Foreword: Welcome to the Autumn Edition of AVAIL

By |

Welcome to the autumn edition of AVAIL, which contains some highly topical stories reflecting the news headlines. In a thought-provoking article, Dr Sandra Bell, Sungard AS’ head of resilience consulting in Europe, explains why recovering from a terror attack can be more complex than it seems. We also share the real-life experience of customer Augentius whose London office was caught up in the London Bridge attacks this summer. While on this subject, Chris Butler, one of our cyber resilience and security consultants, gives some useful pointers for communicating clearly in a crisis.

As the latest BCI cyber resilience report confirms, ransomware continues to be a huge threat worldwide and Sungard AS has produced a new guide that provides a framework to help IT and security leaders approach this risk in a structured, methodical way. We caught up with Sungard AS’ global chief security officer Shawn Burke to talk about the growing problem – read the interview here.

Following the departure of Keith Tilley for pastures new, we introduce you to chief marketing officer Kathy Schneider who will build on the strong foundations laid by him over nearly 40 years. You can find out more about Kathy’s background and the recent organisational changes at Sungard AS here.

Elsewhere, we introduce Lee Webb, the new chair of the Sungard AS European Customer Advisory Board who talks about his plans in the role.

Finally, I hope you enjoy this issue and welcome your feedback on any aspect of the magazine. If you have any comments, please email me at AS.UK.AvailEditor@sungardas.com.

Jenna Powell

Editor

Changing of the Guard

By |

As you may know, Keith Tilley, our EVP and Co-Chair, left Sungard Availability Services at the end of September after almost four decades with the company.  Keith explained, “While this was not a decision that I reached lightly, I feel this is a great time to spend more time with my family, as well as to pursue some other professional interests that have me intrigued.  As most of you know, I’ve been with the business nearly 40 years.  I’ve had the great pleasure of leading teams throughout our journey from a traditional recovery business to what we are today – a fully resilient and recoverable infrastructure solutions provider. 

He continues, “No matter how long you’ve been a Sungard AS customer, I’m confident you’ve seen many changes over the years as we’ve continued to evolve our business to meet your needs. I have every confidence the business will continue to evolve and thrive to remain competitive in the market, and to deliver truly integrated recovery and production solutions that you’ve come to rely on us to deliver.”

Keith is well-known to many Sungard AS customers, and the industry as a whole, and leaves huge shoes to fill. However, we are delighted to share the news that his role representing the voice of the customer, bringing customer experience and market perspective to all business decisions to Sungard AS, will be fulfilled by a new London-based Chief Marketing Officer, Kathy Schneider who reports direct to Andy Stern, Chief Executive Officer for Sungard AS. Kathy officially joined us on 29 August and is responsible for Global Marketing, Global Market Strategy, and Corporate Communications.

Kathy brings more than two decades of technology and business-to-business marketing experience at both pre-IPO and Fortune 500 companies. She joins us most recently from Level 3 Communications where she was Senior Vice President, Product and Marketing – EMEA. Prior to Level 3, Kathy was with Criteo, a publicly-traded technology company specialising in digital marketing and big data. At Criteo she held a global role on the executive leadership team as Senior Vice President, Marketing & Communications.

Before that, she worked at Dell Inc for 14 years in a variety of marketing leadership roles in the US and EMEA. While at Dell, she gained extensive experience leading marketing functions at a country, regional and global level. She has spent the last 13 years working and living in London with her family and has dual US. and UK citizenship.

Remarking on her new role, Kathy said: “For more than 35 years, Sungard AS has been reputed as the market leader for delivering recovery solutions that keep enterprises and organizations ‘always on’ and able to meet their business objectives.  Over the last several years, the company has transformed its solutions portfolio to also offer fully resilient production and recovery services.  I am thrilled to be joining Sungard AS at such a pivotal time as it continues to evolve its solutions portfolio and help customers across their entire IT deployment.”

We also announce that Charles Quinn joined the Sungard AS team in August as Senior Vice President, EMEA Sales and is based in London.   Charles brings over 25 years of sales and leadership experience working for some of the most successful technology companies in the world, such as Hewlett-Packard, Dell, Microsoft and others. In each of these organisations, Charles has a proven track-record of building strong growth positions in highly competitive markets.

Most recently, Charles served as Group Managing Director for ECS, a fast-growing and award-winning IT consultancy and professional services company.  In this capacity, he was responsible for the group strategy, growth and results delivery.  Revenue grew impressively under his leadership.  Prior to ECS, he spent a considerable length of time with Hewlett-Packard where, among other roles he notably served as a Vice President for a key division within EMEA.  Throughout his career, Charles has established himself as a highly-respected business leader with a customer-centric and engaging leadership approach.

Keith played a huge part in shaping Sungard AS into the company it is today and we are sure you will join us in wishing him all the best in the next stage of his career, and at the same time, extend a warm welcome to Kathy and Charles.

Organisational Response to Terrorism

By |

New whitepaper: Why you need more than just a business continuity plan.

Continuing business activities in the immediate aftermath of a terrorist attack is easier said than done, according to Dr Sandra Bell, Sungard Availability Services’ head of resilience consulting (Europe), in her newly-published white paper Organisational Response to Terrorism – why you need more than just business continuity. While effective Business Continuity and ICT Disaster Recovery plans will, in most cases, get an organisation back on track, companies must realise that the whole eco-system within which they operate has also been damaged and consider the effects on their wider business networks.

So, while overcoming their immediate practical issues such as prolonged denial of access to buildings, either due to damage or because of evidence-gathering activities, organisations should also pay close attention to their stakeholder relationships.

 

Perception is everything

In the business continuity world, we place great emphasis on getting back to ‘business as usual (BAU)’ following disruptive incidents such as a terrorist attack.   However, Dr Bell points out that trust between members of the business ecosystem can be easily broken if the organisation’s response is seen by employees, partners, clients or stakeholders to be overly selfish, insular or entirely commercially-focused. Likewise, if insufficient empathy is displayed in the face of public outrage, an organisation’s position within the socio-economic web can be threatened.

Dr Bell explains that in today’s interconnected world, when responding to incidents that have the potential to cause more than just a small glitch to operations, organisations need to understand that their disruption will also be felt by others. In fact, the impact can be devastating due to what economists call the “multiplier” and “ripple” effects – a phenomenon explained in her paper.

Furthermore, if the incident that caused the disruption could create fear and anxiety at a personal level, as they do in the case of terrorist attacks, the response needs to be seen to be overtly ethical. This means that a blatant emphasis on the resumption of business activities or the use of proactive tactics such as capitalising on competitors’ weaknesses or launching blatantly pre-emptive communications are seen as negative.

In reality, failing to demonstrate empathy or not being seen to respond ethically can dangerously backfire in any situation where the incident that caused the disruption evokes public outrage, as has recently been demonstrated by the former leader of Kensington and Chelsea Borough Council following the Grenfell Tower fire and before him, the former chief executive officer of BP following the Deepwater Horizon oil spill.

 

Impact on the organisation’s ecosystem

In short, at the same time that operations are being fixed, compassion and empathy needs to be extended to everyone with which the organisation has a relationship with, and specifically to those that rely on it for either their social or economic well-being. For example, the small cleaning company whose business model relies entirely on cleaning the organisation’s offices to survive, or the non-exec who is currently helping position the organisation for that merger and acquisition. The organisation also needs to be prepared to work on those relationships during the incident and perhaps temporarily change the balance of the reciprocal arrangements to help a “friend in need”.

Organisations that get the operations-empathy-ethics balance right will emerge from the disruption in a stronger position from which they entered it. They will enjoy greater loyalty from those that they paid attention to and they will be seen as a positive ‘multiplier’ and therefore increase their potential for profitable partnering in the future[1][2].

Org Response to Terrorism_whitepaper coverDownload the white paper

Speak to your account manager or email avail@sungardas.com to find out how Sungard AS Consulting Services can assist your organisation.

 

 

 

[1] Knight, Jerry (1982) “Tylenol’s Maker Shows How to Respond to a Crisis” The Washington Post October 11 1982

[2] Larissa Tiedens, Fiona Lee and Christopher Peterson (2004) “Admitting Missteps May Boost Stock Prices” Available from: www.gsb.stanford.edu/news/research/ob_corpresponsibility.shtml

Resilient Culture Ensures Business as Usual for Augentius

By |

Augentius_Logo_Black_500

 

Longstanding Sungard Availability Services customer Augentius, one of the largest independent private equity and real estate fund administrators in the world, found itself caught up in the 2017 London Bridge atrocity in which three terrorists killed eight people and injured 48.

The combined vehicle ramming and stabbing attack took place directly outside Augentius’ London office, resulting in its evacuation and closure to allow the police to collect forensic evidence. Faced with denial of access to its premises, Augentius activated its disaster recovery (DR) and business continuity (BC) plans.

The incident occurred late on a Saturday night, which allowed the firm to monitor the situation on Sunday and plan its response before the new business week began. By late Sunday afternoon it became apparent that access to its office on Monday morning was unlikely. Augentius’ London DR team met via conference call and plans were put in place on the basis that the building would continue to be unavailable for the next 24 hours. This included invoking Sungard AS’ Docklands Workplace Recovery Centre and preparation of IT systems to allow staff to work from home. Finally, all staff were notified of the situation and advised not to travel into the London office until further notice.

The DR team met again via conference call at 0700 hours on Monday 5 June, having monitored the situation since 0600 hours with the premises manager. When it was confirmed that access to the London office was still not possible, Augentius implemented its DR plan. Staff were updated at 0730 hours as promised, confirming that the office was closed and that they should not travel in to London, and then clients emailed at 0830. From 0900 onwards, these emails were supplemented by personal calls from Augentius’ client service teams.

When the business day began some 60% of Augentius’ client service staff were either remotely logged into the company’s systems from home or working from the Sungard AS DR site with over 95% being fully operational by 1000 hours. In line with good practice, Augentius tests its IT systems annually, has put in place an emergency notification system and contracts a number of Workplace Recovery positions for key employees at one of Sungard AS’ workplace recovery centres.

The smooth arrangements ensured all client deliverables were achieved during the course of the day.

David Bailey, Marketing & Communications Director for Augentius, who led the firm’s response admits, “Terror attacks weren’t front of mind when we developed our business continuity plans. After all, most disruptions are caused by plumbers or builders drilling through cables.”

He explains, “Shocking as the event was, this was probably the simplest BC problem we could have. We were essentially just locked out of our premises – all our communications and other systems were fully operational and we had plenty of time to think about our response. As the attack took place at the weekend, fortunately none of our staff were endangered or witnessed upsetting scenes so we weren’t having to deal with people who were injured or worse.

“Having said that, coming back to work on Tuesday morning was pretty horrendous – it was blowing a gale, London Bridge was still partially closed and the whole area was mobbed with TV cameras and reporters. It was a surreal environment and some staff did struggle with that and went home early that day. Everyone has access to counselling via our health insurance plan and we encouraged teams to chat among themselves, brought in cake and fruit and were generally aware of the stresses that existed.”

According to Dr Sandra Bell, Head of Resilience Consulting (Europe) for Sungard Availability Services, Augentius’ successful response to the crisis was due to its “resilient corporate culture characterised by employees who know what is expected of them and a management team that can think on its feet and make business decisions without panicking.”

She notes, “The Augentius team had excellent situational awareness and associated PR and communications, which meant everyone knew what was going on and they were able to remain fully in control.”

Nonetheless, David Bailey believes lessons can always be learned and the firm has since refined its BC plans as a result.

Lessons learned

1  Due to holidays and other personal events, it was difficult to get in touch with some DR team members over the weekend. As a result, alternative lines of communication have been put in place.

2  Augentius was initially unable to ascertain whether any of its employees had been caught up in the attack as staff were not specifically instructed to acknowledge the emergency message to confirm they were safe. Message wording will now be changed and the emergency communication system tested quarterly by different groups of staff to encourage familiarity with the system.

3  The firm’s email alert system worked but it became apparent that call lists were out of date and did not include temporary and contract staff. This has now been rectified.

4  The company was unable to reroute all of its telephone numbers, roughly 100, quickly so as a short-term fix, it transferred the office reception number to a mobile phone, enabling calls to be answered and handled. However, it is now evaluating software to redirect its direct dial numbers in the event of a future emergency.

5  The incident drove home the importance of reviewing BC plans every 12 months to ensure they are still fit for purpose. For example, Augentius has grown from a business of seven people to over 600 since it drew up its continuity plans and its BC team has grown accordingly. Today, the company has BC teams in each of its eight international offices, each of which handles local incidents while a global BC team will handle any wide area events. Its plans have been updated regularly to reflect this.

Even before the terror attacks, David Bailey had never doubted the value of having business continuity provision. “It’s a fact of business life – you never know what’s coming down the track. The fact that our plans have been put to the test and proved effective is important. Many of our clients are regulated businesses so they need to have the comfort that not only do we have contingency measures in place but that they will work when called on.”

 

Communicating Clearly in a Crisis

By |

By Chris Butler, Principal Consultant, Cyber Resilience and Security, Sungard Availability Services.

To quote business magnate Warren Buffet, “It takes 20 years to build a reputation and five minutes to ruin it.” Years on from that memorable statement, I wager it would take much less than five minutes in our ‘always on’ world to suffer reputational damage.

We are unable to open the newspapers or turn on the television today without bearing witness to the latest victim of a cyberattack,  recent example being the hack of American TV giant HBO whose money-spinning series Game of Thrones was leaked around the world.

The threat is certainly growing: a recent report revealed that cyberattacks rose by a quarter in Q2 2017. In a world overwhelmed by social media, news of such a disaster can go international in the time it takes to say ‘cyber-breach.’ And the potential fall-out of a crisis? Damage to your business’ reputation, negative effects on share price and a detrimental impact on staff morale.

If a data breach takes place, organisations must be in the position to communicate information instantaneously and precisely to all parties affected – customers, partners, vendors and staff. However, by their nature crises are unique, unpredictable, and can go far beyond any eventuality you’ve planned for. (Hence the rueful observation by one business continuity practitioner that “We’re always planning for our last disaster.”) So, how can organisations ensure they’re prepared to respond in the most effective way possible?

There are two types of communication that are needed to support a crisis management programme. Both require sufficient preparation to ensure a swift and appropriate response in times of crisis, and that those impacted are kept in the loop by business leaders – not a random social media post.

 

Pre-defined messages

These should be the cornerstone of any good crisis management programme and are crucial to avoid wasting time deliberating on what to say as the crisis unfolds. But how do you go about developing them?

Organisations need to dedicate time to identifying potential scenarios, developing the appropriate messaging templates and selecting appropriate communications channels for each situation. We recommend carrying out a comprehensive stakeholder analysis to identify the parties who will need to be informed as a priority, and agreeing what they need to know. Constructing and clearing provisional statements in advance will place your business in a much stronger position to respond quickly and accurately.

 

Tailored Response

Tailored responses are unique to a particular crisis. While it is not possible to prepare for every single crisis outcome, this does not justify neglecting foresight, groundwork or planning. As someone, somewhere once said, the only thing harder than planning for an emergency is explaining why you didn’t. Carrying out simulation exercises to educate and train crisis teams, familiarise them with possible outcomes, and uncover opportunities and gaps in their programme(s) will help them develop a readiness mentality. This then places them in a much stronger position to manage threats to their organisation.

It’s crucial to enlist a crisis communications team, led from the board, embedded at the heart of your business and possessing a sound understanding of the risks and threats posed to the organisation. However, in a crisis the onus is not just on the defined crisis communications team. Senior management will need to be media-trained to respond to untoward situations to reduce damage to business brand, to keep staff feeling focused and motivated and to engender confidence among stakeholders.  They will be a vital conduit to creating market goodwill while the business establishes the nature and scope of the threat; reinstates or bolsters systems or operational integrity and addresses any customer impacts.

And when crafting your communications, it is worth remembering that, as Winston Scott, Director of Florida Space Port so pithily noted, “At the onset of an emergency, everyone’s IQ goes immediately to ‘0’”.

Weathering a crisis will depend entirely on your organisation’s ability to arm itself and remain level-headed when the time comes. Businesses who deliver well-considered communications in the event of a cyber-attack will be the ones to demonstrate foresight and agility; repositioning themselves as a stronger and more resilient force.

 

To find out how Sungard AS Consulting Services can assist your organisation, speak to your account manager or email avail@sungardas.com

 

About the author

As principal consultant for cyber resilience and security at Sungard AS, Chris Butler leads the development of services that integrate traditional information security products within a wider framework of organisational and cyber resilience.

Following a 20-year Army career in aviation, security and counter-terrorism, Chris moved into consulting. Initially with a large oil/gas firm helping major projects to close out and learn from experience, then into the nuclear sector. Working in security and resilience, Chris provided expert consultancy covering crisis, emergency and incident management; policies and plans for preparedness and response. He has further experience in strategy execution consultancy, including programme and risk management, and executive coaching in the legal, financial and health/nutrition sectors.

BCI Cyber Resilience Report Paints Worrying Picture

By |

BCI resilience report coverA new report published by the BCI and sponsored by Sungard Availability Services confirms cyberattacks are a constantly evolving threat that is growing more dangerous by the day. The organisations surveyed spanned a variety of industry sectors including finance and insurance (29%), IT and communications (19%), professional services (16%) and health and social care (7%).

The report notes that the top three cyber-attacks continue to be phishing/social engineering, malware and ‘spear-phishing’ (an email-spoofing attack that targets a specific organisation or individual), while new entrant ransomware sits at number five. With fresh cyberattacks making news headlines on an almost daily basis, it is reassuring that 60% of senior management claim to have a high commitment to cyber resilience.

Around two out of three organisations (64%) reported at least one cyber disruption in the last twelve months, while some 15% had experienced more than ten. More alarmingly, roughly one in six organisations did not know whether a disruption had occurred or not, which suggests a lack of cybersecurity awareness in the organisation and the likely presence of information silos.

The survey of 734 business continuity and risk management professionals reveals that more than two-thirds of those surveyed (67%) take over an hour to respond to a cyber incident, with 16% admitting to a response time of four hours or more. This is a cause for concern as industry experts recommend responding to an incident within the first hour of discovery, commonly known as the ‘golden hour’.

In the Middle East & North Africa, the picture is even worse with only 12% taking less than hour to react to a cyber incident and one in three (33%) taking three hours or longer.

The research showed validation is key to building cyber resilience, with 55% of organisations testing their cyber resilience capabilities through exercising while 47% conduct penetration tests.

About a third of the respondents (33%) suffered disruptions costing more than €50,000, while more than one in ten (13%) experienced losses of €250,000 or more. Segmenting the data for small and medium enterprises (SMEs), which made up a quarter of the sample, showed that 18% suffered a disruption of €50,000 or more. Considering that 40% of the SMEs involved in the survey have an annual turnover of less than €1 million, these appear to be significant losses.

On a brighter note, several respondents stated how business continuity is no longer separated from IT and cyber departments, recognition that a sound business continuity plan must take into account the effects of a malicious online attack in order to guarantee continuity in the current threat landscape.

The report concludes with four key findings:

  1. BC professionals need to collaborate and engage with their cyber/Information Security colleagues to pool their expertise and respond to incidents, something that increasingly appears to be happening.
  1. Reputation management remains a key driver in pushing the cyber resilience agenda with large and small organisations alike aware of the potential for damage to their brand.
  1. As supply chains continue to be more complex – 43% of survey respondents depend on more than 20 suppliers – an organisation’s cyber resilience is heavily influenced by the cyber resilience of its supply chain.
  1. As we are already seeing with the EU General Data Protection Regulation (GDPR), legislative and regulatory changes are expected to drive cyber resilience as governments and data protection bodies worldwide tighten rules concerning storage and use of personal data.

Download the full report here.

Collaborative Security: CSOs Partner with the Business for Protection

By |

With their company’s systems, data and brand to protect, Chief Security Officers (CSOs) were once considered just the people who said “no.” Now, CSOs are abolishing the barriers that once existed between the security organisation and the rest of the business. AVAIL caught up with Sungard AS Global CSO Shawn Burke, who talks about taking on security challenges in this new era of collaborative security. 

 

Q: Shawn, you bring two decades of IT security experience to your role as CSO. With today’s cybersecurity challenges, how has life changed for the CSO?

Traditionally, cybersecurity was viewed as an IT-centric responsibility, and the CSO would focus solely on applying technical controls for mitigating threats. With the rapid evolution of technology, vast amounts of data at our disposal and regulatory requirements, cybersecurity has transformed to being more top of mind for the rest of the organisation.

Now, CSOs often have a seat at the table with the board and executive leadership. There is an expectation for the CSO to have a full understanding of business strategy and objectives and to translate that into operative information security controls. These controls are not always directly under the CSO’s charter, so they need to collaborate effectively with the rest of the organisation.

 

Q: So, it’s more of a shared ownership for security?

Yes. I recently did an interview about how to be a successful CSO and I talked about the importance of building relationships and having the communication skills to engage with the business as a trusted advisor. To learn how to influence, instead of just delegating and managing security directly.

To accomplish that, the language of security leaders is becoming less technical and more business oriented, so their risk management methodology can be clearly articulated and understood by business stakeholders.

So, as a CSO, it’s no longer just about evangelising how important security is and saying “no.” Our value comes into play when we figure out how to enable the business with different services, while they’re still being protected.

 

Q: Do you have an example of how that collaborative model works at Sungard AS?

Sure. When it comes to integrating the security function with overall business processes, one avenue taken by my team is to closely align with the Programme Management Offices. So, if there is a formal project, security requirements and review will surely be a part of the plan. The key is instituting an enforced situation for meeting those security requirements, while staying aligned with business initiatives and being a good partner.

For instance, our global operations team is responsible for monitoring our systems and responding to alerts. My role is to work with leaders in different operational areas to understand their roadmaps and influence their priorities to focus on. I give them direction, but I’m not micro managing their daily tasks.

On the architectural side, I collaborate with our product teams to make sure security is thought of right from the start with all our products and services. I don’t run the architectural function, but everyone must come through our team to validate they have met our security standards.

I also meet with our CEO Andy Stern, his direct reports and the senior management team regularly to let them know about potential risks that may be of concern in the future—and ways we can work together to mitigate those risks.

 

Q: Cyberattacks, ransomware and the Internet of Things continue to pose risks. What other things are keeping CSOs up at night?

This year, I’m also seeing vendor risk management become more of a challenging reality. I’m an advocate for businesses making that transformational shift towards a cloud infrastructure to reduce costs, and there are many cloud security benefits to take advantage of now.

When it comes to compliance, there are concerns over GDPR and how the requirements may drive business costs higher as new data protection controls are considered. Our Chief Compliance Officer has been way in front of this and has defined a roadmap for meeting those demands.

Lastly, the cyber security talent shortage continues. CSO’s will increasingly need to rely on automation for protection while they find creative ways to fill the security professional gaps.

 

Q: How does a CSO keep on top of these issues?

As mentioned in our new ransomware paper, there is no single solution to prevent an attack. That’s why you need to implement a defence-in-depth security approach, with multiple layers of proactive and reactive measures to help you prepare, detect and mitigate future attacks.

A CSO also needs reliable, close to real-time threat intelligence and should consider adaptive countermeasures, such as security behavioural analytics that show patterns and anomalies that indicate potential threats. Having sound patch management strategies and constantly educating your employees also goes a long way when it comes to prevention.

Most importantly, don’t assume everything is in tact. Keep testing your resiliency and incident response plans and conduct frequent risk assessments.

 

Q: Any last words for other CSOs?

A CSO should always be in a learning mode and never too complacent with how they are protecting their company’s data. I’m always going back and re-evaluating our security programme to make sure it’s practical from a business perspective.

Ultimately, as a CSO you need to ensure the security function is continuing to provide organisational value by helping the business be agile enough to introduce new products and services more quickly, but with the right security controls in place.

 

Prepare Detect Mitigate paper coverDownload the paper Attacking Ransomware: Prepare, Detect, Mitigate for help with facing ransomware threats.

To find out more about our Managed Security Services, speak to your account manager or visit our website.

 

Prepare, Detect, Mitigate

By |

A new paper that helps you face up to the ransomware threat.

An unwitting employee clicks on an email attachment and unleashes malware that propagates across your company’s network. Within moments, the malware encrypts critical databases and files, locks out users, and severely impacts company operations. The IT department scrambles to limit the damage, but it’s too late. Messages from the cybercriminal arrive – confirming that your company has just joined the unlucky ranks of ransomware victims.

Do you pay the ransom (and hope the cybercriminal will follow through on their promise to provide the decryption key), or attempt to restore your systems from backups? It’s a situation – and a decision – you don’t ever want to face. But the ransomware threat is growing and the criminals are smart and highly motivated. Companies that fail to plan ahead for ransomware attacks do so at their peril.

Now is the best time to plan defenses that can help you avoid the ransomware threat altogether, as well as deploy measures that can limit the damage of any malware that makes it through your defenses.

This new paper from Sungard AS provides a framework to help IT and security leaders approach the ransomware threat in a structured, methodical way. The paper highlights some of the key steps that Sungard AS uses to protect its own managed services clients from ransomware threats.

If you’ve already taken action to address ransomware threats, download the paper to make sure you’ve covered all the bases. If you’re starting from scratch, you’ll find that the three sections – Prepare, Detect, Mitigate – help to prioritize your efforts and fit this important effort into your overall approach to IT security and business continuity.

 

Prepare Detect Mitigate paper coverDownload the paper

To find out more about our Managed Security Services, speak to your account manager or visit our website.

Cloud Transition – Tread Carefully to Avoid Cloud Pitfalls

By |

shabansaddique_resizedBy Shaban Saddique, EMEA Head of Transformation, Sungard Availability Services.

In a relatively short period, cloud computing has gone from being something familiar only to a handful of early-adopter test and development users to an omnipresent, couldn’t-live-without-it technology. Organisations are increasingly moving mainstream workloads into cloud environments: public cloud spend has grown threefold from £9bn in 2013 to £27bn in 2017[1] – and rising.

During that time, it’s not only the technology that has moved on: the thinking around how to deploy cloud technology has also shifted considerably. In the early days, cloud evangelists urged enterprises to move absolutely everything to the cloud – in practice, a highly impractical recommendation that led to pain and disappointment for many organisations who are rapidly learning that a cloud environment is not advantageous, or indeed suitable, for all applications.

This realisation has resulted in the growth of the complex Hybrid IT environments that exist in organisations today, which commonly feature a mix of private cloud, public cloud and private infrastructure in hosted data centre space (colocation) alongside all-important legacy systems that are kept in-house.

It is also behind the trend towards 85% of organisations adopting a multi-cloud strategy – choosing different types of cloud for workloads with differing security, scalability and availability needs[2]. This increasing market maturity is enabling organisations to embrace digital advances and accelerate time to market. Today, a ‘minimum viable’ approach to product and service development is encouraged – getting something out to the market fast then refining it, releasing updated versions with enhanced features.

Organisations typically choose to move to the cloud in the belief it will make them more agile, reduce IT costs and allow them to be more innovative and grow the business. In expert hands and when the transition takes place at the right time for the right workloads organisations can reap all these benefits and more. But all too often the objectives are unclear, the expected benefits are based on misconceptions and the overall cloud strategy is flawed.

 

Factors to consider

 

Before arriving at a decision, first consider:

  • Which applications are suited to run in a cloud environment?
  • Does it make financial sense? If an application involves a large number of expensive licences, it may be best suited to another platform. Similarly, if the application frequently interacts with the legacy estate and hyperscaler (AWS, Azure, Google), it may incur prohibitive data transfer charges, a point that is often overlooked.
  • Where will your data be stored and how secure will it be? This may well influence your choice of cloud vendor.
  • How will it integrate with your legacy systems?
  • What is your exit strategy? It is good practice to plan your way out of a vendor before you even move in to avoid onerous lock-in clauses.
  • What application interdependencies do you have? Lack of interoperability will inevitably hamper success.
  • Sometimes the cutting edge can feel very sharp and moving to DevOps can hurt both your operations teams and your developers as they strive for change. Factor in what works for your culture and the speed at which your organisation can operate.
  • How critical is the application to your business and what regulatory and compliance standards must it meet?
  • At what lifecycle stage is the application? In the start-up phase, an application might be expected to grow very quickly, in which case a cloud environment will provide much-needed scalability. Conversely, it may not be economically viable to move a stable, long-established application in steady-state operation to the cloud. And if an application is in decline, the best route may be to manage it out and replace it.
  • Is the skillset still available to support the application? While millennials now entering the workforce are educated on newer technologies and techniques, those typically managing and updating legacy environments are retiring — and taking their specialist skills with them.

 

Top tips for cloud success

 

Our cloud and IT transformation consultants have extensive experience gained from guiding customers through large multi-cloud engagements over the years and here we share some top tips to avoid common pitfalls:

  1. Switch from ‘inside out’ to ‘outside in’ thinking. In other words, look at things from an end user’s perspective when planning – ask yourself how will people consume the service and what experience do you want them to have? It is unlikely that a single cloud will be suitable for all your applications so build a layered cloud strategy for each of the capabilities. Where possible, avoid a straight ‘lift and shift’ of the physical data centre into a cloud environment and instead take the opportunity to redesign business processes and redeploy to gain the full benefit from your cloud transformation.
  1. Break down your transformation programme into manageable chunks. Rather than carry out a sweeping enterprise cloud migration, focus on one workload at a time to reduce the gap between the discovery phase and execution or your discovery may become out-of-date. Start small!
  1. Focus on business outcomes. Prioritise workloads according to whether they will add value to the business and create agility where this is needed.
  1. Set meaningful success criteria. As with any business decision, whether to move applications to the cloud should be based on the anticipated business benefits, not the technical achievements that make this happen. (Just because something can be done doesn’t mean it should be done).

 

Sungard Availability Services provides an end-to-end modular cloud migration service that helps reduce risk and complexity. As part of this process we help customers map the world around them and identify their needs.

If you’d like to explore whether a cloud environment is right for your organisation, contact our expert cloud consulting team on 0800 143 413 or email avail@sungardas.com

 

About the author

shabansaddique_resizedShaban Saddique is an experienced Head of Consultancy, who creates clarity, builds unity and fosters agility.  His service delivery leadership experience includes strategy, cost analysis, cloud and hosting solutions, data centre and IT infrastructure.  Shaban has managed multiple Hybrid IT strategy and cloud/data centre transformation projects across multiple industry verticals.  He has helped clients to drive IT transformation by building appropriate end-to-end cloud delivery models, while ensuring both business value and technology alignment.

 

 

 

 

 

 

[1] Source: Gartner Symposium ITXPO

[2] Source: IDC FutureScape: Worldwide IT Industry 2017 Predictions (IDC #USA41895616, November 2016)

New Customer Advisory Board Chair Appointed

By |

Lee Webb, Director, Group Resilience for Barclays, has been appointed to chair Sungard Availability Services’ European Customer Advisory Board (CAB). The CAB represents the customer viewpoint on policies and procedures, and influences the quality and direction of services to ensure they continue to meet customer needs. The CAB’s input is greatly valued by Sungard AS, with members consulted on proposed changes and among the first to hear of company developments.

Lee WebbBefore joining Barclays in 2005, Lee worked for a number of organisations in both the public and private sector. These ranged from small independent operations to large multinational corporations.  Lee spent six years in Hong Kong as a Director at Credit Suisse, during which time he was responsible for the rollout of the Asia Pacific segment of a global Business Continuity and Disaster Recovery remediation programme.  Prior to moving into the business continuity field, Lee worked as a systems auditor and IT security consultant.

AVAIL got in touch with Lee to congratulate him on becoming Chair and to ask about his motivation for getting involved. “Having been a member of the CAB for a couple of years now and seen it in action, I believe it is a valuable two-way channel that allows customers to give open and honest feedback to Sungard AS,” he replied. “Equally, it gives us as customers an insight into the challenges facing Sungard AS and how the company plans to address them.” 

We asked him about his plans for the European CAB, to which he replied, “While there are eight companies represented around the table, I want to raise awareness of the CAB and widen participation. Success comes from having a representative cross-section of customers on the board and for all those members to actively contribute. I’d also like to take the pulse of views out there to ensure the CAB is in sync with the wider customer base as it is so diverse.”

Among the initiatives Lee is currently working on at Barclays are innovations in crisis management, and looking at how intelligence techniques such as ‘near miss’ analysis can be harnessed and used proactively to improve the recovery response. He says, “I’m borrowing heavily from industries like oil, gas and aviation to see what we can learn from those sectors and identify any underlying trends that might have a universal application. The findings may be something all Sungard AS customers could benefit from – so watch this space.”

We look forward to catching up with Lee in a future edition of AVAIL and hearing more about his plans for the CAB.

The next CAB meeting is on Wednesday 8 November. If you have an issue or query you’d like the board to address, simply email the CAB before that date.