DDoS Protection: What is it and Why Does Your Business Need it? [Blog]

DDoS Protection: What is it and Why Does Your Business Need it? [Blog]

Nathan Allison, Head of Operational Security, explains how businesses can defend themselves against potentially destructive DDoS attacks.

Cyberattacks make the headlines periodically, usually when they hit high-profile organisations as with the well-known WannaCry ransomware attack that badly affected the NHS back in 2017 or the more recent Microsoft Exchange server attack in March this year. But just because they aren’t always in the news doesn’t mean they aren’t happening. In fact, businesses of all sizes face daily threats from a wide variety of malware and other nasties, so the security of their systems is something they need to take seriously.

One of the most damaging types of attack for businesses to deal with is the distributed denial of service (DDoS) attack. In these cases, the cybercriminal seeks to make a machine, network, cloud service or website unusable by bombarding it with thousands of requests in an attempt to overwhelm the system, therefore blocking legitimate traffic and effectively denying people use of the service.

The ‘distributed’ part of the name comes from the fact that these requests don’t originate from one single place, they come from many different sources. Very often, these zombie PCs are infected with malware in order to recruit them into botnets controlled by cybercriminals so that the attack can’t easily be stopped by blocking a single source.

Attacks occur for a number of reasons. The motivation behind DDoS attacks is often blackmail; trying to get companies to pay a ransom to stop the attack. But they can also be driven by revenge or by hacktivism, in other words, people with some kind of grudge against a particular company.

Although attacks on larger businesses – such as banks, for example – are the ones that get the most attention, no company with reliance on the cloud and a website is immune. DDoS protection, therefore, is something that EVERY company needs to take seriously, since suffering an attack can do serious damage to both your business and its reputation and may threaten its very existence.

How severe are DDoS attacks?

Most DDoS attacks have a lifespan of just a few hours. However, studies show that attacks are getting longer, lasting for several days in the most severe cases. Often, a short attack may be used as a declaration of intent, accompanied by a ransom demand. This serves to persuade those affected that the threat is a serious one, before launching a more sustained assault if the ransom isn’t paid.

The effects a DDoS attack has on businesses can be dramatic. More than half of companies take three hours to detect an attack, and three hours to respond. With a potential cost of lost revenue in the region of a quarter of a million pounds per hour, the effect of a sustained DDoS attack could prove crippling.

Of course, the financial aspect is only half the story. Businesses also face lost productivity, lost data, and severe damage to the reputation of the company as customers seek business elsewhere.

Although we think of DDoS attacks as being malicious, there are occasions when a site can be brought down by an unexpected surge in legitimate traffic. A breaking news story, for example, can cause major websites such as Google and Twitter to struggle with the extra demand generated. Similarly, a mention of a business website on a popular blog can have the effect of driving a surge of extra traffic. It’s important that any system aimed at combatting attacks is able to differentiate effectively between different types of traffic.

The UK Government takes the threat of DDoS attacks seriously, outlawing them under the Police and Justice Act of 2006, with anyone caught committing an attack facing sentences of up to 10 years in prison.

The problem lies in the global nature of the Internet with attacks coming from anywhere with difficulties in tracing back to a single source. This is further exacerbated by the fact that you don’t need to be a technical wizard to launch an attack – the Dark Web makes it possible for criminals to buy off-the-peg attack services for as little as a few hundred pounds. This DDoS-as-a-service approach makes attacks easier than ever with those responsible even offering sophisticated business models and pricing structures; an attacker in the US, for example, would pay more than one in Russia. Similarly, sites using some form of DDoS protection cost more to attack than those that don’t, and attacks on government sites are costly as they tend to be monitored closely by police and intelligence agencies.

Defending against attacks

Effective DDoS protection can be implemented in a number of different ways, although most often it involves a blended approach combining attack detection, classification of traffic and various blocking techniques.

Available technologies include using a ‘black hole’ to reroute suspect traffic to a non-existent server. An intrusion prevention system (IPS) can also be used to detect and block attacks based upon their content. However, the latest attacks tend to use legitimate content to hide their malicious intent, so this type of protection may be less effective.

Traditional protection techniques such as firewalls can also play a part in guarding against DDoS attacks. Where attacks are focussing on a particular port, a firewall rule can be an effective way of fighting them off. Features built-in to some of the latest generation of routers can also resist the impact of DDoS attacks, which would be able to overwhelm conventional hardware.

Buying protection

So, what exactly do you need to look for when shopping for DDoS protection? First of all, you need a supplier you can trust, so look for a company that has accreditations from major security vendors. It looks like you’ve already found one! Daisy has the highest-level accreditations with the world’s most trusted security vendors, so there’s nobody better placed to keep you protected. This gives you the peace of mind that staff have been properly trained and that the latest technology is available to deal with attacks.

DDoS attacks can come at any time, so 24/7/365 monitoring is essential. It also needs to be able to offer a fast response when an attack is detected; the earlier you can catch and block an attack, the less damage it will do to your business.

If you’re looking for protection from your service provider then you need to ask about the network technology that they’re using. Daisy, for example, offers embedded protection against DDoS attacks, which protects not only our Daisy network but also our customers’ networks.

The provider’s location is an important consideration too; choosing a UK-based service ensures that you have access to local support, as well as constraining traffic within the country in the event of an attack. As one of the UK’s leading independent providers of cyber security services, we ensure you’ll never speak to anyone further than the British Isles.

Buying protection as-a-service also delivers a number of benefits to your company. It means that you have access to a full range of services from monitoring and detection all the way through to mitigating the effects of any attack that might occur. Cyber security skills are in demand, and smaller companies may not necessarily be able to afford a dedicated team of in-house specialists to deal with DDoS threats and other security issues. But by buying protection from a trusted supplier like Daisy, you ensure that you have access to the latest technology and skills without the difficulty or expense of recruitment or training faced if you attempted to handle all of your security needs on your own.

Ready to start preventing DDoS attacks?

Find out more about our DDoS protection solution here or contact our security experts for a no-obligation chat on 0344 863 3000.

 

SUSTAINABLE IT EQUIPMENT DISPOSAL [Q&A]

We asked Mimi Moll, IT & Telecoms Sustainability Lead at our partner N2S, to explain why responsible IT equipment disposal is so important.

Q. We all want to reduce landfill as much as possible, but is IT equipment particularly bad?

Yes it is – a single printed circuit board can contain up to 60-70% of the elements in the periodic table, many of which are toxic when allowed to degrade in landfill. Sadly we have historic landfills where exactly this is happening and these could pose a health risk to people and the environment as the toxic waste escapes into the surrounding air, water, soil, and vegetation. There is also a lot of plastic, some of which contains persistent organic pollutants (POPs). The Environment Agency has a strategy to remove POPs from the supply chain by only allowing “energy from waste” as a disposal method and so it is important to have a trusted partner with a fully-audited supply chain for your IT recycling.

Q. What are the benefits of responsible recycling, to the planet?

We talked above about the toxicity, but these materials are also valuable resources that use a lot of water and carbon in their extraction from the earth. 7% of the world’s gold is thought to currently lie in e-waste, a third of a printed circuit board is copper. Sadly, third world mining operations continue to present varying degrees of hazard to the health and well-being of those working in and living around the mines. I often call our facilities an ‘urban mine’ as we are not digging into the earth and therefore helping to protect biodiversity by negating the need to further mine for raw materials as well as avoiding carbon and helping to reach #NetZero. Below you can see the deforestation and toxic landscape of a copper mine in Papua New Guinea:

Q. What are the benefits of responsible recycling, to a business?

Responsible “recycling” means advocating the EU waste hierarchy and a more circular economy  – building into procurement the reuse of devices whether that is cascading them internally or reselling them to release residual values and extending the lifespan. Of course, for any devices to be re-used or sold, it is imperative that security is also key – it sits hand in hand with sustainability as methods of data destruction (shredding or sanitisation of hard disk drives [HDD]) can either support or hinder reuse and resale. Sanitisation enables the equipment to be resold with maximum value where removing HDD to shred them does not.

Here is some further information and reading, that I recommend:

https://ellenmacarthurfoundation.org/circular-economy-diagram

The Global E-waste Monitor 2020 introduces you to the global e-waste challenge, explains how the challenge currently fits into international efforts to reach the Sustainable Development Goals (SDGs), and discusses how to create a circular economy and sustainable societies.

About Mimi Moll

Mimi is IT & Telecoms Sustainability Lead at N2S. She joined the organisation three years ago after meeting the founder Jack Gomarsall and learning of the innovative work they were doing. A passionate advocate for the environment in both work and personal life, Mimi has been instrumental in positioning N2S as an industry leader in sustainable technology solutions.

Stay at Home: WiFi Roll-Out Supports Healthcare Trust Through COVID Disruption [Customer Story]

Stay at Home: WiFi Roll-Out Supports Healthcare Trust Through COVID Disruption [Customer Story]

How we help the health sector transform patient care through digital innovation.

With some of the UK’s largest public health bodies and NHS trusts as our customers, we are helping make sure that they have the right technology in place.

Thanks to the help of Daisy and strategic partner Extreme Networks, an NHS Trust was able to carry on providing invaluable care in a time of national crisis and give its workforce access to “the office” and all the critical systems and data that comes with it.

You can read about how we overhauled their WiFi solution to improve access for key staff working in the community and from home in our short story below.

How can we help you?

Healthcare organisations are in a constant state of change and must look to their network as a foundation to effectively adapt to the dynamic demands of the industry. Working together as strategic partners, Daisy and Extreme Networks can help you create an environment that is patient-centric and enables staff to enhance the care they deliver.

To learn more about how clinical-grade network infrastructure can support your evolving healthcare environment, download our guide below.

The Festive Phishing Season Is Upon Us: Don’t Let Your Company’s Employees Take The Bait [Blog]

The Festive Phishing Season Is Upon Us: Don’t Let Your Company’s Employees Take The Bait [Blog]

Security Product Manager Anthony Custy advises on how to avoid getting caught by phishing scams in peak retail season.

Phishing is once again likely to be a popular pastime for cyberattackers this winter. It is therefore vital that businesses make sure they are protecting their staff from taking the bait.

Black Friday, Cyber Monday, Boxing Day, and the January sales combine to offer the perfect feeding season for those who want to infiltrate business systems each year. Following an 18-month period in which many workers have transitioned to at-home working, and been potentially more vulnerable to cyberattacks, the coming festive months are likely to see those dangers reach new levels.

The line that most attackers are likely to cast out to make a catch, is email phishing and mobile device-based text message phishing (also known as smishing).

A staggering 90% of all cyberattacks begin with a phishing email1, with the aim of stealing either money or data from the victim. Smishing attempts have also risen dramatically, with a seven-fold increase in the first six months of this year2. In the first half of November 2020 alone, researchers witnessed an 80% spike in phishing campaigns2 containing words such as ‘offer’, ‘sale’ and ‘cheap’.

At first glance, the dangers seem obvious. Losing money, information or intellectual property is something that businesses can ill-afford at any time. Beyond those initial impacts, however, also lie a host of reputational risks as employees and customers lose faith in those companies who are unable to keep their data or digital property secure. In fact, disruption at such a busy and pressurised time of the year is something that cannot be left to chance.

To combat this, businesses must ensure that their employees are properly equipped and aware of the dangers that lurk, so they can remain in calm waters.

Avoid being reeled in

Business email accounts are not immune to attackers’ phishing attempts. In fact, as the lines between personal and business use of corporate devices has become increasingly blurred, the attack vector has become even more pronounced.

There could be a level of complacency among workers who wouldn’t expect to be attacked using corporate software. Similarly, the risk-reward payoff for hackers is much greater should they infiltrate a business device, rather than someone’s personal device.

As such, the role of daily cyber hygiene should be paramount for businesses as we enter the festive season. Most attacks don’t occur because of ingenious attacks, but because of user error. It could be as simple as a purposely misspelled brand name that hasn’t been noticed – think ‘Arnazon’ instead of ‘Amazon’. Spoofed domains and subtly tweaked email addresses pass through the net more often than you’d think, so employees need to be careful not to be reeled in.

Additional signs to look out for include grammatical errors or repetitions within the email itself, URLs that seem abridged or cut off, and any emails that seem ‘too good to be true’ or that demand urgency in order to get the ‘best deal’.

While users may be more vigilant about suspicious emails, they are often less wary about text messages on their phones. Smishing is a form of phishing attack where scammers use SMS or text messages as the ruse instead of an email. A smishing message itself could be as innocuous as a notification of an attempted delivery or an offer of a voucher to trick unsuspecting victims into handing over sensitive information or downloading and installing malware onto employees’ smartphones.

The DMARC deficit

The reason why such a basic level of vigilance is required across the workforce is that there are still many gaps to be exploited, despite stated efforts from retailers to improve resilience. Concerningly, it came to light last year that only 11% of UK retailers have currently implemented the recommended and strictest level of Domain-based Message Authentication, Reporting & Conformance (DMARC) protection4.

DMARC is a system that prevents cybercriminals from spoofing a retailer’s identity. This reduces the risk of email fraud and phishing reaching the screens of unwitting customers.

Against this backdrop, businesses must make sure they are not making a rod for their own back by waiting for the retail sector to catch up and by being fully prepared for this year’s phishing season and beyond.

Phishing isn’t just for Christmas

Training, education and guidance should be the first ports of call. Embedding a strong and robust line of defence among the workforce will go a long way to mitigating human error.

Yet, the onus doesn’t solely lie with employees, as properly solidifying your company’s cyber-defences should also be a key focus. This should begin by knowing your own current level of protection. A security health assessment can pinpoint where general company vulnerabilities lie before offering guidance on where to better safeguard moving forward.

By working with a specialist partner like Daisy, you can be a cyber attacker’s nightmare before Christmas. We can offer a holistic portfolio of next-generation firewalls, endpoint security, DDoS protection, SIEM, vulnerability management, cyberbreach recovery services and more.

To find out how Daisy can help you this festive period and beyond, visit https://daisyuk.tech/security/.

Remember, phishing isn’t just for Christmas!

 

1 https://www.retailtechnologyreview.com/articles/94-of-retailers-open-to-phishing-attacks-what-we-can-do-to-close-the-net
2 https://www.computerweekly.com/news/252506611/Smishing-attacks-up-sevenfold-in-six-months/
3 https://www.cybertalk.org/2020/11/17/phishing-scams-surging-ahead-of-2020-mega-retail-events/
4 https://www.infosecurity-magazine.com/blogs/email-attacks-retail-season/
6 steps to building operational resilience

6 steps to building operational resilience [Article]

David Davies, Business Continuity Consultant at Daisy, gives you his six most important steps to building operational resilience.

Step 01: Define your important business services (IBS)

As set out in the handbook of the Financial Conduct Authority (FCA) SYSC 15A. Important Business Services (IBS) are the key overarching services a firm delivers to its customers.

What makes a business service “important?” The FCA Handbook explains it as a disruption to that service would cause “intolerable harm” to clients or be a risk to the UK financial markets.

What is a business service? A business service may span across the work of many departments and be dependent on many services such as IT services and supplier services. Payments or mortgages may be a business service, for example. The IT system that runs the mortgage service isn’t a business service, the finance department which handles the majority of mortgage payments isn’t a business service, these are dependencies that need to be mapped to the business service.

Applicable firms should have identified their important business systems by 31 March 2022*.

Step 02: Set your impact tolerances for each IBS

The FCA Handbook defines impact tolerance as “maximum tolerable level of disruption” and is measured in time, and any other relevant measurements. To use the example, if the payments IBS failed for five minutes during a quiet period on a weekday afternoon there may be little impact. If it failed for longer it may cause “intolerable harm”.

In this way, the firm can prioritise the urgency to recover services that are within the list of important business systems. (as well as other services).

Applicable firms should have identified their IBS impact tolerances by 31 March 2022*.

Step 03: Map your dependencies sufficiently to have completed points 1 and 2.

Important business systems on their own are a bit abstract, it’s important to associate them with the departments, IT, suppliers and any other key dependencies which deliver them. This enables the firm to plan for the resilience of the IBS (potentially investing more to increase its resilience). It also enables the firm to focus recovery effort on the IBS during an incident, and to understand the dependencies which need to be tested to practice for an incident.

Applicable firms should have mapped their IBS’ dependencies by 31 March 2022*.

Step 04: Carry out scenario testing sufficiently to have completed points 1 and 2.

Scenario testing is important to validate the resilience and recovery capability of each IBS. This needs to be planned, and applicable for the dependencies. For example, IT services could be IT disaster recovery tested to prove that technology can failover, or recover from replicas or backups, while the key management decision-making for an IBS could be better tested by a simulation or paper-based exercise.

Applicable firms should have scenario tested their IBS’ dependencies by 31 March 2022*.

Step 05: Produce your first self-assessment document (to be updated regularly after that)

Firms will also be expected to self-assess the status of steps 1-4 on a regular basis. The self-assessment itself is defined in the FCA handbook SYSC 15A. As such, the FCA is making it clear that firms are expected to maintain the standards required of them.

Applicable firms should have a self-assessment document in place by 31 March 2022*.

Step 06: Operate and remain within impact tolerances

The additional target is for firms to be able to demonstrate that they have mapped and tested important business systems to operate and remain within their impact tolerances. As such, if there are gaps in resilience and recovery capability these will need to be understood and closed.

Applicable firms should have this in place, “as soon as possible after 31 March 2022, and no later than 31 March 2025.”*

*For more information on the FCA guidelines click here.

 

About the author

David Davies is an award-winning Business Resilience and IT Resilience Consultant at Daisy. He has worked in IT resilience and recovery for more than 20 years, starting in a technical role at IBM looking after data backups and testing disaster recovery on very large enterprise systems.

David moved on to project management of disaster recovery testing, then left IBM to work in business continuity consultancy over the last 15 years. In that time, David has worked with more than 150 organisations as a resilience consultant, some medium-sized but the vast majority being enterprise-sized organisations.

 

Daisy Cloud Consultancy

Cloud consultancy – what does it actually deliver? [Q&A]

We put David Robinson, Lead Architect for Modern Workplace, in our Cloud Architecture and Delivery Team, on the spot to explain the whys and wherefores of cloud consultancy.

Who are you?

I am David Robinson, a Lead Architect at Daisy specialising in Modern Workplace Technology and Solutions. I have worked as an IT Architect at Daisy for over 10 years, leading the design and delivery of customer IT transformation and transition projects. These include dedicated, private cloud, hybrid cloud and cloud only platforms to provide server and end user desktop hosting, enterprise applications and configuration, backup and data protection, high availability and resilience, IT compliance and security and end user device management.

What has prompted Daisy to launch some packaged cloud consultancy services?

We work with many organisations, from all types of industries and while every single one of them is unique, there are commonalities in infrastructure, in their objectives and in the challenges they face.

Because we have been designing, implementing and managing cloud infrastructure from before the days it was called “cloud”, we have extensive knowledge and experience to apply. We’re able to deliver a framework to evaluate an organisation’s current environment and recommend the right path to achieve what they need.

Is there much need for consultancy in mid-market organisations?

Yes, and enterprise organisations too in fact. Especially with COVID-19 forcing new ways of working, we’ve seen an uptake in cloud adoption and organisations want to be sure they are making the right choices based on solid analysis and best practice, so that they reduce the risks associated with cloud environments.

What is really interesting is the number of organisations who have already embraced the cloud (in its various forms) but are not seeing the results they expected. In some cases, because services were mis-sold or misunderstood and in others because of the speed in which decisions needed to be made. We’re being approached by organisations who are now at the stage where they can take stock and with our help, make positive changes to maximise their cloud investments and start to see the results that they were expecting.

We’re also finding that people are fed up of hearing that cloud is the future and what they really need is help understanding what’s right for them. We’ve produced guides and FAQs and lots of collateral but sometimes, you just need to sit down with a client and listen. That’s where having a company like Daisy to talk to can really help.

Is the cloud right for everybody?

No, not necessarily. There are loads of businesses that run critical infrastructure on legacy technology or work in an environment where they need to closely control their data, who has access, where it is stored and so on. But there are different types of cloud and ways to embrace cloud advantages but still retain on premise control.

There is still the need to assess and understand an organisations compliance and security requirements, there is still the need to understand the cost of cloud and there is still the need to understand the performance requirements of the applications and solutions that are to be hosted in the cloud. Modern cloud environments are evolving constantly with solutions that address all these concerns and, in most use cases, the benefits of cloud can be realised, with Daisy’s help.

Your latest consultancy packages are around Microsoft 365. Why do organisations need help with that?

Microsoft 365 (M365) is a suite of cloud productivity services and applications from Microsoft, that also combines these capabilities with managed Identity, Windows Desktop, End User Device (EUD) Management, Security, Compliance and Service Management. M365 solutions are designed for both small and medium sized businesses and extend to providing productivity, management and security for the Enterprise. The adoption, configuration, and on-going management of M365 is a complex set of activities and components and this is where the consultancy packages from Daisy can deliver real value, using the extensive experience that Daisy has in designing and implementing Microsoft 365.

Microsoft 365 Adoption Assessment

Our Microsoft 365 Adoption Assessment is designed to help customers get the most out of the technology, as there’s a lot it can do to help fit in with your existing environment and the way you want to use it. Customers may want certain features but not know what pre-requisites are required to turn those features on, such as the correct licensing and some underlying technology to support the Microsoft 365 services.

For example, a customer might want to implement self-service password resets (SSPR) so that users can go to a Microsoft 365 portal and reset their own forgotten password based on security questions. But to make this work, they need to have a certain hybrid identity configuration in place and the technology that supports that (Azure Active Directory Connect) needs to be a certain version and have certain options selected. Our report will highlight this and suggest best practice recommendations for enabling most of the juicy features that Microsoft 365 offers.

Our consultancy assessment enables us to have conversations with the customer, identify traditional methods they are using for laptop builds (as another example). Where traditionally this may be the system centre configuration manager (SCCM) from Microsoft, now the report will look at how SCCM will coexist with the likes of Autopilot and Intune (with new Microsoft 365 features). Customers may not realise how SCCM and autopilot can coexist or what licensing requirements are needed to make use of these features.

We are really just doing a current state assessment and providing the customer with a report and roadmap of what they could have moving towards cloud and Microsoft 365 and how they can best get there (at a high level).

Why can customers not just buy the Microsoft 365 licences and away they go?

They could of course do it themselves, but Daisy offers the expertise to ensure the pre-requisites and enablers are in place and configured correctly so that Microsoft 365 works the way they need it to work and that it co-exists with their existing traditional on-premise technologies.

We leverage our blueprints and standard designs to influence the configuration setup and our experience of making the most out of Microsoft 365 and cloud services, is built into the blueprints and standards, therefore we already know how to make things work.

Market research as well as the interest in our services, tells us that there are a lot of organisations out there who are not making the most of the Microsoft 365 features available to them. We can provide sound guidance on how and what the customer requires to achieve what they need to, from using the technology.

Some organisations may well have the time and expertise to do it themselves, which is great. One thing that they need to make sure they get right, is the security. Cloud based solutions, such as Microsoft 365 have introduced the need for security and IT teams to re-think how they control and manage the new risks that using this technology presents.

Microsoft 365 Security Assessment

Our Microsoft 365 Security assessment is designed to help the customer understand the risk posture that is associated with their existing or new implementation of Microsoft 365. The assessment, which covers Microsoft 365, identity, applications, information and devices, will review a businesses security requirements to identify where there are existing security and compliance risks.

Microsoft provide a suite of security solutions to address these risks. However, it is often the case that these are not being used effectively and therefore environments could be exposed to threats.

For many organisations, the rush to cloud-based solutions for collaboration and information sharing, has resulted in the potential exploitation of that information. The changes that are required to maintain security control have not been realised or could be significantly improved to remove the threats.

Working with a provider such as Daisy, who has the relevant expertise to manage and consult on Microsoft 365 security, ensures those organisations can meet their security requirements to protect their assets and business.

What’s the best thing about your job?

The thing I love the most about my job is that I’m always learning. There is constant evolution in the technology industry and there is always something new that I can begin to understand and then start to master. My drive to learn more and to update my skills and knowledge has stood me in good stead, and the support from Daisy in that quest has been invaluable. Of course, it really goes without saying, the Daisy team is also second-to-none. The level of expertise within the team and the desire to do the right thing for the customer all contribute to making the job so rewarding.

About the author

David has worked in the IT industry for more than 20 years, beginning his IT career with a multinational technology corporation and in a first line support role, developing his career through project delivery, and then as an IT Architect.  

David now heads up the modern workplace function of Cloud Solution Delivery as a Lead Architect, where he also mentors Solution Architects that are responsible for the design and delivery of modern workplace solutions. 

Cloud Networking: The Vital Part of the Equation for Universities and Colleges [Article]

Cloud Networking: The Vital Part of the Equation for Universities and Colleges [Article]

Andy Riley, Sales Director at Daisy explores the benefits of cloud networking for this new generation of hybrid learning…

Eyes to the front, reader. It’s March 2020 and in a quite literal overnight transformation, UK colleges and universities have made the switch to online teaching and learning. For some it’s an entirely new ball game, for others it’s a simple pivot, either way, one thing has become clear – technology has raised its hand to answer the sector’s most pressing question: “How are we going to do this?” and in answering, goes on to be the shining star of its class; the first-class honours student of education of which IT managers and CIOs can be proud.

As lecture theatres and classrooms sat empty, their virtual counterparts filled to the e-rafters as the likes of Zoom, Teams, Skype and other such alternatives were brought to the fore. Together, teaching staff adapted and students adjusted in order to embrace new systems that would help them sit out a global emergency.

Fast forward an entire school year (and then some), it’s clear that online learning is here for the duration. But, now that the global emergency shows signs of waning, how will technology answer the next question of “What now?”

Education has been progressing steadily in becoming smarter for a while now. For example, the use of WiFi can now be used to interpret patterns between dwindling attendance to concentrated location hotspots to help identify students who may not otherwise be speaking up and may otherwise fall under the radar – a major advantage in tackling mental health struggles. Similarly, managed cloud solutions have been adopted to mitigate the costly and labour-intensive process of installing additional hardware throughout the busy Clearing process. But pressures also existed before COVID, such as the delivering of more enriched, personalised learning experiences and increased operational efficiencies. So as great as the progress is, it was progress for a time when education was carried out purely on-site. Today, those pressures still need to be addressed, but must now also work alongside the new, more hybrid learning challenges posed by the pandemic. As a result, there is now also a need for the provision of pro-active infrastructure strategies that can focus students and empower staff when away from campus.

Attempting to solve this equation can often lead to an increasingly complex and distributed IT environment. One that needs to remain secure and robust in a sector battling with limited resources yet needs to be fast, agile and scalable in order to support the needs of today and those – whatever they may be in whatever the circumstances – of the future.

Luckily, solutions do exist out there that can help reduce the need to mix many different technologies into a solution that just isn’t quite right. ExtremeCloud IQ delivered by Daisy, is an end-to-end cloud-driven networking technology that delivers the flexible, agile, scalable, and intelligent solutions to support the unique and complex needs of your institution. From driving a more enriched and personalised learning experience in order to improve learning outcomes, to allowing administrators to protect student information and satisfy compliance requirements, you can accelerate your digital transformation project with confidence.

This article was originally published in Public Sector Focus Magazine July/August 2021 Issue

Technology and the modern retail manager: a success story in the making [Blog]

Post-lockdown, competition for customers and staff is fierce throughout the retail sector. This places greater pressure than ever before on managers and makes agile, portable and connected technology vital for their success.

Welcome to the third in our series of blogs about the transformative power of technology in retail – a sector forever changed by COVID-19. Having explored the theme from the perspective of your customer-facing and back-office teams, we now focus on the needs of those tasked with coordinating, empowering and retaining both of these groups: retail managers.

“Rallying the troops” in a demanding new retail universe

Both customers and staff have emerged from the pandemic forever changed. Customers, for the most part, are eager to immerse themselves in the store environment once again, with 74% confessing to having missed it during lockdown.1 But months of online shopping have made them more discriminating about the speed, fluidity and connectedness of that experience, and they now expect retailers to personalise their engagement across all channels, both physical and digital.

This ramps up the pressure on an already battered workforce, 84% of whom have reported declining mental health in the last year2, a consequence of job insecurity, unpredictable shift patterns and spiralling workloads. With retailers hiring at the fastest rate for eight years3, more and more staff are considering a change of career.

By equipping frontline and back-office teams with ultra-portable devices and dynamic access to customer and stock data, while also placing self-service kiosks at customers’ disposal, retailers can “join up” the retail processes and hit the sweet-spot for all three groups. It’s precisely this ability that makes solutions like Microsoft Surface so powerful.

Empowering managers to bring it all together

Managers, of course, are especially crucial to this purpose – not least for the pivotal role they play in linking frontline, back-office and warehouse teams to ensure the crucial “last mile” is executed perfectly, and to helping teams achieve more with less.

The Microsoft Surface range also increases managers’ power to motivate people, while maximising the meaning and reward they find in their role. They can do this by equipping frontline staff to offer customers the unified, multi-channel, context-rich experience they crave, while also making back-office teams in particular feel a greater connection to the wider organisation.

How Microsoft Surface can help

Faced with an increased workload and a workforce crying out for nurture and support, retail managers need to be tech-savvy and mobile, while also encouraging the necessary tech adoption among their team. Microsoft Surface combines the following to drive productivity, link colleagues together as a team, and ensure smooth productivity across different sites and processes:

  • Ultra-portable, powerful mobile devices, from laptops to tablets, specially designed for use in a fast-moving, complex, people-driven environment
  • Leading Microsoft productivity apps, including M365 and Dynamics365 Commerce, with secure, enterprise-level cloud connectivity from Microsoft Azure
  • Instant access to real-time data and stock information across channels, as well as customer details that allow them to make informed decisions on the spot
  • Connectivity apps like Microsoft Teams allow you to create coherent, self-sufficient teams and faster feedback loops
  • Easy integration with your favoured line-of-business software

The result? A more responsive and integrated retail experience for customers, regardless of channel, and a workforce that’s motivated and equipped to excel. Find out more.

 

Sources:

1 Retail Customer Experience: UK shoppers missing the in-store retail experience

2 How can retailers prioritise mental health post-Covid?

3CIPD & Adecco, via Retail Gazette

Daisy infrastructure for on premise

To own, or not to own? [Blog]

Daisy’s Head of Cloud and Digital Transformation, Andy Bevan,  discusses the long and the short of pay-per-use IT infrastructure.

It might feel like pay-per-use IT has really come of age during the last 18 months, with even the most die-hard “we need to own our IT outright” companies adopting subscription-based services to maintain productivity during the pandemic. In some respects, such services are nothing new, and have been around in various forms since the 1960s—but there is no doubt that since the start of the cloud computing age, pay-per-use IT consumption, also known as consumption-based or as-a-service IT, has reached another level.

In this article, we take a quick look at how pay-per-use IT services have evolved and expanded, explore some of the challenges of public cloud consumption-based services, and then look at modern approaches to pay-per-use IT services that go beyond the public cloud.

Pay-per-use over the years

Back in the 1960s, mainframe providers offered access to computing power and database storage to companies on a shared basis for a fee. This was known as a service bureau business. Fast forward to the 1990s and the emergence of the application service provider (ASP) which provided a platform for businesses to access third party applications which the ASP hosted and managed. Typically, businesses would access their applications via a thin client each user would install on their computer and pay for on a per-use or subscription basis.

ASP evolved into software-as-a-service (SaaS) as we know it today. Alongside this, was the growth of public cloud, delivering infrastructure and platform as-a-service solutions. Again, as with the previous models, the user organisation doesn’t own or manage the IT services themselves, but instead accesses the services on an on-demand basis, over the internet.

A critical impact of the rise of the as-a-service model is that organisations have affordable access to enterprise-grade services that would typically be out of their reach thanks to cost and the skillset required to install and maintain these services. Because as-a-service providers save on the distribution and installation costs associated with owned IT services, and with economies of scale and global reach thanks to the public cloud, it is now viable to offer these enterprise services to companies of all sizes.

Pay-per-use during the pandemic

Think about the services that have become daily necessities such as productivity (Microsoft 365), collaboration (Slack), CRM (Salesforce) and video conferencing (Teams and Zoom); it’s not an understatement to say that we would not have been able to pivot as rapidly as we did to work from home without these SaaS services. Not only are these services affordable for companies of all sizes, but already stretched IT teams were able to deploy them quickly and easily – sometimes in a matter of hours or days, not weeks or months – and manage the services effectively, in many cases without specialist training.

As the pandemic proceeded, the service providers kept improving the service for a – by now – majority remote workforce, and, critically, quickly closing security gaps as they emerged. These upgrades were available instantly, and at no extra cost, to all users around the world, and with minimal or no involvement of customer IT teams.

SaaS success stories

Even before the pandemic, SaaS was very much the rising star. Two big milestones in the emergence of SaaS as a mainstream feature of the IT landscape were Microsoft and Adobe’s shift to a pay-per-use model in the 2010s.

  1. Microsoft Office 365

Remember having physical Microsoft boxes that its software was shipped in? That feels like another world, as we very rapidly became comfortable swapping our traditional Microsoft licences for subscriptions to Office 365 (now called Microsoft 365 of course, although the Office moniker seems to be difficult to shake.) Office 365 launched in 2013 as the preferred route to Microsoft Office over the typical licenced, “on-premises” version, and by 2017 subscription sales had exceeded licence sales. Office 365, with its integrated collaboration and cloud-based capabilities has certainly been one of the heroes of the pandemic.

  1. Adobe Creative Cloud

Adobe launched its SaaS option Adobe Creative Cloud in 2012, and only a year later canned its perpetual licence option, Adobe Creative Suite. The company resolved two big challenges with its SaaS service. Firstly, the lengthy product upgrade schedule of licenced software couldn’t keep up with the rapid changes in the graphic design and other creative industries. The SaaS version could easily be updated far more frequently, and customers would instantly gain the additional features and capabilities within their existing subscription. Second, it allowed a move from choppy, licenced-based income with a more regular monthly or yearly flow of subscription fees. By 2017 Adobe Creative Cloud had 12 million subscribers, and by the end of 2020, this is estimated to have grown to 22 million.

As-a-service beyond the pandemic

As we emerge from the pandemic, uncertainty and unpredictability are still key characteristics of doing business today. It has become increasingly difficult to predict too far ahead, yet the success stories from the pandemic have shown us that digitally enabled companies can thrive if they act quickly to grab opportunities.

Technology, typically powered by the cloud and acquired on a pay-per-use basis, has given these survivor businesses the data-driven insights as well as the operational flexibility to change fast, avoid pitfalls and take advantage of the opportunities that arrive. Of course, while public cloud capabilities have enabled much of this resilience and flexibility, there are also drawbacks and limitations organisations should be aware of.  Public cloud pricing may lack transparency, and the sheer size of the hyperscale vendors often makes them appear unresponsive. Many organisations are rightfully wary of losing control over their data; and finally, there are many core business apps that are neither ready nor appropriate for the journey to the cloud.

As-a-service without the public cloud

As the pay-per-use model continues to evolve, it is now possible to gain the speed and flexibility benefits of the cloud experience while also maintaining control over data and key applications, keeping them on-premises or in a service provider’s private data centre. Paying a predictable monthly fee and retaining the ability to scale up or down very quickly remains the core requirement, both to avoid missing out on opportunities and crucially, avoid paying for unused capacity. Finally, by decoupling pay-per-use from the public cloud, organisations are free to consciously evolve the hybrid cloud landscape that works for them.

Find out more about as-a-service infrastructure delivered by HPE GreenLake and Daisy. Get a cloud-like experience on premise: delivering all the benefits of lower cost and rapid service provision, while still meeting all requirements for security, compliance, and control.

Once you’ve got your infrastructure sorted, don’t forget to protect it – our security and business continuity solutions are second to none and seamlessly integrate into your as-a-service infrastructure.

About the Author

Andy Bevan is Head of Cloud and Digital Transformation at Daisy

As an experienced IT professional with 35 years’ experience, Andy has a proven track record in solution architecture, technical leadership and transformation. Andy has extensive knowledge across the technology spectrum. He has applied this knowledge and his strategic proficiency in all vertical sectors, particularly legal/professional services, finance/financial services, health, public sector organisations, ISV/SaaS and the media. At Daisy, Andy’s leadership ensures that cloud, availability, connectivity, security, and all other facets of the technology infrastructure are mapped to resilience and the future of the organisations we work with as trusted partners.

Bringing back-office staff to the forefront in retail [Blog]

As retail customers return to stores, your back-office and warehouse teams need to be as empowered and nurtured as their frontline colleagues. Agile technology will be vital to achieving this, and to creating the joined-up, ultra-responsive experience customers now routinely expect across channels.

If you’ve read our first blog in this series, Retail? It’s a New World, you’ll already have a powerful sense of how the in-store experience (and expectations) of customers and frontline staff has changed in the wake of economic lockdown, and how portable, supple technology (as epitomised by the Microsoft Surface range) is more central than ever to meeting their needs.

In this blog, we explore how vital that same technology is to the effectiveness and morale of your back-office and warehouse teams. For retailers looking to succeed in a transformed sector, two things are abundantly clear. Firstly, back-office staff need to be brought to the forefront – to be, and to feel, like an integral part of your wider organisation, and your brand. Secondly, retailers who fail to adapt to customers’ heightened in-store expectations will pay a heavy price.

Right now, the in-store experience has never been more important

Most retail customers, starved by lockdown of the tactile pleasures of exploring physical products in a physical environment, are desperate to return.1 But their expectations of what physical shopping means has been changed for good by months of online shopping.

In particular, the apparent end-to-end seamlessness of online purchasing and delivery is now a base expectation for any retail interaction. If your store doesn’t “talk to itself”, especially about the basics such as stock availability, and if your processes aren’t sufficiently coordinated for products to be sourced pretty much at once, expect customer tolerance to be low. However slick your frontline operation, each store (and indeed your wider organisation) has to function as an integrated whole.

The upshot? The “last mile” has to be absolutely right

Managing demand across different retail channels has traditionally been a labour-intensive2 challenge, with inefficiencies3 a constant threat. Now more than ever, customers expect free, fast delivery of goods, in-store and out, with the onus squarely on the brand that wants their business.4 The process also functions in reverse: consumer returns cost British stores over £7bn in 2019, with 39% of those returns happening in-store.5

Clearly, collaboration and understanding between customer, frontline and back-office functions has to be instinctive and easy. Inventory data and insight must flow in both directions, aided by cutting-edge connectivity and communication tools that generate trust, familiarity and rapport between everyone in your team.

What do your back-office colleagues really need?

Given how critical they are to the day-to-day functioning of any retail organisation, it’s surprising how overlooked warehouse and other staff can end up feeling. And yet without their ability to connect both your supply chain and your storefront, costs spiral and at worst, your business simply doesn’t function.

In a healthy retail operation, the ability of back-office staff to thrive in their role is constantly monitored and optimised. Since their work is task-based and speed is of the essence, technology needs to be as portable as it is powerful, providing them with the tools and connectivity to work efficiently while achieving a sense of wellbeing, control and flow.

Any solution must also connect them fully to the rest of their worksite, and the organisation as a whole. Technology is instrumental in helping them feel supported and valued, with the potential to grow and progress in their current role and beyond. Like their frontline colleagues, back-office staff have been deeply affected by the job insecurity, frequent shift changes and unpredictable workloads brought about by the pandemic – leading 84% of retail workers to suffer declining mental health in the last year.6

Intuitive, integrated and mobile: meeting their needs with Microsoft Surface

Microsoft Surface’s slim, light, yet robust devices are a practical solution to the most demanding of retail environments, especially when connected by an enterprise-level cloud solution like Microsoft Azure and transformative apps like Dynamics365 Commerce, which integrate seamlessly with your preferred line-of-business software.

As well as connectivity and infrastructure, Microsoft Surface knows the retail territory and has designed its devices accordingly, with HD screens, batteries that last a full shift, integrated bar code readers and a full menu of heavy-duty accessories, from vehicle and wall mounts to UAG Plasma cases and ways of embedding access to your ERP system in a forklift cockpit.

Microsoft Surface is also ideal for connecting otherwise isolated users with your wider organisation, be it via access to shift rotas or the ever-popular Microsoft Teams. The result? A more joined-up and responsive retail operation all round. Find out more.

Sources:

1Footfall begins to recover as shops reopen (brc.org.uk)

2BRC Podcast -Navigating new consumer priorities post-pandemic

32021 Trends: How will the retail warehouse adapt?

4KPMG Annual Retail Survey 2020

5How can retailers prioritise mental health post-Covid?