help from a specialist security response team to identify and the fix problem(s), and do forensics to diagnose the cause and full scope. Getting an immediate fix to resolve the problem, stem any data loss and recover any systems is essential. Any delay will magnify the impact of the incident and damages incurred
     
  • The legal defence: Seek expert advice in cyber and data law to rapidly develop a legal strategy and a legally defensible narrative based on the forensics. Having the right legal strategy and narrative are both essential to limit legal and regulatory exposure
     
  • The brand defence: Get expert cyber comms support to help your internal and agency teams deal with the added complexity and enhanced comms workload. The standard PR approach to crisis management simply won’t work in a cyber incident and may even make things worse
     
  • Social response: Get top global privacy/security influencers to act as trusted voices to counter misinformation with authority and hysteria with reach and credibility. To counter misinformation and hysteria when your own credibility is at an all-time low, you’ll need the support of authoritative opinion leaders in privacy and security

Part of the reason that you need specialists is the fact that traditional crisis tactics don’t work in a cyber crisis.

In a conventional crisis, you need to understand that with most crises or crimes, the criminals get the blame and the company and customers are seen as victims. The conventional PR tactics in a crisis scenario are to contain any issue until it becomes public and then to show empathy for your customers in order to gain sympathy from the press and general public for both you and the clients. It tends to work well.

A cyber incident is different. You’re likely to be on the back foot: a cyber incident could well be public before you even become aware yourselves. What’s more, cyber incidents aren’t instantaneous: the average breach occurs long before it is detected.

Unfortunately, cybercrime is about the only crime where the victim gets the blame. However much you spent on cybersecurity, the press and public will blame you and not the hackers. You need to be prepared to face the regulators, a hostile press and inevitable hysteria and misinformation.  Containment is not possible due to GDPR disclosure obligations and showing empathy won’t gain you any sympathy. It’ll simply put your executives in the firing line.

Crisis preparedness is also critical. Scenario planning and realistic simulation exercises are essential for preparedness, and indeed testing and assessment are mandated under GDPR. So if companies don’t do it, and they then have an incident – the regulatory action will be far harsher.

For companies of any size, it’s probably not a matter of ‘if’ they’ll get hit, but ‘when’. And since the average breach takes more than six months to detect, it may well already have happened.

If ever there was a time to make a case to the board for the need for cyber insurance and crisis preparedness, it is now – with a looming pandemic. The last crisis may have been financial, the current one may be health related, but the chances are that the next one with be a cyber crisis. We all need to be prepared for this.

https://www.cybersecuritycloudexpo.com/wp-content/uploads/2018/09/cyber-security-world-series-1.pngInterested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.

How businesses can make the most of flexible working


Sandra Vogel

17 Mar, 2020

The ability to work in any location that’s appropriate, from the office base to client premises to your own home, cafés, the beach and any other place that feels like the right place, has always been possible. But advances in technology make it easier to do more from a wider range of locations: If you’ve got a laptop and an internet connection, you’re all set.

This is a kind of mantra, but how do organisations really manage flexible working, what role does technology play, and what’s the mix between financial gains and supporting the wellbeing of the workforce? Cloud Pro asked a range of organisations these questions, and came up with some very compelling answers. 

Size is not a factor

While flexible working is sometimes seen as a luxury afforded only to those working in large companies that can afford to support it, the truth is businesses of all sizes can do it successfully. Indeed, Cloud Pro spoke to large and small organisations about their use of flexible working, and their size was not a factor in their choice.

Vestd, a regulated share scheme & equity management platform for SMBs employs just 14 full time staff. It doesn’t have a fixed office, instead the entire team works remotely, with occasional meetups in co-working hubs in London or Brighton. At the other end of the spectrum, Poly (formerly Plantronics/Polycom), employs around 7,500 staff across the globe. Paul Clark, Senior Vice President and EMEA Managing Director tells Cloud Pro: “At any given time, people may be collaborating from a home office or an office site, based on the task at hand.”

Technology smooths the path

Technology not only makes flexible working easier, it can also deliver entirely new ways of working as a team. For Vestd, technology allows them to operate without an office base, but they still need to get together as a team and for this video calling is vital. Co-founder and CEO Ifty Nasir tells Cloud Pro “Every morning we have a daily video call, with the whole team present.” 

It doesn’t need a great deal of imagination to see how technologies can change the ways in which we collaborate. Paul Clark expanded on how this is achieved at Poly, saying: “Meetings are no longer about talking, but sharing documents, screens and working on ideas as a team. Once on a call, participants want to be able to collaborate, be able to view and annotate the same files together in real-time, rather than waiting for an email to arrive with files to edit locally.”

The bottom line

The financial savings from flexible working can be very significant, too, and benefit both clients and the business itself. Edinburgh-based Prospect Community Housing manages around 1,000 homes and has 33 staff (a mix of full and part time). Director Brendan Fowler tells Cloud Pro that since going live with a bespoke housing management solution that caters for flexible working, staff costs are down £30,000 a year and more staff can spend more time in the community with tenants.

Vestd’s Nasir adds: “In a business like Vestd’s, an office would commonly be the largest cost after salaries.

“[Remote working] means that our fees can be dropped to a more competitive level. Companies that don’t work remotely may soon struggle to compete against those that do.”

Still, at a time when there is a growing feeling that we should be moving away from a five day working week towards four days a week, and there’s increased support for flexible hours across a whole range of sectors, the benefits of flexible working are for many organisations about more than headline financial savings.

Wellbeing matters

Personal wellbeing is increasingly recognised as being both good for the individual and good for businesses. Paul Clark from Poly says: “Work shouldn’t stop if you are away from your desk or outside the office building. This eventually allows for a better work-life balance and the much-needed time to relax anyone would take to trade off driving during rush hour or sitting on a train.”

Ifty Nasir puts it succinctly: “Avoiding the drudgery of a daily commute is very good for the soul, not to mention the back pocket.” He adds that employees save around £6,000 a year on average as a result – without even including any potential childcare costs.

Planning and buying agency MediaCom finds productivity and wellbeing benefits go hand in hand. Elaine Bremner, Chief HR and Talent Officer explains: “The key reason we offer our employees flexibility is to give them a working experience that allows them to also focus on travel, family and health and passions outside of work. This is important in creating an inclusive working culture and by giving people the ability to have ownership over their hours it increases their productivity when they are in work. By making your workforce as comfortable as possible in their work, you get the best results out of them.”

With increasing pressures on public transport systems, a growing awareness of the need to reduce car use, and an ever rising understanding of the health and wellbeing benefits of flexible working, in a way it’s surprising that there are any organisations that are not using technology to support it. Certainly those that have taken the plunge seem to find multiple benefits.

SolarWinds NPM 2019.4 review: A monitoring masterclass


Dave Mitchell

23 Mar, 2020

A great set of monitoring and performance tools, presented in a slick and customisable web console

Price 
£2,275 exc VAT

SolarWinds Network Performance Monitor (NPM) is a well-featured monitoring solution – and it will particularly appeal if you’re already using other SolarWinds products, as it integrates into SolarWind’s central Orion web console.

New features in the latest release include a graphical view of usage and status details for Cisco Catalyst 2960 and Juniper EX-series switches. You can also now view real-time graphs of CPU, memory and interface usage for any node, while the addition of widgets to the page settings screen makes it easier to customise views for individual devices.

The Orion web server has been updated to improve performance. Having experienced issues ourselves with the speed of previous versions, we’re happy to say that pages now load noticeably more quickly.

Setting up NPM isn’t quite as swift as with some other products – it took us around 90 minutes from start to finish – but it’s very easy, with the installer automatically downloading all required components. The first time you visit the web console you’re greeted by a discovery wizard, which prompted us to enter our IP address ranges and subnets, along with details of our AD domain controllers and system credentials – and invited us to schedule regular re-runs of the discovery procedure.

Once the various items on your network have all been identified, colour-coded icons highlight device issues. The console’s Alerts & Activity tab provides an overview, from which you can focus in on the details to see exactly what the problem is. The Message Center, meanwhile, provides extensive search facilities, and alerts can be linked to actions such as sending SMS messages and emails.

One feature of NPM that we rate particularly highly is its customisable dashboards. When you first access the console you might feel overwhelmed by an avalanche of information, but a dashboard can be quickly modified by adding or removing columns and moving resource views around. If you run out of room, you can set up a big-screen NOC view that rotates through multiple dashboard views at predefined intervals.

Application monitoring is another strength: the Quality of Experience dashboard can identify, categorise and analyse traffic from over 1,500 applications. Sensors simply need to be connected to a switch mirror port, and if you install them on hosts already being monitored by NPM, they won’t consume an extra node licence.

Then there’s the NetPath feature. This probes external web locations and presents live maps showing latency and packet loss details for each hop, making it easy to pinpoint cloud service performance issues. Windows and Linux remote agents can securely monitor cloud servers or you can use Amazon AWS and Microsoft Azure APIs which don’t require any NPM licenses.

And one of NPM’s cleverest features is PerfStack, which can help pinpoint the root cause of complex network problems by comparing a range of metrics from multiple systems. You can set these up using simple drag and drop manoeuvres, and choose a common time frame that makes it easy to compare metrics such as CPU or memory usage and identify which system is misbehaving.

The standard NPM package is more limited when it comes to VMware and Hyper-V hosts, with only basic availability monitoring included. If you want more, the optional Virtualisation Manager module adds datastore usage and capacity planning reports. 

Mobile support is comparatively weak, too: to access the console from our iPad, we had to install SolarWind’s separate Mobile Admin Server, which costs £533 – and, after linking the iOS app to it, we found the minimal information provided didn’t remotely justify the expense.

Although NPM has its shortcomings, its monitoring and troubleshooting tools can’t be faulted – and the web console is a pleasure to use, putting everything at your fingertips to ensure you don’t miss out on important information and issues.