41% of risk and compliance pros adopting cloud tech in pandemic recovery

There has been a strong post-pandemic push toward the adoption of cloud-based technology, according to a study by Galvanize, an SaaS governance, risk, and compliance (GRC) software provider.

The survey of GRC professionals revealed the critical value they bring to the C-suite, as well as the top concerns from, and the evolving role of, GRC professionals.

The report, which assessed the views of GRC professionals and non-GRC professionals in related fields, found that nearly half of GRC professionals (45%) are still using Microsoft Office tools to manage critical programs and documents.

However, there’s a light at the end of the tunnel: although only 30% of GRC professionals currently use cloud-based technology, 41% of survey respondents say they are planning to adopt it.

53% of GRC professionals say that, while their organizations now perceive them as being more valuable, the volume and scope of their workload has drastically increased, and resources continue to shrink.

GRC software protects against increased workloads – only 39% of users reported an increased workload, which is far less than those who rely on Microsoft (61%) or on multiple point solutions (89%).

63% of GRC professionals who use integrated technology have complete visibility into the risks faced by their organisations and how those risks tie back to their work; that’s twice as many as those who use Microsoft Office.

Dan Zitting, CEO of Galvanize, said: “Much like we saw in the Roaring ‘20s of 100 years ago, the biggest post-pandemic concern is a return to the new normal.

“The fastest route is through technology – especially for the GRC industry. The data shows indisputable benefits: more visibility into risk, decreased workload, and more efficiencies. It’s promising to see the strides GRC practitioners are taking to implement cloud-based technology so they can maintain their position as strategic advisors to their organizations.”

We provide risk assessments in all aspects of IT and business processes. We help to accelerate cloud migration and adoption.

How the pandemic changed backup

The Covid-19 pandemic forced big changes in how people work – we look at impacts on backup, including increased reliance on the cloud, plus security and compliance vulnerabilities and ransomware

Remote working is now a permanent arrangement for a growing number of businesses after the Covid-19 pandemic pushed organizations of all sizes to move to home working on a wide scale in a very short timeframe.

The impact on all areas of IT has been huge, but arguably it is most acute in backup and data protection.

And the shift to remote working is no longer viewed as a temporary measure for dealing with public health restrictions. Management consulting firm McKinsey believes more than 20% of the workforce can operate as effectively from home as they would in the office. If employers allow it, it says four times as many people could work from home than in 2019.

The impact of home working on IT systems is well documented. Businesses have had to invest in laptops and tablets, and even printers, for remote staff. They have also had to re-engineer networks and applications to allow remote access on a large scale.

Meanwhile, the move to remote working has forced organisations to revisit their data protection and backup strategies.

Protected by being remote?

From a business continuity perspective, an organisation with a highly distributed workforce can be more resilient than one where the majority of employees are office-based. The obvious difference is that there is no need to invoke physical disaster recovery (DR) planning, such as moving to emergency office space. As long as datacentre or cloud-based applications remain accessible, work carries on.

But taking work off-premise forces changes to backup and recovery. Are backup systems configured to run on remote devices? And do employees have enough bandwidth to run backup tools?

At the start of the pandemic, organisations found the bandwidth of their virtual private network (VPN) under stress, so they had to invest in improving capacity. Anecdotally, supporting technologies such as backup was viewed as less critical than line-of-business applications.

“For remote workers, all of a sudden their home became their office. They may not even have had a desk for their laptop. These effects created a domino effect of networking, security and data protection consequences,” says Christophe Bertrand, a senior analyst at ESG.

But although some organisations opted for local solutions for their backup needs – including USB sticks, hard drives or even employee-purchased online storage – Bertrand believes that Covid-19 has accelerated existing trends towards cloud backup and reliance on online office suites and software as a service (SaaS).

Applications such as Microsoft Office 365 became much more important during the pandemic,” says Bertrand.

Five areas where the pandemic impacted backup

1. Local backups, and data compliance

Asking users to back up data locally to removable media is rarely an IT team’s first choice, but during the pandemic, especially the first few weeks, it might have been the only option.

Not all network-based endpoint backup tools supported remote users, and those that did had to contend with limited bandwidth and rising demand for VPN access from other applications.

Supplier support for remote users has improved over the past year, so IT leaders should check the features offered in their backup software. They should also check licensing, to ensure their endpoints are covered.

Once employees have moved to a secure, remote backup system, they should securely erase local backups to prevent a backup solution becoming a data compliance problem.

2. Protecting SaaS applications

Software-as-a-service is one of the technologies that really helped organisations adapt to pandemic working. And backups for SaaS applications are becoming more important – Gartner says it accounts for a growing number of client enquiries.

“In the past two years, infrastructure and operations leaders have begun to include SaaS applications such as Microsoft Office 365, Google Workspace (formerly G Suite) and Salesforce as a part of their backup strategy,” says Gartner senior research director Santhosh Rao.

Although users might assume “cloud” applications automatically back up their data, this is not the case. But suppliers are developing specific backup tools for SaaS, with Office 365 the best supported.

Google Workspace and Salesforce backups are still “largely a work in progress,” notes Rao, but the pandemic has prompted suppliers to invest there too.

3. Backing up to the cloud – and cloud-to-cloud backup

Backing up user data to the cloud bypasses the limitations of corporate VPNs and avoids the data protection pitfalls of remote workers’ local backups.

According to StorageCraft, part of Arcserve, 61% of UK IT decision-makers have increased their use of cloud backup services since the start of the pandemic. Another 28% say they rely increasingly on cloud services for data recovery.

The pandemic has undoubtedly forced CIOs’ hands in the face of technical and compliance concerns. Backing up users’ devices directly to the cloud should be more reliable, easier for employees and, with the right controls, compliant with data protection regulations. The option to back up to private cloud instances provides further assurance.

But organisations are also looking at cloud-to-cloud backup. More on-premise suppliers now support backups for infrastructure as a service (IaaS) and platform as a service (PaaS), including cloud-native workloads and virtual machines, according to Gartner.

With the pandemic shifting more critical applications from the datacentre to the cloud, ensuring they are fully backed up is vital. As Gartner’s Rao points out, this should also include containerised workloads.

Backing up to the cloud also helps deal with another pandemic impact – IT staff no longer need to physically access the datacentre to manage storage.

4. Centralised backup management

The pandemic, and the move to a more fluid and hybrid IT model, has increased workloads for IT teams. As a result, they need centralised tools that can protect data, regardless of location.

This includes backing up user data directly to the public cloud and tiering data to the cloud.

According to Gartner’s Rao, most backup providers now support this. Using services such as Amazon S3 and Azure Blob storage, as well as their long-term storage equivalents Glacier and Azure Archive Blob, can help businesses reduce storage costs.

5. Ransomware

Ransomware attacks have been another unfortunate feature of the pandemic that has affected enterprise backup strategies.

According to one research report, from IT security company Bitdefender, ransomware increased by 485% in 2020. Covid-related phishing campaigns, and attacks on the pharmaceutical and health sectors, account for a large part of the rise.

But any organisation can be targeted by ransomware. As a result, CIOs and CISOs are looking again at “immutable” storage, including tape and Worm-type devices. Meanwhile, backup providers are developing ransomware detection, immutable snapshots – potentially in the cloud – and “clean copy” recovery techniques to allow organisations to recover their data safely.

Security experts warn that ransomware will continue to be a threat, even when the pandemic is under control.

We provide full cycle of backup in the cloud, as well as local and remote location backup solutions.

These are top 5 announcements from Cisco Live – and what they mean to customers

Among a flurry of announcements this past week, Cisco Systems Inc. stepped up its Routed Optical Networking infrastructure is designed to simplify the sprawling networks and expanding its Secure Access Service Edge portfolio to help network operations and security operations teams connect users to applications more securely.

That news and more came at the networking giant’s first digital and truly global Cisco Live user conference, one with more than 100,000 attendees, around four times the usual, in more than 200 countries.

Here are what I view as the top five announcements at the event:

Cisco Plus and network-as-a-service

Historically, there was one way to buy network equipment and that was to pay a price and the customer would own the equipment. This created lumpy spending patterns as customers would spend a lot of money year 0 and then a small amount every year for maintenance and then another big amount at refresh. A couple of years ago, Cisco decoupled hardware and software purchasing, which flattened out the curve but there were certainly spikes at refresh time.

This week, Cisco introduces a true network-as-a-service offering where customers would just pay a monthly or quarterly fee for the infrastructure and software. With NaaS, the customer doesn’t actually own the equipment because it’s a true subscription offering.

Cisco Plus extends NaaS to complete solutions with the first one being Private Cloud. Available mid-year 2021, Cisco Plus Hybrid Cloud will include products from Cisco’s network, data center and storage portfolio as well as lifecycle services and third-party storage and software. Businesses can choose the level of service they need and it offers 0-100% utilization commitments upfront. Coming soon will be Cisco Plus SASE.

This should be a real win for customers since it gives them the option of shifting to an operating-expense model and opens the door for them to upgrade and stay current without having to budget huge sums of money every few years. Also, it makes Cisco technology more available down-market or budget-constrained organizations.

ThousandEyes integration across Cisco portfolio

All network management products are focused on monitoring traffic on the internal company network. ThousandEyes was the first to monitor internet traffic and help business understand how the internet is performing across the globe. When the company launched, software-as-a-service vendors used ThousandEyes to help understand how their services were performing and isolate problems.

In 2021, Cisco acquired ThousandEyes with the goal of integrating it across its portfolio. Given that more and more businesses are relying on cloud apps, which use the internet for transport, this seemed like a shrewd acquisition since it would let Cisco monitor the true end-to-end path for apps. At Cisco Live, the company announced the integration of ThousandEyes with the Catalyst 9000 switching portfolio and Cisco AppDynamics Dash Studio.

With the former, customers will receive, at no extra cost, ThousandEyes intelligence in the DNA Advantage and Premier, providing an end-to-end look at network performance where the definition of end-to-end has been expanded to include the internet.

The latter provides customers with a single view of application performance so customer can see up the entire stack – from the network to app layer. Cisco refers to this as “full-stack observability.”

This addresses one of my biggest problems in information technology. Most monitoring and management vendors tout their products help with “mean time to innocence” where the products prove the app issue isn’t the fault of the network. To that, I say, who cares?  The focus for IT should not be to point figures but to fix the issue, quickly.  ThousandEyes integration across the Cisco portfolio makes that easier to do.

Cisco Duo passwordless authentication to put an end to passwords

When it comes to passwords, there is no good answer. If they’re too simple, users get breached. If they’re too complicated, people forget them and get frustrated having to reset them all the time. If the company is constantly changing passwords, users go to some sort of predictable scheme.

What’s the right answer? How about getting rid of passwords? The new Cisco Duo feature does that. Cisco Secure has introduced infrastructure-agnostic, passwordless authentication.

It simplifies and strengthens authentication for accessing cloud apps, protected by Duo single sign-on that leverages third-party platform biometrics such as Apple FaceID and TouchID and Windows Hello. Bringing together passwordless authentication with Duo SSO lets users put the majority of their passwords into a simplified login experience.

For decades, security pros have been trying to get rid of passwords, but there was never a better way because biometric systems were mediocre at best. The infusion of artificial intelligence into these products has improved biometrics to the point where it can be used for business purposes. The best way to manage passwords is to get rid of them and use something else.

Routed Optical Networks

At first glance, the term “routed optical” may seem like a contradiction because for decades service providers have built a Layer 2 optical network and then a routed Layer 3 overlay. Cisco introduced the concept where the two networks could be converged using a wide range of Cisco technology, including the optics from its recent $4.5 billion Acacia Communications Inc. acquisition, the recently introduced Silicon One chip and a new broadband gateway for telcos.

For the past year, Jonathan Davidson, general manager of Cisco’s Mass Infrastructure group, has been touting how Cisco’s “Internet of the Future” strategy, which enables SPs to converge multiple networks together to create a simple, cost-effective and scalable network.

Although this is a telco-centric announcement, there are implications to business users in that 5G is coming and coming fast. Businesses of all sizes rely on the SPs to deliver faster and more feature-rich networks to take advantage of 5G, cloud, mobility and the “internet of things.” The operational overhead with running networks holds big telcos back. The new routed optical network should enable SPs to deliver much higher levels of service to its customers.

Expanded SASE architecture

Secure Access Service Edge had started heating up pre-pandemic but has exploded as more users headed home and required corporate grade security from their living room. The only way to do this is with SASE as it delivers security from the cloud. At Cisco Live, Cisco expanded its SASE architecture with the ability to purchase all core components in a single offering, as well as soon as a Cisco Plus service.

This includes a wide range of security components such as DLP, browser isolation, malware detection and newly introduced passwordless authentication, as well as Viptela SD-WAN appliances, which now provide cloud integration with Amazon Web Services, Microsoft Azure, Google Cloud and Megaport. Cisco has also included ThousandEyes visibility as part of its SASE offering.

Current Cisco customers can take advantage of this because it enables them to go from their current network to a software-defined wide-area network plus SASE deployment or leave the network in place and implement the security capabilities of SASE first. A year ago, most customers moved from traditional networks to SD-WAN to SASE, but the large number of remote workers has favored the demand for security before network evolution.

We have many years of experience working with Cisco Systems to deliver global and local technical solutions.

10 key Microsoft Ignite takeaways for CIOs

Microsoft kicked off its 2021 Ignite customer conference on March 2 with some stunning demonstrations of Mesh, a mixed-reality working environment like Second Life on steroids, accessible to anyone with a $3,500 Hololens 2 headset and high-speed internet.

Out of the spotlight, though, there were other innovations — in Microsoft Azure, Teams, and Power Platform — more likely to help the majority of CIOs deliver computing, collaboration, and coding tools to a workforce that is still socially isolated and increasingly socially divided as a result of the pandemic.

Here are 10 key Ignite takeaways for CIOs that caught our attention.

Semantic search as a service

Do what I want, not what I said: OK, that may be a slight exaggeration, but that’s where Microsoft is going with the new semantic search capability it’s offering developers a preview of. An addition to its Azure Cognitive Search APIs, semantic search promises to deliver results based on user intent rather than on the keywords they used, thanks to a natural-language model that Microsoft has built.

Models like this will be hugely valuable — but also hugely resource-intensive, said Nick McQuire, chief of enterprise research at analyst firm CCS Insight. “Many businesses won’t be able to build this for themselves,” he says, so Microsoft offering developers semantic search as a service that they can integrate into their own applications is significant.

Microsoft is also offering enterprises a new connector to enable Azure Cognitive Search to ingest and explore their SharePoint content.

Line item extraction

Other Azure developer APIs are getting upgrades too. Form Recognizer 2.1 can already find data in scanned receipts to process expenses. From March 15 it will gain the ability to extract individual line items from invoices, simplifying payment processing.

 

Form Recognizer has also learned to extract names, expiry dates, and document numbers from US driving licenses and passports from around the world, a boon for customer onboarding — or controlling borders.

Mission-critical computing in the cloud

Azure is providing additional support for mission-critical cloud workloads, adding the option to make on-demand capacity reservations with service-level agreement (SLA) guarantees, making scale sets more flexible so applications will keep running under higher load, and adding new VMs that will support more memory-intensive workloads, including in single-tenant Azure Dedicated Host environments.

Machine learning where you want it

When it comes to training or running machine learning models, hyperscalers like Microsoft have traditionally offered CIOs one answer: Do it in our cloud. Now, though, with its hybrid cloud control plane, Azure Arc, Microsoft is offering enterprises a way to run ML workloads on premises, in a multicloud environment, or at the network edge.

“What is new about Arc and the integrations with Azure ML is, Microsoft is saying you can use your existing infrastructure,” said CCS’s McQuire.

At the other end of the machine learning scale there’s also Azure Percept, a set of pre-built AI models, development tools, and reference hardware for building cloud-connected low-power AI systems with cameras and audio capabilities on the network edge. It’s based on a Zero Trust security model and offers zero-touch WiFi provisioning.

Vertical clouds

Microsoft’s industry clouds offer automation and analytics tools tailored to specific vertical markets — initially telecommunications, retail, and healthcare. At Ignite, it expanded its healthcare cloud feature set and language coverage, and introduced three new industry clouds, for financial services, manufacturing, and nonprofits. If you’re in one of these sectors, you may find Microsoft has already done some of your development work for you.

Teams gets more connections…

Microsoft CEO Satya Nadella is clearly hoping CIOs will pay more attention to the way Teams is used in their organizations, saying the company is building it as “an organizing layer for all the ways we work.”

A new feature, Teams Connect, will soon enable enterprises to create and manage channels shared with customers, suppliers, and other partners in which they can co-author documents and collaborate in apps. There will also be an expanded role for Microsoft Viva: In addition to delivering corporate internet and training functions, it will bring Teams users the same well-being and productivity insights familiar to users of Outlook, and for an additional fee, Viva Topics will make documents and expertise more easily searchable across the enterprise from within Teams.

With hundreds of different applications tied into the Teams environment, CCS Insight’s McQuire said, “The risks are that it becomes this massively unwieldy thing, and the user experience gets confusing because there are too many different things going on.”

Neverthless, he said, the new features will be attractive to companies that want to consolidate the number of conferencing tools they have.

… better security controls…

By midyear, enterprises will also be able to control in which datacenter Microsoft stores documents shared through Teams, group by group or even for individual users, making it more useful in some regulated industries or where there are concerns about the security of data. These controls will mirror those available for Exchange and SharePoint. There will also be an option to make end-to-end-encrypted one-to-one voice or video calls, that CIOs can enable on a per-employee basis, and to limit meeting attendance only to invited participants. A future update could see the addition of end-to-end encrypted meetings, too.

For companies that are centralizing their investment in such collaboration, McQuire said, “Security is arguably the number one selection criterion.”

… and new presenter tools

Microsoft is adding new options to embed PowerPoint presentations right in Teams, where meeting participants can flip back and forth through a slide deck at their own pace. Presenters will have new options to position their video image in front of or beside their slides, and to place the gallery of meeting participants at the top of the screen, right under their camera, to improve eye-contact.

“The thing that really stood out is the whole focus on presenter tools,” said McQuire.

Yet another low-code development platform

As if there weren’t already enough low-code development platforms out there, Microsoft is adding its take on the genre, and it’s based on Excel formulas. Power Fx is used to build canvas apps in Microsoft Power Apps, and is destined to become the language across the Power Platform. Microsoft said Excel users will be able to draw on their existing knowledge to develop apps with the simplicity of formulas — so if your company’s spreadsheets are all error free, you have nothing to fear.

Microsoft Mesh and Azure mixed reality

There’s no getting away from it, Microsoft’s demonstrations of Mesh, a mixed-reality collaborative environment, were eye-catching, from the undersea scene created collaboratively with the audience to the Cirque-du-Soleil finale.

While there were glimpses along the way of a couple of industrial applications built using underlying components of Mesh, Azure Remote Rendering and Azure Object Anchors, CIOs were left with a lot of questions about how they would actually use Mesh in their organizations.

Among them, said McQuire, are, “How is Mesh going to help businesses improve their productivity?” and “How will the licensing and the costings work?”

He also called out bandwidth as a potential concern.

Two-way HD video over Hololens is bandwidth-hungry: Microsoft’s documentation for Dynamics 365 Remote Assist Hololens, its existing “holopresence” solution, says “even 4-5 Mbps up/down does not guarantee 1080p video calling at full quality.”

That will make life difficult for many remote users connecting over DSL, and require sophisticated wireless coverage in crowded workspaces, if we ever return to those.

While Microsoft’s goal is one day to deliver the impression that distant coworkers are virtually present, early Mesh users will have to work alongside cartoon-like avatars of their colleagues provided by AltspaceVR as a way to limit the computing and bandwidth demands of mixed-reality collaboration.

We can provide latest and proven Microsoft solutions and services to achieve any of the strategic business goals.