In this lively debate you will hear from Calligo’s Practice Leads as they discuss their key takeaways from 2023 and their data predictions for 2024 and beyond.

Topics discussed include:

The post Data Transformation Predictions for 2024 – Calligo Data Leaders Roundtable appeared first on Calligo.

In the rapidly evolving landscape of IT infrastructure, businesses are constantly faced with the critical decision of choosing between on-premises and cloud solutions. The allure of cloud computing, with its promises of scalability, flexibility, and cost efficiency, often leads organizations to assess the financial implications of their choices meticulously. In this blog post, we’ll delve into the complexities of assessing on-premises vs. cloud costs, exploring hidden expenses, the concept of shared responsibility, and the role of a trusted partner like Calligo in navigating this intricate terrain.

Comparing On-Premises and Cloud Costs

On-Premises Costs:

1. Capital Expenditure:

On-premises solutions often entail significant upfront costs for hardware, software licenses, and infrastructure setup. This capital expenditure can strain budgets and limit financial flexibility.

2. Maintenance and Upgrades:

Regular maintenance, updates, and hardware upgrades contribute to ongoing operational costs for on-premises solutions. Predicting and managing these costs can be challenging over the long term.

3. Staffing and Training:

Employing skilled personnel for system administration, maintenance, and troubleshooting adds to the on-premises cost equation. Training employees to manage evolving technologies further increases operational expenses.

Cloud Costs:

1. Pay-as-You-Go Model:

Cloud services operate on a pay-as-you-go model, allowing businesses to pay only for the resources they use. This flexibility can be advantageous for managing costs efficiently, especially during periods of fluctuating demand.

2. Operational Expenditure:

Cloud solutions transform IT costs from capital expenditure to operational expenditure, providing businesses with more predictable and manageable ongoing expenses.

3. Scalability and Efficiency:

Cloud scalability enables organizations to adapt quickly to changing workloads, optimizing costs by automatically adjusting resource allocation.

Hidden Costs in the Cloud:

While the cloud offers a transparent pay-as-you-go model, hidden costs may emerge without careful consideration:

1. Data Transfer and Bandwidth:

Cloud providers may charge for data transfer between regions and the internet, making it essential to factor in bandwidth costs.

2. Storage Costs:

The cost of storing data in the cloud can accumulate, especially with large datasets. Assess storage needs and choose cost-effective storage options.

3. Egress Charges:

Cloud providers may impose fees for data leaving their network. Understanding egress charges is crucial, especially for data-intensive applications.

Shared Responsibility Model:

As organizations transition to the cloud, it’s essential to understand the shared responsibility model:

1. Cloud Provider Responsibilities

Cloud providers manage the security and compliance of the cloud infrastructure, including data center security, hardware maintenance, and network infrastructure.

2. Customer Responsibilities:

Customers are responsible for securing their data within the cloud, managing access controls, implementing encryption, and ensuring compliance with industry regulations.

Responsibility Transfer to the Cloud Provider:

With the cloud, certain responsibilities are transferred to the provider:

1. Security and Compliance:

Cloud providers invest in robust security measures and adhere to compliance standards, alleviating some security concerns for customers.

2. Hardware Maintenance:

The burden of hardware maintenance, updates, and upgrades shifts to the cloud provider, reducing the operational workload for customers.

Areas of Responsibility Retained by the Customer:

Despite the advantages of responsibility transfer, customers retain crucial responsibilities:

1. Data Security:

Ensuring the security of data within the cloud, including encryption, access controls, and compliance, remains the customer’s responsibility.

2. Application Security:

Customers are responsible for securing applications deployed in the cloud, addressing vulnerabilities, and implementing best practices for secure coding.

Leveraging Calligo for Informed Decision-Making:

Calligo, as a leading player in cloud services, plays a pivotal role in helping organizations assess on-premises vs. cloud costs:

1. Comprehensive Cost Analysis:

Calligo conducts a thorough analysis of on-premises and potential cloud costs, considering factors like data transfer, storage, and potential hidden expenses. This ensures organizations make informed financial decisions.

2. Expertise in Compliance and Security:

Calligo’s expertise in compliance and security positions them as a valuable partner. They assist in navigating shared responsibility, ensuring that customers meet compliance standards while benefiting from the security measures provided by the cloud.

3. Tailored Solutions:

Calligo recognizes that each organization is unique. By offering tailored solutions, they ensure that the migration strategy aligns with business objectives, optimizing costs while addressing specific needs and challenges.

4. Managed Services for Ongoing Optimization:

Beyond migration, Calligo provides managed services for ongoing optimization. This includes continuous monitoring, updates, and adjustments to ensure that cloud resources are utilized efficiently, maximizing cost-effectiveness.

Conclusion:

Assessing on-premises vs. cloud costs is a multifaceted endeavor that goes beyond comparing price tags. It requires a deep understanding of the shared responsibility model, consideration of hidden costs, and strategic decision-making. With the expertise of Calligo, organizations can embark on their cloud journey confidently, navigating the complexities of cost analysis, compliance, and security to unlock the full potential of the cloud while optimizing financial investments. Embrace the future of IT infrastructure with a trusted partner by your side, ensuring that every step taken is a step toward efficiency, scalability, and success.

For more comprehensive insights into cloud strategy, visit https://www.calligo.io

View Our Cloud Case Studies

Mayhew

Read more

Eviivo

Read more

Impero

Read more

The Medical Specialist Group (MSG) UK

Read more

1 of

The post What is Cloud as a Service? Exploring Definitions, Current Trends, and Future Horizons appeared first on Calligo.

Artificial Intelligence (AI) and machine learning have revolutionized numerous industries, offering automation and efficiency. However, achieving the optimal balance between human input and machine automation in AI model development is crucial but often overlooked. In our recent Beyond Data podcast, hosts Tessa Jones and Peter Matson were joined for a compelling discussion with the co-founder of Trubrics, Joel Hodgson, where the importance of AI explainability, trust, user feedback, and ongoing monitoring were explored.

The Challenge of Model Adoption

Joel highlighted the challenge of model adoption, a common issue in the data science landscape. Organizations invest significant time and resources in developing AI models, only to face skepticism and underutilization from non-technical stakeholders. This hesitation often arises from a lack of trust and understanding. Education and transparency are vital tools to address this challenge.

Effective Communication and Collaboration

Another significant hurdle is the gap in effective communication between business professionals and data scientists. Bridging this divide is essential to incorporate valuable domain knowledge into the model development process. The solution lies in creating feedback loops that enable collaboration between domain experts, business users, and data scientists throughout the model’s lifecycle. These feedback loops are crucial for gathering user insights, improving model performance, and building trust.

User-Centric Monitoring and Model Utility

Trubrics’ approach of “machine learning monitoring from the users’ point of view” shifts the focus from traditional machine learning metrics to user perception. Evaluating AI models based on their impact and utility to users, rather than just accuracy, is essential. Users’ experiences, trust, and satisfaction play a pivotal role in determining the effectiveness of AI models. Monitoring should identify issues impacting the user experience and ensure AI models align with user expectations.

Building Trust as the Foundation

Trust emerged as a cornerstone in AI adoption. Trust is not limited to data scientists but extends to end-users, employees, and the entire organization. It involves transparent communication, feedback loops, and alignment between different groups. Over time, as individuals become more familiar with AI in the business world, this trust can be built and weaved into organizations’ culture, just as our trust in everyday technology has.

Balancing Technical and Business Monitoring

Monitoring AI models’ performance is essential. Technical monitoring involves tracking various model characteristics, while business-facing monitoring assesses alignment with expectations and business impact. These two facets of monitoring are crucial in ensuring AI models continue to meet user needs and business objectives and therefore must be aligned when identifying the reasoning and desired outcomes from such models.

Measuring ROI and Sustained Value

Measuring and evaluating the Return on Investment (ROI) for AI models presents considerable challenges, especially when examining their performance over extended periods. Striking a balance between the continual expenses associated with model maintenance and the value it delivers requires a nuanced approach. Organizations need to account for both the initial and ongoing financial ROI assessment, recognizing that it can become less clear-cut.

According to a recent research report conducted by Calligo, in collaboration with the Global CIO Institute, “36% of business leaders measure the success of an ML project in financial terms, while 11% either have no way to gauge success or go by gut feeling“. This suggests that determining the ROI for ML and AI initiatives isn’t solely tied to financial gains; it also involves a significant degree of uncertainty when the desired ROI isn’t well-defined at the project’s outset.

In conclusion, AI explainability and the balance between human input and machine automation are crucial in AI model development. Education, transparency, effective communication, user-centric monitoring, and trust-building are essential elements in this endeavor. As AI continues to shape our world, achieving these elements will be pivotal to ensure responsible and ethical AI development and its successful integration into our lives. Organizations like Trubrics are at the forefront of this mission, working towards making AI a valuable and trusted tool in our increasingly automated world.

Listen on Spotify or watch below

The post AI Explainability – Balancing Human-Machine Collaboration and Potential appeared first on Calligo.

When it comes to how truly intelligent Artificial Intelligence (AI) is, it’s a polarizing debate. Either AI will solve the world’s woes or robots will rule us all – Matrix-style. But it’s all a little more complicated than Hollywood makes it seem…

Watch podcast episode 2 here

For a deep dive, do listen to our Beyond the Data podcast hosted by Sophie Chase-Borthwick (Calligo’s Global Data & Governance Lead) and Tessa Jones (VP of Data Science Research & Development).

Meanwhile, in this blog we look at tea-making and social care robots to illustrate an otherwise very nuanced and arguably never-ending narrative on the ‘intelligence’ part of the AI equation.

It’s important first to consider the different types of AI:

• The majority of AI is ‘narrow AI’ – a single task, building a system to perform a particular task. You can build lots of narrow AI systems to perform together.
• General AI, in comparison, is a lot more broad – intelligent machines that can learn, perform, and comprehend intellectual tasks much like a human. This is the territory where it’s a lot less clear-cut.

Let’s unpick the gray area of ‘general AI’, by looking at what robots are capable of – and whether this makes them truly intelligent, yet…

Tea-making as a success criteria for intelligence?

A robot making a cup of tea isn’t something a lot of us think twice about and wouldn’t be the first example of proving intelligence in a typical setting. However, scientists are doing just this, typically by:
1. Coding in the tasks a robot has to complete first (boil kettle, get cup, put the teabag in and so on).

2. Using experience-based learning to demonstrate how to make a cup of tea. When the robot doesn’t do it well or something is not done correctly, then the robot is given more examples of how to do that task.

To successfully have the robot make a cup of tea, scientists are having to build in and prescribe a lot of the parameters and tasks a robot has to complete. However, if the environment changes (for example a robot has to make a cup of tea in a different room) it would likely struggle because it isn’t familiar with the environment and the parameters.

Intelligence can’t just be about managing to do a task correctly; it’s being able to use inference to adapt in a new environment and navigate unfamiliar parameters to complete a task.

However, this adaptation and re-learning is a lot slower for robots than it is for humans. As Tessa Jones highlights, it’s referred to as Moravec’s paradox and essentially means it’s easy to train robots to do things that humans find hard, like chess and logic-driven tasks. However, it’s hard to train robots to do things humans find easy, like walking and image recognition.

In the podcast Sophie Chase-Borthwick observes: “Playing a game of chess is very rule-based [and easy to code into a robot] whereas making a decent cup of tea is definitely an art”.

Using a Japanese concept to make robots more human

When looking at robots comprehending tasks much like a human, what could be more human than caring for one another? Japan is leading the exploration of the use of social robotics for assisted care. However, rather than the robot just serving a functional task, Japanese scientists are building one step further…

“There’s a concept coming out of Japan – a concept called ‘kokoro’”, says Tessa. “For robots to actually be effective and useful, there needs to be a heart-to-heart connection between the human and the robot”. There’s typically three kinds of kokoro you can achieve:

1. How the robot affects the human. If the human is feeling sick, whether the robot can interact in a way that lifts their spirits – for example Paro, a soft baby seal robot designed for use in hospitals and nursing homes as a therapeutic tool.

2. Whether the robot understands a human’s emotions. The robot can conceptualize when the human is feeling sad or angry. But getting this right is very difficult, as it’s hard to detect between anger and happiness based on imagery and voice. Microsoft has even recently stopped a lot of its programs around emotion detection as it opens the door to racial biases, and different facial and voice features.

3. When the robot itself feels and has its own ‘kokoro’. Currently, this remains confined to science fiction as it maps to ‘super intelligence.’

However, it’s worth considering the spectrum of human diversity. For example, neurodiverse people don’t always recognise what some emotions are but they are still intelligent. So recognising emotions and responding to them on its own isn’t a demonstration of intelligence.

As Sophie poignantly puts it: “Are we re-defining intelligence to suit the machines – and in doing so, carving out some humans?”.

The post How intelligent are AI tea-making robots? appeared first on Calligo.

Zero Trust – the real “New Normal”

We all know working practices have changed as a result of COVID-19, lockdowns and a lingering – in some cases, permanent – reluctance to commute into major hubs.

Similarly, much has been reported on the rise of opportunistic COVID-19 security threats, ranging from social engineering tactics such as targeted phishing attacks that seek to prey on users’ ongoing worries about the pandemic to companies straining to quickly enable remote workers.

The repeated success of many of these phishing attacks, largely caused by the vulnerability of domestic networks and user-owned devices, has led to the more forward-thinking IT heads and business owners coming to a powerful realisation: their business needs, including security, depend on a granular understanding of data workflows, not simply the deployment of technology.

After all, the technology-centric approach of focusing on retaining all data within a secure, restricted network has been shown to be unsuitable in these conditions. As soon as workforces left the protection of the ‘Castle & Moat’, data became hard to access, users became more vulnerable and breaches started to appear.

Instead, businesses of all sizes need to focus on what the core requirement of maintaining productivity with a remote workforce – i.e. available data and fluid data workflows – and then establish the protocols to protect it without restricting its accessibility.

So, how do data-centric businesses balance data freedom with security, and protect any worker’s data interactions on any device, on any network, using any app or cloud service?

Zero Trust.

Outside the network, businesses can no longer implicitly trust all users and devices. ‘Zero Trust’ means we need to adopt the mantra ‘trust nothing and verify everything’, remove any assumptions and take a risk-based approach, and importantly, allow security policies to be dynamic and adapt based on insight.

Step 1 – User Trust

The first step in your journey to ‘Zero Trust’ is to establish the right mechanisms to ensure that only valid and authorised users can access your resources and your data.

Assuming a single form of credentials – such as a password – is enough to verify someone’s identity is to have too much trust. The phishing scams mentioned above typically aim to extract password information, and employees do fall for them, especially when working from home. If this is the only method of verification, then networks will be immediately breached

Therefore, deploy Multi-Factor Authentication (MFA) for every user – without exception.

MFA is a critical component of identity and access management (IAM) and is used to verify a user’s identity by requiring multiple credentials. Rather than just asking for a username and password, MFA requires additional credentials, such as a code from the user’s smartphone, the answer to a security question, a fingerprint, or even facial recognition.

If your data is held entirely in Microsoft 365, then simply activate the MFA tool within the platform. However, if your data spans multiple services and resources, then consider a third-party MFA tool such as Duo that can be deployed across any device and application and secure all your data sources, with excellent ease of use and adoption.

MFA is essential to an organization’s Zero Trust stance and should be seen as the standard and not an optional extra.

Step 2 – Device Visibility

Again, do not trust the integrity or safety of every device that may be used to access your data.

Visibility informs policy so we need to gather as much information about the endpoints and devices that are being used to access your data and specifically, their security state.

Does the device have a passcode or password? Is it encrypted? Is the Operating System up to date? Does it have anti-virus software installed? Is it a corporate device or the user’s own? The answers to these questions help determine the risk profile of the device.

But it is not only the devices themselves we are concerned with. We also need to understand the trustworthiness of the apps that run on them and ensure they are healthy and aid in the prevention of data leakage.

Only once you can be assured of the status of the device and apps upon it can it be marked as trusted and allowed to be used to access the network.

Step 3 – Adaptive Policies

Once access to the data has been granted, it is important to retain control over how the end user acts with it. We want to ensure that sensitive corporate data is stored and shared appropriately, perhaps that it is not saved to services such as Dropbox, or maybe prevent it being emailed externally.

These are rules and restrictions that depend on a combination of the data types, sources, actions, devices and users, and that will need to adapt to circumstances. For example, a device’s security state is not static and previously secure devices can quickly become insecure. As device health statuses deteriorate or improve, or as data sensitivities rise or fall, or as users’ requirements change, or trust is earned in certain actions, policies will need to adapt to either allow or restrict access – ideally automatically.

The key is risk-based flexibility, combined with a determination to re-establish trust each time access is requested to ensure real-time protection.

Step 4 – Continuous Monitoring

At this point, you are implementing Zero Trust, but just as data, devices, applications and users are ever-changing, so is the threat landscape.

Businesses must continuously monitor the environment and respond to new risk events, and adapt their tolerance of risk for individual actions to maintain ‘Zero Trust’.

As stated by the National Institute of Standards and Technology (NIST) “Zero Trust is the term for an evolving set of cybersecurity paradigms that move network defenses from static, network-based perimeters to focus on users, assets, and resources.”

In other words, a data-based approach, not a technology-based one.

How Calligo can help

The post Zero Trust – the real “New Normal” appeared first on Calligo.

For the blissfully unaware, ransomware is a type of cyberattack whereby the attacker encrypts the files on a victim’s machine or across the network and then demands a ransom before they will be decrypted and access is restored, or so they hope. Sometimes the hacker will even threaten to sell or disclose the stolen data unless a ransom is paid.

But regardless of any ransom being paid or not, when an organization falls victim to a successful ransomware attack, the simple fact that the incident occurred in the first place constitutes a major security breach.

Ransomware hackers are not limiting themselves to targeting smaller companies. They’re also successfully attacking established businesses and going after major brands like Travelex and Garmin. The recent attacks on these companies have exposed dangerous gaps in security practices, which with the right processes in place, could have been prevented.

What happened during the Travelex and Garmin ransomware attacks?

Travelex, a well-known foreign exchange company headquartered in London, was targeted by a sophisticated attack in December 2019 and lasted until the end of January 2020, shutting down their operations completely.

The company has explained that the attack came from the “REvil” ransomware gang who used “Sodinokibi” ransomware to encrypt the data. The cybercriminals then threatened to auction off the sensitive stolen data on the Dark Web. The public was notified of the data breach a week after the attack happened.

It has been suggested that the attack was able to happen because of repeated failures to patch its Pulse Secure VPN servers.

The damage to the company was huge. The attackers demanded $6 million to restore access and data, and to stop the sale of the data. It has been reported that Travelex paid the hackers a ransom of $2.3 million to regain access to their data, with other reports claiming as much as $6 million. This month, the company went into administration.

On July 23rd, Garmin, one of the most well known wearable fitness product companies in the world, fell victim to a similar ransomware attack, thought to have been initiated by ‘Evil Corp’, a Russian cybercrime gang.

The successful ransomware attack took down their call centres, products, apps, and websites for 5 days. On July 27th, Garmin confirmed that the disruption of their services was due to a ransomware attack known as “WastedLocker”.  Whilst it has been reported that the fitness brand paid millions in dollars to restore their data, Garmin has yet to confirm that the ransom payment has been made.

The most unfortunate factor of these security breaches is that these attacks could have been easily prevented, and there are lessons to be learned for every company.

Lessons to learn from the Travelex and Garmin ransomware attacks

1. Create a Business Continuity Plan

Business Continuity Plans (BCP) need to be built into every organization and it falls to every major stakeholder of an organization to drive a campaign to create an effective business continuity plan and keep it updated.

In the event of an attack, it’s too late to start assembling a response team and formulating a plan of action. Every company needs to identify their key systems and resources and outline a plan to sustain critical business activities throughout a crisis like this.

And the approach to BCP needs to be even broader. Many companies approach their BCP on a system by system basis. In the case of the Garmin ransomware attack, almost everything that was used to communicate to the public and to staff was gone, including their website, customer support, applications, and company communications. At Travelex, staff took to pen and paper, exposing highly sensitive personal data to enormous risk.

How will your company respond if the same occurs? How will you communicate? It’s time to stop putting BCP on the long finger, or it could literally cost the company everything.

2. Data-First approach to cybersecurity

Data loss can lead to disastrous, and often irreparable, consequences for a company, its stakeholders, and its customers.

In a statement, Garmin has claimed that there has been no indication that customer data was accessed, lost or stolen and there are no reports to indicate that customer data has been leaked from the Travelex attack.

Cybercrime organizations know the value of this data, particularly customer data, and they are targeting it. The number of these attacks is increasing and are targeting companies of every size and industry.

The need for data security is more apparent now than it ever has been. Every company and organization needs to adopt a data-first approach to implementing cybersecurity policies to ensure they are specifically designed to secure their data. Rather than starting with technology and deploying new protection tools, assess every data workflow in the most granular detail, monitor its use and vulnerability, and then act accordingly with a prudent mix of technology and process. This way, you are fixing the problems that truly exist, and not working on the basis of assumption.

3. Educating users

Ransomware is nothing new, and neither is phishing or social engineering. All were used in the attack on Garmin. But the best IT security systems in the world can only provide so much protection from attacks like these – the rest is down to your users.

Employees need to be educated on how to identify and handle these attacks. Cyber gangs are continuously adapting and advancing their strategies, techniques and technologies and your employee education needs to follow suit in order to defend against them.

Lessons from cases like these need to be imparted, not just to IT staff and senior team members, but to all staff across the organization.

4. Apply updates and patches immediately

Failure in applying recommended security patches is what exposed Travelex to their hackers. They didn’t install a security patch for their VPN for over nine months and hadn’t updated a Windows machine for over two years. It was the solitary open door the hackers needed.

Every company needs to ensure that updates and patches are regularly installed, and that security patches are installed without delay.  

Who keeps all of your software up to date and ensures patches are applied correctly? How often is this done?

5. Communicate clearly and transparently

All organizations have a responsibility to keep customers informed in the event of a successful cyber attack. These situations can be fluid, and of course, there is a need to strike a balance between speed and accuracy of communication.

However, it’s imperative to provide your customers with a level of transparency and assurance that the incident is being dealt with. Anything else can and will damage your brand reputation far beyond the attack itself.

A trend is emerging

Garmin and Travelex are not standalone stories. Ransomware is impacting businesses of all sizes, plus governments and even hospitals – anyone whose data is precious to them. And the attacks are increasing in sophistication, and in the aggression of the subsequent blackmailing.

And they will continue to attack with impunity as long as organizations fail to act proactively, promptly and data-first.

The post Lessons to learn from the Travelex & Garmin ransomware attacks appeared first on Calligo.

For some, the ability to keep data secure has been torpedoed by unexpected, sudden volumes of employees working from home, relying on domestic networks and personal devices. Similarly, there has been widespread confusion over how to balance employees’ privacy and confidentiality with the broader obligation of staff protection and even civil responsibility.

Navigating these times is difficult but there is some comfort in knowing that even during this emergency situation, the normal rules still apply.

Our Data Privacy team has released new guidance on the Data Security and Data Privacy concerns of the ‘new normal’, in order to help businesses follow data privacy rules and security best practice, while protecting the health and preserving the productivity of their staff.

The post Data Privacy and Data Security Recommendations for COVID-19 appeared first on Calligo.

Planning for a business’s future can be an exciting time for business owners and office managers alike—what could be more inspiring than the possibility of growth, widespread positive impact, and success?

Unfortunately, there’s a darker side to planning for the future, too. While imagining and planning for the perfect scenarios above is important, the reality is that disaster can and does happen. Without preparing for both the good times and the bad times, a business and its offices can’t succeed.

That’s where business continuity planning comes in.

What Is Business Continuity Planning?

When unexpected disaster strikes, business owners and managers must have a safety plan in place to ensure that their business operations can continue after major events like natural disasters, cyberattacks, or other accidental damages to a company, its physical location, and its infrastructure.

Business continuity planning is the development and practice of a plan which businesses can implement in the event of a serious setback caused by one of the disasters above. These plans include aspects of both prevention and recovery, with the primary goal being to maintain business operations while protecting personnel, data, and assets.

Why Do You Need a Business Continuity Plan?

One could say that the benefits of having a BCP are endless, but they’re more than just benefits—they’re proof that a BCP plan is absolutely necessary.

So, what is this proof of a BCP’s importance?

Organisations with business continuity plans:

Inspire reliability, trust, and confidence in their clients

Build a good reputation (and preserve it during dire circumstances)

Instil the idea of resilience and strength throughout the company’s operations

Are up to the industry standard

Can thrive in any situation

Nobody ever wants their business continuity plan to have to be activated, because it means something disastrous has happened. But they’re a necessity in modern business and having confidence in your continuity planning is achievable.

What is the difference between data backups and a business continuity plan?

Simply having your data backed up and secure is a good start – but it is only a start. Planning for a catastrophic systems failure or a cyber attack, means knowing that:

You can restore data safely and rapidly

Your team will be able to get back using both software and hardware with confidence, soon after a systems failure

Customer service will be maintained

You won’t lose time, money or customer confidence
Take the following as an example. In January 2017, Cockrell Hill Police Department (Texas, US) came under ransomware attack. A single infected server led to the loss of eight years of evidence including video recordings. So far, so bad.

Then, their back-up procedure activated very soon after the ransomware attack replacing their backed up files with a backup of files that had been encrypted by the ransomware and were therefore inaccessible.

Their previously uncorrupted data backup was wiped out by the very system they’d been relying on to preserve it.

Cockrell Hill had a business back up, but they needed a business continuity plan.

Creating an effective business continuity plan

In designing a business continuity plan, it’s important to ask the following questions:

Are the backed-up files easily accessible?

Is the backup device safe, secure and accessible?

Can our operating systems be reinstalled from the backups or just the filesystem?

How long will reinstallation of our operating systems take?

How long will critical file restoration take?

And how long for complete data restoration?

How much time will pass before the business is able to be running at full capacity again?

And how much time must we allow to catch up on anything we had to postpone during the catastrophe?

A Quick Guide to Business Continuity Planning

1. Pick your BCP team.

Get organised from the beginning and start the process of business continuity planning by choosing which members of the company will work together to develop and maintain a plan. Delegate responsibly, and diversify the team in order to gather insight from multiple business branches.

However, ensure that the primary person responsible for organising and maintaining the BCP is someone high on the pyramid. In other words, a senior official like a business owner or an office manager should take point on leading the planning efforts.

Once a team has been established, take action to ensure that all company employees and contributors are aware of the team members and their responsibilities. This creates accountability while keeping the entire office in the loop.

2. Perform a business impact analysis (BIA).

Before mobilising your BCP team to begin outlining a plan, take some time to begin by performing a business impact analysis. A BIA includes gathering data about the worst-case scenario. In other words, a BIA will yield detailed information about possible company losses (both monetary and intangible) and the negative effects caused by major disruptions.

The BCP team can use the company’s mission statement and information about the company’s legal obligations to rank the minimal, critical services required of the business and then determine which of these services would be unable to function after a variety of emergency scenarios.

3. Outline plans for critical operations.

With the results of the BIA in mind, the team’s next task is to outline practical, actionable procedures to follow in the event of an emergency so that business functionality is maintained.

This process will include assessment of any current procedures in place, then filling in necessary gaps using information from the BIA. This might include readiness procedures to prepare for natural disasters or the process of archiving and backing up databases to recover from a cyberattack.

4. Train and educate staff.

Once a BCP has been developed and reviewed by the planning team, make the rest of the organisation aware by hosting training sessions, designing exercises to make the plan tangible to employees, and reviewing the procedure in detail. Ensure that all employees understand why a BCP is necessary as well as how to implement this BCP in an emergency.

Importantly, help each employee to understand the individual role they can play in the implementation of the BCP. Let them know what’s at stake and how their participation will propel the business forward in a time of crisis.

5. Review and update your plan.

A business may have one of the most thorough and effective BCPs out there, but this means little if the plan is not reviewed and updated on a regular basis. Include as a part of the plan regular checkpoints throughout the year during which members of the BCP team evaluate the plan and implement company-wide initiatives such as practice drills.

This step has become particularly important in recent years as technology evolves and malicious cyberattacks have risen in number.

Remember, threats are changing all the time, and the BCP must be updated and familiar to the entirety of the business in order to be effective.

Effective business continuity planning saves time, money and reputation

Rebuilding your system requires so much more than simply restoring data – there’s the time required to review what went wrong and make sure you’re not leaving yourself open to risk again. You have to account for the time and energy required to inform your team and your customers and rebuild their confidence after an event like this, whether it’s fire, flood our outside attack.

All in all, having a robust plan will save you not just time and money, but reputation too. In fact, it could save your entire business, because according to a study by accounting firm Touche Ross 90% of businesses without a disaster recovery plan will fail following a disaster. Considering 30% of businesses don’t have a plan in place, this figure is startling.

The post Create a business continuity plan that works in 2020 appeared first on Calligo.

Topics range from the virtues and drawbacks of private, public or hybrid, to the complexity of migration, or cloud’s suitability for certain industries, businesses or use cases. Not to mention the excitement over more futuristic topics such as the quantum computing race.

With so many opinions on what businesses should be doing and using, or how, why and when, whose views should we be listening to and why?

After some extensive research, and asking some of our own experts’ whose commentary they trusted, we have built this list of Calligo’s top influencers and thought leaders in cloud and why we believe everyone should be aware of them.

Take a look at the list, and each of the influencer’s content, and follow them for what we consider to be some of the best updates and insights in the industry.

1. Ian Moyse Ian Moyse is the creator and author of the blog Cloud Matters and discusses all things cloud-related, from the strategy, to the use cases such as IoT and even the surrounding issues such as GDPR.. He is also a Governance Board Member at the Cloud Industry Forum, and is a non-exec with the Cranford Group, a cloud and devops recruitment agency.

2. David Linthicum David is the Chief Cloud Strategy Officer, Deloitte Consulting LLP and through his work on building innovative technologies and delivering strategies, he has published more than 13 books and 5,000 articles. He is considered a visionary in cloud computing within the industry, currently hosts the GigaOm Voices in Cloud podcast (where he recently interviewed Ian Moyse above!) and has been named the number one cloud influencer by Apollo Research.

3. Scott Guthrie Scott is the Executive Vice President of the Microsoft Cloud and AI Group, responsible for the Microsoft Azure team, looking after Microsoft’s cloud, server, database, business apps, security, management and development tools businesses. As well as blogging for the Official Microsoft Blog, he also regularly shares updates to his followers on cloud, Microsoft Azure and other innovative technologies.

4. Lydia Leong As VP Distinguished Analyst at Gartner, Lydia was one of the first analysts to focus on cloud technology and is always at the frontline covering the latest developments. She’s the creator and author of CloudPundit, a well-regarded blog which comments on internet infrastructure, cloud computing and data centres. Lydia covers topics from cloud managed service providers, content delivery networks, hosting. Infrastructure as a Service (IaaS) and has a keen interest in Platform as a Service (PaaS).

5. Duncan Epping Duncan is the creator and author of Yellow Bricks, a blog about virtualization and building a flexible, secure cloud. Also the Chief Technologist at the Office of CTO of the Storage & Availability Business Unit at VMware.

6. Thomas Maurer A Senior Cloud Advocate for Microsoft, Thomas works within the Azure engineering team to collect feedback and share knowledge on Microsoft Azure, Azure Stack and other technologies, enabling him to find ways the that the platform can be improved. Thomas has won numerous industry awards and also speaks on behalf of Microsoft on the benefits, uses and technicalities of Azure. His blog also covers many of these topics, plus additional industry-wide commentary and insights: https://www.thomasmaurer.ch/.

7. Lauren Nelson Lauren is a Principal Analyst at Forrester Research and is the lead for IaaS cloud solutions, including internal private, hosted private and public IaaS. Her latest research can be found here. She also shares her expertise and opinions on cloud strategy, cloud adoption trends and the environmental implications of cloud computing, along with insights from advising hundreds of enterprises on their cloud adoption strategies.

8. Alex Hilton With over 25 years’ of experience within IT and cloud, Alex is truly an advocate for cloud computing, believing any company of any size can benefit from the technology, enabling them to become more collaborative and innovative. He is the Chief Executive Officer for the Cloud Industry Forum and regularly shares carefully-selected informative articles that champion cloud, with topics as diverse as cost efficiency, ethical data use, cloud skills, data privacy, industry use cases and security.

9. George Anadiotis With a wealth of knowledge on cloud computing infrastructure as well as its use, such as big data, analytics, privacy and software engineering, George has a well-rounded view on cloud. He is a freelance journalist, featuring regularly as a contributor to ZDNet on big data and as a GigaOm network member.

The post 9 cloud influencers you need to watch and why appeared first on Calligo.