Interview with James Rees of Razor Thorn Security
CTC: James, tell us in touch about your background and about Razor Thorn Security?
I have been in information security and IT now for over 15 years, much of that point I even have been a consultant for various consulting companies, though every so often I even have worked for single companies directly. cloud computing technology
so far I even have worked in just about every sector out there at some point or another also has worked with many of the fortune 100 companies within the world.
Razor Thorn Security was born in 2007, I primarily within the youth used it for freelance work but it became a corporation in its title in 2010 and ever since it's been growing steadily into one among the simplest information security companies in Europe, both the blokes I employ also as myself are very pleased with what we've done.
The First Rule of Business; Protect your investment. — Etiquette of the Banker 1775
Today we offer a varied list of consultancy services to a variety of status clients; a number of cloud security organizations. altogether cases we are there to guard the companies most crucial assets and make sure that an organization can understand and react to threats to its wellbeing. the simplest thanks to describing what we neutralize in one sentence is the primary Rule of Business; Protect your investment, (Etiquette of the Banker 1775).
CTC: what's an Information security and why should we do it?
Information security is greatly misunderstood, many business people and quite a couple of IT people think that it's some sort of witchcraft to try to to with IT. altogether honesty you'll not be more wrong; my definition of data Security is thus:
the management and proactive planning for the protection of business-critical assets, be they logical, physical, or digital-based from risk and threats that would adversely affect those critical functions.
The other important thing to means, especially to those companies that provide some kind of service to either the general public or some sort of managed service is that customers will expect a minimum of a superb level of security from their providers. this is often something that you simply better get correct early because if you're doing not then you are opening up your organization to all or any sorts of threats to its brand, revenue streams, and its operation. Too many organizations only pay hypocrisy to the safety of their organization and people same companies usually at some point finish up getting burned badly for it, and lately, it’s commonly very publically done through the media.
CTC: Information Security, seems like a pleasant to possess IT thing doesn’t it?
IT is an outsized part of information security, but only because it's the singular asset in our modern business world that permits an organization to work efficiently and effectively. Information security when done correctly also covers an entire list of important aspects such as:
Governance and Compliance (PCI DSS, ISO27001, SOX, etc)
Process and procedure (Information security policies, etc)
Logical Security (Data Management, incident response, business development, etc)
Physical Security (CCTV, Access Control, etc)
IT Security (Antivirus, Firewalls, server/desktop, etc)
Business Continuity / Disaster recovery
Many of those have an excellent deal of IT involved in them but they're also extremely complex business considerations in each that also got to be considered. one among the items that inexperienced information security people get wrong is fixing overzealous technological and policy/procedural controls that hamper a business from operating efficiently and effectively. call center technology it's been an enormous problem and has led people to mistrust information security professionals thanks to bad experiences within the past.
At Razor Thorn Security we always check out adequate security supported by the business needs instead of the technology of the instant. The business should come first, but that's to not say however it cannot have good and effective security…
Our clients love the approach and that we have a variety of future and excellent relations built due to this.
CTC: What about compliance like ISO27001 / PCI DSS what's the hype about?
Compliance is currently the key to stepping into the main contracts as a service provider. Especially within the cloud arena, there are a couple of undertaking this at the instant and doing alright out of it but there's a good little bit of room for more.
In the current business markets with the cloud you'd be hard-pressed to urge the larger potential clients to check in to your service without having the ability to prove you're compliant to at least one or both of these compliance requirements, Companies looking to maneuver to the cloud are very concerned about the safety of their systems when moving to a 3rd party and that they want proof that your systems are as secure as possible before they're willing to agree. Too many service providers pay hypocrisy to information security or think it’s only restricted to the IT side of the business, the unfortunate truth that service providers tend to seek out is that once they are challenged to point out their levels of security they can’t, which suggests the potential customers commonly lose faith within the incontrovertible fact that service providers can supply them what they need.
PCI DSS is that the big boy here… Mark my words, there's an in-depth opportunity for companies that are accredited…
PCI DSS is that the big boy here, if you would like to urge into a market where your potential customers take card payments it's presumably this is often the world of their business they're going to want to maneuver to the cloud with due to the value of the overheads of maintaining the safety requirements. Mark my words, there's an in-depth opportunity for companies that are accredited and may prove it…
CTC: Tell us what your average day entails?
I have a really busy company but once I am not on a client site and within the office I usually get to figure at about 07:00 – 07:30 and spend the primary few quiet hours writing articles. I write tons, it’s my passion next to information security itself so combining the 2 is a superb use of my time. I even have done tons of labor on Cyberwarfare, Cybersecurity, compliance, etc. but I'm also developing papers on the appliance of data security in emerging technological fields like biotechnology, nanotechnology also as a variety of other future technologies as these are going to be a crucial a part of our lives within the next twenty years.
From 09:00 / 09:30 until 14:00 I tend to figure on clients, be it advisories for our consultants call at the sector who need some assistance or performing on client offerings. information technology degrees
I find I always work best between the morning and early afternoon when creating content.
In the afternoon between 14:00 and 18:00, I tend to require conference calls, ask existing and new clients about service offerings, etc. The afternoon is my favorite time for doing this.
IN the evenings I relax, spend time with my wife, and watch horror or/and sci fi films, also as getting regularly get savaged by my wife’s pet rabbit who hates me with a passion for a few rabbit reason…
CTC: what's your view on Cloud Computing and where does one see the marketplace heading?
This is a troublesome one, Cloud computing is that the most up-to-date paradigm shift within the application of technology within the business world and a really important change within the way that we've managed our technology in recent years.
More and more businesses are looking to save lots of on their costs and reduce overheads by shifting key infrastructure and services over to cloud models. within the next few years, we'll head down an identical direction to our American cousins, and tons of public and personal organizations will move to the cloud.
The company’s adoption of cloud technology will depend upon three key factors:
The only problem I see currently is that few European cloud vendors can convince prospective clients that they're both secure and reliable.
…few European cloud vendors can convince prospective clients that they're both secure and reliable.
Customers are rightfully being very careful in moving to the cloud, in effect they're putting all their faith during a technology delivered, maintained, and secured by a 3rd party, in order that they are going to be very cautious.
From the lecture, most of the key cloud players within the business I can see that realization from cloud suppliers that information security may be a key point has begun to occur, but in many cases, they're watching it from an IT perspective instead of a business perspective. This in my opinion must change fast if European cloud suppliers want to build up their sales.
There are tons of suppliers out there but only a few that take security seriously. In my opinion, if you would like an honest solid future business that will survive to be a key player within the cloud industry then you would like to start out understanding REAL information security, and you would like to try to do it quickly.
The one thing I can see immediately with 100% clarity is that at some point within the next year approximately one among the larger cloud vendors will have a catastrophic security event that will destroy their brand and reputation. it'll be a wake-up involve the survivors; the question is, however, who will it be?
CTC: an issue we always ask, what's your definition of Cloud Computing?
Argh, this is often something I hear people debating over an excellent deal. My definition of cloud computing is thus:
“Any Service(s) delivered to an entity from a collective computing resource over a network connection (including the internet)”
CTC: If you'll change one thing within the world, what wouldn't it be?
Develop both fusion and hydrogen fuel cells, we have got a rubbish energy system at the instant contingent a mineral slime. Interview with Steven Winstone-Adair of Interact Technology
CTC: Steve, tell us about yourself and Interact Technology?
SWA: Whilst traveling on my year call at Australasia and therefore the Far East, I found myself working for a few telecoms businesses. Upon returning to the united kingdom in ’96, it seemed natural to use my acquired skills and hop on the Telecoms boom bandwagon. I joined a freshly formed company called Margolis Communications. By 2000, I used to be appointed Sales Director and helped the corporate grow considerably within the normal voice market over the subsequent few years. In 2004, whilst sustaining growth within this sector we began to dabble within the up and coming video conferencing market.
In 2007, I made a decision to pursue my dream to start out up my very own business, Interact Technology. Using my skills and networks, I started up Interact Technology with the view that Telecoms, Video, and Data would soon all merge instead of being three different sectors. With this in mind, I laid the foundations of the business to hide each of those areas – with business unified communications being the most emphasis of the corporate.
Now in 2012 the convergence of voice, video, and data are complete, and since we laid the proper foundation at the outset it's put us in a very strong position to win new customers whilst servicing and growing our existing legacy customers.
CTC: In terms of supplying business-grade voice services to SMEs, to what extent are your new and existing customer base embracing VoIP and Cloud-based voice services?
SWA: we've three main service delivery methods which we will offer customers for voice services, that is:
On-site legacy equipment
Privately hosted equipment within a customer’s data center
Cloud-based and Hosted solutions on a per month per handset basis
Whilst many purchasers are happily ditching their ISDN lines in favor of SIP trunks, we've seen a growing number of latest and growing businesses moving to the pure cloud & hosted platform. this is often at its strongest within the small office (5-20 handset) market. Larger SME size businesses tend to entertain pure cloud and hosted telephony solutions, however, the bulk tends to remain with a legacy PBX or private & dedicated hosted service. The larger the corporate, the more gradual the move to the cloud and multi-tenant infrastructure tends to be.
CTC: What are the foremost advantages – or where can SMEs reap the most benefits – from moving far away from the normal digital PBX, ISDN phone lines, voicemail systems, etc?
SWA: there's a strong financial argument for businesses to review their arrangements and move to a hosted platform. Cost savings are often made immediately on the following:
Telephone lines: Moving towards SIP companies can immediately slash their line rental bills by a minimum of half
Telephone calls: SIP telephony offers more aggressive rates often saving up to 80% off current bills
Support: Support costs are almost eliminated using this model
So as a price justification alone, this becomes very easy against a replacement system sale although the Manufacturers are becoming knowing the threat of lost sales and are offering a variety of 0% finance packages over a hard and fast term, to advertise their models over a monthly period too.
CTC: Are there any things SMEs should be particularly careful about when switching to VoIP and Cloud-based Services?
SWA: it's an equivalent argument now that it had been a couple of years ago. Bandwidth.
Providing that you simply have ok bandwidth with high uploads and downloads, and with limited Jitter and latency, the decision quality should be just fine but like most IP services, could suffer from periods of poor quality or limited service. As long as you're upfront with the customer, and that they aren't totally reliant on voice then this is often a suitable risk/reward equation. If recommending a Legacy IP PBX, i might always recommend a (strong) cocktail of ISDN and SIP lines for extra resiliency!
CTC: In your opinion, what are the key things an SME should search for during a voice services provider?
SWA: We work on increasing the service to our customers, providing one bill for the complete range of services that we offer our customers. I might search for a corporation that's recommending an answer with resilience in mind which isn't just a PBX seller.
cTC: How does Interact Technology differentiate itself from the competition?
SWA: With our knowledge of voice, video, and data convergence, Interact can provide a singular insight into providing an all-encompassing service for our clients. Many telecom companies will partner up with other companies to supply this service – but this may be at a price to the client both financial and repair wise. At Interact we will provide the complete solution and offer one point of contact for all support matters and peace of mind.
With our head office being within the heart of the town, and our demonstration suite housing the newest Voice and Video solutions, we also are best placed to point out these solutions working in action without the necessity to visit the M4 corridor.
CTC: Are there any particular cloud-based or cloud-related technologies coming down the road which could bring some compelling benefits to SMEs?
SWA: With the convergence theme in mind, The new Microsoft Lync 2013 platform is certainly worth searching for. we've recently added these solutions to our portfolio, offering this functionality to smaller businesses at a sensible price with our new “one box” and cloud-hosted solutions. We expect this to be an enormous seller in 2013 although it won’t be for everybody.
CTC: Indeed I understand you’ll be telling us about Lync soon. Thanks for some time Steve – any closing thoughts or advice for people watching voice communications within the cloud?
SWA: As always manage your expectation. Whilst bandwidth is now becoming more and more stable and with the arrival of fiber-based broadband (FTTC) and other high bandwidth sorts of services, VoIP and Video-IP performance will only recover. we provide bespoke xDSL products that are fully managed so we will provide an end-to-end solution for fault diagnostics. this sort of managed service should be a part of your solution to make sure the highest service levels and accountability from your supplier.