Category Archives: Gardner Systems

Gardner Systems – Data Governance Challenge

Effective data governance is always challenging for any organisation. From people, processes and technology, these are some of the key building blocks, to ensure compliance with managing data. However data governance, also brings several challenges, which I discovered at last month’s event organised by Gardner Systems.

Held at the headquarters of the Liverpool City Region Combined Authority (LCRCA) at Mann Island, this event featured two speakers in Stefanie Jacobs from Microsoft and Jennifer Platts from St Helens Council. Both gave a useful angle on data governance and of its importance in IT management policy, which is very relevant to complying with GDPR legislation, as this legally affects how businesses can store, use and manage data.

Both speakers explained how technology is a facilitator for data governance. With companies moving to cloud-based services, combined with the increasing growth and popularity of agile working, it is crucial to have the right infrastructure platform and governance processes in place. This is so people only have access to what they need, and to reduce the risk of sensitive data leakages, meaning that data governance is more important than ever.

So how can we meet the challenges posed by data governance? Like everything with implementing business changes there is no silver bullet, as technology itself will not solely make organisations compliant. Successful data governance requires careful planning and consideration of business culture, environment, processes, technologies, people and related legislation involved. In simple terms, meeting the challenges posed by data governance requires complex solutions derived from all the above, that are detailed and meticulously specified to meet individual needs of businesses.

There was plenty that I learned about meeting these challenges posed by data governance, which are distilled in the points below.

  1. Trust needs to be earned.
  2. It is challenging to manage data.
  3. Everybody has a different interpretation on data governance.
  4. Data must always be treated with respect.
  5. You need to have the leadership, buy-in support, skills and experience.
  6. Make it as simple and seamless as possible.
  7. You need to know, protect and govern your data.
  8. Remember to educate and train your users.

In summary, I have gained a clearer understanding about what stops people from successfully governing data. This includes understanding governance and importance of data, along with identifying if the required skills and experience are available to deliver governance. To overcome these challenges, a structured approach is needed to understand where the business is, where the data is, what is the classification, who owns it, what is the fix, and how it needs to be governed.

To conclude, I would like to thank Stefanie and Jennifer. My thanks also go to Frank Coward, Paul Stringfellow, Jason Fitzgerald and Jane Hanna from Gardner Systems, along with Ian Hawkins from the LCRCA for all coming together to organise the event. It certainly was useful and educational for me to learn and appreciate the importance of effective data governance.

Gardner Systems – Getting Your Cloud Migration Right

What is the cloud?

The cloud is a metaphor used to describe IT services (e.g. software, applications, networks, e-mail, and data storage) that are provided to businesses and organisations through the Internet. Cloud technology is an alternative to traditional hosting of on-site managed IT infrastructures i.e. data centres.  

With cloud technology such as Microsoft Office 365, Dropbox and Amazon Web Services, many businesses and public-sector organisations are moving increasingly away from managing their own in-house data centres, to migrating their data and services to the cloud. This is because the cloud is more cost-effective and scalable, however it is very important to get the cloud migration right!

Last month, I attended an event organised by Gardner Systems, which looked at cloud migration. Held in partnership with the Liverpool City Region Combined Authority (LCRCA) at Mann Island, this included several speakers who talked about the advantages and challenges involved with cloud migration. These speakers included Ian Hawkins and Rachel Hellier from the LCRCA, Vincent Sparks from Stobart Group, and Jason Fitzgerald and Paul Stringfellow from Gardner Systems.

Working in the IT industry myself, I was very keen to learn more about cloud migration, what it brings, and what needs to be considered. From all the speakers, I learned plenty about both sides of cloud migration, making this an extremely beneficial experience.

Migrating to the cloud brings considerable opportunities for businesses and other organisations. These include lower maintenance costs, flexibility and the ability to adapt and provide on-demand services, which are more scalable, and helps to create new relationships and ways of working (e.g. the ability to work agile from corporate devices anywhere). This reduces the reliance on managing in-house data centres, as important services such as e-mail and file storage are hosted in the cloud.

In addition to the benefits, I also developed a good understanding of the challenges involved with cloud migration. These include the following, which I have listed below.

  1. Security is important, as the responsibility for protecting data stored in the cloud is with the client, and not the provider.
  2. There will be resistance to both change and adapting to it.
  3. Cloud migration requires a plan, vision and commitment from everyone involved.
  4. Communication, collaboration and engagement is required from all parties.
  5. Not everything can be migrated to the cloud, e.g. legacy applications, databases and infrastructure.
  6. Users need to be continually educated, so training must be mandatory.
  7. To support cloud migration, you need to have the right on-site networking and hardware infrastructure in place to support the cloud.
  8. In addition to the above, you must have a fast Internet connection to access cloud resources efficiently.
  9. Whilst it is important to reduce risks with cloud migration, you still need to make it usable.
  10. To protect data and resources in the cloud, multi-factor authentication needs to be enabled.

Overall there was plenty that I learned from this event, which has enhanced my knowledge of cloud computing. From having a tailored approach to meet business requirements, ensuring effective security measures are incorporated, and having the right infrastructure in place, cloud migration is a very complex process, that requires detailed work, planning and implementation.

I have also learned that successful cloud migration is not just about meeting the business needs. This is because it also requires the input and support of all affected parties from directors, managers and staff at all levels, who will be using the cloud. Securing data and resources must also be taken seriously, as although cloud providers are responsible for providing services and hosting, businesses are still responsible for adhering to various legislation e.g. GDPR. This explains why some on-site-resources such as legacy databases containing confidential or sensitive information, may not be suitable for cloud migration. Finally, I have also learned that businesses need to have the physical infrastructure and suitable Internet connectivity in place, to support the migration and access to cloud services.

Overall, I enjoyed the event and found it educational. My thanks go to Ian, Rachel, Vincent, Jason and Paul for sharing their knowledge, experience and expertise, as I came away enlightened and more informed about the possibilities, that cloud migration provides.

I enjoy attending these tech events, to not only meet and learn from fellow professionals in the IT industry, but they also remind me to use technical, communication and practical skills to empower others.

Thanks for reading!

North West Data Forum – My Learning Recollections

In today’s digital world, there are so many security risks posed to data. These are not just related to technology, but also to people, markets, skills shortages, resistance to change, organisational culture, and more. This poses a major challenge for organisations, to legally adhere to data protection legislation.

From May next year, the legislative landscape related to protecting data is changing. This is because the EU General Data Protection Regulation (GDPR) will be coming into force. GDPR is a legal regulatory framework, which will apply to all organisations and businesses.

Data security is a keen interest of mine. Recently I attended the North West Data Forum in Liverpool. Organised by Gardner Systems, the forum looked at the imminent introduction of GDPR, as well as how technology can assist organisations with ensuring they are compliant. Having previously written about other Gardner Systems events on data security, I was extremely keen to find out more about GDPR for myself. I am delighted to say that I came away afterwards, feeling the forum to be worthwhile, informal and useful.

The forum consisted of three speakers, followed by a panel discussion. The speakers were Grant Caley from NetApp, John Hughes from Varonis and Paul Stringfellow from Gardner Systems. Each talked about how technology can assist organisations, with ensuring that they can become legally compliant with GDPR. For me personally, there was so much that I learned from all three speakers, from not only securing data, but also how technology can help with complying with legislation.

Below are some of the key points that I learned

  1. Recognise and understand the value of the data you hold.
  2. Challenges posed to data security extend beyond IT (Information Technology).
  3. Less embedded skills within organisations make them more vulnerable.
  4. Data needs to be maintained, transferrable and also made portable.
  5. Explicit permission is required when transferring data.
  6. Technology only helps with ensuring compliance.
  7. Important to think about security when designing and developing solutions.
  8. 70% of security breaches went undetected for a year.
  9. Data access needs to be not only secured, but also monitored and analysed for abnormal behaviour.
  10. Security must work for people, as they use the technologies.
  11. Educate people on general principles on why data security is important.
  12. Important to collaborate with others.

The panel discussion was much thought provoking, with the audience asking pertinent questions related to GDPR. In addition, the discussion also allowed for the audience to submit questions through Twitter. Sensing an opportunity, I submitted a question, asking if GDPR would still apply after Brexit. The response I received was an unequivocal and resounding yes from the panel, in that GDPR will apply to the UK, after the conclusion of Brexit. I learned this is because the legislation will apply to any organisation or business that collects and holds data on EU citizens. Furthermore the panel explained to the audience that my question has constantly been asked by audience members, at other GDPR related forums and seminars. Therefore I was delighted to have asked a meaningful question that is relevant today.

I would like to thank everyone at Gardner Systems and all the speakers, for a very interesting forum. As well as meeting fellow IT professionals, I found the experience to be very educational, and a valuable investment in my own knowledge and understanding, of the importance of data security and GDPR. I was also impressed by the technical insight of Gavin, John and Paul, and I felt privileged to listen and learn from three knowledgeable professionals.

With regards to GDPR, look out for my next article. This is because I shall be writing in more detail about what it is, and how it will affect organisations.

Busting the Myths of Data Security

In this modern era of technology, the security of data is often taken for granted. This is because myths have been built up, perpetuating a false reality of data security, and undermining an organisation’s capability to secure data resulting in increased risks of data breaches, through malicious attacks. As you read this post, I sincerely hope, you learn more about the importance of securing data.

I have includes some examples of data security myths below, and you can find more here.

These examples are:

  1. An organisation believes they are not a target.
  2. Data security is the sole responsibility of the IT department.
  3. This product or tool (e.g. firewall & anti-virus) can protect you 100%.

The reason that I am writing about this, is because last month I attended an event on this subject in Liverpool. Organised by Gardner Systems plc, this included three interesting speakers, with a great wealth of experience, knowledge and technical expertise in the IT industry. The speakers included Seth White from Nexthink, Liam Bridge from Varonis and Paul Stringfellow from Gardner Systems (who also writes an excellent IT blog). Having attended one of Gardner’s events last year (you can read about it here), I was once again looking forward to re-educating and reinforcing my understanding of this subject.

The purpose of the event was to debunk the myths surrounding data security in detail. In addition, the speakers also sought to highlight the need for an intelligent and proactive approach to dealing with issues. This included focusing on more detailed approaches to data security, such as controlling and removing access to prevent inside attacks, and using encryption to protect data as the cornerstone of any security policy.

I was also interested to listen and learn about targeted monitoring of IT resources, through the use of analytics. Through this, I learnt that analytics can be used to monitor infrastructure activities and behavioural patterns. Therefore analytics enable for the proactive management of potential security issues, and to identify and resolve them.

In addition, I also learned some shocking points regarding data security, which I have included below. These points are a snapshot of the modern reality of IT, and of the vulnerability of data, to potential breaches and losses.

  1. Data is more mobile as it is stored on PCs, laptops and smartphones.
  2. 80% of threats come from end users.
  3. The average costs of data breaches in the UK are £1,15m.
  4. Cyber attacks are more targeted and smarter now!
  5. IT configuration changes increases risk.
  6. Attacks and breaches can lie for months quietly undetected.
  7. 10-15% of notebooks are lost daily.
  8. Easy for internal users to get inside and steal valuable data.
  9. 23% of users open a phishing e-mail that steals sensitive information, whilst disguised as a legitimate message.
  10. 45% of organisations cannot always tell if they have suffered an internal breach.

Recalling the points above, have served to reinforce my understanding of the importance of securing data. In addition, I have also learned and understood that cyber attacks are more intelligent today. This means that intelligence is an important countermeasure, as part of a multi-layered approach to safeguarding data, along with technologies, processes, procedures and even common sense.

With recent high profile cyber attacks such as the hacking of Sony Pictures, and more recently TalkTalk, businesses are more vulnerable than ever before. As technology has transformed our lives, the most valuable asset of all businesses is data. From holding and processing it, data is so important to businesses, as they would not exist without it. If data was lost, stolen or misused, the consequences for companies include brand and reputational damage, heavy fines, prosecutions, potential millions in revenue losses and even bankruptcy!

I would like to thank all of the speakers and Gardner Systems, for this important event. Working in IT myself, I appreciate and acknowledge the speakers and everyone involved, for sharing their knowledge and expertise, which I found very educational and important.

To conclude, I hope you have found this article extremely useful, as data security is a very serious matter. There is help and assistance from IT suppliers and vendors, and I strongly insist that you work with them to help protect your data and resources. Data security must never be taken lightly, as businesses, organisations and even individuals are at more risk than ever!

Finally, I would like to leave you with these six important words that encapsulate what I have learned, and what you must learn too.

Everyone is responsible for data security!

How to Really Protect Your Valuable Data Event – Thursday 19th March

Last month, I attended a special breakfast event on Data Security, organised by Gardner Systems plc. Held at Partnership for Learning in Speke, the event included talks from data security and counter-terrorism specialists. Working in IT, I am constantly aware of the importance of keeping data secure. In addition to networking with other IT professionals, I wanted to educate and broaden my knowledge and understand of data security.

Technology has changed how organisations operate. From bricks and mortar to the digital age, technology has brought many advantages. However the disadvantage is the vulnerability of an organisation’s data, to potential misuse and cyber attacks has increased substantially. The event gave me a useful and disturbing insight into how there is a general lack of knowledge and failure, to grasp the size and nature of cyber attacks that can occur both internally and externally. In addition, there were some other interesting points that interested me, which included:

  1. 80% of data stored by organisations is unstructured data (data not contained in databases).
  2. Most security vulnerabilities are found in third-party applications.
  3. Portable devices or end points (laptops, smart phones) hold 28% of organisational data.
  4. Human factors need to be taken into consideration in data security.
  5. CEOs’ are now being held more accountable for data losses in their organisations.
  6. Cyber attacks are regarded as a Tier-1 threat to National Security by GCHQ. This is the highest level of alert!
  7. Different cyber attacks range from espionage from other countries to commercial competitors.
  8. Cyber attacks are real and present a clear and present danger to UK plc!
  9. The UK Government has a website providing advice on cyber security, which can be found here.

Securing data is a complex puzzle requiring a multi-layered approach. This requires a complex solution of products, procedures, human awareness and clearly defined written policies. In addition, solutions must be specifically tailored and integrated effectively, to address the security needs of customers, whilst balancing usability. Tailoring is important, as organisations will have different security requirements, depending on different factors such as IT infrastructure setup, organisational structure, environment and geography.

I really enjoyed the event, as it was not only informative, but also fascinating to be given an insight into data security. This is not only important to protect an organisation’s reputation and brand, but also the national infrastructure, and the threats posed by cyber attacks must not be taken lightly!

I would like to thank Gardner Systems plc for organising the event, and to the speakers who contributed. You can find more information on what tailored IT solutions Gardner Systems can provide your business here.