Author: Jay Fearn

Half of businesses lack skills needed to effectively manage cloud security, says Claranet research

Migration to hyperscale providers is commonplace, but disconnect between cloud adoption and awareness of cloud security remains.

A new survey by global technology services provider Claranet has found that half of UK businesses do not have full in-house capability to manage security in the cloud. This is despite the fact that cloud adoption is now commonplace in the majority of organisations, and is showing no signs of abating. The findings illustrate how many companies have still not found an effective way to marry the full benefits of cloud with a comprehensive cybersecurity strategy.

The research was carried out by Vanson Bourne and surveyed 100 IT decision-makers from UK-based organisations with more than 1,000 employees. 50 per cent of those polled said that they do not have the skills in-house to manage cloud security, with 52 per cent saying that they have incomplete awareness of how their organisation’s security posture in the cloud affects their overall IT security. This is despite the fact that 79 per cent of businesses have either already migrated application workloads to hyperscale cloud providers, or are currently in the process of doing so.

Commenting on the findings, Sumit (Sid) Siddarth, Director at Claranet Cyber Security said:

Businesses that have not engaged with cloud in some way are now few and far between, with hyperscalers having established a dominant position in the cloud market. Organisations are making significant progress with planning and carrying out these migrations, but our research has shown that there’s a very real danger of security being left behind as part of this process.”

The self-provisioning aspects of public cloud are beneficial in many ways, but they can also lure businesses into a false sense of security. The big hyperscalers have a lot of sensible defaults to help guard against threats, but if internal IT teams without the requisite skills create these environments themselves, mistakes can still occur. We have already seen a number of security breaches due to insecure permissions set on cloud storage, be it S3 buckets or Azure blobs. Other examples include attackers compromising cloud infrastructure to spin up bitcoin mining rigs.”

To help plug this gap in in-house skills, Siddarth believes that businesses need to re-evaluate their approaches to both cloud and security, and make sure that they consider both as being part of the same IT ecosystem, rather than being separate challenges that are tackled independently of one another. This should include efforts to upskill in-house staff, and also the formation of collaborative partnerships with external experts who are well-versed in the specifics of secure cloud migration.

He added:

Migrating to cloud is often a complex process, so it’s important to invest a lot of manpower in it. However, there should be no excuse for neglecting security considerations, especially given the current threat landscape and the fact that hackers are seeing cloud as an increasingly lucrative target. Working with partners can be hugely advantageous here, as they can bring the added expertise needed to work through the more complex aspects of secure cloud migration, such as developing infrastructure as code to guard against mistakes being made.”

Also key to addressing this skills gap in the long term is engaging with third parties to implement holistic training programmes focusing on the unique challenges and intricacies of cloud security. By investing in this area, businesses can ensure that they build applications that are fully cloud-ready from the outset, and foster a philosophy which incorporates security into any cloud migration activity.”

Siddarth concluded:

Cloud’s continued rise is inexorable, so it’s important that organisations act now to shore things up from a security perspective. With the right focus on raising skill levels and sealing gaps in knowledge, this is very much a realistic aim.”

Claranet Builds on Google Cloud MSP Initiative

Claranet, today announced that it has deepened their standing in the Google Cloud MSP Initiative as a premier partner, giving Google Cloud customers the ability to drive more value from their Google Cloud investment.

As a Google Cloud Managed Services Provider, Claranet offers customers mature technical support operations with robust lifecycle services helping them to learn, grow and scale.

Key features include:

  • 24/7 Support
  • FinOps – Optimisation of customers’ cost profiles
  • CloudOps – Transformation across customers’ internal teams, technology and resources

Tanaz Gould, Consultancy Director at Claranet, commented:

Google Cloud is a strategically-important partner for us and our rapidly-growing cloud practice, and, as such, we are delighted to be part of Google Cloud’s updated MSP program. Our increasingly-close links with the team at Google Cloud, and their ongoing support and training, have been integral to our success with Google Cloud Platform and ensuring that we can continue to help our customers do amazing things. We have secured a spate of new business wins in 2018, seeing our Google Cloud-linked pipeline increase by 250%, and we see no reason why we can’t achieve the same rate of growth again in 2019.”

For more information about Claranet’s Google Cloud Platform consulting and managed services, visit: https://www.claranet.co.uk/hosting/google-cloud-platform-consulting-and-managed-services.

Claranet Wins Google Cloud EMEA Breakthrough Partner of the Year Award

Claranet has received the 2018 Google Cloud EMEA Breakthrough Partner of the Year award. This award was presented at the Partner Summit at Google Cloud Next’19 in San Francisco, and comes in recognition of Claranet’s expertise and success with Google Cloud Platform (GCP).

Claranet was recognised for the company’s achievements in the Google Cloud ecosystem, helping joint customers to take advantage of the transformational benefits of GCP, leverage Google Cloud’s advanced data toolsets and achieve competitive advantage. The award follows a year of heavy investment by Claranet in its GCP capabilities, in which it doubled its GCP-focused team, collected a raft of new GCP certifications, and developed more strategic ties with Google Cloud’s Tech, Media and Telco (TMT) team. As a result of these efforts, Claranet secured a spate of new business wins in 2018 and saw its Google Cloud-linked sales pipeline increase by 250%.

Tanaz Gould, Consultancy Director at Claranet, commented:

Google Cloud is a strategically-important partner for us and our rapidly-growing cloud practice, and, as such, we are delighted to be named Google Cloud’s 2018 EMEA Breakthrough Partner of the Year. Our increasingly-close links with the team at GCP, and their ongoing support and training, have been integral to our success with the platform and ensuring that we can continue to help our customers do amazing things.”

Carolee Gearhart, Vice President, Worldwide Channel Sales at Google Cloud, said:

We’re thrilled to recognise Claranet as the Google Cloud 2018 EMEA Breakthrough Partner of the Year. Claranet has proven their expertise in Google Cloud and has demonstrated their commitment to customer success over the past year. We’re excited to keep building our partnership with Claranet as more and more customers look to our ecosystem to help them succeed in the cloud.”

For more information about Claranet’s Google Cloud Platform consulting and managed services, visit: https://www.claranet.co.uk/hosting/google-cloud-platform-consulting-and-managed-services.

Businesses opening up to security risks by failing to gain grasp of DevSecOps

DevOps approaches have become a fixture in most businesses, but integration with security operations is lagging behind.

New research commissioned by global technology services provider Claranet has found that 88 per cent of UK businesses have either adopted a DevOps approach or plan to adopt one in the next couple of years. Despite this, fewer than one in five (19 per cent) are fully confident in their ability to integrate security into this philosophy – also known as DevSecOps. This underlines the potential data security risks that businesses are creating for themselves – especially given how DevOps tends to outpace traditional security controls – and the work that needs to be done within IT departments to embed and automate security best practices into the entire DevOps lifecycle.

The research, conducted by market research firm Vanson Bourne, included 300 respondents from businesses in both the UK and USA. It found that just under half (47 per cent) of UK organisations have adopted a DevOps approach, with an additional 41 per cent planning to make this a reality in the next couple of years, indicating that DevOps is becoming a de facto way of working for many IT departments.

However, when considered alongside the fact that a fifth of organisations doubt their capability to deliver DevSecOps, it becomes clear that there is a significant disconnect between DevOps capabilities and DevSecOps readiness. This lack of full emphasis on security as part of the DevOps process could lead to data security issues further down the line.

Commenting on the findings, Sumit (Sid) Siddarth, Director at NotSoSecure (a Claranet Group company) said:

Embracing DevOps is clearly at the forefront of the minds of the majority of IT leaders across the UK, which provides some cause for encouragement. But the overall lack of integration of security best practices into this process shows that, for many businesses, security is still being considered as something that is administered separately to the development lifecycle, rather than incorporated into it from end to end.”

Given the frequent development cycles that are an inherent characteristic of DevOps, seeing security as a separate entity can slow processes down and reduce efficiency, which either compromises the agility which is so central to any DevOps philosophy, or leads to windows where vulnerabilities can be released and won’t be spotted until the next security testing cycle.”

To remedy this issue and help the IT department to effectively transition to a DevSecOps approach, Siddarth believes that training of staff throughout the IT department is essential, as is the adoption of new approaches to security testing and continuous monitoring and analytics throughout the DevOps lifecycle, whether this be in planning, coding, pre-production or decommissioning. To do this, businesses should be willing to enlist the expertise of third parties who are well-versed in meeting the DevSecOps challenge.

Sid added:

While the benefits of DevSecOps are clear, actually making it a reality is a complex process that can’t be completed overnight. Working out how to implement and automate application security – such as continuous monitoring and static analysis – within existing CI/CD pipelines takes time and effort, so it’s important that organisations receive in-depth guidance in how to make this happen. Furthermore, newer approaches to security testing, such as continuous security testing, need to be used to ensure any testing approach is keeping up with the rate of change DevOps approaches allow for.”

Sid concluded:

This guidance should be tailored to everyone involved in the DevSecOps process. Development teams need to be trained in order to heighten their security awareness and figure out how they can work with their security-focused colleagues, and security personnel will benefit from learning how their role fits within the wider DevOps ecosystem. If these formerly disparate components can be brought together, an effective DevSecOps philosophy will follow as a matter of course.”

Claranet offers training courses in DevSecOps, with a session in Leeds scheduled for 25th March, and has developed its new Continuous Security Testing services to complement its existing Penetration Testing services.

More information on the Leeds session can be found by clicking here.

Claranet named in The Sunday Times International Track 200 for third consecutive year

Technology services provider moves up to 38th place in rankings of the UK’s fastest growing privately-owned businesses in the mid-market

Technology services provider Claranet has been ranked 38th in The Sunday Times International Track 200 for 2019. Published on Sunday 10th February, the league table ranks the 200 privately owned companies in Britain with the fastest-growing international sales over the last two years. This placement marks a third straight year of improvement, with Claranet appearing in 69th spot last year and 170th spot in 2017, and complements the company’s third consecutive appearance in the Sunday Times Top Track 250 in October 2018.

In the financial year ending 30th June 2018, Claranet’s turnover grew by 49 per cent, further cementing the company’s position as one of the leading providers of technology services across Europe. Claranet currently delivers hybrid-cloud, network, communications and cyber security services to over 6,500 customers across nine countries in Europe, Brazil and most recently the US.

The company’s emphasis on sustained expansion has seen Claranet make three further acquisitions since July 2018. These include NotSoSecure, one of the world’s most respected security training and penetration testing firms, Italian DevOps specialist Xpeppers, and Dutch IT services provider Quinfox. The continuation of this strategy has been instrumental in further growing Claranet’s presence in its established and new regions, and helping the company evolve its portfolio and access to new customers.

Acquisitions, alongside organic growth, have seen Claranet’s revenues continue to grow significantly, with first quarter run rate revenue in FY19 standing at £350 million per year. This means Claranet is set to retain its position as one of the fastest growing UK businesses in its market.

Charles Nasser, founder and CEO of Claranet, commented:

The growth that we have seen over the course of the past year has been exceptional, and has come as a result of the progress we’ve made to consolidate our presence in the markets in which we operate and strengthen our service portfolio. We’re thrilled to have moved up the rankings in the International Track 200 once again, which is testament to our continued focus on innovation and the investments we have made in our capabilities, staff and partners.”

We’re now a leading expert in a wide range of IT services, closely supporting our customers and making sure they maximise the potential of new technologies. The formation of our cyber security unit is a prime example of this: combining the ethical hacking, penetration testing, managed security services and training expertise of Sec-1 and NotSoSecure has enabled us to make inroads into the rapidly growing IT security market, alongside all of our other capabilities.”

Charles concluded:

We’re looking forward to maintaining our emphasis on working closely with our customers, developing the collaborative, trusted relationships that are so important to their success in the long term.”

Claranet strengthens its Mobile Broadband service to meet growing demands for mobility

Enlarged mobile broadband data tariffs of up to 50GB to provide new flexibility to businesses who have high data usage requirements

Claranet has upgraded its Mobile Broadband offering with new data tariffs to meet the growing demand for mobile as the primary form of connectivity. With the newly-enlarged data plans of up to 50GB, businesses will be able to get new sites and mobile workers up and running on secure, high-speed broadband connections quickly, helping to accelerate their transformation efforts.

Claranet’s Mobile Broadband service is an over-the air-connectivity offering that has primary, backup and SIM only variants, with data plans ranging from 1GB to up to 50GB. The mobile connectivity can be deployed as a primary connection for a site or utilised as a backup connection for when a fixed line services fail. Claranet removes the IT administration and management effort by fully managing the service from procurement and configuration to providing ongoing support.

The mobile broadband service can directly integrate into MPLS networks, enabling new sites to be easily and quickly incorporated with corporate networks, removing the need for additional firewalls, hardware or licenses. This gives staff the freedom to work remotely while ensuring that IT departments can maintain control and the integrity of their data.

Dave Palmer, Head of Network Design at Claranet, commented:

With these upgrades we’re now able to offer much more flexibility to our customers who have higher data usage requirements, helping them to get new sites and staff connected to high-speed connectivity services quickly and easily, where ever they are. This is of particular benefit to industries with short deployment lead times, such as retail and construction, enabling them to start on-boarding, transacting, and carrying out digital processes at new locations sooner.”

In addition, the larger tariffs make our mobile broadband service a much more compelling and cost effective back-up solution, when compared to ADSL, FTTC and Ethernet. Should the primary line go down, our mobile broadband kicks in to gear immediately, giving our customer peace of mind that they can keep their businesses running no matter what.”

Claranet launches MPLS superfast broadband services across Ireland

Faster and more powerful internet connectivity will enable Irish businesses to take advantage of the latest technologies.

Irish businesses are being given a connectivity boost thanks to Claranet, who will be rolling out MPLS Superfast Broadband across the country. Expanding on its current MPLS Ethernet and Broadband offering, the new service will offer lightning fast speeds of up to 100Mbps, filling the gap between the existing broadband services which Claranet currently provides.

As cloud services and web applications become more popular and increasingly sophisticated, businesses are expecting their technology provider to offer higher bandwidth and faster download speeds. Claranet are looking to the future by rolling out a powerful and reliable MPLS network infrastructure that can cope with any technical requirements. The superfast broadband will be available to all businesses across Ireland and Claranet is expecting an extremely high demand for the new service.

Many large commercial organisations, especially those in retail and finance, are looking for enhanced network connectivity that can cope with continual fluctuations in usage and is capable of processing large volumes of data during times of peak demand. Claranet’s new MPLS Superfast Broadband will enable companies of all sizes to take advantage of the latest technologies and applications, including AI, chatbots, immersive AR and VR, which will improve their customer experience offering.

Smaller offices will also benefit from the new service, as additional sites can be easily incorporated into the company’s wider network estate while allowing applications such as Skype or video conferencing to be fully utilised. When coupled with Claranet Online, MPLS Superfast Broadband offers IT departments complete visibility of their entire digital network estate, including service details, the status of the connectivity and bandwidth utilisation.

Dave Palmer, Head of Network Design at Claranet UK, talked about the growing demand for improved network connectivity:

Businesses across the country are capitalising on the latest innovations, including cloud computing, Internet of Things and Artificial Intelligence which all depend on having a fast, powerful and reliable internet connection to operate effectively. Our MPLS Superfast Broadband service will empower Irish businesses to take advantage of these sophisticated technologies, enabling them to achieve their digital transformation objectives and vastly improve their customer experience offering.”

Claranet will offer a fully managed service and oversee the whole process, from installation to configuring the MPLS network, without having to purchase additional VPN hardware devices. It will also install a direct internet line for any business that does not have an existing connection so they can take advantage of the new service.

Claranet records strong growth in FY18 with 49% increase in global revenue

Organic growth and strategic acquisitions drive Claranet’s turnover to £321.6m for the year ended 30 June 2018, with a first quarter annualised run rate for FY19 of £350m.

Claranet, the global technology services provider, has released financial results for the year ended 30 June 2018, revealing a 49 per cent increase in turnover. A combination of organic and acquisitive growth saw Claranet Group’s revenues reach £321.6 million, up from £216.5 million in FY17, while Adjusted EBITDA hit £50 million, representing an increase of 29 per cent.

The Group’s ambitious growth strategy saw it acquire UK-based hosting infrastructure services company, Union Solutions in April 2018, further boosting its hosting transformation and Azure capabilities. The company also maintained its focus on integrating the three acquisitions completed in May 2017 (Sec-1, Oxalide, and ITEN Solutions) serving to drive further growth.

In addition, Claranet has made three subsequent acquisitions since July 2018: NotSoSecure, one of the world’s most respected security training and penetration testing firms, Italian DevOps specialist Xpeppers, and Dutch IT services provider Quinfox. Following these transactions its first quarter run rate revenue in FY19 stands at £350 million per year.

Cloud computing services comprise a critical part of the business, with the company positioned as a ‘Leader’ in Gartner’s “Magic Quadrant for Managed Hybrid Cloud Hosting, Europe” for five years running from 2013 until the final year of this Magic Quadrant in 2017. Moving ahead, Claranet continues to deepen its partnerships capabilities with AWS, Microsoft, and Google, and has also further diversified its portfolio of services recently with the launch of a new Cyber Security unit.

Commenting on Claranet’s performance, Charles Nasser, Founder and CEO of Claranet, said:

The growth that we have seen over the past financial year is exceptional. This is a result of the progress we’ve made to consolidate our presence in the markets in which we operate and strengthen our service portfolio. Claranet continues to innovate and the investments we have made in our capabilities, staff, and partners over the past year will ensure that we can continue to design, migrate, run, and support our customers’ broad range of infrastructure and applications on any public, private, or hybrid cloud environment. This is a key differentiator for the business and will enable us to continue to help our customers to get the best out of cloud services.”

Charles concluded:

Our strategy has also seen us make significant in-roads into the rapidly growing IT security market, which we believe is a huge opportunity for the business. By combining the ethical hacking, penetration testing, managed security services, and training expertise of Sec-1 and NotSoSecure in our dedicated Cyber Security unit, we have a strong platform on which we can pursue further growth and break into new markets.”

Todd Salmon joins NotSoSecure to drive US growth

Industry expert joins leading penetration testing and ethical hacking company to fuel continued expansion.

Leading ethical hacking and penetration testing company NotSoSecure, part of the Claranet Group, has announced the appointment of security industry veteran Todd Salmon as Executive Vice President (US) to expand North American operations. In his new role with NotSoSecure, Todd will be responsible for the day-to-day operations in the US, as well as supporting global collaboration within the Claranet Cyber Security portfolio.

Todd brings nearly three decades of executive leadership and management experience providing information security and technical solutions to all the major vertical markets, and he has a proven track record of building and running successful professional services organisations for both the public and private sectors.

Most recently, Todd was a partner in the start-up Stack Titan where he served as Chief Operations Officer. Prior to this he spent eight years as the Vice President of Optiv/FishNet Security’s Attack & Penetration Practice. During that time, Todd grew their Security Assessments line of business significantly.

The appointment follows the launch of Claranet’s Cyber Security unit, which combines the pioneering penetration testing and managed security service capabilities of Sec-1 and NotSoSecure, and the training competencies of NotSoSecure – one of the largest training partners of the globally acclaimed Black Hat conferences. The new unit ensures that the capabilities of both companies are aligned in a way that offers the best range of security services to customers within the existing Claranet footprint and around the world.

Commenting on the appointment, Dan Haagman, Director of Security Services at NotSoSecure said:

In all his prior roles Todd has led from the front and, as a result of his dedication to client satisfaction, tireless coaching and mentoring of colleagues, and laser focus on quality, he has left a track record of success everywhere he’s been. That is why I am delighted that he has joined NotSoSecure to help us grow our North American operations. We have already have a loyal and engaged customer base in the US but we believe we are just scratching the surface. Bringing Todd on board is a sign of our intent and belief that we are in a strong position to help more customers in the US with security testing, training, and managed services.”

Todd Salmon added:

Despite its relatively small size, NotSoSecure punches far above its weight in the pen testing and security training industry and its consultants are world-renowned for their expertise. I’m therefore excited to be joining NotSoSecure and the wider Claranet Cyber Security Services Group as we build the business while we continue to meet the evolving needs of our existing customers.”

Human error is to blame for poor cloud security, not the infrastructure itself, warns Claranet

Global technology services provider points to automation and fully-accredited partners as way to avoid cloud security vulnerabilities.

A lack of knowledge and an overreliance on manual change processes is leading many businesses to jeopardise the security of their cloud deployments, global technology services provider Claranet warns today.

The warning follows the launch of a report published by McAfee this week, which found that the average business has approximately 14 improperly configured IaaS instances running at any given time and roughly one in every 20 AWS S3 buckets are left wide open to the public internet. Additionally, researchers estimate that roughly 5.5. per cent of all AWS S3 storage instances are in a “world read” setting, allowing anyone who knows the address of the S3 bucket to see its contents.

Commenting on the findings, Steve Smith, Senior Site Reliability Engineer and AWS Team Lead at Claranet, said:

The cloud security challenges highlighted in this report have little to do with the platform itself, but everything to do with the people using it and, in our experience, people are the biggest weakness here. The major cloud providers like AWS set a lot of sensible defaults designed to support configuration – for example, S3 buckets are now private by default – but unfortunately, it’s very easy to get things wrong if you don’t know how to use the platform.”

We’ve seen many AWS configurations that end-user businesses have developed themselves or have worked with partners that don’t have the right experience, and, frankly, the configurations can be all over the place. When internal IT teams create these environments themselves, mistakes can occur when they don’t have the depth of knowledge or experience to follow best practice.”

A click of a button or slight configuration change can have a major impact on your security posture, so it’s important to get a firm grip of the access controls and have safeguards in place to catch mistakes before they hit the production environment.”

Developing infrastructure as code – effectively, templated scripts that will create infrastructure in any public cloud environment – helps here because it makes it more difficult for mistakes to occur. Any changes in the code need to be peer-reviewed in the development lifecycle, making it much less likely that errors will make it out to the production environment and ensuring that any changes can be tracked and audited. In addition, it’s also good practice to run that code from a centralised location – some kind of CICD server for example – so that only that machine can make configurations and that there’s no way to make changes manually.”

Steve concluded by stating that AWS’s Well-Architected Framework, a programme designed to help AWS users build the most-secure, high-performing, resilient, and efficient infrastructure for their applications, is a key way that users can secure peace of mind about their cloud deployments.

AWS has set up a review scheme, the AWS Well-Architected Framework, to help address these very issues and provide users with the assurance that everything is configured securely and as it should be. Qualified AWS partners can conduct comprehensive and free reviews of existing AWS architectures, checking things like access policies and change processes, and advise on the best way forward to safeguard security.”