Businesses opening up to security risks by failing to gain grasp of DevSecOps

DevOps approaches have become a fixture in most businesses, but integration with security operations is lagging behind.

New research commissioned by global technology services provider Claranet has found that 88 per cent of UK businesses have either adopted a DevOps approach or plan to adopt one in the next couple of years. Despite this, fewer than one in five (19 per cent) are fully confident in their ability to integrate security into this philosophy – also known as DevSecOps. This underlines the potential data security risks that businesses are creating for themselves – especially given how DevOps tends to outpace traditional security controls – and the work that needs to be done within IT departments to embed and automate security best practices into the entire DevOps lifecycle.

The research, conducted by market research firm Vanson Bourne, included 300 respondents from businesses in both the UK and USA. It found that just under half (47 per cent) of UK organisations have adopted a DevOps approach, with an additional 41 per cent planning to make this a reality in the next couple of years, indicating that DevOps is becoming a de facto way of working for many IT departments.

However, when considered alongside the fact that a fifth of organisations doubt their capability to deliver DevSecOps, it becomes clear that there is a significant disconnect between DevOps capabilities and DevSecOps readiness. This lack of full emphasis on security as part of the DevOps process could lead to data security issues further down the line.

Commenting on the findings, Sumit (Sid) Siddarth, Director at NotSoSecure (a Claranet Group company) said:

Embracing DevOps is clearly at the forefront of the minds of the majority of IT leaders across the UK, which provides some cause for encouragement. But the overall lack of integration of security best practices into this process shows that, for many businesses, security is still being considered as something that is administered separately to the development lifecycle, rather than incorporated into it from end to end.”

Given the frequent development cycles that are an inherent characteristic of DevOps, seeing security as a separate entity can slow processes down and reduce efficiency, which either compromises the agility which is so central to any DevOps philosophy, or leads to windows where vulnerabilities can be released and won’t be spotted until the next security testing cycle.”

To remedy this issue and help the IT department to effectively transition to a DevSecOps approach, Siddarth believes that training of staff throughout the IT department is essential, as is the adoption of new approaches to security testing and continuous monitoring and analytics throughout the DevOps lifecycle, whether this be in planning, coding, pre-production or decommissioning. To do this, businesses should be willing to enlist the expertise of third parties who are well-versed in meeting the DevSecOps challenge.

Sid added:

While the benefits of DevSecOps are clear, actually making it a reality is a complex process that can’t be completed overnight. Working out how to implement and automate application security – such as continuous monitoring and static analysis – within existing CI/CD pipelines takes time and effort, so it’s important that organisations receive in-depth guidance in how to make this happen. Furthermore, newer approaches to security testing, such as continuous security testing, need to be used to ensure any testing approach is keeping up with the rate of change DevOps approaches allow for.”

Sid concluded:

This guidance should be tailored to everyone involved in the DevSecOps process. Development teams need to be trained in order to heighten their security awareness and figure out how they can work with their security-focused colleagues, and security personnel will benefit from learning how their role fits within the wider DevOps ecosystem. If these formerly disparate components can be brought together, an effective DevSecOps philosophy will follow as a matter of course.”

Claranet offers training courses in DevSecOps, with a session in Leeds scheduled for 25th March, and has developed its new Continuous Security Testing services to complement its existing Penetration Testing services.

More information on the Leeds session can be found by clicking here.

Claranet named in The Sunday Times International Track 200 for third consecutive year

Technology services provider moves up to 38th place in rankings of the UK’s fastest growing privately-owned businesses in the mid-market

Technology services provider Claranet has been ranked 38th in The Sunday Times International Track 200 for 2019. Published on Sunday 10th February, the league table ranks the 200 privately owned companies in Britain with the fastest-growing international sales over the last two years. This placement marks a third straight year of improvement, with Claranet appearing in 69th spot last year and 170th spot in 2017, and complements the company’s third consecutive appearance in the Sunday Times Top Track 250 in October 2018.

In the financial year ending 30th June 2018, Claranet’s turnover grew by 49 per cent, further cementing the company’s position as one of the leading providers of technology services across Europe. Claranet currently delivers hybrid-cloud, network, communications and cyber security services to over 6,500 customers across nine countries in Europe, Brazil and most recently the US.

The company’s emphasis on sustained expansion has seen Claranet make three further acquisitions since July 2018. These include NotSoSecure, one of the world’s most respected security training and penetration testing firms, Italian DevOps specialist Xpeppers, and Dutch IT services provider Quinfox. The continuation of this strategy has been instrumental in further growing Claranet’s presence in its established and new regions, and helping the company evolve its portfolio and access to new customers.

Acquisitions, alongside organic growth, have seen Claranet’s revenues continue to grow significantly, with first quarter run rate revenue in FY19 standing at £350 million per year. This means Claranet is set to retain its position as one of the fastest growing UK businesses in its market.

Charles Nasser, founder and CEO of Claranet, commented:

The growth that we have seen over the course of the past year has been exceptional, and has come as a result of the progress we’ve made to consolidate our presence in the markets in which we operate and strengthen our service portfolio. We’re thrilled to have moved up the rankings in the International Track 200 once again, which is testament to our continued focus on innovation and the investments we have made in our capabilities, staff and partners.”

We’re now a leading expert in a wide range of IT services, closely supporting our customers and making sure they maximise the potential of new technologies. The formation of our cyber security unit is a prime example of this: combining the ethical hacking, penetration testing, managed security services and training expertise of Sec-1 and NotSoSecure has enabled us to make inroads into the rapidly growing IT security market, alongside all of our other capabilities.”

Charles concluded:

We’re looking forward to maintaining our emphasis on working closely with our customers, developing the collaborative, trusted relationships that are so important to their success in the long term.”

Claranet strengthens its Mobile Broadband service to meet growing demands for mobility

Enlarged mobile broadband data tariffs of up to 50GB to provide new flexibility to businesses who have high data usage requirements

Claranet has upgraded its Mobile Broadband offering with new data tariffs to meet the growing demand for mobile as the primary form of connectivity. With the newly-enlarged data plans of up to 50GB, businesses will be able to get new sites and mobile workers up and running on secure, high-speed broadband connections quickly, helping to accelerate their transformation efforts.

Claranet’s Mobile Broadband service is an over-the air-connectivity offering that has primary, backup and SIM only variants, with data plans ranging from 1GB to up to 50GB. The mobile connectivity can be deployed as a primary connection for a site or utilised as a backup connection for when a fixed line services fail. Claranet removes the IT administration and management effort by fully managing the service from procurement and configuration to providing ongoing support.

The mobile broadband service can directly integrate into MPLS networks, enabling new sites to be easily and quickly incorporated with corporate networks, removing the need for additional firewalls, hardware or licenses. This gives staff the freedom to work remotely while ensuring that IT departments can maintain control and the integrity of their data.

Dave Palmer, Head of Network Design at Claranet, commented:

With these upgrades we’re now able to offer much more flexibility to our customers who have higher data usage requirements, helping them to get new sites and staff connected to high-speed connectivity services quickly and easily, where ever they are. This is of particular benefit to industries with short deployment lead times, such as retail and construction, enabling them to start on-boarding, transacting, and carrying out digital processes at new locations sooner.”

In addition, the larger tariffs make our mobile broadband service a much more compelling and cost effective back-up solution, when compared to ADSL, FTTC and Ethernet. Should the primary line go down, our mobile broadband kicks in to gear immediately, giving our customer peace of mind that they can keep their businesses running no matter what.”

Claranet launches MPLS superfast broadband services across Ireland

Faster and more powerful internet connectivity will enable Irish businesses to take advantage of the latest technologies.

Irish businesses are being given a connectivity boost thanks to Claranet, who will be rolling out MPLS Superfast Broadband across the country. Expanding on its current MPLS Ethernet and Broadband offering, the new service will offer lightning fast speeds of up to 100Mbps, filling the gap between the existing broadband services which Claranet currently provides.

As cloud services and web applications become more popular and increasingly sophisticated, businesses are expecting their technology provider to offer higher bandwidth and faster download speeds. Claranet are looking to the future by rolling out a powerful and reliable MPLS network infrastructure that can cope with any technical requirements. The superfast broadband will be available to all businesses across Ireland and Claranet is expecting an extremely high demand for the new service.

Many large commercial organisations, especially those in retail and finance, are looking for enhanced network connectivity that can cope with continual fluctuations in usage and is capable of processing large volumes of data during times of peak demand. Claranet’s new MPLS Superfast Broadband will enable companies of all sizes to take advantage of the latest technologies and applications, including AI, chatbots, immersive AR and VR, which will improve their customer experience offering.

Smaller offices will also benefit from the new service, as additional sites can be easily incorporated into the company’s wider network estate while allowing applications such as Skype or video conferencing to be fully utilised. When coupled with Claranet Online, MPLS Superfast Broadband offers IT departments complete visibility of their entire digital network estate, including service details, the status of the connectivity and bandwidth utilisation.

Dave Palmer, Head of Network Design at Claranet UK, talked about the growing demand for improved network connectivity:

Businesses across the country are capitalising on the latest innovations, including cloud computing, Internet of Things and Artificial Intelligence which all depend on having a fast, powerful and reliable internet connection to operate effectively. Our MPLS Superfast Broadband service will empower Irish businesses to take advantage of these sophisticated technologies, enabling them to achieve their digital transformation objectives and vastly improve their customer experience offering.”

Claranet will offer a fully managed service and oversee the whole process, from installation to configuring the MPLS network, without having to purchase additional VPN hardware devices. It will also install a direct internet line for any business that does not have an existing connection so they can take advantage of the new service.

Claranet records strong growth in FY18 with 49% increase in global revenue

Organic growth and strategic acquisitions drive Claranet’s turnover to £321.6m for the year ended 30 June 2018, with a first quarter annualised run rate for FY19 of £350m.

Claranet, the global technology services provider, has released financial results for the year ended 30 June 2018, revealing a 49 per cent increase in turnover. A combination of organic and acquisitive growth saw Claranet Group’s revenues reach £321.6 million, up from £216.5 million in FY17, while Adjusted EBITDA hit £50 million, representing an increase of 29 per cent.

The Group’s ambitious growth strategy saw it acquire UK-based hosting infrastructure services company, Union Solutions in April 2018, further boosting its hosting transformation and Azure capabilities. The company also maintained its focus on integrating the three acquisitions completed in May 2017 (Sec-1, Oxalide, and ITEN Solutions) serving to drive further growth.

In addition, Claranet has made three subsequent acquisitions since July 2018: NotSoSecure, one of the world’s most respected security training and penetration testing firms, Italian DevOps specialist Xpeppers, and Dutch IT services provider Quinfox. Following these transactions its first quarter run rate revenue in FY19 stands at £350 million per year.

Cloud computing services comprise a critical part of the business, with the company positioned as a ‘Leader’ in Gartner’s “Magic Quadrant for Managed Hybrid Cloud Hosting, Europe” for five years running from 2013 until the final year of this Magic Quadrant in 2017. Moving ahead, Claranet continues to deepen its partnerships capabilities with AWS, Microsoft, and Google, and has also further diversified its portfolio of services recently with the launch of a new Cyber Security unit.

Commenting on Claranet’s performance, Charles Nasser, Founder and CEO of Claranet, said:

The growth that we have seen over the past financial year is exceptional. This is a result of the progress we’ve made to consolidate our presence in the markets in which we operate and strengthen our service portfolio. Claranet continues to innovate and the investments we have made in our capabilities, staff, and partners over the past year will ensure that we can continue to design, migrate, run, and support our customers’ broad range of infrastructure and applications on any public, private, or hybrid cloud environment. This is a key differentiator for the business and will enable us to continue to help our customers to get the best out of cloud services.”

Charles concluded:

Our strategy has also seen us make significant in-roads into the rapidly growing IT security market, which we believe is a huge opportunity for the business. By combining the ethical hacking, penetration testing, managed security services, and training expertise of Sec-1 and NotSoSecure in our dedicated Cyber Security unit, we have a strong platform on which we can pursue further growth and break into new markets.”

Todd Salmon joins NotSoSecure to drive US growth

Industry expert joins leading penetration testing and ethical hacking company to fuel continued expansion.

Leading ethical hacking and penetration testing company NotSoSecure, part of the Claranet Group, has announced the appointment of security industry veteran Todd Salmon as Executive Vice President (US) to expand North American operations. In his new role with NotSoSecure, Todd will be responsible for the day-to-day operations in the US, as well as supporting global collaboration within the Claranet Cyber Security portfolio.

Todd brings nearly three decades of executive leadership and management experience providing information security and technical solutions to all the major vertical markets, and he has a proven track record of building and running successful professional services organisations for both the public and private sectors.

Most recently, Todd was a partner in the start-up Stack Titan where he served as Chief Operations Officer. Prior to this he spent eight years as the Vice President of Optiv/FishNet Security’s Attack & Penetration Practice. During that time, Todd grew their Security Assessments line of business significantly.

The appointment follows the launch of Claranet’s Cyber Security unit, which combines the pioneering penetration testing and managed security service capabilities of Sec-1 and NotSoSecure, and the training competencies of NotSoSecure – one of the largest training partners of the globally acclaimed Black Hat conferences. The new unit ensures that the capabilities of both companies are aligned in a way that offers the best range of security services to customers within the existing Claranet footprint and around the world.

Commenting on the appointment, Dan Haagman, Director of Security Services at NotSoSecure said:

In all his prior roles Todd has led from the front and, as a result of his dedication to client satisfaction, tireless coaching and mentoring of colleagues, and laser focus on quality, he has left a track record of success everywhere he’s been. That is why I am delighted that he has joined NotSoSecure to help us grow our North American operations. We have already have a loyal and engaged customer base in the US but we believe we are just scratching the surface. Bringing Todd on board is a sign of our intent and belief that we are in a strong position to help more customers in the US with security testing, training, and managed services.”

Todd Salmon added:

Despite its relatively small size, NotSoSecure punches far above its weight in the pen testing and security training industry and its consultants are world-renowned for their expertise. I’m therefore excited to be joining NotSoSecure and the wider Claranet Cyber Security Services Group as we build the business while we continue to meet the evolving needs of our existing customers.”

Human error is to blame for poor cloud security, not the infrastructure itself, warns Claranet

Global technology services provider points to automation and fully-accredited partners as way to avoid cloud security vulnerabilities.

A lack of knowledge and an overreliance on manual change processes is leading many businesses to jeopardise the security of their cloud deployments, global technology services provider Claranet warns today.

The warning follows the launch of a report published by McAfee this week, which found that the average business has approximately 14 improperly configured IaaS instances running at any given time and roughly one in every 20 AWS S3 buckets are left wide open to the public internet. Additionally, researchers estimate that roughly 5.5. per cent of all AWS S3 storage instances are in a “world read” setting, allowing anyone who knows the address of the S3 bucket to see its contents.

Commenting on the findings, Steve Smith, Senior Site Reliability Engineer and AWS Team Lead at Claranet, said:

The cloud security challenges highlighted in this report have little to do with the platform itself, but everything to do with the people using it and, in our experience, people are the biggest weakness here. The major cloud providers like AWS set a lot of sensible defaults designed to support configuration – for example, S3 buckets are now private by default – but unfortunately, it’s very easy to get things wrong if you don’t know how to use the platform.”

We’ve seen many AWS configurations that end-user businesses have developed themselves or have worked with partners that don’t have the right experience, and, frankly, the configurations can be all over the place. When internal IT teams create these environments themselves, mistakes can occur when they don’t have the depth of knowledge or experience to follow best practice.”

A click of a button or slight configuration change can have a major impact on your security posture, so it’s important to get a firm grip of the access controls and have safeguards in place to catch mistakes before they hit the production environment.”

Developing infrastructure as code – effectively, templated scripts that will create infrastructure in any public cloud environment – helps here because it makes it more difficult for mistakes to occur. Any changes in the code need to be peer-reviewed in the development lifecycle, making it much less likely that errors will make it out to the production environment and ensuring that any changes can be tracked and audited. In addition, it’s also good practice to run that code from a centralised location – some kind of CICD server for example – so that only that machine can make configurations and that there’s no way to make changes manually.”

Steve concluded by stating that AWS’s Well-Architected Framework, a programme designed to help AWS users build the most-secure, high-performing, resilient, and efficient infrastructure for their applications, is a key way that users can secure peace of mind about their cloud deployments.

AWS has set up a review scheme, the AWS Well-Architected Framework, to help address these very issues and provide users with the assurance that everything is configured securely and as it should be. Qualified AWS partners can conduct comprehensive and free reviews of existing AWS architectures, checking things like access policies and change processes, and advise on the best way forward to safeguard security.”

Claranet acquires Dutch IT services provider Quinfox

Acquisition enhances Claranet’s capabilities in the healthcare and accountancy sectors

Claranet has acquired Dutch IT services provider Quinfox, a specialist in providing digital services for accountancy, healthcare and public sector organisations. The acquisition, which is the third acquisition that the Claranet Group has made this year, enhances the company’s market position in the Netherlands considerably and puts it in a strong position to pursue further growth.

Netherlands-based Quinfox was founded in 1998 has specialised on providing Hosted Desktop, Application Hosting and Professional Services. The company, which has 20 staff, specialises in working with organisations in the healthcare, public sector and accountancy sectors, and counts some big names in its customer base, including Danone, Baker Tilly Berk, Jeroen Bosch Hospital, and the province North-Brabant and the municipality ‘s-Hertogenbosch.

Quinfox’s founders, Huub van den Bosch and Geert Mossink, will be closely involved with the newly-acquired company to capitalise on the growth opportunities it will bring. Geert Mossink retains an important management position within the organisation, serving as Service Director.

With an ambitious growth strategy, the Claranet Group has grown steadily in Europe over the past five years, both organically and by acquisition. The Group has annual revenues of over £325 / €370 million, employs more than 2,000 staff and works with over 6500 customers across the UK, France, Germany, Spain, Portugal, The Netherlands, Italy, and Brazil.

Commenting on the acquisition, Wiebe Nauta, Managing Director of Claranet Benelux, said:

The collaboration with Quinfox gives Claranet the opportunity to strengthen its position in the Dutch market. We now have more than 125 employees in the Netherlands, a turnover of €20 million and one of the widest IT portfolios in the country. Much like Claranet, Quinfox has cultivated excellent and long-lasting relationships with its customers, making it a great fit culturally. In the coming period we therefore, plan to keep the existing operation intact and focus on synergetic benefits of joining forces. This is great news for customers, who will benefit from our combined expertise and a wider range of services. “

Geert Mossink, co-founder of Quinfox, commented:

We are delighted to join forces with Claranet. Being part of a larger organisation with a broad portfolio of IT capabilities provides us with various benefits, giving us the opportunity to grow and provide our customers with access to more innovative services. We can now take far-reaching steps with optimum security and flexibility in our services.”

Huub van den Bosch, Quinfox’s co-founder, added:

Claranet is one of the most established and well-respected IT services providers in Europe and has a very strong footprint in the Netherlands. In our continuously growing market that is subject to constant change, it is important that we have the right resilience to maintain our position.”

Nation state-backed cyberattacks may take headlines, but the risk from everyday hackers remains most prominent

Actions of national agencies may lead to fear amongst businesses, but leaders must remain wise to the more common threats.

Last week, the UK government accused Russia’s GRU intelligence service of perpetrating four high-profile cyberattacks that took place over the last couple of years. While this latest development could lead to fears that nation states may threaten private businesses, it is important that companies do not lose sight of the biggest threat on their doorstep – the everyday hackers that carry out the majority of attacks they have to deal with.

Gary O’Leary-Steele, Technical Director at Claranet Cyber Security, said:

While nation state attacks make the news headlines, the complexity and frequency of attacks from all sources are on the rise, and attacks will often target the same vulnerabilities, whomever is behind the attack.

To ensure that they are adequately prepared to minimise the impact of cyberattacks, regardless of the perpetrator, organisations need to step up their vigilance across the board. This means implementing a cybersecurity strategy that emphasises not just reactively tackling incidents as they happen, but also adapting to the threat landscape by understanding how hackers think and work, and regularly testing your applications and infrastructure.”

Reactive data breach mitigation always has been and will continue to be crucial, but equally important is being able to understand the ways that hackers go about their business so that organisations can avoid being targeted in the first place, and can keep up with the rapid rate of change. In addition to increasingly sophisticated technical attacks, employees are regularly being exploited as a way into an organisation’s data, so security awareness training, including how to avoid phishing attacks, in addition to more detailed security training for developers and technical teams, must be a critical part of the protection employed.”

O-Leary-Steele concluded:

It would be foolish to ignore a growing prevalence of state-backed cyberattacks, but it’s crucial not to lose sight of the threat of independent actors, which will remain the most prominent danger for businesses for the foreseeable future. The volume and complexity of cyberattacks is rising substantially. As an example, over four in ten businesses (43%) experienced a cybersecurity breach or attack in the last 12 months, according to the Department for Digital, Culture, Media & Sport in its Cyber Security Breaches Survey 2018.

The best way for businesses to prepare for this is by making sure security measures are proactive as well as reactive, and regularly tested and reviewed. For most organisations, they will require the help of dedicated security experts to achieve this.”

Watch the full video below (sound required)

Claranet makes a significant leap on The Sunday Times Top Track 250

Claranet climbs 55 places in recognition of a successful year, cementing company’s position amongst fastest growing privately-owned businesses

Claranet has achieved the rank of 123rd in The Sunday Times Top Track 250 for 2018, rising 55 places from last year. Published on Sunday 7th October, the league table ranks the fastest-growing privately-owned businesses in the UK. Claranet’s placement in the league table for the third year in a row comes during a sustained period of growth.

Claranet has developed via acquisition and organic growth to become one of the leading providers of hosting and cloud, network, communications, and cybersecurity services to over 6,500 customers across nine countries (UK, US, France, Germany, Italy, Spain, Portugal, The Netherlands, and Brazil). Claranet supports these customers through IT consulting, managed services, and training.

In keeping with Claranet’s desire to maintain its momentum, 2018 has seen further moves to expand the company’s portfolio of services and capabilities. This was spearheaded by the acquisition of cloud and infrastructure specialist Union Solutions in May, which strengthened Claranet’s cloud consulting presence across the retail, legal, and financial sectors, and the Italian AWS experts XPeppers in September. Additionally, Claranet grew its group cybersecurity offering by acquiring global ethical hacking training and penetration testing experts NotSoSecure in July and combined this with previous acquisition of Sec-1 to create the global Claranet Cyber Security unit.

Charles Nasser, founder and CEO of Claranet, commented:

The IT services industry continues to be an important partner to UK business success, helping them win against increasing competition across the UK, Europe, and beyond. Despite a constantly evolving and ever competitive market, we have been able to consistently maintain our progress through acquisitions and organic growth. What began as an ISP 22 years ago is now an expert in the migration and running of critical applications and infrastructure 24/7, and our acquisition of NotSoSecure this year means our cybersecurity offering is more comprehensive than ever before.”

Despite our growth, we remain committed to developing the close, trusted relationships that our customers need to succeed in the long term and achieve their own market-leading results.”