fride rice epa | information technology security

An Introduction to Axians

Compare the Cloud has been sitting down with cloud experts to find out more about their companies, industries, and thoughts on the longer term. Our latest interviewee has been David Millar, Services Director of Axians which may be a subsidiary of VINCI Energies.
VINCI Energies is active in numerous sectors working to enhance the lifestyle of individuals today, from energy and industry to transportation, buildings, and smart cities. Axians may be a global brand dedicated to information and communication technologies (ICT), bringing together the specialist IT solutions and services networks of VINCI Energies.
Axians supports its customers throughout the whole lifecycle of their ICT projects to assist them to achieve their goals and improve their performance.
Their ambition is to become a recognized leader during a global market with strong growth prospects, particularly in segments just like the cloud, big data, and mobility, in synergy with the opposite VINCI Energies brands and business lines. 

David Millar, Services Director, Axians UK

David is liable for the management and development of Axians’ services-led business within the UK, he has been with Axians for 11 years. His primary focus lies within the creation of differentiated value propositions for the company’s service provider and public sector clients, enabling them to leverage a competitive advantage. Previously he has been the director at The Sales Advisor LTD (2001 – 2005), and Enterprise Sales Director (2005 – 2009), and Business Development Director (2009 – 2012) of Imtech ICT before taking over the position of Services Director at Axians UK.

David, are you able to tell us about Axians as a company?

DM: Axians UK features a strong technical heritage that supported the mixing of networking, security, and data center solutions. We help customers operate a number of the foremost complex and challenging network environments today. I’d wish to think we’re doing an honest job as we currently support many Tier 1 Service Providers networks’ also as some innovative Tier 2’s and HE environments. for instance, we’re providing complementary skills and support for the Janet network, the UK’s national research and education network, provided by Jisc. we all know we'd like to stay pushing the boundaries on what's possible to assist our customers’ still innovate and develop their services.

What does one consider the Service Providers industry at present?

DM: The services industry is changing -faster now than I’ve ever seen! As consumers, we glance for our data to get on the device that we would like, once we want it and where we would like it, cut, sliced, and diced in a way that just works. virtual technology This presents an enormous challenge for service providers and better education institutions alike. To be ready to meet all their customers’ demands may be a tricky balance between infrastructure, accessibility, and security. And consumers are quick to think with their feet – if they're not happy, they're going to move elsewhere. In fact, reducing customer churn is one of the most important challenges we see faced by telco’s today.
we look for our data to get on the device that we would like, once we want it and where we would like it, cut, sliced, and diced in a way that just works
And in fact, the customer is usually right. There are not any excuses anymore for poor performance or a mediocre quality of service, because the technology is there, it works– it just needs harnessing and integrating within the right way. we all know at Axians UK that we'd like to evolve what we’re doing for our customers too. we've to seem at ways for us to retain customers by increasing our relevance, all the while ensuring we will still help meet their service delivery challenges.

What are Axians UK's main strengths?

DM: There are many things that I can point to here; our assets, both physical and other people, are an enormous part of it. the standard of our technology and of our staff is what stands us apart during this competitive industry. We are always working to exceed technical excellence. this is often why we’ve hung out training and building our technical and repair abilities.
What is important for our customers is that we are a secure pair of hands with the power to finish projects on-time, on-budget, and with minimal surprises.
Plus as a corporation, we have a grand specialization in strong human values and social ethics and a culture of qualitative relationships. We wish to consider ourselves as ‘the linking pin’ of the connected planet and although we operate in 15 countries and use 7,000 people we will act as little company, as we are an agile team – and our customers’ have the reassurance that we have the backing of an outsized parent company.
What does one think sets you apart during a competitive cloud marketplace?

DM: With newer technologies, we are helping to steer the charge with software-defined environments and therefore the virtualization of network functions. These kinds of technologies are beginning to shape the conversations we’re having with our customers. Our expertise is in helping customers find ways of providing services during a fast, advanced, predictive, and agile manner while lowering the value of doing so.
A big chunk of our success is the relationship that we’ve got with Juniper Networks. We’re one of a couple of partners within the UK with Partner Professional Services (PPS) and Partner Support Services (PSS). These accreditations keep partners like us before the technology curve. We are integrated, certified, and engrained within the portfolio of solutions that we deploy. Yet, it can’t just be about training. It can’t just be about technology. it's to be a few deep understanding of the market you play in, and therefore the key partners you’re working with.

Can you describe the perfect client for Axians UK services?

DM: Our ideal customer is anybody whose network is central, and core to their business. We tend to seem at our services as being applicable to any network. Any network, or any customers’ network, is a component of a life cycle, it's born, it evolves and eventually, it'll get replaced. We’ve needed to be ready to offer services across that entire life cycle. we glance at the reactive thanks to affecting support and therefore the proactive way of the way to help customers optimize the network they need in situ, also as preparing it for the stress of tomorrow. Support and professional services are two sides of an equivalent coin and that we are always looking to feature new services to satisfy customers’ new challenges head-on and convey more value. If you don’t evolve, you die – so we've to still evolve our services practice too.
Support and professional services are two sides of an equivalent coin
What would you say are the key things that are shaping the present progressions within the service provider market?
DM: Anything to try to to with automation and virtualization of functions, with having the ability to know networks better through analytics and within the securing of customer data – regardless of where it's present – are key things that are shaping the industry at the instant. Recent status security breaches have certainly moved the latter copy of the company agenda.

Where you see Axians UK heading within the future?

DM: I see us expanding visibility across Europe; showcasing our capabilities and expertise further to become a well-recognized brand. we've to remain before the curve for skills and specialisms, which is a component of our heritage and culture. it's how we are ready to sustain Juniper Elite partner status also as continue talks with customers who are looking to grow their market share and become more profitable. The network is their lifeblood – we'll still drive innovation during this area. it's an exciting time to be working during this industry as there's always something new on the horizon! Where’s the business opportunity to take a position in Cloud Orchestration?
There is currently an enormous void between a successful IT implementation and a valuable business outcome. From our observations, a system being online, and functioning as anticipated, often only makes up 20 percent of the result the corporate expects.
The remaining 80 percent is formed from system integration, configuration, and customization (40%) end-user experience, training, and support (30%), system lifecycle management (9%) – while cloud orchestration and subsequent automation is merely one percent.
Most customers don’t even believe orchestration being one among the foremost ‘Return On Investment (ROI) heavy elements of any IT system implementation – or as an accelerator to a successful business outcome. But, to businesses, an outcome shouldn’t just be flashing lights or a shiny web console – it’s much, much more.
There are three examples that highlight the importance and business benefits of cloud orchestration and automation:

1. Application lifecycle management

Orchestration and automation help to streamline application and user acceptance testing. The importance of automating the test process, alongside the building development of test environments, should never be underestimated. Once a working and tested environment is approved, cloud orchestration can help with the build process – helping both future tests and developments, and fixing any bug activity.
Orchestration and automation help to streamline application and user acceptance testing

2. Complex situations run like all other

It is vital to cloud users test and re-test unusual loads, attacks, losses, and disasters. One point one is in situ it becomes a minor task testing the system for the unthinkable and inevitable. Some situations are going to be positive, like an increased load, which is specifically a neighborhood were orchestrating a response then automating the actions is critical. However, business systems crashing during high workloads thanks to the success of the corporate, is unacceptable.
It’s also critical within the organization to be ready to test, in detail, how the business might be susceptible to attacks employing a mirror of the assembly system technology degrees. to make sure this doesn’t happen, companies must test availability strategies for losses and disaster, then compare the results to the delivery of that business outcome before anything fails.
Another contention between IT and therefore the business is HA DR investment, as it’s more often than not an estimation and may leave an organization crippled within the event of a failure. Before any event, test, and report on the facts – then modify and re-test as needed until there's an agreed, tested, and documented availability strategy in situ.

3. Orchestrate to your audience

Orchestrating the end-user functions means more consistent outcomes and better served customers – and may be done 24/7 with no extra cost. Understanding what’s hampering the end-users is additionally essential. End-users are both your customers and therefore the workforce delivering the business outcome. Most IT projects are designed to rework the workforce, so investing time and energy into understanding what meaning to them and the way one department differs from another is significant.
Most IT projects are designed to rework the workforce
This can be tons of labor but just think in terms of ROI or Return on Time. Orchestrating simple tasks, including service desk activities, like resetting passwords and unlocking accounts – unless they're in conflict with security orchestrations – makes things much easier for the end-user. Nevertheless, when orchestrating end-users’ functions ensure it’s used as a tool and not a substitute.
Orchestration, and subsequent automation, underpins 100 percent of the fashionable IT infrastructure – allowing organizations to seem forward instead of fire-fight various elements of a business. the top goal should be saving time which will be re-invested and used for research and developing, allowing an IT organization to require a real bimodal stance.

Could your IT infrastructure harm your business? Part II

In December we published, as you'll remember, Part I of this series “Could your IT infrastructure harm your business?” learning from where we left off, we’re getting to continue talking about data security.
Firstly, you would like to think about that there are three sorts of data, all requiring different levels of protection – non-personal data; personal data; and financial data. These also usher in the question of compliance – especially for financial data where FCA and PCI rules determine the amount and kinds of security that has got to be implemented. These rules dictate not only how data should be stored, but also certain aspects of physical compliance concerning your IT infrastructure. Failure to suits (and ensure continued compliance with!) such regulations may be a serious breach of company obligations and can end in fines, or worse, against the corporate and its Directors.
As is now documented, one of the key issues with the recent breach of IT security at Talk Talk was that the info wasn't all encrypted. Data must not only be encrypted to an appropriate level, but different types of knowledge need to be stored separately to supply a critical additional level of security such albeit one level of knowledge is breached, full personal and financial data is disclosed. Proper encryption and storage of knowledge (including separation of knowledge types) will reduce the risks of an event like the one at Talk Talk by an element of 100. Best practice security solutions will make sure that personal data is well protected, even when firewall and virus protection layers are breached.
Data must not only to be encrypted to an appropriate level, but different types of knowledge need to be stored separately
In the case of the US dating website, Ashley Madison, data was encrypted but best practices weren't fully implemented in other aspects of their security policy, concerning access rules and processes. The hack during this case was perpetrated with the assistance of details – clearly illustrating the necessity for clear security processes, implemented across the organization to avoid risks from internal agents. This leads to a discussion about processes, organizational considerations, and therefore the requirement for clear ownership of IT security.

Ownership and Responsibility

Given the very real dangers within the modern connected IT world and therefore the potential for loss of confidential customer data leading to significant damage to reputation and direct business, companies MUST have clear ownership, responsibility, and accountability for all aspects of IT security. there's a robust argument for the role of a Chief Data Officer, reporting to, or having an immediate role on the Board.
Organizations should also regularly review their processes, including those who have access to data and systems. you would possibly want to think about the utilization of external audit services as a part of the review process to make sure on-going compliance with best practice. Management review meetings typically review aspects of performance (and risk) employing a sort of “balanced scorecard” – watching the general position of the corporation against financial, staffing, and other metrics. We contend that IT security should be a selected additional scorecard element, reviewed as a part of the traditional company review processes and owner by a senior member of the company’s Board or Management Team.
What about the impact of external providers? Most companies employ some level of outsourced IT provision, either through the utilization of Cloud-based applications (e.g. Sage accounting or CRM systems provided through a “Software as a Service” SaaS solution) or through more wholesale use of external IT providers of Cloud Service providers.
In all such cases, these solutions involve holding your customers’ data outside your own physical environment. Of course, most reputable providers use highly secure and well-developed data centers that ought to provide better physical security than the choice of an in-house IT system in your own offices. albeit your own servers are in secure rooms, who has access to those locations, and may you be sure that physical security can't be breached?
So, external Cloud Service providers should provide secure services – but there are steps you would like to require to see that their processes are in compliance not only with best practices and external rules (FCA, PCI, etc.) but also together with your own security policies and processes. for instance, if using one among the “big brand” Cloud Service providers like AWS or Rackspace, you'll be tied to their contracts and embedded policies. You, therefore, got to remember those in sufficient detail to make sure that your end-to-end security solution is fit to purpose. there's also a separate issue of knowledge privacy. you sometimes don’t have control over where data could be held, with the danger that external agents like the United States government may need rights to access your data.
There are a variety of questions you ought to be asking your external Cloud Service provider, including:
What is your security policy and processes? An example of the extent of detail required is that if PCI data is held, this could get on a server during a physically locked cabinet, not just within a neighborhood covered by a general security lock.
If the provider is fairly new to the market, what rules do they follow and what's their diary, financial strength, and longevity?
Updates and maintenance. Does the architecture employ suits best practices as outlined during this article (e.g. dual-layer firewalls)?
Who do they use for infrastructure or specific elements of their own delivery? Many Cloud Service providers are partially or wholly “brokers” of services, using another provider for the particular infrastructure.


Recent cases highlight the necessity for a totally coordinated security policy covering physical, people, processes, IT security (protection from hacking), and encryption/data separation to guard against loss of knowledge if attacked.
Organizations need clear ownership and understanding of all of those aspects of IT security – albeit some elements of your IT solution are outsourced.information techno security Managed properly, the utilization of an external Cloud Service provider should significantly increase your own capability and overall IT security.