A hybrid IT strategy is where neither 100% cloud nor 100% physical infrastructure is used. There is a mix of cloud services and in-house services being used within the IT environment. Hybrid IT strategy allows businesses to maintain a centralised approach whilst also utilising the benefits of cloud such as its’ scalability, performance and a generally reduced price.
Over the last 6 years, hybrid IT strategies have seen a growth in popularity. With recent surveys reporting that 67% have adopted a hybrid cloud. This rise can be attributed to three key forces:
A need to maintain control of data
The cost-effectiveness of cloud components (e.g. Software-as-a-Service, Storage-as-a-Service)
A desire to respond rapidly to changing business needs and priorities.
What are the benefits of a hybrid IT strategy?
A hybrid IT strategy allows businesses to maximise the benefits that both approaches offer: the control and easy access of an on-premise solution, with the convenience, scalability, cost and collaboration benefits of a cloud platform. It allows businesses to scale resources for each workload and choose the best application for the job. Furthermore, data can be stored where regulatory or security requirements dictate. For example, a law firm may choose to store their most sensitive data in a private cloud platform, rather than a public one.
One of the benefits of a hybrid approach is that it offers different levels of sophistication. For example, you can have deep integration between cloud and private/on-premise environments, or more simplistic, static connections designed to serve a functional need.
Another reason businesses are adopting a hybrid IT strategy is that it allows them to develop and test new applications in the cloud, before moving them back into the on-premise or private environment. This because you can rely on the cloud environment for fast, on-demand capacity, which allows new applications to be quickly prototyped and rapidly deployed.
In short…
If you’re considering a hybrid approach then we recommend you kick off with a small pilot. Once you are comfortable with the ins and outs of the hybrid model you can then roll it out further. Although the initial project may be small you should keep scalability in mind. The infrastructure you deploy should be ready for growth and capable of delivering an ROI within a defined time period.
While hybrid IT can bring many benefits to your business, success largely rests on the management put in place. There must be a single administrative console which controls both the cloud and on-premises assets. This console must also use a unified set of security, user and application policies.
Many experts are predicting a “second wave” for cloud services. Public, private and hybrid cloud implementations are reported to be accelerating, according to Forrester, as CIOs seek to take advantage of cloud’s economies of scale to build on core applications.
In fact, Gartner predicts that by 2020 “no-cloud” policies will be as scarce as “no-internet” policies are today. With this prediction in mind, we examine the possibility of a 100% cloud environment, the roadblocks to achieving it and whether “total cloud” is even desirable.
Will regulation allow for 100% cloud?
I’m unaware of any regulation that prevents a particular business moving to 100% cloud environment. Some regulatory authorities state data must be stored in a UK/EU data centre, but that’s as far as it goes. The fact is that for many businesses now, and also in the future, a 100% cloud environment is perfectly viable.
Will customer attitudes allow for a 100% cloud environment?
It depends on the type of organisation and the size of that organisation. At the end of the day if a 100% cloud environment is the right solution, then the organisation will move. Attitudes towards total cloud solutions have certainly softened, especially over the last 18 months – even those whose sectors have traditionally been very conservative and wary of change, such as the legal market.
Will business objectives and needs allow for a 100% cloud environment?
Most businesses could move to some form of cloud platform on a 100% basis, no matter what the size or sector. You will need to consider, however, if this is the right solution, cost and functionality-wise. Typically, and in the majority of cases, in mid-to-large firms then some sort of hybrid environment will be the correct solution.
Will culture allow for a 100% cloud environment?
Culture has never really been an issue in going into the cloud. A correctly implemented cloud platform should not impact the user experience particularly, and thus has no impact on a culture. You do encounter some IT leaders who are wary of the cloud. However, this is often due to a protectionist attitude that their role will become redundant. This is, in the main, a false statement as IT leaders add the greatest value when focused on business systems and the development/improvement of systems, not running IT infrastructure.
Is 100% cloud environment even desirable?
100% is desirable by some businesses, but that’s often due to a lack of focus on what IT really is. Cloud is simply one tool in the box. A desire for 100% cloud can often be as wrong as wanting to run everything internally. You need to choose the right tools for the job and the end objective.
Email archiving brings benefits to every department throughout a business – from finance and legal, through to administration. One department which can benefit from email archiving is HR, as they deal with personal data every day.
Three benefits of email archiving for HR Managers
1. Investigate claims of bullying in the workplace
You may think this doesn’t happen in your workplace, but it’s something you should be able to investigate. Research carried out by the TUC shows that 29% of people have been bullied at work. Email records are important in cases of alleged verbal or physical bullying, as they’re difficult to prove.
An email archiving solution that captures every email provides HR managers with the transparency and visibility required to conduct a fair investigation in the event of a complaint. It’s more reliable than relying on employees to archive their messages on an ad-hoc basis. A solution with user-based security permissions is ideal as HR Managers can investigate complaints without the involvement of the IT department.
2. Monitor for email misuse
A company may find itself in the midst of a legal dispute if employees misuse corporate email. This could range from sharing offensive material to accidentally hitting the “Reply All” button. It is not enough to rely on your employees to use common sense when it comes to email etiquette, and it could result in legal action against your company – as seen in the case of Thales Australia.
One way to ensure employees are aware of your business’s email usage policy is to send a copy of the guidelines via email. Then ask employees to send a reply stating they have read the policy and agree to abide by it. Your email archive will save the reply, so you have a record available should any dispute arise. Using an email archiving solution means you will also have a record of any inappropriate work emails, even if the employees sending and/or receiving them delete the messages from their inbox in between system backups. Emails are time-stamped and digitally fingerprinted at the moment of storage and retrieval so you can guarantee accurate data. Which is essential if these emails are being presented as evidence in a tribunal.
3. Ensure regulatory compliance
You must keep former employees’ records for the duration of employment and for six years after you terminate employment. This includes items like training records, appraisals, contracts, annual leave, sickness records and disciplinary warnings (even if these have since expired). You have to keep these because an Employment Tribunal, County Court or High Court claim is possible for up to six years after employment ends. So the business could be at risk for failing to produce these records. Also keep anything that relates to the employee, which an Employment Tribunal may require as evidence, for this retention period.
Email archiving is much more than just another IT solution. By implementing cloud email archiving, every department in your business stands to gain a wealth of benefits. Greater efficiency, streamlined processes and reduced costs are just some of the positive results you will see at a high level.
IT Department
IT Director, IT Manager, Network Manager
Eliminates the need for PST files and restorations of individual emails for end-users
Reduces the time it takes to back up the email server and allows it to run more efficiently
De-duplicates email data and removes it from expensive Tier 1 storage, resulting in reduced storage requirements and lower costs
Allows end-users to self-manage their email, for example restoring deleted messages, rather than logging support calls
Easy to budget and forecast for
Enable authorised personnel – such as the HR Manager – the ability to conduct their own investigations without requiring assistance
A fast and accurate way to search for all emails connected to a particular person, subject, attachment, client etc.
Ensures transparency and visibility required for fair HR investigations
Greater protection for employee privacy as a fully encrypted audit trail is generated with every search request
Manage HR investigations without the need for IT involvement with role-based security permissions and an intuitive search interface
A tamper-proof repository ensures the emails you retrieve are reliable and accurate, by removing the ability for users to edit or delete emails
Data Protection and Compliance
Freedom of Information Officer, Compliance Officer, IT Director
Provides authorised personnel with access to all email communications, ensuring transparency and visibility
Helps the company adhere to FOI legislation, financial regulations, data retention regulations etc.
Time-stamping and digital fingerprinting proves the data is authentic and exactly what was sent on/received by any given date
Senior Management
CEO, MD, Directors, Sales Manager, Customer Service Manager
Greater protection for the business against data leakage
Ensure that policies and procedures are properly enforced to protect intellectual property, patent data, client information etc. and make sure they are only held within the business
A greater understanding of how your business uses email e.g. how long does it take the Sales team to respond to a prospective client?
Financial services firms operating in the UK can now utilise cloud-based IT solutions without fear of breaking their regulatory obligations, as the Financial Conduct Authority (FCA) has issued guidance for firms outsourcing to the “cloud” and other third-party IT services stating there is “no fundamental reason” why they cannot implement cloud services.
While the FCA states these are guidelines, not rules, it advises firms to take note in regards to their outsourcing strategies. One key element of the guidance is that firms will need to ensure cloud providers store their data in data centres based in suitable jurisdictions. This is because the FCA will still need oversight of any data relating to financial services firms.
In light of this new guidance, QuoStar’s Robert Rutherford discusses the many reasons firms can benefit from adopting the cloud, why security issues are now a thing of the past and why firms should be looking for niche provider who can enhance IT service delivery rather than settling for an “off-the-shelf” cloud solution.
Disaster recovery and business continuity are integral to creating a reliable and stable business. With the cost of downtime skyrocketing and a Forrester survey revealing only 2% of businesses were able to recover from their latest incident in under an hour, the importance of having an effective business continuity plan in place has never been higher.
Using the cloud to provide disaster recovery and business continuity solutions is a major way businesses can ensure they maximise their downtime whilst minimising the disruption caused by an outage or IT failure.
Benefits of cloud-based business continuity:
Automatic backup
Traditionally, the backup of an important file – let’s say the client database – stored in the disaster recovery backup would be as up-to-date as the last time a physical tape was copied over. This could mean that a day’s worth of work would be lost due to an IT failure if the tape was taken daily. Of course, if the tape was taken less often, more and more data and hours would be lost in the result of the main data being lost.
Cloud-based disaster recovery, on the other hand, can store a nearly live copy of the file. Reducing the time lost due to data loss to a matter of minutes or possible seconds.
Less expensive
The fundamental structure of cloud has allowed for business to reduce the operating and upfront costs of IT. This is no different for disaster recovery. Replicating key business systems is now much less expensive as there is no need to purchase the dedicated infrastructure required for a disaster recovery system.
Thanks to the economy of scale, the costs are now shared between every user of the cloud provider’s service. Overall making establishing an effective disaster recovery system less expensive and more accessible for businesses.
Rapid recovery times
In the past, if a major IT failure occurred, in would roll a truck with a stack of servers maybe hours or maybe days after the business went down. This is of course if the business was actually lucky enough to have a deal with a disaster recovery provider.
Cloud-based disaster recovery systems are able to failover automatically, reducing the amount of downtime experienced after an IT failure to the scale of minutes. In turn, lowering the costs incurred from idle employees and preventing customers from being unable to access your service.
Offsite backup as standard
In order to keep your business’ data truly secure there must be a copy kept offsite – outside the physical business premises and away from the main file server or data center. This is so that if something does affect those locations, the backup is not lost as well.
Using a cloud provider automatically means your data will be being stored offsite, instantly adding a layer of reliability to your backup.
Summary
If you aren’t already backing up to a cloud platform or using it for business continuity, then it’s worth looking into. If security concerns are holding you back, be aware that security and encryption systems can give you military-grade protection without serious costs.
QuoStar has been shortlisted for a Cloud World Series Award, in the category of “Best Cloud SME Project by a Vendor”. The company, whose operational headquarters are based in Bournemouth, have been nominated alongside big names like Amazon, NetSuite and VMware.
The Cloud World Series Awards are a celebration of the drive, innovation and hard work in the global cloud computing industry, There are six categories recognising services from across the ecosystem. The Awards will bring together the industry leaders and experts across who have driven developments over the past year.
The winners will be announced at the Cloud World Forum on the 24th of June.
To find out more about QuoStar’s private cloud solutions, click here.
Cloud computing is more widespread than ever. 84% of businesses in the UK have adopted cloud in some form and 78% have formally adopted two or more cloud services in their business.
But although flexibility, cost reduction and scalability are the most common reasons for utilising the cloud, what is often overlooked is its ability to reduce energy consumption and run a greener IT operation. With policy and customers taking a harder stance on carbon emissions and rising energy prices, many businesses are now looking at ways of running a more sustainable operation – and the cloud is potentially a modern and efficient way of doing so.
How does the cloud help green businesses?
1. Resource reduction
Deploying a cloud-based infrastructure allows a single physical server to run multiple operating systems concurrently. With less equipment needed to run workloads, you can proactively reduce data centre space whilst also reducing your electricity running costs.
2. Shared resources & energy costs
Cloud providers have the expertise to carefully control the temperature and humidity in the data centre required to keep servers at peak performance. You will no longer need excessive machinery in-house to properly cool your equipment, and punishing fluctuations in energy costs can be mitigated.
3. Pay per-user, per-month model
As cloud services providers typically bill on a pay-as-you-go model this encourages users to only consume what they need. The scalability of the cloud means not only can customers increase their cloud capacity when needed, but they can also decrease it as well – lowering their impact and power consumption.
4. Energy-saving technology
Some large cloud service providers will have energy-saving equipment which would not be viable for small businesses to run, due to their cost and operation size. Thanks to the economies of scale though, growing businesses can gain easy access to this greener hardware without having to break the bank.
What are the obstacles for SMEs adopting the cloud in order to go green?
Obviously, the cloud isn’t a silver bullet for every business and its operations. However, in many circumstances, particularly in the SME arena, it’s a good fit and allows businesses access to big business solutions without the associated price tag.
The main obstacles include:
Specific applications don’t work well over a long line. This is due to latency sensitivity or the costs associated with the bandwidth required.
The speed and availability of broadband technology. A hindrance to small to mid-sized businesses, based in rural areas, without significant budgets.
Some large industrial areas don’t have a suitable infrastructure to run high connection speeds. This can be down to aluminium wire or oversubscription.
These obstacles can be difficult to overcome if you don’t the budget to run a leased line in from a point of presence to a considerable distance away. You could bundle together (bond) a number of xDSL type circuits together, and in some circumstances, this may be acceptable, as long as the investment stacks up. If you don’t go cloud then you can get cloud-ready. Start by rationalising applications, and virtualising servers and applications. If you go down this road, it’s unlikely the investment will be a waste.
How can an SME tell if their cloud provider is truly green?
It’s important to remember that data centres themselves run on a huge amount of power. There’s no single technology or initiative that makes a cloud provider green. It has to be a mix. Some factors include off-setting carbon, water conservation in the data centre, access to public transport so staff don’t need to drive, recycling as much as possible, and innovative cooling and heating recovery systems. ISO 14001 does demonstrate a commitment to improving efficiency and reducing wastage within a business from an environmental perspective. However, it doesn’t certify that a company is green in any way.
Being carbon neutral is a relatively significant undertaking that does demonstrate that a business is taking being green seriously. This really is the base standard for a green cloud in my opinion. Typically a third party calculates carbon usage that facilitates a suitable offset vehicle. For example, investment in a CO2 or methane capture project or simply just planting trees.
This is all very well and good but to really be green, I believe the business, particularly the data centres running the cloud platforms, need to be built to be highly efficient. If your business’s top priority is to be as green as possible then ask your cloud provider how they’re powering their data centre to establish whether migrating to the cloud is truly going to help reduce your carbon footprint.
What does the future hold?
The cloud can be greener going forward. To some extent, this will just happen naturally due to rising energy costs. Many providers tag the green badge onto what was is effectively a cost reduction strategy. Old data centres using old technology and facilities will be more expensive to run than new purpose-built, efficient ones. Due to the huge costs involved in powering and operating these facilities, it’s fairly obvious to identify a return on renovation or new build.
Data centre are being moved to colder regions of the planets to reduce the cost of cooling. Alternatively, some data centres in sunnier climates now use solar panels to reduce the chargeable power from the grid.
Obviously, virtualisation is still the big word throughout the IT sector. The more servers you can run on a single piece of hardware using the least power, the better the profit margin too. It’s that simple. Of course, you can also get a big tick in the green box too. Power costs, cooling costs – no business wants to pay for either.
Don’t forget, going green doesn’t just stop at deploying the cloud. There are many other initiatives your business can take part in:
Proactive recycling.
Educating employees about their carbon footprint and ways they can reduce this.
Being energy-conscious with utilities, e.g. heating, lighting, electricity.
Managed print solutions to help to reduce paper and resource wastage.
One of the most commonly cited benefits of the cloud is its potential to reduce and optimise IT spend. With your data being stored in the provider’s data centre, you no longer require costly server equipment in-house, nor the cooling equipment, electricity bills and maintenance costs that come with it.
There are also no hardware or software upgrades to unexpectedly deal with and it’s commonly run on a per-user, per-month model – providing long-term cost savings too.
With cloud service providers regularly promoting all these benefits, and more, it can seem like a complete no-brainer. Surely every type of business should be adopting cloud!
Unfortunately, it’s not always the best fit for everyone, and one of the things you should be considering right now are the costs, and if your IT budget can cope with them?
What are the operating costs of cloud computing?
Cloud computing is a paradigm shift from using in-house infrastructure. With in-house infrastructure, you pay for the hardware and then can do whatever you want with it. With cloud infrastructure though, you get access to the hardware for ‘free’ but have to pay for anything and everything you do with it.
This includes paying for things you usually take for granted such as:
Data storage space
Disk read operations
Disk write operations
Sending data outside the server
Running applications on the server
This means cloud can end up as a service which snowballs in price as you use it for more and more functions.
The good news is that these prices only get out of hand if you choose the wrong provider or service. The bad news is that choosing the wrong provider is very easy if you don’t know exactly what you’re doing.
If the proper analysis is performed before a vendor or solution is chosen, the operating costs should typically be less, or at worst case the same as delivering a service internally. But even if direct cost savings are minimal, you still gain access to top-class infrastructure and systems without the associated capital expenditure, and without needing to hire, train and retain staff to manage such a system.
How to choose the right cloud vendor?
It’s a bit of a wild-west out there at the moment and unfortunately, the cloud gold rush means you have cowboys looking to make a quick buck or amateurs putting their customers at risk. If you know what you are doing and fully understand your requirements it’s easy to assess the market… but most people don’t have that knowledge and need a bit of help.
The most common issue we see when helping turn around cloud projects is that the business didn’t have sufficient in-house IT knowledge and bought a cloud service the word of a sales guy.
Lots of vendors in the market are trying to make businesses believe adopting the cloud is as simple as buying a new server or replacing desktop PCs. Not only is this a lie but it opens the door to a host of hidden costs down the line.
Where are the hidden costs likely to spring from?
Hidden and unnecessary costs come from a variety of places in a cloud project:
Misjudging the complexity and time involved in migration.
Overlooking the correct levels of security and resilience when deciding on a vendor or solution.
Believing that by choosing a cloud service, risk and management just vanish.
Service or relationships falling apart.
Pulling data from systems and keeping cloud systems talking to other solutions.
Massively over-specifying cloud solutions and forgetting you can scale your operations to only what you use.
How can CIOs guard against the hidden costs?
As always if you are undertaking any project of size then it’s all about the planning. If you don’t feel 100% comfortable then pick up the phone and get an expert in. Even if it’s just for a day to sanity check everything. Too many CIOs are too proud to have their judgement double-checked, and this can prove costly – in many ways.
Security as a service (SECaaS) is the outsourced management of business security to a third-party contractor. While a cyber-security subscription may seem odd, it’s not much different from paying for your anti-virus license. The difference is that SECaaS is the combination of a lot of security products wrapped up into one more central service.
The range of security services provided is vast and goes down to a granular level. Examples range from simple SPAM filtering for email, all the way through to cloud-hosted anti-virus, remote automated vulnerability scanning, managed backups, cloud-based DR and business continuity systems and cloud-based MFA systems.
The services are either delivered directly from the vendor where the reseller takes a commission or they are delivered from specialist firms who have the in-house skills capable of building, integrating and managing specialist security services for their customers.
Just a note here: you may have heard of SaaS (software as a service). This is different to SECaaS.
1. Is SECaaS dangerous?
Putting your security in the hands of another business may seem like a big risk. And if done incorrectly, it’s almost guaranteed to have a less than ideal outcome. But businesses have had success with SECaaS and there’s no reason you can’t either.
The most likely cause for an issue is choosing a supplier based solely on price. A business offering SECaaS that’s been around for a few years and has a range of clients but charges £50 per user per month is going to be very different from the business that offers “cloud-based security” for £10.99 per user per month.
Do not instantly go for the cheapest option when considering SECaaS.
Sure, you might be paying nearly 5 times as much. But if your SECaaS provider has the lowest price on the market they’re skimping on something. And if there’s one thing you don’t want to skimp on, it’s your cyber-security.
2. What are the advantages of SECaaS?
Cost-saving
Despite what was just said about avoiding cost-cutting when it comes to cyber-security, one of the main draws of SECaaS is the long term price savings it can have. Because you don’t actually own the infrastructure, you don’t need to pay for its floorspace or for its upkeep (prices which can fluctuate based on external factors). Instead, you only pay a flat rate that is unlikely to change.
Fully managed
Your provider is the person keeping up to date with the changing threat environment, not you. That means that you can focus more on your own business goals instead of diverting time towards understanding the various threats out there and ensuring that your defences deal with them.
Greater expertise
A good SECaaS provider is going to consist of people who know everything there is to know about cyber-security and regularly keep up with trends and changes in that area. As a result, they’ll have a much greater range of expertise which you can utilise to keep your business safe. This also lets you keep your core employee focus on your own sector rather than branching out and getting a dedicated cyber-security expert.
Frees up time from repetitive tasks
Time-consuming admin tasks that need to be done can be performed by your SECaaS provider instead. This can be things like reading system logs or monitoring the overall network status.
3. What are the disadvantages of SECaaS?
Reliant on SECaaS provider acting
This is the main reason that you should be choosing a high-end SECaaS provider.
Because SECaaS providers are the holders of a lot of data, they (and as an extension, you) become lucrative targets for cyber-criminals. If they are breached then you are breached so ensuring they have made big investments into their security is paramount.
To make sure that your chosen provider is continually investing in their security, be sure to keep in regular contact with them. Ask questions about what they are doing to address the latest types of exploit or flaw and dig deep into the specifics of what type of security they have in place on their own systems. Is it minimal or is it high-grade and comprehensive?
Whilst in the decision stage you should also be asking each provider exactly what kind of security they have in place or what is their policy is around topics like staff training. If they can’t prove that they are taking their own security seriously, you can bet that they won’t be taking yours seriously either.
Increases vulnerability to large scale attacks
The uniform security measures SECaaS providers have over multiple clients allow them to keep up a comprehensive level of security. But it also means that if a vulnerability is found for a business who use the same SECaaS provider as you, then that same vulnerability can be used against your security.
Because one vulnerability gives so many potential attacks for a hacker, probing the security of the SECaaS provider is much more rewarding for cyber-criminals. This means they put in a more concerted effort towards breaching the SECaaS provider’s security. This can inadvertently make you a prime target for cyber-attacks.
Be aware though, as a business (even a 2-10 employee one) you’re already a prime target for cyber-attacks. If done properly, the perceived increased danger of choosing SECaaS can be made negligible. Especially when compared to the increased overall security you would receive from a high-quality SECaaS provider.
3. Why is SECaaS being offered more often?
Security providers are becoming aware that with the rise of small businesses. There’s a growing market for security services that don’t need expensive internal employees or risky infrastructure investments.
Many growing businesses also don’t have the up-front funds to develop a hardware heavy security system. Therefore, they find a monthly plan to be much more manageable for their finances. For example, implementation of two-factor authentication and disaster recovery may have cost £100K five years ago. But SECaaS can deliver the same project on a £1,000 budget with no CapEx.
Because of the flexible nature of SECaaS, many of the decisions can now be addressed head-on. There is no longer the same level of risk anymore surrounding topics like setting up security infrastructure. Businesses can switch SECaaS providers more easily. So, this ‘de-risking’ of cyber-security has made the SECaaS market ideal for businesses who want to avoid making a bad decision.
Finally, with the rise of the cloud and increased internet speeds. Services offered over the internet are now on a par with in-house solutions. This has meant that cyber-security being offered as a service is now very feasible and is genuinely useful.
Conclusion
So, you may now be asking yourself if you should consider SECaaS for your business. Unfortunately, there’s no comprehensive answer. If you want to improve your security, without draining your budget, then it’s worth reviewing. But if you already have a fairly comprehensive security setup in place it may be better to ensure that it actually is as comprehensive as you think it to be and then just sticking with what you have, upgrading it and maintaining it as you already are. Alternatively, you could look into a UTM system for your business if you’re uncomfortable with SECaaS but want to make your security more comprehensive.
Financial services firms operating in the UK can now utilise cloud-based IT solutions without fear of breaking their regulatory obligations, as the Financial Conduct Authority (FCA) has issued 
