focus on flexibility - bitpipedocs.media.bitpipe.com/io_13x/io_135708/item_1484666/cwe...who use...
TRANSCRIPT
computerweekly.com 10-16 January 2017 1
Home
News
IT Priorities 2017: find out what IT leaders will be investing in this year
HSBC combines AWS with agile thinking to tap into demand for mobile banking
BBC schedules tailor-made content to meet the needs of digital consumers
Editor’s comment
Buyer’s guide to internet of things security
Data protection after Brexit
Testing times for disaster recovery systems
Downtime
computerweekly.com
SAN
JERI
/IST
OC
K
Focus on flexibility
Cloud computing tops the list of IT priorities for 2017 as CIOs seek to strengthen support for modern methods of working
Home
10-16 JANUARY 2017
computerweekly.com 10-16 January 2017 2
Home
News
IT Priorities 2017: find out what IT leaders will be investing in this year
HSBC combines AWS with agile thinking to tap into demand for mobile banking
BBC schedules tailor-made content to meet the needs of digital consumers
Editor’s comment
Buyer’s guide to internet of things security
Data protection after Brexit
Testing times for disaster recovery systems
Downtime
CES organiser slams government for lack of tech startup supportGary Shapiro, CEO of the US-based Consumer Technology Association (CTA), claims the UK government has not done enough to support technology startups representing the UK at this year’s CES show. Speaking at CES 2017, which is organised by the CTA, Shapiro was reported to have described the UK government’s lack of support for tech startups attending the show as “a source of embarrassment”. California introduces legislation to combat ransomwareThe US state of California has intro-duced anti-ransomware legislation to crack down on cyber attackers who use malware to lock up criti-cal data and demand a ransom for its release. Infecting computers with malware designed for this purpose is now illegal in the state, in an attempt to make it easier to prosecute offenders for the crime, reports Ars Technica.
Competition watchdog queries Mastercard’s VocaLink dealThe Competition and Markets Authority is concerned that a takeover of VocaLink by Mastercard could make it difficult for UK ATM network Link to negotiate a good infrastructure service due to reduced competition. In June 2016, the Payment Systems Regulator stated its wish for VocaLink, which is owned by a small group of big UK banks, to be sold off to increase competition in payment processing. Power firm quashes reports of Russian breach of US grid An electrical power company in Vermont has quashed reports that the US power grid was breached by Russian cyber attackers. The Burlington Electric Department said it scanned its systems in response to an alert by the Department of Homeland Security about Russian malware Grizzly Steppe, which has been linked to attempts to influ-ence the US presidential election.
New Year system crash hits ambulance serviceAn unspecified technical fault forced the London Ambulance Service to log emer-gency calls using pen and paper for about five hours on New Year’s Day. The com-puter systems used to log calls and share real-time information about the locations of ambulance crews failed, resulting in a slowdown in response times. Peter McKenna, deputy director of operations, said the control room used pen and paper to log calls between 12.30am and 5.15am.
❯Catch up with the latest IT news online
NEWS IN BRIEF
MA
NA
KIN
/IST
OC
K
computerweekly.com 10-16 January 2017 3
Home
News
IT Priorities 2017: find out what IT leaders will be investing in this year
HSBC combines AWS with agile thinking to tap into demand for mobile banking
BBC schedules tailor-made content to meet the needs of digital consumers
Editor’s comment
Buyer’s guide to internet of things security
Data protection after Brexit
Testing times for disaster recovery systems
Downtime
NEWS IN BRIEF
Flight booking systems easy to hack, researchers warnLegacy flight booking systems are extremely easy to hack, exposing travellers to social engineering and other cyber attacks, Karsten Nohl and Nemanja Nikodijevic of Berlin-based Security Research Labs told the Chaos Communications Congress conference in Hamburg.
Pernod Ricard toasts better demand forecasting with InforPernod Ricard, known for its Absolut, Campo Viejo, Malibu, Jameson and Chivas Regal drinks brands, says it has improved its demand forecast accuracy with software from Infor. Thailand’s military to recruit civilian ‘cyber warriors’ The Thai Army reportedly plans to recruit civilian “cyber warriors” to bolster capability at its cyber crime security centre. The initiative follows a series of cyber attacks targeting government websites.
UK games industry to grow in 2017, but skills are a concern Most UK games firms plan to expand their workforce in 2017, indicating growth in the industry, according to research by the Tiga network for games developers and digital publishers, but there is con-cern about the future availability of recruits with the right skills.
Three-quarters of enterprises collect IoT data, says research A total of 71% of global businesses are now gathering internet of things (IoT) data in some form, and 90% expect to increase spending over the next 12 months, according to a report by analysts at 451 Research.
Hacktivists hit Australian human rights commission website Hackers claiming to belong to hacktivist group Anonymous have defaced the website of the human rights commission in Victoria, Australia, with a message support-ing a social networking service. n
Alexa comes home to offer voice assistanceThe Echo Dot is Amazon’s £49 entry into the world of voice assistance for the home. It provides a gateway to Alexa, Amazon’s voice assistant. It has a tiny built-in speaker and microphone and offers Bluetooth audio connectivity.
❯ London hospital signs Atos deal in digital transformation.
❯ UK youngsters unwittingly exposing private data.
❯ Robots replace staff at Japanese insurance firm.
❯ Aramex optimises branch office connectivity.
❯Catch up with the latest IT news online
AM
AZO
N
computerweekly.com 10-16 January 2017 4
Home
News
IT Priorities 2017: find out what IT leaders will be investing in this year
HSBC combines AWS with agile thinking to tap into demand for mobile banking
BBC schedules tailor-made content to meet the needs of digital consumers
Editor’s comment
Buyer’s guide to internet of things security
Data protection after Brexit
Testing times for disaster recovery systems
Downtime
What’s on the tech to-do list in 2017?Computer Weekly discovers what CIOs and senior IT decision makers will be investing in this year. Cliff Saran reports
Budgets for staff and on-premise servers are falling as UK CIOs focus on cloud computing, according to the Computer Weekly/TechTarget IT Priorities 2017 survey.
Most of the 353 UK IT decision makers surveyed said their IT budgets would remain the same. Only 17% said their budget would increase by more than 10%, 16% said their budget would increase by 5-10%, and 9% said their budget would decrease.
The survey found that most of the budget increases would be invested in cloud services (43%), software (43%) and disas-ter recovery (30%). One-fifth of respondents said they would be investing in on-premise servers, and 15% said they would be boosting on-premise storage. Surprisingly, 15% said they would be increasing their maintenance budget.
Big data analytics topped the new projects list for 2017, with 30% of CIOs citing this as their main IT initiative for 2017.
But customer relationship management (CRM) received the most responses when CIOs were asked which business applica-tions were likely to be implemented or upgraded in 2017. Some 80% said CRM was the business application they would be focusing on. The next most popular upgrade was shared between enterprise resource planning (ERP) and customer experience management, both with 48%.
ANALYSIS
PEO
PLEI
MA
GES
/IST
OC
K
computerweekly.com 10-16 January 2017 5
Home
News
IT Priorities 2017: find out what IT leaders will be investing in this year
HSBC combines AWS with agile thinking to tap into demand for mobile banking
BBC schedules tailor-made content to meet the needs of digital consumers
Editor’s comment
Buyer’s guide to internet of things security
Data protection after Brexit
Testing times for disaster recovery systems
Downtime
Given that Oracle is pushing out its Fusion cloud-based ERP suite and SAP is focusing on S/4 Hana, many existing customers may be contemplating the upgrade offers these major suppliers have available.
Windows upgradeLooking at the desktop, it appears that 2017 will be the year when IT departments roll out Windows 10. The Microsoft oper-ating system has been out for almost 18 months, and until July 2016 consumers could upgrade for free, and many chose to do so. Enterprises with a Microsoft enterprise agreement could also upgrade as part of their subscription.
In the past, many IT departments waited up to two years for a new operating system to stabilise before deploying it across their organisation. By now, CIOs are hoping Windows 10’s teething troubles are long gone.
Given the popularity of cloud computing, 27% of respondents said they would be implementing software as a service (SaaS) for some desktop applications, and 24% said they would implement some form of application as a service.
In many ways, Windows has become the legacy of desktop IT. It is not necessarily the operating system that is the problem. By all accounts, Windows 10 has been well received across the indus-try. The problem is legacy Windows applications that date back to the early 2000s, many of which are bespoke line-of-business applications, written for largely offline operations.
But CIOs are keen to migrate and, when asked about the online applications they would deploy in 2017, 42% said they would roll out enterprise business applications. Not surprisingly, the majority (60%) said they would deploy productivity apps such as Office 365, given Microsoft’s push to morph Office into a truly cross-platform application running on Android devices, Apple iPads, PCs and Macs.
Mobility and securityWhile Windows remains a priority, the survey showed that CIOs are planning for a highly heterogeneous user computing environment. One of the first steps is to provide ubiquitous file access, and the survey found that 46% of CIOs are looking at this, using enterprise file sync and sharing services.
Mobile access goes hand-in-hand with security, and the secu-rity initiative that drew the most responses was securing the endpoint, with 30% of respondents saying they would imple-ment it in 2017. The survey found that 27% of CIOs would be
ANALYSIS
Some 27% of CIoS plan to Implement mobIle endpoInt
SeCurIty In 2017, whICh ShowS they are preparIng for a hIghly
mobIle workforCe
computerweekly.com 10-16 January 2017 6
Home
News
IT Priorities 2017: find out what IT leaders will be investing in this year
HSBC combines AWS with agile thinking to tap into demand for mobile banking
BBC schedules tailor-made content to meet the needs of digital consumers
Editor’s comment
Buyer’s guide to internet of things security
Data protection after Brexit
Testing times for disaster recovery systems
Downtime
implementing mobile endpoint security, which shows they are preparing for a highly mobile workforce.
Hybrid cloudsLooking at datacentre initiatives, 32% of CIOs said hybrid cloud would be their top area of investment. Systems management came second, with responses from 31% of CIOs. Automated system provisioning and configuration took third spot, with 27%
of respondents saying this would be one area of the datacentre they would be investing in over the course of 2017.
The survey also highlighted the importance of IT automation, with 23% of respondents saying they would invest in automa-tion in 2017.
The results reflect the fact that major suppliers such as HPE and Microsoft are pushing hybrid cloud infrastructure, which needs to work alongside public clouds such as Azure and AWS.
ANALYSIS
PEO
PLEI
MA
GES
/IST
OC
K
computerweekly.com 10-16 January 2017 7
Home
News
IT Priorities 2017: find out what IT leaders will be investing in this year
HSBC combines AWS with agile thinking to tap into demand for mobile banking
BBC schedules tailor-made content to meet the needs of digital consumers
Editor’s comment
Buyer’s guide to internet of things security
Data protection after Brexit
Testing times for disaster recovery systems
Downtime
The figures for automation and systems management show that CIOs are concerned that they need to simplify datacentre management. DevOps, which offers the potential for developers to provision datacentre resources programmatically, seems to be gaining traction.
Because less investment is going into on-premise datacentre IT and there is a greater focus on hybrid clouds, it would seem CIOs are not looking to replicate AWS internally. Instead, the emphasis on automation and management shows CIOs are looking to take best practices from the public cloud providers to reduce the manpower needed to operate their organisations’ datacentre infrastructure.
The relatively low numbers for software-defined networking (12%) and network function virtualisation (10%) illustrate that IT decision makers still regard these as quite immature technolo-gies. What is odd, however, is that 28% of those surveyed said they would implement virtual private networks in 2017. Given the popularity of cloud initiatives and SaaS, from a networking perspective, the hardened network perimeter remains a popular approach – at least for this year.
Software and digitisationLooking at software development, 38% of respondents said they would be implementing agile development methods. This is encouraging, showing that CIOs recognise the need for IT to work more fluidly with the business. Software development initiatives that stood out in the survey were cloud application development (27%) and application programming interfaces (APIs) (24%).
At the Gartner Symposium in November 2016, the analyst firm discussed the importance of CIOs considering building a digital platform to support digitisation initiatives.
Such a platform provides a means for business partners to add to the company’s digital initiatives, and add some value. It is the essence of Uber’s business model.
APIs offer organisations the opportunity to add value to some-one else’s business process. Transport for London, for instance, allows mobile app developers to add value to its core services through open APIs.
The fact that almost a quarter of the IT leaders surveyed said they would implement API initiatives in 2017 indicates the spread of digitisation across industries. The extent of cloud application development mentioned by the CIOs shows that IT is taking the “cloud-first” approach to software development very seriously. n
an emphaSIS on automatIon and management ShowS CIoS are
lookIng to take beSt praCtICeS from publIC Cloud provIderS to
reduCe the manpower needed to operate theIr own dataCentreS
ANALYSIS
❯More findings from the Computer Weekly/TechTarget IT Priorities 2017 survey
computerweekly.com 10-16 January 2017 8
Home
News
IT Priorities 2017: find out what IT leaders will be investing in this year
HSBC combines AWS with agile thinking to tap into demand for mobile banking
BBC schedules tailor-made content to meet the needs of digital consumers
Editor’s comment
Buyer’s guide to internet of things security
Data protection after Brexit
Testing times for disaster recovery systems
Downtime
HSBC combines AWS with agile thinking to tap into demand for mobile bankingThe banking giant tells Caroline Donnelly how cloud and DevOps adoption is helping it adapt to new consumer habits
The banking sector’s major players know only too well the importance of ensuring they are primed and ready to respond to new competitive threats and changing cus-
tomer habits.With new challenger banks entering the market and looking
to disrupt the status quo, and customers becoming increasingly comfortable with using the internet and mobile devices to man-age their money, doing things the way you always have is no longer an option for the big banks.
And it is this realisation that is spurring Barclays, Lloyds, Santander and others to invest in technologies and services that reflect how their customers want to do business with them in 2016.
HSBC is no different and is in the midst of a mobile-first digi-tal transformation push, underpinned by the use of cloud tech-nologies and DevOps, to ensure it has all bases covered when it comes to catering for the changing needs and expectations of its customers around the world.
“There are many angles to our digital transformation, but the one that is front and centre for me is addressing customer
demand and expectations,” Marco Pera, HSBC’s global head of platform management, told Computer Weekly at the recent AWS Enterprise Summit in London.
Banking services through digital channels“Customers are used to knowing in real time what is happening in the world and they are always connected. We need to make sure we offer banking services through digital channels, so peo-ple can choose how they want to interact with us,” he added.
And those preferences can change rapidly as new banking ser-vices come to market, said Pera. He cited the speed at which consumers have adapted to contactless and mobile payment platforms, with many opting to use these rather than cash and branch-based services.
“People like using mobile as a vehicle to stay on top of their finances and this is why it is such an important part of our strat-egy,” he said.
“But you will have some customers who still value going into the branch, others who want to speak to a relationship manager
ANALYSIS
computerweekly.com 10-16 January 2017 9
Home
News
IT Priorities 2017: find out what IT leaders will be investing in this year
HSBC combines AWS with agile thinking to tap into demand for mobile banking
BBC schedules tailor-made content to meet the needs of digital consumers
Editor’s comment
Buyer’s guide to internet of things security
Data protection after Brexit
Testing times for disaster recovery systems
Downtime
and others who want to do everything through the internet and mobile. As an organisation, we need to cater to all of those needs.”
A change in cultureThis has already seen the organisation create HSBC Digital Solutions (HDS), whereby more than 2,000 people performing business or technology functions across the organisation are working together to develop new services and platforms.
In parallel with this, the company has created a series of cross-functional teams, paving the way for it to take a DevOps-style approach to developing new mobile applications and services in the AWS cloud.
“Some of our team members are people who have been in the technology department for a while, but we are also injecting new talent from other industries, so we can incorporate learnings from people who have gone through digital transformation in other sectors and bring that into our teams,” said Pera.
“It creates a diverse skillset where people who come from inside the bank understand how it works, as well as the expecta-tion of how its services operate with people, and take fresh ideas from other industries.”
HSBC is using AWS to house its mobile-focused development and testing activities, with a view to using it for production work-loads later down the line.
“We needed to help our cross-functional teams and devel-opers work in a way that is effective for them, and reduce the complexity they might have from living in an on-premise world,” said Pera.
ANALYSIS
SAK
LAKO
VA/I
STO
CK
computerweekly.com 10-16 January 2017 10
Home
News
IT Priorities 2017: find out what IT leaders will be investing in this year
HSBC combines AWS with agile thinking to tap into demand for mobile banking
BBC schedules tailor-made content to meet the needs of digital consumers
Editor’s comment
Buyer’s guide to internet of things security
Data protection after Brexit
Testing times for disaster recovery systems
Downtime
“And that means giving them access and availability to the latest tools that are required to create good services.”
The move to adopt cloud and agile methodologies had to go hand-in-hand for this reason, he said. “Once you form the teams, their demand for these tools goes up because they begin asking for the technologies they need to do their jobs properly.”
Early agile adoptionThe company’s cloud and DevOps push is still in its infancy, but Pera said there was a willingness at all levels of HSBC to see its agile ambitions come to fruition to support its wider mobile platform plans.
“A lot of the senior people around digital already work and think in that way, and I’ve rarely seen large programmes be more effective than an initiative run in an agile way,” he said.
“The teams they look after always want this because working in a waterfall way is constraining and hard. It is also difficult to manage those kinds of programmes and get visibility of what is going on.”
The financial services industry is often given as an example of a sector that has been slow to adopt cloud because of regu-latory and security concerns, but Pera said AWS’s approach to access control was one of the major reasons why HSBC chose it over its competitors.
“We can have environments that are totally dedicated to us and refine the control and access that people have on it,” he said. “We can also monitor and scale effectively, which are all
things that are necessary for us to have a secure, manageable set of technologies.
“It also provides a wide portfolio of applications and services within its ecosystem,” said Pera.
“Once we have gone to the effort of securing it, learning how to use it and managing it, the tools we can use are quite vast and varied, which is attractive.”
With its cloud and DevOps plans in place, the industry will see the development of the bank’s mobile ecosystem continue at great speed.
Personalised servicesAnother key priority for the company is to personalise its services for customers and ensure it can respond in real time to any issues they may encounter with the help of big data analytics.
This might include pre-emptive action when a customer is in danger of missing a credit card payment and getting stung by a late payment fee, for example, or reminding them about an appointment they might have in branch to discuss a new mortgage deal.
“We want to move away from a one-size-fits-all experience and become more relevant, personal and timely with the messaging and communication we have with our customers,” said Pera.
“Data is the heartbeat of our business, and if you make the data subservient to the customer experience, it can really help them have the best experience they can.” n
ANALYSIS
computerweekly.com 10-16 January 2017 11
Home
News
IT Priorities 2017: find out what IT leaders will be investing in this year
HSBC combines AWS with agile thinking to tap into demand for mobile banking
BBC schedules tailor-made content to meet the needs of digital consumers
Editor’s comment
Buyer’s guide to internet of things security
Data protection after Brexit
Testing times for disaster recovery systems
Downtime
BBC schedules custom-built content to meet the needs of the digital consumerJon Page, head of operations for BBC Research and Development, tells Clare McDonald how the broadcaster is adapting to new audiences as people change the way they consume media content
Technology has disrupted the way every industry has had to deal with customer interaction, and the news and media sector is no different.
Companies that provide consumers with content are having to adapt to the expectations of readers, viewers and listeners for short-form and long-form content, tailored to them, and delivered through their preferred platform.
Jon Page, head of operations for BBC Research and Development (R&D), says that five years ago the BBC began looking into how content would need to change to address the digital consumer.
Tech-driven changesHe says the corporation identified three upcoming technology-driven changes that could be destructive: the internet, greater use of data, and how content is consumed.
“As consumers, it is very easy to see how that is impacting our world and what we are doing, but all of these things are leaking into how the BBC gets things to people and leaking into how we
INTERVIEW
Jon Page: “Digital just enables you to do more”
BBC
computerweekly.com 10-16 January 2017 12
Home
News
IT Priorities 2017: find out what IT leaders will be investing in this year
HSBC combines AWS with agile thinking to tap into demand for mobile banking
BBC schedules tailor-made content to meet the needs of digital consumers
Editor’s comment
Buyer’s guide to internet of things security
Data protection after Brexit
Testing times for disaster recovery systems
Downtime
make things,” says Page. “The R&D response was to say let’s embrace that, so if this is happening, what can we do, how can we use this to enable us to deliver a new broadcasting system?”
Jumping in at the deep end, Page describes some ways in which people may interact with content from the BBC in the future.
His examples include a home setting where a child uses a BBC-supplied content resource to do their homework, using virtual reality glasses to stream video from a festival to a consumer’s back garden, and a family using smartphones to upload content feeding into the BBC’s wider coverage of a subject area.
Page says the point of these examples is to demonstrate that media will have to move towards non-linear content delivery and involve the user in the production and consumption experience.
Users will be able to choose how long they want content to be, what topics to explore, and even contribute to content via social channels to ensure it is fully dynamic and adapted to suit them.
“Rather than thinking about content as a linear thing that you craft, content can become an environment in which the audience can go and explore,” says Page.
“You start to deliver more, and deliver different things as well as traditional linear content. It enables you to make things a lot more immersive. It enables you to bring your audience a lot more into the content, so they can explore it.”
To ensure content is deliverable in a non-linear fashion, it needs to be produced in the form of objects rather than huge single files, he says, and combining this with social media will extend the brand experience beyond the home and the television set.
Page believes that the younger generation are “not simple con-sumers” and that the increasing use of the internet and smart devices means people are more demanding about how they consume content.
Social media interactionSocial media interaction will be a huge part of future content consumption. Page believes it will become “part of the experi-ence”, similar to how the broadcaster’s digital-only channel, BBC Three, utilises social media platforms such as Snapchat and Facebook to reach its target audience.
To deliver content in the way people want it, BBC R&D is work-ing on a concept called IP Studio – a new take on the broadcasting studio that will act as networking infrastructure for broadcasters to make and deliver broadcast content over IP networks.
Page says that instead of hard-wiring a network, all equipment for content capture – such as cameras, microphones and mixers
INTERVIEW
“rather than thInkIng about Content aS a lInear thIng that you Craft, Content Can beCome
an envIronment In whICh the audIenCe Can go and explore”
Jon Page, BBC R&D
computerweekly.com 10-16 January 2017 13
Home
News
IT Priorities 2017: find out what IT leaders will be investing in this year
HSBC combines AWS with agile thinking to tap into demand for mobile banking
BBC schedules tailor-made content to meet the needs of digital consumers
Editor’s comment
Buyer’s guide to internet of things security
Data protection after Brexit
Testing times for disaster recovery systems
Downtime
– will appear as discoverable devices that can be configured by the IP Studio over the internet. “Instead of being huge lumps of hardware that you own and control, they are becoming bits of software, connected on the bog-standard internet that enables you to produce content,” says Page.
“What has been a specialist intensive environment is effectively a web service, run in the cloud. So this is a media in the cloud, and broadcast turns into an internet of things.”
Rather than producing a cut-and-dried single file for a piece of content, each piece of content produced – video, audio, metadata, scripts – will be left as objects and given a time stamp and unique identifier. Objects can be reassembled in any form or length depending on how users want content delivered to them.
Lots of content that was previously left “on the cutting room floor” could be used, depending on what consumers want to watch and how they want to consume it. There would be no need to create more than one version of content.
Snacking user“We make it once, but we hold it in such a way that it can be used in many different ways, so then it’s relevant to far more people,” says Page. “For example, it’s relevant to the snacking user – say, during the commute – in the way that a lot of people are consuming a lot of media.”
As a proof of concept for leaving content as objects to be reas-sembled as required, the BBC experimented with IP Studio con-cepts during the 2014 Commonwealth Games in Glasgow, leav-ing output as objects until it reached the TV screen.
“We have proved we can make it work, and what we’ve been doing in the last two years is playing with it,” says Page. “If now we’re starting to gather these objects, let’s start to demonstrate what we can really do.”
Using these processes, content such as a drama or a weather forecast can be produced once and adapted for each user. For example, rather than having an additional sign language layer for those who are hard of hearing, the main presenter could be replaced with someone using sign language.
Dramas could be adapted for pre- or post-watershed viewing, depending on particular households rather than the time of air-ing, or the colour of a scene could be adapted depending on the visual ability of an audience. Also, spaces in programming caused by regional differences could be filled with relevant content.
Page says: “In a linear world, you have one file, but if you under-stand your audience, you can change the content to respond to what people are doing.”
He insists this does not signal a move away from traditional TV viewing, but is about developing the relationship with audiences
“thIS IS a medIa In the Cloud, and broadCaSt turnS Into
an Internet of thIngS”Jon Page, BBC R&D
INTERVIEW
❯The BBC’s Toby Mildon talks about diversity awareness and inclusion practices
computerweekly.com 10-16 January 2017 14
Home
News
IT Priorities 2017: find out what IT leaders will be investing in this year
HSBC combines AWS with agile thinking to tap into demand for mobile banking
BBC schedules tailor-made content to meet the needs of digital consumers
Editor’s comment
Buyer’s guide to internet of things security
Data protection after Brexit
Testing times for disaster recovery systems
Downtime
in a new way. “Theatre persists even though radio happened, radio persists even though television happened, and television will per-sist through the next wave,” says Page. “Digital just enables you to do more.”
The release of the BBC+ app marks the start of a change for the broadcaster, developing its capabilities for getting to know its audience better. “The first step is we are getting to know our audi-ences as people a lot better, therefore we’re better able to con-nect things to them,” says Page.
“The greater depth of understanding you have of an individual’s journey both within a show and their media experience over time, the more compelling media experience you can give them.”
Smartphones will play a huge part in how the BBC does this, as phones are already collecting data about how people use them, and it is only a matter of time before they then adapt their behav-iour to react to a user’s habits.
Page says the natural progression of content will involve social interaction, making people co-creators of content by collecting user-generated content through social media and adding it to the pool of materials in the IP Studio.
By focusing on data and virtual reality, Page believes the festival season will be a good time to test how to crowdsource content from users. In the future, virtual reality could be used to give those not attending a festival a taste of the event from home.
Because this new way of developing and sharing content does not necessarily require expert equipment, there is more capabil-ity to expand coverage of festivals, sports events or news events.
Co-creation environmentBy creating a content platform for broadcasting any appro-priately tagged content, the BBC will enable a “co-creation” environment for media creators, who will be able to act as just another content input.
“Why shouldn’t every festival have coverage?” says Page. “Why shouldn’t any sports event have coverage of things that are going on around the stadium?
“These things can, and will, democratise the creation and shar-ing of media. This will enable a lot more people to play a role in these things.”
The BBC has already started its journey to develop these capa-bilities in the future by pinpointing what it wants the future of its content to look like. It has begun to implement the backbone of its strategy in readiness to transform its content delivery in the years to come. n
“the greater depth of underStandIng you have of an IndIvIdual’S journey, the more CompellIng a medIa experIenCe
you Can gIve them”Jon Page, BBC R&D
INTERVIEW
computerweekly.com 10-16 January 2017 15
Home
News
IT Priorities 2017: find out what IT leaders will be investing in this year
HSBC combines AWS with agile thinking to tap into demand for mobile banking
BBC schedules tailor-made content to meet the needs of digital consumers
Editor’s comment
Buyer’s guide to internet of things security
Data protection after Brexit
Testing times for disaster recovery systems
Downtime
Computer Weekly, 2nd Floor, 3-4a Little Portland Street, London W1W 7JB
General enquiries 020 7186 1400
Editor in chief: Bryan Glick 020 7186 1424 | [email protected]
Managing editor (technology): Cliff Saran 020 7186 1421 | [email protected]
Head of premium content: Bill Goodwin 020 7186 1418 | [email protected]
Services editor: Karl Flinders 020 7186 1423 | [email protected]
Security editor: Warwick Ashford 020 7186 1419 | [email protected]
Networking editor: Alex Scroxton 020 7186 1413 | [email protected]
Management editor: Lis Evenstad 020 7186 1425 | [email protected]
Datacentre editor: Caroline Donnelly 020 7186 1411 | [email protected]
Storage editor: Antony Adshead 07779 038528 | [email protected]
Business applications editor: Brian McKenna 020 7186 1414 | [email protected]
Business editor: Clare McDonald 020 7186 1426 | [email protected]
Production editor: Claire Cormack 020 7186 1417 | [email protected]
Senior sub-editor: Bob Wells 020 7186 1420 | [email protected]
Sub-editor: Jaime Lee Daniels 020 7186 1417 | [email protected]
Sub-editor: Ryan Priest 020 7186 1420 | [email protected]
Sales director: Brent Boswell 07584 311889 | [email protected]
Group events manager: Tom Walker 0207 186 1430 | [email protected]
Could it be time for CIOs to break free?
Anew year brings new challenges, but the CIO faces the same issue every year – to drive the business’s technology agenda while doing more with less overall budget. Computer Weekly’s annual IT Priorities survey found that while budgets for staff and on-premise servers are falling, IT decision makers are planning to spend more on cloud services.
That should not come as a surprise given that cloud services are well and truly coming of age. In September 2016, the Ministry of Defence became the first tenant in Microsoft’s UK-based Azure datacentre, and in December, AWS’s UK datacentre came online. But 32% of the CIOs who took part in the IT Priorities survey said hybrid cloud would be their top area of investment this year.
In one way, this makes perfect sense: hybrid gives IT departments the flexibility to choose which workloads to deploy in the public cloud and which to keep on-premise. The challenge for CIOs is that, given a choice, business stakeholders may not feel the urge to move anything to the cloud, especially given current economic uncertainty. In the survey, 28% of respondents said they would implement virtual private networks in 2017.
But in this age of user empowerment, flexible working, cross-organisational collaboration and IT consumerisation, the idea that IT still sees a need for a hard network perimeter, with highly controlled access, seems at odds with modern working practices. Similarly, you could argue that a hybrid cloud, where most workloads remain on-premise, does not reflect modern IT.
It is a similar story with legacy applications. The IT Priorities survey found that 15% of IT decision makers expect to increase their main-tenance budget in 2017. There is nothing wrong with spending more on something that continues to add business value, but how many CIOs are faced with demands for higher and higher maintenance bills from their legacy software providers?
Given that a small but significant proportion of IT decision makers are thinking about investing in cutting-edge initiatives such as the internet of things and machine learning, which are normally beyond the remit of corporate IT, perhaps 2017 should be the year the CIO breaks free of the chains imposed by traditional IT. n
Cliff Saran, managing editor (technology)
❯Read the latest Computer Weekly blogs
EDITOR’S COMMENTHOME
the Idea that It StIll SeeS a need for a hard network
perImeter SeemS at oddS wIth modern workIng praCtICeS
computerweekly.com 10-16 January 2017 16
When the technology you deploy can be hacked to kill, you’d better be sure it’s secure. For several years, cyber security experts have been trying to highlight the growing level of threat presented by
the proliferation of all manner of internet-connected devices. Far from easing our lives, they warn, if we’re not careful, the internet of things (IoT) could end them.
Cesare Garlati, chief security strategist for the prpl Foundation, an open source consortium working on next-generation datacen-tre software and architectures, says: “Most of these IoT devices are connected to, or directly control, physical objects – an eleva-tor or heating system, for example. Therefore a breach doesn’t just represent a traditional loss of data with resulting fines, but a physical attack that might involve human casualties or fatalities.”
Potential to wreak havocFrom smart thermostats to connected cameras, medical implants to industrial controllers, a succession of devices has been shown to be hackable, many with the potential to wreak economic, domestic and physical havoc (see box, p18). And there are plenty of miscreants eager to gain such power over our lives, businesses and economy – criminals hoping to hold us to ransom for financial gain, cyber terrorists bent on causing mayhem and state actors engaged in clandestine cyber warfare.
Derek McAuley, professor of digital economy at the University of Nottingham and director of the Horizon Research Institute, says the threats are not exaggerated. “The danger to life is sig-nificant, which is why the security services at home and abroad
Secure IoT before it kills usExperts say more must be done to mitigate the potentially catastrophic
threats presented by connected devices, writes Jim Mortleman
BUYER’S GUIDE TO INTERNET OF THINGS SECURITY | PART 1 OF 3
HOME
GIR
AFC
HIK
/FO
TOLI
A
computerweekly.com 10-16 January 2017 17
Home
News
IT Priorities 2017: find out what IT leaders will be investing in this year
HSBC combines AWS with agile thinking to tap into demand for mobile banking
BBC schedules tailor-made content to meet the needs of digital consumers
Editor’s comment
Buyer’s guide to internet of things security
Data protection after Brexit
Testing times for disaster recovery systems
Downtime
are putting so much focus on cyber defence at the moment,” he says. “As the technology is more widely deployed, cyber attacks could take out sig-nificant chunks of the economy. We used to think in terms of defending power plants, power lines and so on, but actually if hackers take control of all the smart meters within a 100-mile radius of Cambridge, for instance, it could cause as much damage as bombing a power station.“
Yet the researchers’ warnings have not stopped a growing number of organisations from ploughing on with the IoT without effectively mitigating the risks. With promises of dramatic cost and energy savings, industrial and domestic automation, smarter cities and better health and safety, the economic and social incen-tives for deployment often trump security considerations.
Deep security implicationsJohn Walker, a cyber security researcher and consultant who has worked with a diverse range of commercial and public sector organisations, including national and international law enforce-ment agencies, says: “We’ve rushed ahead and embraced the technology without considering the longer-term, deep security implications. Security people are often the last to find out what’s going on, when they really need to be involved from the start so that security can be embedded by design.
“Yet from what I’ve seen to date, there’s been little or no proper technical risk assessment to ensure devices, code, data and infrastructure are all sufficiently protected. As a result, insecure
systems and processes are now embedded in a number of large organisations.”
But Microsoft, which is committed to support-ing the secure implementation of IoT among its customers and partners, remains sanguine. Stuart Aston, its national security officer, says: “It’s really important not to over-dramatise the potential security risks, or people will dismiss IoT security as
too difficult to tackle. That’s not the case. The key is understand-ing the risks and putting in place appropriate mitigation.“
Microsoft has put together a checklist of IoT security best prac-tices (see box, p19). This highlights the different areas of secu-rity that must be tackled by the various organisations involved throughout the lifecycle of an IoT system: manufacturing and integration, software development, deployment and operations.
No universal standardThe problem for customers is that it’s currently difficult to ascertain whether all the hardware, software and service part-ners you select are doing what’s required to maintain effective security. While bodies such as the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) are doing a lot of work in this area, there is still no universal, certifiable standard for IoT security. “Standards are in progress but the short answer is that if you’re implementing this today, you need to do due diligence,” says Aston.
Mike Ahmadi, global director of critical systems security at Synopsys, says: “It is critically important for anyone deploying IoT
BUYER’S GUIDE
❯While users need to be responsible in the online world,
security fatigue is real, and manufacturers/providers must
take responsibility.
computerweekly.com 10-16 January 2017 18
Home
News
IT Priorities 2017: find out what IT leaders will be investing in this year
HSBC combines AWS with agile thinking to tap into demand for mobile banking
BBC schedules tailor-made content to meet the needs of digital consumers
Editor’s comment
Buyer’s guide to internet of things security
Data protection after Brexit
Testing times for disaster recovery systems
Downtime
devices in any environment to require the supply chain to pro-vide evidence of adherence to a well-written set of procurement guidelines that touch on specific, measurable criteria. Simply ask-ing for secure devices will not cut it.
“Users need to specify the evidence of such, and also check it internally. Don’t take the word of product suppliers. Verify and validate anything they tell you and stick to your guns. Make them provide evidence and move on to the next supplier if they will not.”
While Microsoft’s IoT security best practice guidelines repre-sent a high-level framework, cyber security experts say IT depart-ments must pay close attention to the technical detail. Nottingham University’s McAuley says systems should be designed so devices process as much data locally as possible. “Stop sending out raw data and think about app-specific processing on devices,” he says.
McAuley says organisations should adopt more secure network authentication using ID management systems such as Shibboleth
to guarantee that people and devices logging on are who or what they say they are, rather than relying on SSID and password.
Devices should also be effectively isolated on the network, with properly configured firewall rules and network segmentation. “My angle is that all devices can be hacked eventually, so even if they need to talk to the internet, they should only be able to talk to the one or two places they absolutely have to,” says McAuley.
He also says data should be encrypted when it is stored on serv-ers where it is not actually being processed. “Many organisations only encrypt data in transit, which is not sufficient,” he says.
The prpl Foundation’s Garlati adds: “Don’t use devices that involve a cloud component unless it’s 100% necessary.”
You should also avoid devices that ignore basic cyber hygiene, which applies to huge swathes of those currently being sold into the domestic market. “These days I’d be looking for all devices to require multi-factor authentication to change their configuration,
BUYER’S GUIDE
IoT hacks that hit the headlines
2010: Stuxnet (believed to have been created by Israeli intelli-gence) vibrates centrifuges in Iran nuclear plant.2011: Hacker takes wireless control of insulin pumps. 2014: Hackers commandeer hundreds of webcams and baby monitors.
2015: Researchers remotely take over and crash Cherokee jeep. 2015: Plane flight controls hacked via in-flight entertainment system. 2016: Smart thermostats hacked to host ransomware.
computerweekly.com 10-16 January 2017 19
Home
News
IT Priorities 2017: find out what IT leaders will be investing in this year
HSBC combines AWS with agile thinking to tap into demand for mobile banking
BBC schedules tailor-made content to meet the needs of digital consumers
Editor’s comment
Buyer’s guide to internet of things security
Data protection after Brexit
Testing times for disaster recovery systems
Downtime
for example” says McAuley. “In addition, no device should ship with a default username and password – you should be forced to set up secure credentials the first time you switch it on.”
And remember that while attacks on the IoT present a greater level of threat than those on traditional systems, many of the practices required to bring down the risks to a manageable level
are as old as the hills. As Microsoft’s Aston points out: “With each generation of smart things, we seem to have to relearn the les-sons of the past.
“A lot of IoT security best practice is no different from the best practice we’ve learned through securing PCs and mobile devices over the years. We just need to ensure it’s rigorously applied.” n
BUYER’S GUIDE
Microsoft’s IoT security essentials
IoT hardware manufacturers and integrators must:n Specify hardware to minimum requirements so a device is not
capable of doing more than it needs.n Ensure all hardware is tamper-proof, with no internal or exter-
nal USB ports, for instance. n Build equipment should be built around secure hardware such
as Trusted Platform Module (TPM).n Ensure there is a secure path for firmware upgrades.
IoT solution developers must:n Follow secure software development methodology. n Ensure any open-source software you choose has an active
community addressing any security issues that arise.n Integrate with care: check all interfaces of components for
security flaws, paying particular attentions to superfluous func-tionality that may be available via an API layer.
IoT solution deployers must:n Ensure all deployed hardware is tamper-proof - particularly
where left unsupervised or in public spaces.n Keep authentication keys safe after the deployment. Any com-
promised key can be used by a malicious device to masquerade as an existing device.
IoT solution operators must:n Keep the system up to date with the latest OSs and drivers.n Protect against malicious activity by securing device operating
systems with the latest anti-malware capabilities. n Audit the IoT infrastructure often for security-related issues.n Physically protect the infrastructure from malicious access.n Protect cloud authentication credentials by changing pass-
words frequently, and not logging on from public machines.Source: Microsoft
computerweekly.com 10-16 January 2017 20
Companies are harvesting an increasing amount of our personal data in exchange for free use of their digital services and applications. To ensure this data is man-aged responsibly, companies are required to comply
with data protection regulations, which are expected to include the European Union’s General Data Protection Regulation (GDPR). But this could all change when we leave the EU – so what does this mean for UK industry?
Personal data that is harvested by companies can range from names and dates of birth to our personal preferences and inter-net browsing habits. Because of the highly personal nature of this information, it can be a valuable commodity for an assortment of companies – marketing, insurance, and so on – as well as to criminal organisations. It is for this reason that data protection legislation must reflect our current online society to ensure that the information we share is maintained responsibly.
The UK’s current data protection legislation is the Data Protection Act 1998, which sought to bring British law into line with the EU’s 1995 Data Protection Directive. The Data Protection Act covers these areas:n The obtaining and processing of personal data.n The storage and protection of obtained personal data.One issue with the Data Protection Act is that since its inception in 1998, we have witnessed the proliferation of the internet, the advent of smartphones and foundations being laid for the internet of things, none of which was foreseen in the original legislation. “The act was made in 1995 and is way out of what it should be at the moment,” says Ran Berger, CEO of Flat Rock Technology.
What Brexit means for data protection
The UK played a key role in the formulation of new data protection laws for the EU, but how is the vote to leave likely to affect data
protection in the UK after Brexit? Peter Ray Allison reports
DATA PROTECTION
AK
IND
O/I
STO
CK
HOME
computerweekly.com 10-16 January 2017 21
Home
News
IT Priorities 2017: find out what IT leaders will be investing in this year
HSBC combines AWS with agile thinking to tap into demand for mobile banking
BBC schedules tailor-made content to meet the needs of digital consumers
Editor’s comment
Buyer’s guide to internet of things security
Data protection after Brexit
Testing times for disaster recovery systems
Downtime
The Data Protection Act is a lengthy piece of complex legisla-tion. It affects the ways companies conduct business, for example in how they determine who can be contacted for marketing pur-poses, which has led to permission-based marketing strategies.
To reflect the country’s current online habits, the UK’s data pro-tection regulation needs updating. This view is shared by the new information commissioner of the Information Commissioner’s Office, Elizabeth Denham, who is the independent UK regulator enforcing the laws that govern privacy.
“Both the ICO and the UK have pushed for reform of the EU law for several years,” wrote Denham in a recent blog post. “Growth in the digital economy requires public confidence in the protection of this information.”
Three categoriesIt is for this reason that the EU’s GDPR has been so welcomed by the business community.
The GDPR is intended to bring the data protection laws for all EU member states into the 21st century. As such, the GDPR can be broadly placed into three categories:n Return control of personal data back to the users.n Simplify the regulatory environment for data protection.n Appoint a data protection officer within companies where
data processing is performed.However, on 23 June 2016, 51.9% of the UK population voted to leave the EU. This means that when the UK leaves the EU, companies will no longer be obliged to follow EU laws and regu-lations, and will instead return to using UK laws. Despite the
recent High Court decision regarding how government must consult parliament before leaving the EU, the prime minister, Theresa May, has said she intends to trigger Article 50 of the Lisbon Treaty by the end of March 2017.
Based on this announcement, it is assumed that the UK will have left the EU by the summer of 2019 – but this estimate depends on the precise timetable agreed during the negotiations.
As Denham admitted in her first speech as information com-missioner: “The referendum result has thrown our data protection plans into a state of flux.”
The GDPR will become enforceable by law on 25 May 2018, when the UK will still be a member of the EU. This legislation will apply to all companies wishing to operate within the EU, wherever they operate from. So when we leave the EU, any UK companies that have part of their operations within the EU will have to con-tinue abiding by this regulation.
So, in terms of data protection regulation, what happens after we leave the EU? Is there a possibility that companies still wishing to conduct business within the EU face the dilemma of having to comply with two potentially contradictory pieces of data protection legislation?
No strategies revealedThis is unlikely, but the problem is that no data protection strat-egies have yet been revealed. “None of us really knows what is going to happen,” says Flat Rock’s Berger. His view is shared by Guy Marson, managing director of Profusion, who says: “It is almost impossible to predict at the moment.”
DATA PROTECTION
computerweekly.com 10-16 January 2017 22
Home
News
IT Priorities 2017: find out what IT leaders will be investing in this year
HSBC combines AWS with agile thinking to tap into demand for mobile banking
BBC schedules tailor-made content to meet the needs of digital consumers
Editor’s comment
Buyer’s guide to internet of things security
Data protection after Brexit
Testing times for disaster recovery systems
Downtime
So what will happen after Brexit? There are seen to be three possible scenarios:n The UK leaves the EU and reverts to the previous Data
Protection Act.n The UK leaves the EU and uses an entirely new data protec-
tion regulation.n The UK leaves the EU and uses a mirrored version of the
GDPR.The last option is the most likely scenario, because it is the most logical. “One can only assume and plan on the basis that whatever arrangement we have will be the same, or at least pre-dominantly similar, as we have an overlap of being in and then out of the EU,” says Marson.
“It would be prohibitively expensive and confusing for busi-nesses across the board to comply one way and then not comply in another.”
Denham said in her speech: “No matter what the future legal relationship between the UK and Europe, personal information will need to flow. In a global economy, we need consistency of law and standard – the GDPR is a strong law, and once we are out of Europe, we will still need to be deemed adequate or essentially equivalent.”
The recent publication of the UK Cyber Security Strategy references the GDPR. “The timing does present a number of particular challenges in terms of understanding the detail requirements, in terms of when they come in,” says Hugo
DATA PROTECTION
BEE-
IND
IVID
UA
L/IS
TOC
K
computerweekly.com 10-16 January 2017 23
Home
News
IT Priorities 2017: find out what IT leaders will be investing in this year
HSBC combines AWS with agile thinking to tap into demand for mobile banking
BBC schedules tailor-made content to meet the needs of digital consumers
Editor’s comment
Buyer’s guide to internet of things security
Data protection after Brexit
Testing times for disaster recovery systems
Downtime
Rosemont, crime and security policy adviser for the British Retail Consortium. “But I think the assumption is actually there, in terms that industry is preparing for implementation of this new legislation.”
Efficient communication and smooth transactions are two of the key elements in a successful economy, which is why many expect the future data protection regulation to be based on the GDPR, although there may be some minor variations. This reflects what Denham said in her speech: “We want to keep selling to other members of the EU freely and without any data protection issues.”
In preparation for Brexit, the government will enact the Great Repeal Bill, which will bring to an end the primacy of EU law in the UK. Under this process, the Great Repeal Bill will incorporate EU legislation into UK law, after which the government will decide which parts to keep, change or retain.
During the Great Repeal Bill enactment, the government is expected to seek to enshrine the GDPR into UK law, to ensure that communication and trade continues to be shared smoothly with the EU after we leave. “I don’t think Brexit should mean Brexit when it comes to standards of data protection,” Denham told BBC Radio 4’s PM programme.
Overall, the GDPR has been welcomed by UK industry. “I welcome the opportunity because it is good for everyone,” says
Berger. “It will create some standards, some compliances and potentially some governance.” But there will undoubtedly be some challenges in complying with the legislation.
Greater responsibilityThe GDPR requires companies to accept far greater respon-sibility for the protection of user data, which will be overseen internally by the appointment of a data protection officer.
“What will be very challenging will be around companies that pass on data for third parties,” says Marson. “If a customer asks
for that not to happen, there is requirement for [the company] to not only assist in doing that themselves, but to also pass that information on to those they pass the data on to.”
The more stringent regula-tions will mean greater costs for companies, which will fil-
ter down to the customer. “This will definitely impact on pric-ing, because there has be to better understanding of where data is and the ability to access it as well,” says Marson.
Companies should not be lulled into thinking that, because the UK voted to leave the EU, the GDPR will no longer apply. “I cannot believe the GDPR will no longer apply,” says Marson. “I cannot believe there is the will or the interest or any benefit to do anything other than that. I just cannot see the practicality of doing anything else.” n
DATA PROTECTION
“we want to keep SellIng to other memberS of the eu freely, wIthout
any data proteCtIon ISSueS”elizaBeth Denham, infoRmation CommissioneR’s offiCe
computerweekly.com 10-16 January 2017 24
Every organisation needs to have disaster recovery (DR) systems in place and to develop a strategy to test the backup process. There are four main items that need to be evaluated to ensure successful testing of DR systems.
These are:n Time: Evaluating the time since a test was last performed and
measuring the time to complete recovery, from a recovery time objective (RTO) perspective.
n Change: Testing after major changes occur in the infrastruc-ture, such as application upgrades or infrastructure (hyper-visor changes).
n Impact: What is the impact of running a test? Can a test be run without affecting the production environment?
n People: How do we consider the human factor from the per-spective of taking human error out of the recovery process?
In a virtual environment, the options for recovery can be divided into four main sections.
Array-based recoveryHardware-based replication provides a well-established pro-cess to implement a disaster recovery strategy. Virtual machine (VM) data is replicated between two arrays in synchronous or asynchronous mode, at the LUN or volume (file) level.
In a VMware environment, Site Recovery Manager (SRM) pro-vides the capability to manage the failover process and conduct automated failover testing.
Typically, SRM provides non-disruptive capabilities by using vol-ume snapshots taken from the remote (or target) storage array
Testing times for disaster recovery systems
Chris Evans looks at ways to test disaster recovery plans, including array-based replication and hypervisor-based approaches
DISASTER RECOVERY
MA
GLA
RA/F
OTO
LIA
HOME
computerweekly.com 10-16 January 2017 25
Home
News
IT Priorities 2017: find out what IT leaders will be investing in this year
HSBC combines AWS with agile thinking to tap into demand for mobile banking
BBC schedules tailor-made content to meet the needs of digital consumers
Editor’s comment
Buyer’s guide to internet of things security
Data protection after Brexit
Testing times for disaster recovery systems
Downtime
at the recovery site. These snapshots are used to instantiate copies of production virtual machines at the DR site.
SRM handles the creation of an isolated net-work to validate the application without affecting production. Alternatively, a dedicated test net-work can be created and used in the testing pro-cess. This provides more scope to create a realistic test environment.
Tools such as SRM can be used to test applications frequently, but there is a significant manual aspect to the testing, and resources (storage and hypervisor) need to be available at the disaster recovery site to complete the test process.
It is worth remembering that rep-lication covers all VMs on a single LUN. VMware only recently made replication of individual VMs possi-ble in vSphere 6.5 and what is being called VVOLs 2.0 (VASA 3.0).
At the time of writing, there appear to be no suppliers that offer hard-ware support for VVOLs replication other than Tintri, which implements this as a proprietary feature.
Hypervisor-based recoveryThe hypervisor can be used to implement disaster recovery through features such as changed-block tracking. This provides an application programming interface (API) that allows backup
product access and to copy changed data on a per-virtual machine level.
Veeam’s SureBackup feature in Veeam & Replication 9.0 provides the capability to recover a virtual machine into an isolated environment for testing purposes. The data is derived from stand-ard image-based backups.
The test process instantiates VMs directly from the virtual machine repository without needing additional storage and checks a range of metrics to ensure the virtual machine is valid. Once the test is complete, the VM is decommissioned and a success/fail report is sent to the backup administrator.
In Microsoft Hyper-V, failover testing can be performed directly using Hyper-V Replica. The Replica process maintains copies of pro-duction virtual machines into a sec-ondary location. The Test Failover option within the Replication menu (or through PowerShell) for an indi-vidual virtual machine causes the creation of a test VM at the recov-ery site, suitably appended with a
custom suffix to indicate the status as a test machine. Once cre-ated, the administrator can power up the VM and perform testing of the application, remembering to put the VM onto an isolated network (this is not done automatically).
Replica recovery testing only allows for one test instance per production virtual machine, so administrators have to ensure
DISASTER RECOVERY
❯Disaster recovery provision is worthless unless you test your plans. Computer Weekly looks
at disaster recovery testing in virtualised datacentres.
toolS SuCh aS Srm Can be uSed to teSt applICatIonS frequently,
but there IS a SIgnIfICant manual aSpeCt to the teStIng
computerweekly.com 10-16 January 2017 26
Home
News
IT Priorities 2017: find out what IT leaders will be investing in this year
HSBC combines AWS with agile thinking to tap into demand for mobile banking
BBC schedules tailor-made content to meet the needs of digital consumers
Editor’s comment
Buyer’s guide to internet of things security
Data protection after Brexit
Testing times for disaster recovery systems
Downtime
manual cleanup is performed. The availability of PowerShell for Hyper-V provides the option to fully script a disaster recovery testing process that can be run against individual virtual machines without having to execute a series of manual tasks.
VM/hypervisor systemsAnother system for taking backups through the hypervisor is to use a dedicated virtual machine to handle data traffic.
This is the product used by Zerto, which places a proxy virtual machine on primary and secondary VMware clusters and effec-tively acts as a splitter to the data traffic as it is read and written by the host. Write input/output (I/O) is replicated to the remote site or the public cloud, from where the application can be recov-ered from failure or tested for recovery.
The VM hypervisor system is also used by Datto, a data pro-tection company. In this instance, the data is protected on a local physical appliance and replicated to Datto’s backup cloud infrastructure, from where the application can be started to test or real recovery.
Druva, another data protection company, also provides the abil-ity to restore and recover into the public cloud. Druva’s technol-ogy is capable of injecting drivers into the virtual machine image, which enable the VM to be booted in an environment such as Amazon Web Services (AWS).
Replication into the public cloud is a powerful solution, both for disaster recovery and DR testing. Customers don’t need to retain hardware assets in a remote location and can simply pay for the time they operate in “DR mode”.
DISASTER RECOVERY
MA
GLA
RA/F
OTO
LIA
computerweekly.com 10-16 January 2017 27
Home
News
IT Priorities 2017: find out what IT leaders will be investing in this year
HSBC combines AWS with agile thinking to tap into demand for mobile banking
BBC schedules tailor-made content to meet the needs of digital consumers
Editor’s comment
Buyer’s guide to internet of things security
Data protection after Brexit
Testing times for disaster recovery systems
Downtime
From a testing perspective, the public cloud offers the capability to test on-demand, with costs associated only with the time for which resources are used.
Secondary storage systemsOver the past few years, a number of companies, includ-ing Rubrik, Cohesity and Actifio, have released products that address the need to manage copy data and backups.
These systems allow what is called “secondary data” to use backup images for other purposes, such as seeding test/dev envi-ronments and enterprise search and discovery.
These platforms can also be used for disaster recovery and testing DR by recovering virtual machines that run directly off the secondary stor-age platform. Currently, this has to be done as a manual process because no supplier currently offers automated recovery testing in their products. However, most offer API access to their platforms, so recov-ery testing could be developed as a scripted process.
The benefit of using a secondary platform is that the systems are built specifically to allow data recovery with minimal or no impact to the process of taking backups. This means testing across many virtual machines can be performed without worrying that produc-tion data protection is being affected.
Common requirementsWe can see from these system options that the implementation of disaster recovery testing has these specific requirements:n The ability to copy/replicate the virtual machine image to a
secondary location. This is typically part of the existing disas-ter recovery process.
n The ability to isolate the VM from the production network and run it on a network used for testing only.
n The ability to validate the status of the restored application. This will always need to be more than purely booting the virtual machine.
These features are table stakes in building a testing plan, but the ulti-mate system will be continuous disaster recovery testing capability.
Companies such as Continuity Software – which offers Availability Guard – give organisations the capability to automate the disaster recovery testing process and run testing on demand.
This becomes important as IT organisations move towards
DevOps methods of application deployment, where the applica-tion may be changed multiple times per day.
The integration of DR testing and DevOps processes is perhaps immature at the moment, but represents one area where suppli-ers can start to add value to their existing products. n
DISASTER RECOVERY
the benefIt of uSIng a SeCondary platform IS that the SyStemS are buIlt SpeCIfICally to allow data reCovery wIth mInImal ImpaCt to
the proCeSS of takIng baCkupS
computerweekly.com 10-16 January 2017 28
Home
News
IT Priorities 2017: find out what IT leaders will be investing in this year
HSBC combines AWS with agile thinking to tap into demand for mobile banking
BBC schedules tailor-made content to meet the needs of digital consumers
Editor’s comment
Buyer’s guide to internet of things security
Data protection after Brexit
Testing times for disaster recovery systems
Downtime
Connected hairbrush heralds new wave for IoTWhile combing through all the emails we received over the Christmas holidays, Downtime came across a hair-raising little item: L’Oréal-owned Kérastase is launching an inter-net of things (IoT)-enabled hairbrush at CES in Las Vegas. It is designed to minimise risk to your barnet from over-vig-orous brushing, which can cause breakage and split ends.
By incorporating IoT conductivity sensors, accelerometers, gyroscopes and load cells into the brush, Kérastase says it hopes to provide users with important information on the quality of their hair and brushing patterns. The data is fed over Wi-Fi or Bluetooth
to a dedicated mobile app. The designers claim that by tracking how people brush, and factoring in other
hair-relevant aspects such as humidity and wind, they can provide “valuable” data for users.Kérastase general manager Vincent Nida said his busi-
ness’s customers viewed their hair as an “intimate expres-sion” of their personal identity and so he was always look-
ing to “provide them with high-quality tools and technologies that make their hair as beautiful as possible”. If any Downtime reader would care to source us a review sam-
ple, we’d happily give it a go. Maybe it’ll really gel with us. n
DOWNTIME
❯Read more on the Downtime blog
L’ORÉ
AL