Claranet News

Lack of IT security training is leaving businesses open to data breaches, says Claranet research

Both technical teams and general staff need more frequent guidance on recognising and dealing with cybersecurity threats.

New research by global technology services provider Claranet has revealed that six in ten organisations (61 per cent) believe that their general workforces need much more training in cybersecurity awareness. Somewhat alarmingly, 38 per cent of respondents said that their software development teams also need a great deal more training in this area, and 29 per cent said the same is required for IT operations teams. This evidence underlines how much more needs to be done – even within technical teams – to eliminate this skills shortage and bring internal cyber awareness levels up to a point where threats can be effectively countered.

The survey was carried out by Vanson Bourne and surveyed 100 IT decision-makers from a range of UK businesses with more than 1,000 employees. According to the findings, 61 per cent of general staff have not had full IT security training. This figure is lower for software development teams (38 per cent) and IT operations teams (29 per cent), but shows that training coverage is still by no means comprehensive.

For Neil Thomas, Group Security Services Director at Claranet, this shows how businesses need to do more to increase their training capabilities and reduce the potential for human error to lead to costly data breaches.

Thomas said:

Most business leaders are aware of the need for effective cybersecurity measures to counter the constantly evolving threat landscape, but this research shows that efforts to train staff still haven’t been as effective as they could be. This is critical for all technical teams but general awareness across all business functions is also extremely important.”

The findings from the research also suggest that there is a disconnect between the faith that businesses have in their cybersecurity technology and their general awareness of the organisation’s security risk profile it is there to protect. 84 per cent of respondents said that they have confidence in their breach detection systems if company data is compromised. However, over a third (36 per cent) said that their organisation’s IT security risk profile is not well understood.

For Thomas, this suggests that some companies may be relying too heavily on technology to handle the cybersecurity burden:

It’s well-known that human error is a leading cause of data breaches. It’s insufficient to expect protection and detection technologies and services to do all the work while staff training falls short. It’s therefore crucial that all employees are fully aware of security risks. And special attention must be paid to software development and IT operations who need a more detailed understanding specific to their roles. Not only does upskilling technical staff result in an improvement in security posture, it can also lead to closer collaboration across the Development, Operations, and Security teams.”

As one of the leading training providers at the Black Hat cybersecurity conferences, we have the expertise to work closely with our customers to improve in-depth security technical awareness and skills. We use Classroom learning and labs for this but now, through a new partnership that we’re announcing with Global Learning Systems, this support has expanded with a wide range of security awareness online training products and services. By combining these two options, we can now provide more effective training solutions.”

Global Learning Systems CEO, Larry Cates, said of the partnership:

Organisations are recognising that building a true cybersecurity culture requires a continuous and comprehensive learning programme. They need multi-modal, role-specific training for every facet of their business, which is why Claranet and Global Learning Systems have joined forces.”

Thomas concluded:

Getting the right technology infrastructure and testing procedures in place is clearly a fundamental part of protecting businesses from cyber-attacks. But businesses should also remember the human element, and that’s why effective training is a crucial part of the mix.”

Claranet makes a significant leap on The Sunday Times Top Track 250 for the second year running to reach 45th place

Claranet climbs 78 places in 2019 through organic growth, cementing their position among Britain’s fastest-growing privately-owned businesses.

Technology services provider Claranet has achieved the rank of 45th place in The Sunday Times Top Track 250 for 2019, rising 78 places from last year and 133 places since 2017. Published yesterday, Sunday 6th October, the league table ranks the fastest-growing privately-owned businesses in the UK. Claranet’s placement in the league table for the third year in a row comes during a sustained period of growth.

Established in the UK in 1996, Claranet has developed via acquisition and organic growth to become one of the leading providers of integrated Hybrid Cloud, Networks, Managed Cyber Security, and Unified Communications services to over 6,500 customers across multiple countries (UK, US, France, Germany, Italy, Spain, Portugal, Benelux, and Brazil). Claranet supports these customers through a wide range of IT managed services, professional services, and training.

This year Claranet’s international growth strategy has delivered a £49 million revenue increase (up 15% on its previous financial year) to £373m. This follows moves to consolidate the company’s portfolio of services and capabilities following key acquisitions in 2017 and 2018.

Charles Nasser, founder and CEO of Claranet, commented:

Our mainly organic growth this year is due to our wider portfolio of services, international presence, and our credibility to deliver for our customers. This has resulted in Claranet becoming increasingly relevant to new mid-market, large, and enterprise customers and we have invested in staff, technology, and key strategic partnerships throughout the year to deliver this successful growth in revenue and gross profit.”

For example, a new portfolio of services we have focused on is Managed Cyber Security, which is a significant business requirement for all of our customers and an area where we have developed considerable expertise. This follows the acquisition of global ethical hacking training and penetration testing experts, NotSoSecure, last year and the acquisition of Sec-1 in the UK in 2017.”

Further consolidation opportunities continue to be found in many of the countries in which Claranet operates. Two examples are the 2018 acquisitions of Xpeppers (AWS experts in Italy) and Quinfox (Hosting experts in the Netherlands). Throughout 2019 the focus has been on establishing the continuous development of capability across the Group.

Nasser continued:

Despite our growth, we remain committed to developing the close, lasting relationships that our customers need to modernise their businesses, succeed in the long term, and achieve their own market-leading results. Our priority is always to become a trusted partner.”

Majority of UK businesses are failing to address technical debt, says Claranet research

Work needs to be done to better manage technical debt levels and reduce the barriers to change and improvement.

New research by technology services provider Claranet has revealed that technical debt is a significant issue for 84 per cent of organisations – limiting their ability to respond quickly to customer demand with new software feature releases. This figure shows that despite tech debt being a very common issue, business leaders have not yet taken the necessary steps to manage this. The result is a significant drag on business agility and competitiveness.

The research was carried out by Vanson Bourne and surveyed 100 IT decision-makers from UK-based businesses with more than 1,000 employees. Despite widespread recognition of tech debt challenges, more than eight in ten respondents (84 per cent) do not have an active reduction programme in place, and close to a fifth (19 per cent) want to reduce their legacy technology but do not have a clear plan of action on how to do this.

For Michel Robert, Managing Director at Claranet UK, this highlights how more needs to be done to effectively address the issue.

He said:

Limiting technical debt is all about maintaining the quality of your code. Poor quality can lead to systems that are difficult, time-consuming, and expensive to change and potentially less secure. That’s not a position any business wants to find itself in, especially when fast, iterative improvements are often needed to serve customers most effectively.

With many companies now working to a complex Hybrid Cloud strategy and starting to benefit from an Infrastructure as Code approach, the issue of technical debt goes beyond the development team.”

Our research has shown that many businesses are severely restrained by technical debt, and a big reason for this appears to be that many non-technical staff are unaware of the time and effort that needs to go into refactoring applications and resources at a later date. There’s a clear need to raise awareness in this area and to also encourage closer collaboration between technical teams working in Development, Operations, and Security, and to state the business case for non-technical colleagues.”

This lack of awareness is confirmed by the finding that almost half of respondents (48 per cent) said their non-technical colleagues do not understand the financial impact that technical debt can have on the organisation, with 45 per cent reporting they only have a rudimentary understanding of the concept.

Robert added:

There’s clearly a significant disconnect between the technical teams and the wider business when it comes to understanding the importance of maintaining the quality of code and how to manage it. Part of the solution to this problem is to create a quality-focused culture.”

He concluded:

Adopting a philosophy like DevSecOps, and taking an “as-code” approach to security and infrastructure, can help unite teams around a common purpose of maintaining quality systems. Do it right and businesses will be in a better position to quickly adapt to market conditions, stay secure, and build a stronger competitive advantage.”

Retailers need to start infrastructure preparations now to strike gold this Golden Quarter, says Claranet

Claranet issues warning to retailers to start making preparations now or risk losing customers.

Black Friday and Cyber Monday have become a fixture in the British retail calendar, and a much-needed boost to sales. As we reach the halfway point of 2019, Claranet has urged retailers to start preparing, stress-testing, and optimising their infrastructure now to ensure that they can withstand sudden surges in traffic in this year’s Golden Quarter.

Consumer spending on Black Friday and Cyber Monday continues to grow year on year; growth that is driven in large part by online spending, with many consumers opting to grab their bargains from the comfort of their own homes. Last year, UK consumers spent £1.49bn on online retail sites during Black Friday, a 7.3 percent increase from the previous year.

However, despite numerous high profile examples of Black Friday-related website outages in recent years, last year a number of retailers found that ecommerce platforms were straining under the pressure even before the main shopping event had begun. For some, this meant employing queuing technologies to cope with demand, which restricted access, hit sales and had a negative impact on customer satisfaction.

John Hayes-Warren, Head of Retail at Claranet, said:

Events like Black Friday and Cyber Monday play a huge role in increasing sales for retailers. They give an opportunity for smaller retailers to attract new customers, while allowing larger retailers to shift stock they have been sitting on. However, this rise in sales activity requires businesses to have the right back end systems to cope with large amounts of consumers accessing their eCommerce platforms. Despite this, we’re still seeing a number of problems being experienced by retailers.”

These are the sorts of issues retailers can ill afford, so now is the time for businesses to start capacity planning to gauge if their channels will cope with rapid surges in traffic, maintain page load times, and avoid web crashes. Black Friday and Cyber Monday are firm dates in the calendar, but flash sales on the back of social media influencer marketing are also a potential stress-point for retail websites.”

For Hayes-Warren, hybrid cloud is a natural solution to these challenges. However, cloud migration can be a complex process and not simply a case of lifting and shifting existing IT infrastructure. With this in mind, he suggests retailers need to move now if they are to make it in time for the 2019 Golden Quarter:

Cloud enables retailers to rapidly add more capacity and scale up as the amount of web traffic increases, which strengthens overall IT resilience and means businesses are adequately prepared for sudden bursts in activity. If this is coupled with a flat pricing structure that stays the same even in periods of peak demand, retailers have a predictable and cost-effective way to guarantee zero downtime.”

The most forward-thinking retailers are those who understand the need to reengineer their digital estates so that they can take advantage of these scalable technologies.”

Hayes-Warren concluded:

We now live in an age where customers expect a faultless online experience. When many wake up in the early hours of the morning on Black Friday, the last thing they want to experience is an error message pop up on their screen or the frustration of a painfully slow website. Preparation is key to getting the best out of the Golden Quarter: retailers who take the time to enhance their infrastructure and carry out all the necessary testing well before this period will be the ones that emerge as the big winners.”

Claranet achieves AWS Digital Customer Experience Competency status

Global technology services provider Claranet has announced that it has achieved Amazon Web Services (AWS) Digital Customer Experience Competency status.

This designation recognises that Claranet provides proven technology and expertise to help Digital Customer Experience customers by providing end-to-end solutions for all phases of the digital customer acquisition and retention lifecycle. These include content management and marketing automation to engage prospects and customers with the right experience, effective and secure commerce solutions to create a seamless buying experience, and data analytics solutions to support decisions and retain customers.

Achieving the AWS Digital Customer Experience Competency confirms Claranet’s position as an AWS Partner Network (APN) member, providing specialised technical proficiency and proven customer success with a specific focus on workloads based on content management, marketing automation, digital commerce and/or consulting practice. To receive the designation, APN Partners must possess deep AWS expertise and be able to deliver solutions seamlessly on AWS.

Charles Nasser, founder and CEO of Claranet, said:

We’re proud to have achieved AWS Digital Customer Experience Competency status. We’re committed to helping our customers achieve their technology goals by making the most of the agility, breadth of services and pace of innovation that AWS provides, and this recognition is indicative of our dedication in this respect.”

AWS enables scalable, flexible and cost-effective IT solutions for companies of all sizes, ranging from startups to global enterprises. To support the seamless integration and deployment of these solutions, AWS established the AWS Competency Program to help customers identify Consulting and Technology APN Partners with deep industry experience and expertise.

In recent months, Claranet worked with fast-fashion brand Oh Polly to assist its migration to AWS, as part of the company’s bid to overhaul its IT estate and address the issues it was encountering with its previous hosting solution.

Commenting on the project, Mike Branney, Managing Director at Oh Polly, said:

After some deliberation, we recognised that a cloud solution hosted in AWS would help address the load, flexibility and adaptability issues we were experiencing. We knew that Claranet has a positive track record with similar fast-fashion brands, making them a clear choice in helping us migrate to AWS. We were immediately impressed with Claranet’s understanding of the platform, as well as the wide range of expertise and skills they were able to show from day one.”

Claranet named in Gartner’s Magic Quadrant for Data Center Outsourcing and Hybrid Infrastructure Managed Services, Europe for second year

Claranet has been positioned in Gartner’s Magic Quadrant for “Data Center Outsourcing and Hybrid Infrastructure Managed Services, Europe” (DCO/HIMS), for the second successive year.

In this Magic Quadrant, Gartner analyses the ability to execute and completeness of vision of 20 DCO/HIMS providers and their cloud service offerings, worth more than $23 billion in annual revenue in Europe. We believe this reflects the steps that Claranet is taking to provide the right combination of services to help businesses transform their operations, stay secure, and quickly adapt to changing customer needs.

Commenting on the company’s placement in the Magic Quadrant, Charles Nasser, CEO of Claranet, said:

We are very pleased to be recognised in this 2019 Gartner Magic Quadrant for the second year in a row and believe this underlines the progress we have made in growing our business. We have invested heavily in hiring the best expertise and use automation to transform our customers’ operations.”

Over the last year we have also continued to broaden our skills in cybersecurity, encapsulated by our acquisition of global penetration testing and ethical hacking training experts NotSoSecure in July 2018. Since then, we have consolidated our security expertise by forming the Claranet Cyber Security unit. This has been coupled with sustained activity to further build our existing partnerships and closely integrate our hybrid cloud, cybersecurity, and network services.”

We are committed to our status as one of only five companies in the world that has the highest audited MSP certifications from AWS, Google, and Microsoft. This highlights the depth and breadth of our expertise that is instrumental in driving the growth of our hybrid cloud practice and delivering superior results for our customers,” he continued.”

The Gartner Magic Quadrant assessment offers in-depth reviews of markets and vendor offerings, enabling users to map vendor strengths and weaknesses against their current and future needs. Gartner evaluates technology providers on both completeness of vision and the ability to execute using a series of weighted criteria.

Nasser concluded:

“Our mission is to help organisations make the most of current and emerging technologies and practices, by providing unmatched expert local service. Our aim is to offer a different way of data centre outsourcing that supports our customers as their requirements evolve. It’s also about the calibre of our people that ensures our customers experience efficient, trouble-free migrations and the right ongoing management of their applications.”

For more information about the Magic Quadrant:

button_click-here.png

Half of businesses lack skills needed to effectively manage cloud security, says Claranet research

Migration to hyperscale providers is commonplace, but disconnect between cloud adoption and awareness of cloud security remains.

A new survey by global technology services provider Claranet has found that half of UK businesses do not have full in-house capability to manage security in the cloud. This is despite the fact that cloud adoption is now commonplace in the majority of organisations, and is showing no signs of abating. The findings illustrate how many companies have still not found an effective way to marry the full benefits of cloud with a comprehensive cybersecurity strategy.

The research was carried out by Vanson Bourne and surveyed 100 IT decision-makers from UK-based organisations with more than 1,000 employees. 50 per cent of those polled said that they do not have the skills in-house to manage cloud security, with 52 per cent saying that they have incomplete awareness of how their organisation’s security posture in the cloud affects their overall IT security. This is despite the fact that 79 per cent of businesses have either already migrated application workloads to hyperscale cloud providers, or are currently in the process of doing so.

Commenting on the findings, Sumit (Sid) Siddarth, Director at Claranet Cyber Security said:

Businesses that have not engaged with cloud in some way are now few and far between, with hyperscalers having established a dominant position in the cloud market. Organisations are making significant progress with planning and carrying out these migrations, but our research has shown that there’s a very real danger of security being left behind as part of this process.”

The self-provisioning aspects of public cloud are beneficial in many ways, but they can also lure businesses into a false sense of security. The big hyperscalers have a lot of sensible defaults to help guard against threats, but if internal IT teams without the requisite skills create these environments themselves, mistakes can still occur. We have already seen a number of security breaches due to insecure permissions set on cloud storage, be it S3 buckets or Azure blobs. Other examples include attackers compromising cloud infrastructure to spin up bitcoin mining rigs.”

To help plug this gap in in-house skills, Siddarth believes that businesses need to re-evaluate their approaches to both cloud and security, and make sure that they consider both as being part of the same IT ecosystem, rather than being separate challenges that are tackled independently of one another. This should include efforts to upskill in-house staff, and also the formation of collaborative partnerships with external experts who are well-versed in the specifics of secure cloud migration.

He added:

Migrating to cloud is often a complex process, so it’s important to invest a lot of manpower in it. However, there should be no excuse for neglecting security considerations, especially given the current threat landscape and the fact that hackers are seeing cloud as an increasingly lucrative target. Working with partners can be hugely advantageous here, as they can bring the added expertise needed to work through the more complex aspects of secure cloud migration, such as developing infrastructure as code to guard against mistakes being made.”

Also key to addressing this skills gap in the long term is engaging with third parties to implement holistic training programmes focusing on the unique challenges and intricacies of cloud security. By investing in this area, businesses can ensure that they build applications that are fully cloud-ready from the outset, and foster a philosophy which incorporates security into any cloud migration activity.”

Siddarth concluded:

Cloud’s continued rise is inexorable, so it’s important that organisations act now to shore things up from a security perspective. With the right focus on raising skill levels and sealing gaps in knowledge, this is very much a realistic aim.”

Claranet Builds on Google Cloud MSP Initiative

Claranet, today announced that it has deepened their standing in the Google Cloud MSP Initiative as a premier partner, giving Google Cloud customers the ability to drive more value from their Google Cloud investment.

As a Google Cloud Managed Services Provider, Claranet offers customers mature technical support operations with robust lifecycle services helping them to learn, grow and scale.

Key features include:

  • 24/7 Support
  • FinOps – Optimisation of customers’ cost profiles
  • CloudOps – Transformation across customers’ internal teams, technology and resources

Tanaz Gould, Consultancy Director at Claranet, commented:

Google Cloud is a strategically-important partner for us and our rapidly-growing cloud practice, and, as such, we are delighted to be part of Google Cloud’s updated MSP program. Our increasingly-close links with the team at Google Cloud, and their ongoing support and training, have been integral to our success with Google Cloud Platform and ensuring that we can continue to help our customers do amazing things. We have secured a spate of new business wins in 2018, seeing our Google Cloud-linked pipeline increase by 250%, and we see no reason why we can’t achieve the same rate of growth again in 2019.”

For more information about Claranet’s Google Cloud Platform consulting and managed services, visit: https://www.claranet.co.uk/hosting/google-cloud-platform-consulting-and-managed-services.

Claranet Wins Google Cloud EMEA Breakthrough Partner of the Year Award

Claranet has received the 2018 Google Cloud EMEA Breakthrough Partner of the Year award. This award was presented at the Partner Summit at Google Cloud Next’19 in San Francisco, and comes in recognition of Claranet’s expertise and success with Google Cloud Platform (GCP).

Claranet was recognised for the company’s achievements in the Google Cloud ecosystem, helping joint customers to take advantage of the transformational benefits of GCP, leverage Google Cloud’s advanced data toolsets and achieve competitive advantage. The award follows a year of heavy investment by Claranet in its GCP capabilities, in which it doubled its GCP-focused team, collected a raft of new GCP certifications, and developed more strategic ties with Google Cloud’s Tech, Media and Telco (TMT) team. As a result of these efforts, Claranet secured a spate of new business wins in 2018 and saw its Google Cloud-linked sales pipeline increase by 250%.

Tanaz Gould, Consultancy Director at Claranet, commented:

Google Cloud is a strategically-important partner for us and our rapidly-growing cloud practice, and, as such, we are delighted to be named Google Cloud’s 2018 EMEA Breakthrough Partner of the Year. Our increasingly-close links with the team at GCP, and their ongoing support and training, have been integral to our success with the platform and ensuring that we can continue to help our customers do amazing things.”

Carolee Gearhart, Vice President, Worldwide Channel Sales at Google Cloud, said:

We’re thrilled to recognise Claranet as the Google Cloud 2018 EMEA Breakthrough Partner of the Year. Claranet has proven their expertise in Google Cloud and has demonstrated their commitment to customer success over the past year. We’re excited to keep building our partnership with Claranet as more and more customers look to our ecosystem to help them succeed in the cloud.”

For more information about Claranet’s Google Cloud Platform consulting and managed services, visit: https://www.claranet.co.uk/hosting/google-cloud-platform-consulting-and-managed-services.

Businesses opening up to security risks by failing to gain grasp of DevSecOps

DevOps approaches have become a fixture in most businesses, but integration with security operations is lagging behind.

New research commissioned by global technology services provider Claranet has found that 88 per cent of UK businesses have either adopted a DevOps approach or plan to adopt one in the next couple of years. Despite this, fewer than one in five (19 per cent) are fully confident in their ability to integrate security into this philosophy – also known as DevSecOps. This underlines the potential data security risks that businesses are creating for themselves – especially given how DevOps tends to outpace traditional security controls – and the work that needs to be done within IT departments to embed and automate security best practices into the entire DevOps lifecycle.

The research, conducted by market research firm Vanson Bourne, included 300 respondents from businesses in both the UK and USA. It found that just under half (47 per cent) of UK organisations have adopted a DevOps approach, with an additional 41 per cent planning to make this a reality in the next couple of years, indicating that DevOps is becoming a de facto way of working for many IT departments.

However, when considered alongside the fact that a fifth of organisations doubt their capability to deliver DevSecOps, it becomes clear that there is a significant disconnect between DevOps capabilities and DevSecOps readiness. This lack of full emphasis on security as part of the DevOps process could lead to data security issues further down the line.

Commenting on the findings, Sumit (Sid) Siddarth, Director at NotSoSecure (a Claranet Group company) said:

Embracing DevOps is clearly at the forefront of the minds of the majority of IT leaders across the UK, which provides some cause for encouragement. But the overall lack of integration of security best practices into this process shows that, for many businesses, security is still being considered as something that is administered separately to the development lifecycle, rather than incorporated into it from end to end.”

Given the frequent development cycles that are an inherent characteristic of DevOps, seeing security as a separate entity can slow processes down and reduce efficiency, which either compromises the agility which is so central to any DevOps philosophy, or leads to windows where vulnerabilities can be released and won’t be spotted until the next security testing cycle.”

To remedy this issue and help the IT department to effectively transition to a DevSecOps approach, Siddarth believes that training of staff throughout the IT department is essential, as is the adoption of new approaches to security testing and continuous monitoring and analytics throughout the DevOps lifecycle, whether this be in planning, coding, pre-production or decommissioning. To do this, businesses should be willing to enlist the expertise of third parties who are well-versed in meeting the DevSecOps challenge.

Sid added:

While the benefits of DevSecOps are clear, actually making it a reality is a complex process that can’t be completed overnight. Working out how to implement and automate application security – such as continuous monitoring and static analysis – within existing CI/CD pipelines takes time and effort, so it’s important that organisations receive in-depth guidance in how to make this happen. Furthermore, newer approaches to security testing, such as continuous security testing, need to be used to ensure any testing approach is keeping up with the rate of change DevOps approaches allow for.”

Sid concluded:

This guidance should be tailored to everyone involved in the DevSecOps process. Development teams need to be trained in order to heighten their security awareness and figure out how they can work with their security-focused colleagues, and security personnel will benefit from learning how their role fits within the wider DevOps ecosystem. If these formerly disparate components can be brought together, an effective DevSecOps philosophy will follow as a matter of course.”

Claranet offers training courses in DevSecOps, with a session in Leeds scheduled for 25th March, and has developed its new Continuous Security Testing services to complement its existing Penetration Testing services.

More information on the Leeds session can be found by clicking here.