Computer And Information Technology Article: December 2013

Tuesday, December 31, 2013

DFID tenders £300m supply chain framework

The Department for International Development (DFID) has tendered a ?300m contract to procure and manage a supply chain of goods and equipment across the world.

DFID is urging experienced organisations to apply for a four-year contract for goods, equipment and associated services which it will roll out across its global programmes.

The estimated total value of purchases for the entire framework agreement is between ?260m and ?300m, and will be awarded to a single supplier or consortium of suppliers.

The supply chain supplier will be expected to work closely with existing programme suppliers to manage DFID programmes.

Responsibilities will include establishing procurement strategies, providing value for money on every project, ensuring transparency, and targeting measured savings from third party suppliers

The application deadline is 29 January 2014.

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy$("a#eproductLogin").attr('href', function(i) { return $(this).attr('href') + '?fromURL=' + regFromUrl; });

Dark data could halt big data’s path to success

One of the attributes of winning companies is how deeply they understand their market, customers and competitors. Getting better at that may well be the key to survival in our hyper-competitive global market.

Analysing data is one of the ways to gain insight and uncover new opportunities. Advanced content management, search, business intelligence and other big data technologies have offered the prospect of being able to affordably do so at hitherto unimagined scale.

Given their potential to deliver massive value and competitive advantage, these technologies have seen tremendous growth and adoption over the past 18 months, according to research conducted among AIIM members.

According to the survey report, titled Big Data and Content Analytics: measuring the ROI, while big data analysis is increasingly seen as an essential core competence, 60% of organisations admit to "inadequate" BI (business intelligence) reporting capability, with an even larger number, 65%, confirming "somewhat disorganised" content management approaches.

The evidence points to the unresolved problem of what is termed "dark data" – data that lacks any control or classification, but which is prevalent in all too many environments.

It seems that connecting and linking multiple systems is the biggest challenge for potential big data projects – particularly joining structured and unstructured data sets and analysing textual data.

The study also highlights another big data obstacle: a growing skills gap. Having sufficient skilled users is rated as the next biggest challenge; no wonder 34% of early adopters either outsourced projects or brought in outside expertise (13%).

A further third say they could only make progress by identifying and training internal specialists, with the remaining third relying on existing in-house expertise.

Security is the third major big data adoption challenge – a potential show-stopper for nearly one in five respondents.

Protecting personal data is the primary concern, though commercial and financial information is also sensitive. Some of this can be fixed using automated cleaning and sanitising of content repositories – big data application in its own right.

How does this picture compare to the last time we looked? When AIIM last probed big data, in April 2012, we found reaction to the hype, and a good deal of confusion.

CIOs need to bring their big data project back to BI basics – and concentrate on content management, enterprise search and conventional BI capability
Doug Miles, AIIM

Now early users are reporting reasonable levels of success – in terms of reliable results, with 60% of early users feeling they have achieved payback (30% are less certain on that question due to high technology and expertise costs).

Big data projects are starting to contribute to core business, with over half of early users (56%) sufficiently confident in the outcomes to use them in decision-making, including 6% using them as a basis for strategy choices.

Beyond the early adopters, the understanding of big data technologies and the genuine business potential has climbed through the hype, with most respondents seeing many potential applications and benefits, albeit more to help smooth-running and profitability than to produce dramatic competitive advantage.

The overarching situation is that many organisations are too immature in their content management, search, and basic reporting to contemplate big data projects just yet – although they are making technology decisions today with a view to a big data future.

In response, CIOs need to bring their big data project back to BI basics – and concentrate on content management, enterprise search and conventional BI capability. The simple fact is that these issues will need to be resolved before big data projects can be realistically considered.

Doug Miles, director of market intelligence for AIIM, the global community of information management professionals, examines what challenges organisations are facing when it comes to big data.

This was first published in December 2013

Monday, December 30, 2013

How to prepare the IT workforce for cloud and mobility

Cloud and mobility have been ubiquitous subjects in the IT industry in recent years, with a spate of associated new jobs and increasing reliance on them to drive business. Despite this, an element of ambiguity in how best to utilise them in business remains.

“Mobility is so full of whitewater; we need standards around all aspects.” – Google

Across the industry, companies have been struggling to cope with the moving of software data into the cloud and a proliferation of remote devices with varying degrees of access to this. They require assurances that IT staff are suitably qualified for these new challenges, but don’t necessarily know what these staff should be expected to know.

With growing calls among major industry players for a set of supplier-neutral industry standards, the need for recognised certification was clear.

CompTIA – with a 20-plus year track record of developing IT certifications – worked closely with the IT industry to identify the key skills that staff responsible for cloud and mobility implementations must have.

Security issues, for example, were unanimously agreed to be the primary challenge. Many organisation struggle to find the right staff who understand the weight of specific security issues and cloud infrastructure needs on networks, what the impact is across the whole organisation, and how they can pre-empt these.

There was a major need for a set of specific security skills to address the ever-changing threat from cyber attacks. These included a requirement for staff to know how to set different data access settings for different staff groups.

IT businesses want staff to be capable of spotting vulnerabilities and threats long before they cause damage. Can their network administrators note unusual volumes of mobile device traffic going out over FTP to one particular unknown location and take appropriate action, for example? With no concrete staff credentials to fall back on, this is the kind of question businesses have not been able to answer with a resounding "yes".

Employees need a greater understanding not just of software compatibility across a network – remotely hosted or otherwise – but the full range of hardware in use too. Each device type has its own implications for security, and the administrator should know the best configuration to improve the security of data on each mobile device across the network.

CompTIA's industry analysis was not just related to specific job roles within organisations – we also picked up views of the whole cloud and mobility space and where businesses believe the industry is heading.

A strong consensus in the job market is that traditional knowledge and skills in networking and systems are migrating to include aspects of cloud and mobility. Being technically competent with a blend of skills is becoming a necessity, rather than a differentiator. Crucially, this means that the need to understand planning, implementing and managing cloud solutions will extend beyond just the core network administrator roles across the whole organisation.

Even the traditional IT professional needs to become cloud-savvy. The work environment is changing within these organisations, and the traditional networking or technical sales professional must learn new skills to support the overall objectives of the business.

Businesses are clearly struggling to find these skills. The rapid developments of areas such as the cloud and mobility have created uncertainty among established professionals. Even where the skills exist, businesses do not always know how to spot them, or even what to look for. This is why there has been an overwhelming call for an industry certification to validate skills in these new areas.

John McGlinchey (pictured) is senior vice-president, global business development, of CompTIA, the global IT trade association. CompTIA recently launched the Cloud+and Mobility+certifications, which it has developed over the past year in consultation with the IT industry.

This was first published in December 2013

Cheques to be payable by smartphone

Plans to allow bank customers to pay in cheques using their smartphones are soon to be put in motion.

The government will begin consultation in 2014 to introduce new legislation, allowing people to pay money into their bank accounts by taking pictures of cheques on their phones, as bank customers do in the US.

The use of cheques has been in steady decline since 1990, with two-thirds of those under 25 never having written a cheque. With suggested plans to eliminate cheque clearing by 2018, could this be the first step towards putting the cheque to bed for good?

This step towards greater digitisation could help to increase the time spent processing cheques, with banks claiming that this system will make processing cheques faster and more secure.

Despite the benefits of faster transactions, there is a worry that it could increase risk, especially since the two greatest security flaws for banks are operational risk and cyber threats, which processing cheques photographically could potentially increase.

Barclays, which according to the BBC is planning to roll out the smartphone cheque system in mid-2014, cut 1,700 jobs this year as a result of an increase in mobile banking. With people visiting branches less and less, it is no surprise that processes such as cashing cheques are becoming automated too.

Despite an increase in digital banking, the government claims this move towards digital cheque clearing will not mean the end of the cheque.

Sajid Javid, financial secretary to the Treasury, said: “The government is determined to create a banking sector that works for consumers and serves businesses. We want cheques to have a crucial role in the ongoing success of the UK.”

Wednesday, December 18, 2013

NAO slams Universal Credit for not achieving value for money

A report by the National Audit Office (NAO) claims the Department for Work and Pensions (DWP) has failed to achieve value for money during the development of the Universal Credit IT system.

The system, which aims to consolidate six existing benefits with a single payment, has been surrounded by controversy over the past year. The DWP has been criticised for writing off millions of pounds of wasted IT.

Earlier this week the DWP announced it was writing off ?40.1m of IT work on Universal Credit, with a further ?91m planned to be written off over a five-year period.

The ?40.1m, which will be written off immediately is slightly higher than the figure of ?34m that DWP previously admitted to in a highly critical NAO report released in September.

Speaking to MPs on the Work and Pensions Select Committee this week, DWP secretary of state Iain Duncan Smith insisted that, "There is no debacle on Universal Credit."

But a report from the NAO, which analysed the DWP’s 2012-2013 accounts, stated the department needs to learn from its past failures.

“The Department has to date not achieved value for the money it has incurred in the development of Universal Credit, and to do so in future it will need to learn the lessons of past failures,” wrote Amyas Morse Comptroller and Auditor General (C&AG), in the latest report.

Morse recommended the Department should properly commission and manage IT development; make effective financial decisions over the programme, and set realistic expectations for timescale of delivery.

“There were considerable weaknesses in the Department’s financial controls over the Universal Credit programme,” stated the report.

The report also stated that at such an early stage in the development of the system, it was uncertain how the digital solution will work, when it will be ready and how much it will cost.

In November 2013, the Ministerial Oversight Group for the troubled welfare reform programme, led by Duncan Smith, approved further investment in the programme. This investment, of between ?37m and ?58m, was considered important to run the existing infrastructure.

"These are considerable sums that the Department is proposing to invest, in a programme where there are significant levels of technical, cost and timetable uncertainty," Morse wrote in the recent NAO report.

Four arrested in £1m London cyber bank heist

Police have arrested four suspected cyber criminals and seized ?80,000 in cash and a live grenade after the theft of ?1m from two banks.

The arrests come three months after cyber criminals targeted Barclays and Santander by taking control of branch computers using a keyboard video mouse (KVM) switch.

Two 31-year-old men, a 27-year-old woman and a 24-year-old woman were arrested on suspicion of conspiracy to defraud, conspiracy to launder money and possession of an explosive.

The men are being held in custody while the women have been bailed until early next year.

The arrests and seizures followed raids on properties in Enfield and Islington, in north London by the Metropolitan Police’s cyber crime unit (MPCCU).

Detectives from the unit are investigating the thefts linked to malicious software inadvertently downloaded by customers of the banks.

The malware downloads were triggered by opening emails that appeared to be from the targeted banks.

The malware enabled criminals to transfer a total of ?1m to a series of other accounts, to be laundered and withdrawn as cash, police said.

"These arrests by the Met's cybercrime unit follow an investigation into what we suspect is international and organised crime targeting a number of bank customers in London and across the UK,” said detective chief inspector Jason Tunn of the MPCCU.

“The victims have been hoodwinked by malware-carrying emails purporting to be from their banks, and subsequently had money taken from their accounts,” he said.

Police recovered several computers, smartphones and other media devices, as well as luxury goods in the co-ordinated raids.

The MPCCU has asked several banks to freeze a number of accounts linked to the investigation.

The National Audit Office estimates that cybercrime costs Britain an estimated ?18bn to ?27bn every year.

Cyber security firm Check Point said bank customers must watch out for emails that appear to have been sent by their bank and contain links to websites or attachments.

“In late 2012, the Eurograbber attack siphoned ?30m from bank accounts in Europe using sophisticated malware that infected users’ PCs from emails,” said Keith Bird, Check Point’s UK managing director.

“These attacks are complex and stealthy, and exploit customers’ trust,” he said.

Bird warned users of online banking facilities should be wary of any emails containing links or attachments, and advised them to keep anti-virus software up to date and install a personal firewall.

There is growing international concern about the safety of financial markets in the face of increasingly sophisticated cyber attacks.

In September, Scott Borg, chief of the US Cyber Consequences Unit, said he believed manipulation of international financial markets will be the next evolution of cyber crime.

In November, UK banks and financial institutions took part in Operation Waking Shark 2, which was designed to simulate a major cyber attack on the payments and markets systems.

The test was monitored by the Bank of England, Treasury and Financial Conduct Authority who are due to publish a report on the ability of the UK’s core financial services providers to withstand cyber attacks.

Can HP Moonshot deliver blue-sky energy management in datacentres?

New servers that have more in common with laptops than datacentre hardware are being developed to tackle the energy time bomb.

The winter price hike has put the cost of energy in the spotlight once again. Lord Rupert Redesdale, CEO of the Energy Managers Association and chairman of the Low Energy Company, believes energy will have a material effect on IT and business.

“If energy prices double, low-cost hosting and cloud services are no longer economical,” he said.

Chip makers and server manufacturers are hoping to tackle the energy crisis, with emerging datacentre server architectures using low-powered Intel Atom and AMD Opteron chips in highly scale-out systems.

These are not general-purpose blades, but servers designed to run applications such as Hadoop, e-commerce websites, and workloads designed to run efficiently across large numbers of low-powered servers.

“Having software close to the hardware is where all the magic happens,” said Margaret Lewis, director of software planning for AMD's server division.

AMD wants datacentres to "re-imagine the server", she said because there is an exponential demand for computer processing, network and data storage, so workloads have to do more tasks.

The HP Moonshot server family uses AMD Enterprise clusters based on an Opteron X series processor. This is an integrated graphics processing unit (GPU) and central processing unit (CPU) – the so-called APU – which uses a laptop processor to build very dense clusters, where server building blocks on a blade share common components. “A four-APU Moonshot card shares a common network connector, storage and virtualisation layer,” said Lewis.

The key point about this new style of datacentre computing is that the servers are application specific. For instance, HP’s Converged System 100 for Hosted Desktops is designed to move desktop computing into the datacentre.

HP claims it is the industry’s first system architected to deliver a consistent, high-quality PC experience for remote and mobile knowledge workers. Engineered from the ground up, in partnership with AMD and Citrix, the system delivers dedicated PC-on-a-chip resources to support mobile workers who need the power of a full desktop.

According to HP, its approach to building a hosted desktop means users avoid the performance compromises of running desktop virtualisation. It said the system supports business graphics and multimedia performance of a traditional desktop PC, offering graphics frames per second that are six times faster than other virtual desktop infrastructure systems.

One of the big benefits of these laptop-like systems is that they offer an integrated GPU. This opens up the possibility of using the graphics chip for processing, rather like the Cuda libraries Nvidia provides to access its GPUs.

In August 2013, Nvidia, along with Google and IBM, formed the OpenPower alliance, which will provide advanced server, networking, storage and graphics technology for next-generation, hyperscale and cloud datacentres.

AMD’s Heterogeneous System Architecture enables C, C++ and Fortran developers to create applications that can take advantage of GPU-based computing.

Seismic data analysis in fracking is a signal processing application that could be ported to a GPU on a server chip to improve performance. Monte Carlo simulations and bioanalytics also make good candidates for GPU acceleration, according to Lewis.

Among the interesting developments coming out of HP’s Moonshot programme is its first ARM-powered server.

The server is a 32-bit system running Ubuntu Linux. It uses four ARM cores and eight integrated digital signal processors (DSPs) for telecommunications applications.

HP sees the system very much as a product for telcos that would traditionally use proprietary hardware. The ARM chip is a 32-bit processor, and clearly is not going to be running the Windows Server operating system, but given that ARM powers mobile phones, it offers the potential of incredibly low power consumption. But there will clearly be a lag in adoption, until Linux software is migrated onto ARM.

It is too early to predict how well ARM servers will do in the market. HP is already selling Atom and Opteron servers, but these are very much application-specific hardware.

Hadoop and web hosting, which require large numbers of low-cost servers, seem to be the logical choice, and HP appears to be selling these systems to cloud and web service providers initially. In time, such servers may enable the service providers to buffer rising energy costs and keep their cloud and web hosting services affordable.

Tuesday, December 17, 2013

Thirteen plead guilty to Anonymous DDoS attack on Paypal

Thirteen people pleaded guilty to taking part in distributed-denial-of-service (DDoS) attacks on eBay’s Paypal organised by the Anonymous hacktivist group in support of Wikileaks.

The defendants admitted taking part in Operation Payback in December 2010 that targeted payment firms such as Paypal, Mastercard and Visa after they stopped processing donations to Wikileaks.

At least four UK youths were arrested on charges relating to the attacks on Paypal.

By pleading guilty, the defendants face relatively minor misdemeanour charges, as long as they stay out of trouble, according to the BBC.

Lawyers for the defendants argued they were taking part in protests that should be protected by the US Constitution, which guarantees free speech.

But, the US Department of Justice accused them of intentionally damaging a protected computer.

The DDoS attacks – made using a free tool downloaded from the internet called Low Orbit Ion Canon (LOIC) – were reported to have cost Paypal around ?3.5m.

More than 100 workers from Paypal's parent company, eBay, spent three weeks working on issues related to the attacks.

PayPal also had to pay for more software and hardware to defend against similar attacks in the future.

Anonymous's Operation Payback originally targeted companies involved in the music industry and opponents of internet piracy. But the hacker collective broadened the campaign to include attacks in revenge for Wikileaks, following a backlash in the wake of the site publishing thousands of US diplomatic cables.

Dell adds top-end PS6210 flash array to EqualLogic iSCSI family

Dell has launched a new range of products – the PS6210 series – at the top end of its EqualLogic iSCSI SAN family. It includes for the first time an all-flash array, while there are also hybrid flash, fast disk-only and bulk storage variants.

The PS6210 family replaces the existing PS6110 range, and all the new hardware benefits from an upgraded multi-core Broadcom Netlogic XLP CPU in the controllers, a quadrupling of RAM to 16GB per controller and double the number of 10Gbps ports.

Meanwhile, the EqualLogic operating system – EqualLogic Array Software – has undergone an upgrade to version 7, with 64-bit capability, a new GUI and streamlined management of multiple arrays made easier.

The combination of upgrades to array hardware and software leads Dell to claim its best performance figures for any EqualLogic array to date.

These include a three times boost in IOPS and a maximum I/O rate of 1.2 million IOPS, though there are some major caveats to these figures – namely they are read-only and were benchmarked by Dell on using eight PS6210XS hybrid flash arrays.

PS6210E, which aims at bulk storage with up to 96TB capacity in nearline-SAS drives

PS6210S all-flash array, with capacity up to 19.2TB in SSDs of 400GB or 800GB

Fast disk PS6210XV in 2.5in and 3.5in 15,000rpm SAS variants, with 7.2TB and 14.4TB capacity respectively

Bulk/speed trade-off of the PS6210X, with capacity of up to 28.8TB of 10,000rpm SAS 2.5in drives

PS6210XS hybrid flash array, which can house up to 26TB of 2.5in SSDs and 10,000rpm SAS drives

The quoted IOPS rates apparently put the EqualLogic arrays in the same ballpark as the speediest of currently existing flash array products from other big six storage suppliers such as EMC, Hitachi Data Systems and IBM.

But the figures quoted are for eight PS6210XS devices strung together, which indicates the IOPS rate for one PS6210XS equates to 1/8 of one million – 125,000 IOPS each. Also, the figures are for read-only operations. Reads are always speedier than writes in flash because writes must erase existing data before writing new information to flash cells.

In the publicity for the PS6210 announcement Dell chose to publicise maximum performance figures for the XS variant hybrid array rather than the all-flash version. Normally all-flash arrays offer better I/O and latency performance than hybrid arrays, simply because they throw more flash at I/O.

This begs the question, is the hybrid XS version with flash and disk quicker because tiering software ensures hot data resides in optimum locations while the all-flash S version has its data less accessible for some reason?

Either way, it seems to mean the IOPS rate for a single PS6210, whether all-flash or hybrid, is not exactly earth-shattering.

With this announcement Dell has brought its EqualLogic iSCSI range up to match its Compellent family in providing all-flash capability. This year it upgraded its Dell Compellent Storage Center OS to version 6.4 and announced an all-flash Compellent array, the Flash Optimised Solution.

The Flash Optimised Solution comprises SLC and MLC drives in one of its SC220 expansion enclosures. Dell says it will get 300,000 IOPS for this mixed SLC/MLC bundle. That figure is quite low for a flash array, especially one with SLC drives, and suggests Dell has not optimised Storage Center to deal with the tasks involved in managing flash memory.

Instead, Dell focuses on the use of auto-tiering to try to get the most from flash in Compellent, moving data at sub-LUN level, with different parts of the same LUN living on different classes of storage media. That might be an approach it has applied to EqualLogic.

Ransomware looks set to increase, warns Sophos

Cyber criminals are planning to produce new forms of ransomwareon an unprecedented scale, according to IT security firm Sophos.

Ransomware is a type of Trojan malware used by criminals to block access to target computers so they can demand payment for restoring access.

In recent weeks the UK’s National Crime Agency’s National Computer Crime Unit has warned small and medium enterprises about the Cryptolocker ransomware that encrypts file on targeted machines.

The US computer emergency response team (US-Cert) has issued a similar warning to US computer users about emails that appear to come from financial institutions, but install Cryptolocker.

The malware is designed to encrypt files on the infected computer and any network it is attached to and then demand the payment of around ?500 in Bitcoins to unlock the files.

Now Sophos has warned there are discussions on underground forums about ways to produce a kit to make it easier for criminals to create their own versions of ransomware.

Malware kits have been responsible in large part for recent spikes in new malware as they lower the technical barriers to entry for would-be cyber criminals and often provide technical support.

According to the security firm’s annual report into cyber crime and emerging threats, ransomware could become the market leader in malicious code.

James Lyne, co-author of the report and global head of security research at Sophos, said there is evidence that cyber criminals are keen to cash in on the success of ransomware such as Cryptolocker.

Security firm BitDefender found that in the week starting 27 October 2013, more than 12,000 computers in the US were infected with the Cryptolocker malware

A separate attempt to shut down the network supporting Cryptolocker found almost 150 separate systems gathering responses from infected machines, according to the BBC.

The sophisticated networking capability within the ransomware means even if some criminal servers are shut down by law enforcement, the malicious network can recover quickly.

Law enforcement agencies have advised organisations against paying the ransoms demanded in untraceable bitcoin virtual currency because none of those who have paid up have recovered their data.

This approach means cyber criminals are able to cash out immediately without having to set up complex ways of monetising stolen data or laundering cash stolen from credit cards and bank accounts.

The Nation Cyber Crime Unit (NCCU) has advised anyone who is infected with this malware to report it through ActionFraud, the UK’s national fraud and internet crime-reporting centre.

The NCCU said prevention is better than cure and that UK businesses and consumers should:

Not click on any such attachmentUpdate antivirus software and operating systemsBackup files routinely to a location off the networkDisconnect any infected computers from the networkSeek professional help to clean infected computers
Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy$("a#eproductLogin").attr('href', function(i) { return $(this).attr('href') + '?fromURL=' + regFromUrl; });

Monday, December 16, 2013

Security Think Tank: BYOD requires focus on security risk in 2014

BYOD will continue to grow and, as well as being seen as a perk by existing employees and a budget-saver by IT departments, it will be the de facto requirement for new employees as part of the move towards more flexible working, writes Mike Gillespie.

Given that, according to Ovum, around half of employees use their own devices without their employers knowledge or agreement; and half of businesses who operate BYOD have experienced some kind of data breach (Trend Micro), we in security will have to ramp up our communications on risk and effective mitigation.

Android malware will continue to slurp up data and bank details. The move toward Android products – and the decline of the more traditionally viewed secure BlackBerry – has opened up a world of opportunity for hackers, scammers and other malfeasants. For instance, the Perkle crimeware kit will create further chaos and business devices will need stringent and regular security measures and updates to try to keep one step ahead of malware developments.

Businesses need to use more joined up thinking to leverage their most valuable security asset – their people – in the fight against malicious incursions.

All of these technology challenges will need boardroom acceptance of risk management and an improvement to communicate security across the whole of the business

Mike Gillespie is director of cyber research and security at the Security Institute.

This was first published in December 2013

Government seeks deputy CTO

The government is seeking a deputy chief technology officer who will report to CTO Liam Maxwell.

The candidate will work across government digital service (GDS) and the efficiency and reform group.

The role’s key responsibilities include maintaining and developing the technology leadership vision for government, building relationships with departments and establishing a stronger engagement between departments and Government Digital Services.

“There has never been a better opportunity to transform government’s use of technology,” says the advert. “Many major IT contracts are about to expire, we have an effective controls process in place and the technology landscape is swinging our way.”

Yesterday, it was reported that the government’s digital strategy was on track a year after it was first launched, but there were some inconsistencies between departments.

The GDS was launched by the then digital champion Martha Lane Fox, in 2011, with an aim to save the government billions of pounds by moving to a digital-by-default model.

One of the major IT projects for government over the past year was to consolidate existing multiple government websites on to one single platform (gov.uk), which was launched at the end of last year.

In doing so, it scrapped 1,700 websites that were wasteful and confusing to the public.

The platform is updated quickly and often, every 75 minutes or so during the day, said executive director of GDS Mike Bracken.

But the government still has 200 agencies to move to the centralised website over the coming months, and it was announced today that the completion date of the transition project would be July 2014, four months later than predicted at launch.

Applicants must apply by January 5 2014.

SAP system leaves Npower customer accounts in disarray

Npower today admitted its customer accounts are in disarray after it moved to a new SAP IT system. The news comes just two weeks after the company announced large job cuts and contracts to outsource its backend systems.

The energy company transferred customer account details to the new billing solution in November, but in a letter sent to customers this week entitled “We’re sorry,” it said the change meant several bills and statements didn’t go out when they should have, direct debits weren’t set up properly and new customer accounts were not recorded.

As a result, Npower said customer service had been impacted, with longer waiting times and many customers coming up against the issues.

“We look after 5.4m customer accounts in the UK,” the letter said. “Our aim is to make sure everyone has the best possible experience as an ower customer. However, we’ve let many of you down recently in the overall levels of customer service we’ve been providing.”

“We apologise unreservedly. We promise that if you have been impacted by the billing system problems we’ve had, you will not lose out financially as a direct result.”

We contacted SAP for comment on the failure. It said: "SAP understands that RWE npower has been and is continuing to make improvements to its customer services processes as part of an IT system transformation programme.

"We are in communication with the implementation partners and RWE Npower in order to resolve the difficulties they are facing with this programme. Both RWE Npower and the implementation partners can be assured of our support and assistance, should the need arise."

The issues come just two weeks after Npower announced it was cutting almost 1,500 jobs and transferring 500 staff over to Capita and TCS for new outsourcing contracts.

The company claimed this move would “save on current customer service costs, at a time of external pressures on energy prices."

It said: “This restructure is necessary if we are to deliver the levels of service our customers deserve.”

It defended the plan in its letter, saying: “We still have a long way to go, we know that, but the comprehensive changes we’re making to our systems and services should improve over time, making everyone’s experience with Npower better.”

The firm admitted it was still experiencing problems as a result of the system, but had put an additional 800 staff onto the project to fix it and in a statement released today said: “We're working hard to address these issues and have them fixed by early 2014."

Npower also promised to write to anyone hit by the failure to explain what was happening and extend repayment periods for those affected.

Sunday, December 15, 2013

Cloud transforming Indian business

Spending on cloud services by Indian organizations increased by 33.6% in 2013 compared to 2012, according to Gartner, with firms spending a total of $404m.

A total of $3.9bn will be invested in cloud products and services from 2013 through 2017, according to the analyst company.

“The Indian market has shown particularly strong growth for the past few years and is predicted to continue to be one of the fastest growing countries in Gartner’s cloud forecast,” said Gartner.

Cloud computing’s low up-front set-up costs is enabling businesses to expand quickly – without the need for heavy investment in hardware and human resources – suits the requirements of Indian businesses, which are mainly small and largely short of capital.

The cloud is not just a budgetary advantage but is driving business in sectors including trading.

The technology is driving the trading sector, according to National Stock Exchange of India CTO. The organization has prioritized investment in cloud computing technology.

Set up in November 1992, NSE was India's first fully automated electronic exchange with a nationwide presence. The exchange, unlike Bombay Stock Exchange (BSE), was the result of the recommendations of a high-powered group set up to study the establishment of new stock exchanges, which would operate on a pan-India basis.

The NSE’s trading system, the National Exchange for Automated Trading, has uptime record of over 99% with latency is in single digit milliseconds for all orders.

Cloud is one of the key technological dynamics influencing the trading sector in India, according to Umesh Jain, chief technical officer at the NSE .

The NSE is harnessing cloud computing for internal efficiency, as well as customer services, and cloud computing is a top priority, said Jain.

“Cloud is directly relevant. It creates huge opportunities for the exchange in terms of bringing down the cost of transactions,” said Jain. “The number of contracts traded will obviously increase at the NSE since the technology and information traded will increase with the incursion of cloud computing.”

Not only do the costs of transactions decrease, but options for services that were not feasible earlier may now become possible.

Arjun Singh at KPMG in India, said cloud computing increases the customer base of the NSE without the need for heavy investment in recruitment. “Performances and returns on investment will improve dramatically because of the virtually non-existent labor costs involved," he said.

Cloud computing’s low up-front costs means NSE can focus on improving performance and services, to drive profits.

Ujjwal C, owner of a small stockbroker firm Aashika in Kolkata, said companies using the NSE are benefiting from improved services. Continuous uptime and connectivity is vital to trading firms and cloud is supporting this, he added. “Advancements being incorporated such as cloud computing have definitely added to unprecedented up-time.”

London Fire Brigade engages public with risqué social media campaign

The London Fire Brigade (LFB) has achieved a high level of engagement from interacting with citizens via social media, while saving money on costly advertising campaigns.

Over the summer the LFB launched a campaign which yielded 47,000 impressions on Facebook, increased its Twitter following by 3,000 and directed 30,000 visitors to its website in a single day.

The campaign latched onto the bestselling, risqu? novel, Fifty Shades of Grey. The campaign – entitled Fifty Shades of Red – was launched to make people aware of the difficulties that can arise if individuals choose to use handcuffs.

“We wanted to talk about some of those incidents the fire brigade had to attend, many of which made people turn 50 shades of red,” said Glenn Sebright, head of media and internal communications at LFB.

The LFB’s budget for 2012/2013 was ?420m, which equates to ?49.76 per head of the population. But austerity measures have affected the organisation. The LFB has saved ?71m, but is obliged to find another ?45m saving over the next two years.

Over 2012/2013 the LFB received 178,000 calls, which included 20,000 fires and 25,000 false alarms. The organisation launched the Fifty Shades of Red social media campaign to reduce the number of unnecessary emergency call-outs.

Speaking at Socitm’s annual conference in London, Sebright said the organisation engaged its audience through social media in 2010 using its existing communications and PR staff.

“We didn’t understand what a social media team did at the time,” Sebright said. “We had five members in the comms team who worked hard to add a whole range of skills to their CVs.”

The LFB, which serves 33 boroughs in London, began using Twitter to inform the public of fire incidents. It then began to inform citizens about how to avoid fires; explaining what the organisation does; and how taxpayers’ money is being spent.

Sebright said using social media is unique because it allowed the organisation to engage an audience it had failed to reach in the past. A quarter of Facebook users are between 25 and 34 years old, and Sebright said in 2012 there were 1,500 fires involving young professionals.

“People go out for a good evening, come home put the chip pan on, and then have complications with fires.”

Using social media, the LFB targeted campaigns at this age group about the dangers of cooking after a night out drinking.

Other campaigns the LFB launched on social media include making the public aware of the dangers of leaving hair straighteners switched on and encouraging landlords to maintain lifts so fire fighters aren’t called out to trapped people.

But Sebright said he hasn’t always had positive engagement online. “Some people think it’s inappropriate that we’re talking about handcuffs in a flippant way,” he said. But before social media, LFB campaigns would have required costly advertising to reach the same people, so sometimes it is worth taking the risk, he said.

As well as Twitter and Facebook, the LFB is also experimenting with YouTube, QR codes, Instagram and the augmented reality app Blippar. “We’ll keep playing with those systems to see if they benefit us,” said Sebright. “The beauty of social media is it lends itself to what we’re trying to do –we’ve spent years looking at different system to capture the public’s imaginations.

While implementing a social media strategy has clearly benefited the LFB, it needs regular analysing to see which campaigns are successful and why.

“It’s incredibly important to report back on monthly basis to see what’s working and what’s not. What quality, rich content? Is it stuff that’s going to make people stick around?”

Sebright’s team used Google Analytics to analyse its website, while it works closely with IT to evaluate the impact social media makes on the system.

The LFB will have completed its three-year social media review in 2014. After that, Sebright wants to try encourage other departments across the organisation to implement a strategy, including the fire fighters themselves, in certain areas, borough commanders and HR.

He sees the Metropolitan Police engage with London citizens from specific boroughs locally, and Sebright said he would like to investigate the possibility of doing the same.

But with increasing cuts and LFB staff having issues with pensions, he said it is sometimes difficult to get the message across to the whole service, the rewards which can be gained by using social media.

Saturday, December 14, 2013

EU quashes Cisco complaint on Skype sale

Microsoft’s 2011 acquisition of Skype sticks to competition laws, the General Court of the European Union ruled today following on-going complaints from rival firm Cisco.

Redmond-based Microsoft made an $8.5bn offer to buy Skype in May 2011 and the deal closed in October the same year. The agreement saw its own MSN messenger system closed down and its services incorporated into the Skype platform for consumers, while bringing together its enterprise Lync service with the well-known Voice over IP (VoIP) solution.

Networking colossus Cisco – which has a number of its own hardware and software solutions for business level VoIP – complained to the EU, claiming the deal would have anti-competitive effects on the market and give Microsoft an 80% to 90% share of consumer communications and an advantage with corporate customers.

However, in October 2011, the European Commission disregarded the complaint and gave the go ahead to Microsoft and Skype.

Cisco was unwilling to let its issues rest, though, and in February 2012 brought an action to the General Court, seeking to annul the decision and claiming the Commission had approved the acquisition without carrying out an in-depth investigation.

Today the court made its final ruling on the matter and sided with Microsoft and Skype.

“The consumer communications sector is a recent and fast-growing sector characterised by short innovation cycles in which large market shares may turn out to be ephemeral,” it read. “Moreover, Microsoft, which has traditionally held a very large share of the PC software market, is less present on new operating devices, such as tablets and smartphones, which are becoming increasingly important on the consumer communications market.”

“Any attempt to increase prices of communications for users of PCs might encourage them to switch to alternative devices. Furthermore, since services on that market are usually provided free, a commercial policy of making users pay would run the risk of encouraging users to switch to other providers continuing to offer their services free of charge.”

The Court concluded Cisco and fellow complainant Messagenet had failed to demonstrate why such concentration of market share would damage the consumer industry, the merger under examination would be “compatible with the EU competition rules.

It also threw out the complaints about the corporate side of Cisco’s argument, rejecting the argument Microsoft would give preferential interoperability into its Lync system to Skype.

“The attainment of interoperability between Lync and Skype and the successful marketing of the new product resulting from this – which might, in theory, enable Microsoft to restrict competition – still depend on a series of factors in relation to which it is not certain that they might all occur in a sufficiently near future,” continued to ruling.

“Lync faces competition from other large players on the enterprise communications market, such as Cisco, which alone holds a larger share of the market than Microsoft. That circumstance considerably reduces Microsoft’s ability to impede competition on that market.”

We contacted Cisco for comment on the ruling but it had not returned our request at the time of publication.

Research reveals widespread mobile app hacking

All of the top 100 paid Android apps and 56% of the top 100 paid Apple iOS apps have been hacked, research has revealed.

Compared with the 2012 research, the proportion of compromised free Android apps has decreased from 80% to 73%, but increased in free iOS apps from 40% to 53%.

The research by security firm Arxan Technologies also revealed widespread app hacking among high-risk apps such as mobile financial apps.

In its second annual State of Security in the App Economy report, Arxan found “cracked” mobile financial apps to be widespread.

Focusing on these apps for the first time, Arxan found that 53% of the Android financial apps it reviewed had been “cracked”, while 23% of the iOS financial apps were hacked variants.

The report said the findings highlight the potential for massive revenue loss, unauthorised access to data, intellectual property (IP) theft, fraud, altered user experience and brand erosion.

As the growth in mobile tech innovation continues, payment use accelerates and transaction volumes increase, mobile app security remains a critical issue, the report said.

“The widespread use of “cracked” apps represents a real and present danger given the explosion of smartphone and tablet use in the workplace and home,” said Arxan CTO Kevin Morgan.

“Not only is IP theft costing software stakeholders millions of dollars every year, but unprotected apps are vulnerable to tampering, either through installed malware or through decompiling and reverse engineering – enabling hackers to analyse code and target core security or business logic that is protecting or enabling access to sensitive corporate data,” he said.

Morgan said pirated versions of popular software are available on numerous unofficial app stores such as Cydia, app distribution sites, hacker/cracker sites, and file download and torrent sites.

Researchers found that some of the hacked versions have been downloaded more than half a million times, indicating the scale of the problem.

“The challenge for greater mobile application security remains significant,” said Morgan.

He believes core recommendations for improving mobile application security need to be integrated early in the application development lifecycle and made a key component of any mobile-first strategy.

In light of the 2013 analysis, Arxan makes the following recommendations:

All Android applications that process sensitive information assets must be hardened against binary-level integrity or reverse-engineering attacks before deployment.Mobile applications with a high-risk profile (Android, iOS or other mobile platform) must be capable of defending themselves against static or dynamic analysis at runtime and be made tamper-resistant.Organisations should complement traditional web security tools and programs with binary code protection for code hosted in a mobile environment.

Arxan notes that recommendations outlined in the 2012 report still need to be widely adopted by application owners, and are outlined below:

Continue to foster mobile app protection as a strategic initiative.Prioritise protections for mobile apps that deal with transactions, payments, sensitive data or have high-value IP.Do not assume that web app security strategies are adequate to address the new requirements for mobile app protections.Focus on protecting the integrity of mobile apps against tampering/reverse-engineering attacks regardless of platform.Reduce technical risk by deploying apps with protections that are built directly into the application binary that will defeat both static and runtime attacks.
Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy$("a#eproductLogin").attr('href', function(i) { return $(this).attr('href') + '?fromURL=' + regFromUrl; });

Government expands private sector cyber security partnerships in NCSS drive

The UK government plans to concentrate on expanding partnerships around cyber security with the private sector in 2014 as part of the National Cyber Security Strategy (NCSS).

This includes introducing a cyber security kitemark for firms that do business with the government, to help boost UK cyber exports and a cyber security baseline standard.

The announcements coincide with the publication of the government’s progress report on the NCSS, two years after it was launched in November 2011.

The NCSS is supported by ?860m funding from the National Cyber Security Programme for delivering projects as part of the government’s response to growing threats in cyberspace.

Francis Maude, minister with oversight of the Cyber Security Strategy (pictured), said two years of “solid work” by government – in partnership with the private sector and academia – ensured the UK’s cyber resilience, awareness, skills and capability grows across the board.

“Our initiatives are ensuring the UK is one of the safest places to do business in cyberspace as well as providing a solid platform for economic growth,” he said.

Looking to the future, Maude said although the government is already working closely in partnership with the private sector, he wants to see that relationship grow even stronger to “mainstream cyber security” and raise awareness.

“We know this is important now, but this is also vital for our economic growth in the coming years. It will remain an absolute priority as we move to year three of our strategy,” he said.

Maude said cyber attack will remain a serious threat to UK national security.

“That is why our work with other sectors, such as academia and R&D, will continue to benefit strongly from secure government funding.

“As a result of the 2013 spending review we have directed an additional ?210m investment to this area, making ?860m of sustained government investment on cyber to 2016,” he said.

Maude said there remained work to be done, but investment, partnerships, skills, resilience and awareness are in a far stronger position today than before the National Cyber Security Programme was launched.

In 2014, the government plan to establish a Cyber Security Suppliers’ scheme, developed through the Cyber Growth partnership.

This will allow businesses to state publicly to prospective clients that they supply government with cyber security products and services.

Government’s aim is to more than double annual cyber exports from the UK to ?2bn a year by 2016.

2014 will also see the introduction of an industry-led organisational standard, based on ISO 27000 series to give industry a clear baseline to aim for.

This is aimed at ensuring a focus on basic cyber hygiene and protection from low level cyber threats, according to a senior government official.

“This standard will be adopted by government in its procurement where proportionate and relevant to encourage uptake and give companies a demonstrable competitive edge,” he said.

To further raise awareness of cyber security, the government believes internet service providers (ISPs) have an important role to play.

ISPs and the government have co-developed a series of Guiding Principles to improve the online security of customers and limit the rise in cyber attacks.

By summer 2014, the government plans the introduction of a “Massive Open Online Course” in cyber security for the Open University.

“The course will potentially reach 200,000 students both domestically and overseas. The course will be available free of charge to anyone who has access to the internet,” said a senior government official.

In 2014, the government plans to set up a third research institute to focus on trustworthy industrial control systems for critical national infrastructure.

“This directly supports national infrastructure, building capability, finding new innovative ways to protect the industrial technologies that support our key services,” said a senior government official.

“As more vital infrastructure goes online, the cyber threats are likely to increase unless we take steps to ensure we can manage them,” he said.

The first research institute for the science of cyber security was set up in 2012 and the second to find new ways of analysing software to combat cyber threats was set up in 2013.

The government plans to increase funding for the UK Cyber Security Challenge to expand the pilot schools competition regionally and nationally.

Since its launch 562 schools nationally have become involved. This programme gives school children the opportunity to develop their cyber skills and to demonstrate them in a competitive environment.

Finally, the government plans to increase its partnership with Chevening, Commonwealth and Marshall Scholars from Africa, Asia, and America.

“These scholars will take their knowledge and expertise back to their home countries, where strengthened cyber security will help tackle cyber threats to the UK at source, and where they will reinforce the UK’s reputation as a world leader in cyber,” said a senior government official.

Responding to government’s plans for a cyber security kitemark, cyber security firm Check Point welcomed the move.

“Our 2013 security report found that 63% of large organisations were infected with bots – stealthy agents which quietly siphon data from networks – so raising awareness of these issues and setting security benchmarks is an important step,” said Keith Bird, Check Point’s UK managing director.

“However, threats are continually evolving, so the benchmarks will need to be regularly reviewed and updated in order to keep pace and ensure they deliver a real foundation for protection,” he said.

Friday, December 13, 2013

Security Think Tank: KuppingerCole’s security predictions for 2014

After the proliferation of Stuxnet, Duqu in 2012 and other Scada-focused attacks in 2013, industrial control system security will become an important topic in 2014, writes Robert Newby . Large-scale processes involving multiple sites over long distances will be increasingly subject to advanced persistent attack.

As the adoption of cloud technologies increases exponentially in 2014, customers will find a greater requirement for encryption and key management technology. As this increases in scope, businesses will find there are limitations in the reach of current technologies, and will look for ways to extend this to their clients at greater scale, without losing control of their security environments.

The traditional corporate perimeter will disappear as this adoption increases, enabling a more dispersed workforce and client-base, but new perimeters will appear around information in different silos, requiring more classification and asset tagging. We will see the rise of technologies before the end of 2014 that focus on tagging data to protect itself, or creating virtual environments/perimeters that data cannot move outside. The issue will be how to keep this data protected, once it leaves the corporate-controlled environment.

Big data will continue to create its own security solutions and issues. As more big data systems are created to process data at scale, the metadata being produced will acquire greater value than the original data store. This data will need to be protected at source. 2014 will see security systems which rely on processing logs on global scales, implemented similarly to the key management technologies above. This will create further concerns about where this processed data is being stored and who has visibility.

Robert Newby is an analyst and managing partner at KuppingerCole UK.

This was first published in December 2013

BT launches scheme to get Plymouth residents online

BT is leading a new campaign to help people get online and learn digital skills in the city of Plymouth.

The Get IT Together scheme, set to launch next week, will see ?330,000 of funding from BT and a number of local organisations – including Plymouth Community Homes, the Plymouth Health Community and Jobcentre Plus – put into teaching online skills and building confidence in those new to the technology.

It will be run by the Citizens Online charity for the next three years. It will provide group sessions for thousands of people, covering topics from keeping secure online to searching for jobs, and aims to bring some of the 38,000 homes across the city without internet online.

Councillor Tudor Evans, the leader of Plymouth City Council, praised the scheme, saying: “We know that some people find computers intimidating, but we make sure they can get to grips with the basics at their own pace and see where it takes them.

“It could take them to new work, to considerable savings in heating their homes and using online health and welfare services. It’s the way the world is going and we want to take people with us, not leave them behind.”

The scheme is also part of BT’s wider Connected Society project, which has the goal of making sure nine in 10 people across the UK will have access to fibre broadband and services by 2020.

Paul Coles, regional programmes manager for BT, who was heavily involved in the Plymouth project, said: "Not being able to use the internet can leave people isolated and disadvantaged. We're committed to helping people in Plymouth get online and get the most out of the internet. This is the first exciting step in a journey to help people benefit from the online world.

Thursday, December 12, 2013

UK cyber security progress welcomed

The IT security community and industry has welcomed the UK government's latest report on the progress of its National Cyber Security Programme.

The UK is meeting its objectives of the national Cyber Security Strategy, Cabinet Office minister Francis Maude has old parliament.

The notable achievements of the past two years are highlighted in an official report published today, which also sets out government’s cyber security plans for the coming year.

These include the introduction of an industry kitemark that will allow businesses to state publicly to prospective clients that they supply government with cyber security products and services.

2014 will also see the introduction of an industry-led organisational standard, based on ISO 27000 series to give industry a clear baseline to aim for.

Mark Brown, director of information security at Ernst & Young, said: “It definitely feels like the UK is getting to grips with cyber security and finally moving towards a pro-active stance on this growing international threat.

“From a business perspective, the government is demonstrating another step in the right direction by agreeing an organisational standard on cyber security which will raise the bar not only in central government but more widely in UK plc.

“Specifically, this standard will tackle the threats occurring in the supply chain where the benefits realised by companies in raising their internal bar on cyber security postures are being undermined by failures throughout their supply chain, and will therefore provide a mechanism for businesses to ensure they address delivery risks throughout their extended enterprise.

“However, the government runs the risk of being accused of back-door legislation. Ideally, we would expect government to be offering UK plc tangible incentives to put in place standards on cyber security. Only then, will the UK truly become one of the safest places to do business in the world,” said Brown.

While welcoming the government’s efforts, Richard Archdeacon, head of security strategy at HP Enterprise Security Services, also urged caution.

“It should however be noted that while the introduction of an industry-led organisational Standard for Cyber Security is laudable, businesses should only regard this as the bare minimum.

“Furthermore, as these measures are well documented and indeed known by our adversaries, companies need to go above and beyond in order to truly secure their critical data,” he said.

These initiatives will undoubtedly better prepare UK businesses and raise awareness of cyber crime
Ross Brewer, LogRhythm

Ross Brewer, vice-president and managing director of international markets at LogRhythm, said the government’s plans for 2014 clearly show how big a priority cyber security is becoming.

“These initiatives will undoubtedly better prepare UK businesses and raise awareness of cyber crime, which is key when faced with today’s sophisticated threats.

“By building skill sets and tightening standards, it will hopefully stimulate the much-needed adoption of even basic threat-detection steps,” he said.

Brewer said all organisations should follow the government’s example of taking measures to protect itself from financial and reputational damage.

“Essentially, more businesses need to make the most of the resources available to them – after all, they are the ones who will ultimately suffer should they fall victim to an attack because of inadequate defences,” he said.

With breaches and attacks being reported on an almost daily basis, Brewer added that organisations must ensure they are actively addressing their existing security strategies so that they are fully aware of what is happening on their networks at all times.

Security Think Tank: Lock up personal information in 2014, says ISSA-UK

I do know what criminal lists my details have ended up on, writes Tim Holman, but even I get regular phishing emails claiming my mobile phone bill is spiralling out of control (please open this zip file), that companies house is going to strike 2-sec off the companies register (please open this zip file) and – it being Christmas – expensive gifts have been delayed by UK customs (please open this zip file).

Internet service and email providers are too slow to take this stuff off the wire and it inevitably ends up in my inbox.

While I might know that malware can be easily encoded into a multitude of different compression formats that anti-virus systems simply do not detect, your average user simply will not know this.

Given the elaborate, thought-out, well-spelt (they are all in good English) and targeted attacks we have seen in 2013, it looks like 2014 will be bringing more misery to users that simply are not aware that their computers can be completely taken over and used for nefarious purposes.

Unfortunately the spate of big data breaches we have seen over the past years have furnished cyber criminals with the one thing we do not want them to have - personal information.

In the wrong hands, this information IS being used to carry out targeted attacks, and they are not going to stop.

Tim Holman is president of ISSA-UK and CEO at 2-sec.

This was first published in December 2013

Wednesday, December 11, 2013

Extending your professional Influence: a guide for IT professionals

Over 20 years ago Colin Palmer, chairman of a British Computer Society Task Group, made the following observation on some key research into IT-led change programmes by the Oxford Institute of Information Management:

“They noticed that in all the significant cases of successful implementation of information technology for competitive advantage or for achieving major change in organisations, there seemed to be a person at the heart of the development who displayed certain experience and characteristics. These were: an understanding of the business and what was required within the business, combined with a technical competence that enabled them to understand what was required in technical terms, including the scope of what was being planned. In addition to this, they displayed two types of organisational skills. They knew how to get about the business, and this implied that they knew the business and the people around it well, and they knew how to get things done, possessing a set of excellent social skills - to listen, understand, negotiate and persuade".

Originally called "hybrid managers" (later "T-shaped people"), these people who possessed a rounded skillset that included business and personal as well as technical competencies, were identified as being the critical catalysts in successful change projects. However despite the early enthusiasm, by the late 1990s the hybrid as a change management concept seemed to have fallen by the wayside. Yet, take a look at the current job adverts for any senior professional role in change or IT and the chances are that "commercial awareness" and "influencing and persuasion" will feature as highly as professional specialisms in the list of essential skills required of the candidate.

Organisations, now more than ever, want people who can bring both breadth and depth of expertise, and collaborate successfully with others in multi-disciplinary change project teams. The last thing they want is "I-shaped people": specialists who have useful skills but can’t connect with others. However, breadth without depth is equally undesirable. In the early years of our professional careers, the focus has to be on gaining the deep technical competencies required by our roles. For example, John Lassiter is acknowledged as a great creative leader for Pixar, but first he had to develop his credibility and expert knowledge by working in the trenches as an animator.

As change and IT experts, working in the second decade of the 21st century, we therefore have to take a balanced view of our professional development if we want our projects to succeed and our careers to progress. Personal and business skills do not currently feature highly in many professional certification programmes although there are exceptions such as the BCS Diploma in Business Analysis and the newly-launched Expert BA Award. However, to gain the fully rounded skill set, the onus is on us as individuals to look at ways to develop these skills.

Download a free chapter from Philippa Thomas's book: The Human Touch.

Includes a 20% discount voucher

In our recent book The Human Touch: personal skills for professional success, we present a selection of the most useful, practical models and frameworks for the change/IT professional, across a range of personal and business skills including influencing and commercial awareness.

These two latter skills are a powerful "superpower" combination. In modern organisations, with fluid teams and hierarchies, relying purely on the authority vested by your role to get things done is fast becoming a redundant concept. So influence and persuasion are your keys to success: When armed with a clear positive answer to “what’s in it for me?” people will usually do the things you ask of them willingly.

However, with senior stakeholders your ability to influence will come as much from the business acumen you can demonstrate, as your social skills. If you can show that you can see the ‘big picture’, make sense of economic and market trends, interpret financial data and understand the potential impact of this information on the way your organisation delivers its products and services to customers, your credibility with the boardroom grows exponentially.

Becoming this rounded T-shaped professional and successful agent of change is not just a simple matter of attending a series of training courses. It also relies on a lifelong curiosity and commitment to personal learning and research. A good place to start developing the ‘personal’ and ‘business’ dimensions of your skillset is to start by simply talking to your colleagues in other functions.

Find out what makes them tick and what frustrates them. Invite their comment on your own work. You will be pleasantly surprised by the new perspectives offered and the deeper insights you gain, which are vital to successful organisational change programmes.

Philippa Thomas has specialised in learning and development for 20 years. With both commercial and operational experience of providing a range of IT training services to blue-chip organisations in the private and public sector, Philippa gained a unique insight into the people skills challenges arising from business change.

This was first published in November 2013

Tuesday, December 10, 2013

Tesco consolidates global datacentres into UK shared service

Tesco is six months away from completing a three-year programme to deliver a single datacentre operation to support UK and international operations.

Tomas Kadlec, Tesco's group infrastructure IT director, has spent the last year consolidating the European and Asian IT operations. In the last two years the retail giant has expanded its online business across eight countries.

He said: "We have consolidated the basic functions together." This has involved building a platform which can be rolled out to the countries where the website runs.

The website roll-outs are part of a wider datacentre simplification and consolidation programme that Tesco has been running following its global expansion programme.

Under the IT strategy of former CIO, Philip Clarke, who is now the retailer’s CEO, Tesco created pre-built infrastructure and services, dubbed "Tesco in a box", which could be deployed quickly into new regions.

Kadlec is not seeing a major push for IaaS (infrastructure as a service). He said: "A cloud service works great for x86 platforms, but it is difficult to migrate your whole suite of systems into the cloud. There are not too many people who are selling cloud mainframes or cloud-based OpenVMS [platforms]."

Kadlec believes IT departments can see many of the benefits of cloud computing by running the datacentre efficiently. Tesco is, however, looking closely at platform as a service - the company already uses Microsoft Azure and Office 365.

One of his successes has been deploying SharePoint: "We have been trying to implement SharePoint for many years but it never took off because it was driven as an IT project."

But when Tesco moved to SharePoint in the cloud, the roll-out went viral, said Kadlec. Rather than IT learning to install the product, the team makes the tool available to the business and evangelises the benefits.

"It is difficult to find a home in the business for a product [use] that doesn't yet exist," he said. Instead of focusing on implementing SharePoint, he said IT focused on making people excited about it.

However, while conceptually elegant, the strategy posed problems for IT. Kadlec said: "There was a [project] lifecycle where you started with the infrastructure, then installed the application and customise it to local needs." This was achieved sequentially, on a country by country basis. So the only way to do more countries was to send out more teams.

“Even though [our] intention was to make it all the same it ended different [in each country] either due to time constraints or the teams worked differently or the requirements were different."

This created a form of IT sprawl which the retailer is now addressing by delivering IT for Tesco from a central UK datacentre.

Over the last five years, Tesco has been tackling the variations across countries by bringing the teams and infrastructure together, Kadlec said. This allows Tesco to develop the IT systems once, and then deploy them across different regions. Kadlec has a roadmap to consolidate the 35 datacentres around the globe in a bid to run Tesco IT centrally out of the UK, rather like a global shared service centre.

Whatever new applications are deployed, they are now being installed centrally. This occurred with the international online business.

He said: "I was doing the integration of the infrastructure between the retail team in the UK and the online grocery team and bringing the two datacentres together because online had its own datacentre. We built the new infrastructure, which is now being used to deliver the websites for China and Eastern Europe, all from a facility in the UK."

This approach is being used to consolidate other Tesco systems. “We take them to a certain level of maturity and then offer them to other countries," he said.

Building datacentre capacity in the UK to support Tesco globally has involved a programme of work to ensure there is enough space within its facilities.

"We started to clean up the datacentre in order to [prepare for] the expansion," said Kadlec. Today Tesco operates two strategic datacentres in the UK along with space it rents for future growth complemented by a cloud strategy.

Historically Tesco used CA software to manage its mainframe systems. The firm had a few attempts to use CA tools for systems monitoring in its datacentres, but Kadlec admitted: "Given how we implemented monitoring, we spent more time implementing than actually using. In the last three years we shifted from trying to be the experts at installing the monitoring products to becoming experts at using them."

It was quite a painful shift, he said: "We thought we knew better than CA on how to do monitoring. As a consequence we didn't listen and didn't allow CA to implement the tools."

Two years ago Tesco wanted all the IT systems involved in retail to be managed from one place.

This is now possible, thanks to running integrated systems monitoring tools from CA. And the same monitoring tools are now being used to support the online business.

"This year my plan is to roll out [system monitoring] across all our European and Asian operations," said Kadlec. When complete, in around seven months’ time, he said: "We will be able to increase the benefit and maturity of [IT operations]."

We thought we knew better than CA on how to do monitoring. As a consequence we didn't listen and didn't allow CA to implement the tools
Tomas Kadlec, group infrastructure IT director, Tesco

Earlier in November Tesco received the CA Expo 2013 award for impact for its implementation of this single system monitoring framework. The framework enables operations staff, infrastructure management teams, service managers and application owners to have different views of the running IT system.

When Kadlec started in the UK business, the focus for IT was on centralising, consolidation and converging IT infrastructure. This is still a key focus, but it is part of normal IT operations. The challenge for IT now is: "How to ensure whatever you deploy is always current; it is available and there is enough of it," he said.

IT operations is changing. DevOps is one of the buzzwords doing the rounds. It encompasses an approach to IT operations to support ongoing software development. Kadlec said: "The days of building bespoke datacentre components for IT projects is long gone. You now have to pre-build the platform in the datacentre or in the cloud and modify the applications to use these pre-built components."

Government lays out 2014 cyber security agenda

The UK government has reiterated its commitment to addressing cyber security as a top priority at the Govnet Cyber Security Summit 2013 in London.

“We are committed, we have a strategy, but it is a long-term challenge that cannot be met by government alone,” said Neil Kenward, deputy director, Cyber Crime Programme Management, Cabinet Office.

Effective partnerships with business, academia, internationally and across central government are essential for the delivery and improvement of cyber security in the UK, he said.

Kenward highlighted what has been achieved under the national Cyber Crime Programme in the past year.

He said the UK has improved situational awareness, strengthened law enforcement, increased business awareness and advice, established a secure cyber information-sharing forum, strengthened cyber research and skills provision, and established a leadership position in the international debate.

“It sounds like an awful lot, but there is an awful lot to do,” said Kenward.

Turning to the year ahead, he said the government planned to embark on several new activities.

Top of the 2014 agenda is a major public awareness campaign to make individual citizens aware of the risks, but this campaign will also target small and medium-sized enterprises (SMEs).

2014 will also see the first national computer emergency response team (CERT-UK) become operational as part of the government’s objective to reinforce cyber incident response arrangements.

To help address the lack of people in the UK with cyber security skills, the government plans to expand vocational cyber security training through internships and apprenticeships.

In addition to these initiatives, Kenward said the government would continue to participate in international efforts to establish cyber security standards.

Allied to this, he said, is the UK government’s efforts to help build cyber security capacity internationally through the newly established international capacity building centre.

Monday, December 9, 2013

HP shareholders win out as revenue declines by $8bn

HP shareholders are set to receive an early Christmas present in spite of the company making $8bn less in 2013 compared to 2012.

The supplier said it returned $763m to shareholders in the form of dividends and share repurchases in the fourth quarter.

For the company’s fiscal 2013 results, which ended on 31 October, HP made $112bn revenue compared to $120bn in 2012.

HP president and chief executive officer Meg Whitman (pictured) said: "Our Q4 results demonstrate that HP's turnaround remains on track heading into fiscal 2014. While we still have much more work to do, our business units and their core assets are delivering on HP's strategy to help customers thrive by providing solutions for the new style of IT."

In its personal systems division, HP reported commercial revenue increased 4% and consumer revenue declined 10%.

HP’s notebook sales again suffered, reflecting the global shift away from PCs to tablets. The company posted $16bn in notebook revenue, nearly $3bn less than in 2012. Desktop PC revenue was $12.8bn, $1bn less than in 2012.

Workstation sales remained more-or-less the same, while HP’s networking business grew slightly to $2.53bn in 2013.

Its x86 server business posted revenue of $12.1bn, $482m less than in 2012, while its business critical systems division made $1.2bn in net revenue, $422m less than in 2012.

HP’s enterprise services business posted revenue of $23.5bn compared to $25.6bn last year. Its enterprise services revenue declined 9% year over year with a 4.4% operating margin. Application and business services revenue was down 10%, and infrastructure technology outsourcing revenue declined 9%.

Software revenue was down 9% year over year, although software-as-a-service (SaaS) revenue increased by 15%.

Search This Blog

Tuesday, December 31, 2013

Monday, December 30, 2013

Wednesday, December 18, 2013

Tuesday, December 17, 2013

Monday, December 16, 2013

Sunday, December 15, 2013

Saturday, December 14, 2013

Friday, December 13, 2013

Thursday, December 12, 2013

Wednesday, December 11, 2013

Tuesday, December 10, 2013

Monday, December 9, 2013