Want to Be a Data Visionary? Change the Conversation

AdobeStock_121483111.jpeg

What do customers really want? What do they actually need?

If you’re like me, you’ve been trying to answer these questions every day for pretty much your entire professional career. Every conversation you have with a customer is an exercise in peeling the onion—listening to them, trying to understand their unique problems, and eventually getting to the core issues that they are looking for you to solve.

I’ll give you an example. How many times have you heard a customer ask, “Is the cloud right for me?” As IT professionals, we know that the cloud is great. It has a lot of potential, and it can be an extremely valuable tool in developing and bringing solutions to market. And because it’s the shiny new toy in the market, everyone is clamouring to find out how they can use the cloud to do things better than their competition. But as time and experience have shown, we also know that it’s not right for everyone (or everything). So how do we approach this conversation?

Here’s an idea: listen to your customers. They will tell you exactly what they need if you give them the chance. But there’s a twist: you have to ask the right questions.

The world of IT has changed. Customers don’t care about infrastructure and systems anymore. What they care about is their data. They want flexibility, choice, security, and control at a cost that works for their budgets—they couldn’t care less what the underlying storage looks like. They don’t want to hear a load of technology terms thrown at them. Because we’re now talking to CxOs, we’ve got to learn how to speak their language. These people care about business value. What are the outcomes? How is what you’re selling going to help them grow their business?

When you change the conversation to talk about data, you’ll start to see the lights come on. You don’t even need to mention NetApp (or any vendor or technology name for that matter). It’s about asking the right questions. What do you want to do with your data? How do you want to use that data to help you grow as a business? What type of data are you collecting? You’d be surprised what you can find out when you keep the conversation focused on them and their data requirements.

In my “Is the cloud right for me?” example, my customer was looking at modernizing its ERP application. Instead of going back and forth between going all-in with cloud or keeping it on-prem like countless other vendors had done, we started by asking them about their data and how they want to use it. Turns out their primary concerns were pretty standard: governance, security, performance, and quality of service. But none of the proposals that had been put forward were ideal for what the customer was trying to do. That’s because the other vendors had been trying to sell the customer on something they didn’t need, based on a conversation that didn’t focus on actual data requirements. By positioning a solution and a strategy, not just a new piece of kit, we were able to provide the customer with exactly what they were looking for, without compromising.

Of course, at the end of the day, you’ve still got to have something to sell. The solution that we positioned was ONTAP Cloud, and the strategy is Data Fabric. Without even mentioning NetApp, we were able to figure out what the customer was really looking for and how it was using data. Once we peeled back the layers of the conversation and discovered those key requirements, positioning NetApp solutions was simple and natural because you’re not trying to put a square peg in a round hole.

NetApp gives me the scope to widen that conversation. Whether you’re a reseller or a partner, NetApp enables you to act like a service provider, and to help your customers do the same thing. With NetApp, you’re not just selling disparate pieces of gear: you’re selling an ecosystem, a portfolio, and a strategy that your customer can build on for the future.

By talking about data, you can up-level the conversation from just another “me too” technology bidding war. Put yourself in the customer’s shoes. It may sound like common sense (because it is), but I’m always surprised at how often people forget. NetApp gives you the tools to be a data visionary for your customers. But just because you have the world’s best hammer, it doesn’t mean every customer is a nail. Take the time to listen. Ask the right questions. Be the partner they need you to be. And when you’re finally ready to talk tech, NetApp is here to help.

Author: Mark Carlton, Group Technical Services Manager

Is Your Data Protected In The Cloud?

Every day businesses are changing the way they deliver applications to their users. Applications traditionally delivered on-premises are increasingly taken as a service from Software-as-a-service (SaaS) providers such as Microsoft.

It is estimated that the use of SaaS software will grow at a rate roughly 5 x that of On-premises solutions. Now you’re probably thinking these are just marketing figures, but in my experience over the last year, the conversations I am having with businesses show that there is a real interest and push towards SaaS both for functionality and commercial reasons.

The most prominent of these SaaS solutions is Office 365. Businesses are deploying O365 to provide email and collaboration services to their users.

However, there has been one worrying aspect of SaaS deployments that I have noticed and that is the risks that come with putting your data in the cloud.

We know public cloud providers have robust disaster recovery capabilities with multiple data centre and replications but native backup is something some providers lack and it’s assumed in most cases that this included as part of the SaaS service you are paying for. It often comes as a shock when we find out that in some cases it isn’t and the next questions that always follows are “how can I backup my data?”

There are a number of tools in the market that can provide the ability to backup your email from Office 365 but what about your other applications and what happens if you don’t have somewhere to back it up too.

That’s where NetApp can help with their new Cloud Control software

Cloud Control provides business with the ability to backup and protects their cloud based data. It gives businesses the unique tools to be able to take the data they have within O365 and back it up to a secondary location.

image 1

 

One of the key things for me is that this provides a business with flexibility and choice. Cloud Control provides you with multiple deployment scenarios today.

  • Back up your Office 365 data to the Cloud Control storage as part of your solution created and managed by Cloud Control, this is an AWS S3 which provides cloud-to-cloud backup.
  • Bring your own license and back up your Office 365 data to your AWS S3 storage or you can use StorageGrid Web scale solutions as the backup target, which provides cloud-to-cloud backup whether that be public or private.

 

image 21

Cloud Control is a full SaaS application there is no need for agents to be deployed, no software to install and no infrastructure required, making it easy to deploy and manage.

But Cloud Control doesn’t just help you protect your data through backups, it also provides multiple layers of operational and physical security.

Strong encryption:
Cloud Control protects data at rest with 256-bit AES object-level encryption with the unique encryption key.  All data in transit is also protected with Secure Socket Layer (SSL) encryption.

Intrusion detection:
Cloud Control environment constantly guards against intrusion with real-time monitoring, detection, and alerting.

Controlled access:
Access to a production environment is granted only to a dedicated operations team who has specific operational requirements. Changes to the production environment are tracked and audited.

In summary to me, Cloud Control can provide a flexible, Secure, efficient and cost effective solution for your SaaS applications.

If you’d like to learn more about NetApp Cloud control or see it in action please call one of our experts on 03331 300600 or email groupsales@tctg.co.uk.

 

Author: Mark Carlton, Group Technical Services Manager

Wait, this email isn’t for me – what’s it doing in my inbox?

AdobeStock_114755712.jpeg

For as long as email has been in the mainstream, stories abound about how messages have reached the wrong recipient to embarrassing or detrimental consequences. Perhaps a miss-sent shipping notification from a retailer isn’t a big deal, but a financial email containing sensitive information definitely shouldn’t land in the wrong inbox.

Recently this topic came up on Ask Slashdot via user periklisv, with the pointed question: What do you do when you get a misdirected email?

Over the past six months, some dude in Australia (I live in the EU) who happens to have the same last name as myself is using [my email address] to sign up to all sorts of services… how do you cope with such a case, especially nowadays that sites seem to ignore the email verification for signups?

The thread is full of anecdata of emails sent to the wrong recipients, often full of embarrassing or sensitive information — bank statements, loan information, lawyer correspondences.
A quick search reveals that this issue comes up in the news on a larger scale with some frequency. For example, in 2012, a company accidentally emailed an employee termination notice to all of their 1,300 global employees instead of just one. Thankfully, people quickly caught on that this email wasn’t meant to go on blast (unfortunately for the person who was still fired).
These mistakes, though rather innocuous, are usually made by someone omitting a character, making a typo, or mixing up domain names or extensions (.com instead of .net, Yahoo instead of Gmail) in a rushed moment, are usually resolved by a quick “hey, you sent this to the wrong person” reply.
But what happens if a misdirected personal email lands in the inbox of someone who might not be so honest? Or what happens when a large company sends out confidential information via email to unintended recipients?
Just one example: a representative from Rocky Mountain Bank sent sensitive customer loan information to the wrong recipient via email and sued Google to try to quash the breach and keep the data from spreading any further. (Luckily for the employee, it turned out that the unintended recipient marked the email as spam and never even looked at the email.)
That’s a data breach thanks to a simple typo. In theory, this should be easy enough to avoid.
But this isn’t a new problem. In fact, in 2011, several security researchers highlighted exactly how an enterprising criminal could typosquat on a number of domain names to wait for confidential information to come across from misdirected emails, like a trapdoor spider waiting for its prey. The researchers captured more than 20GB of data from 120,000 misdirected emails meant for Fortune 500 companies in the span of six months.
The difference between the legitimate email addresses and the ones used by the security researchers? A simple dot — that’s all.
As with so many security issues that are ultimately based on habit and human error, mitigating this issue can be easier than done. Many people know they shouldn’t send sensitive information via email, but inevitably some do it anyway out of (what they see as) necessity.
Of course, robust data and email policies to filter and/or block confidential information from egressing via email can certainly help. There are additional technical approaches we would also recommend:
Email verification for signup forms: People are in a hurry and make mistakes. It’s always going to happen. As identified by the Slashdot poster, the simple step of adding an email verification step to a sign-up process would do much to reduce misdirected emails.

Make it easier to for employees to stop hitting the “attach” button: We follow the path of least resistance — if it’s too difficult to collaborate or share by any other method, people will stick with what they know and what’s fastest. Centralized file repositories internally or in the cloud (like Dropbox), when implemented well, can make using email attachments less appealing by comparison.
Encrypt: Another possible failsafe is to encrypt everything that’s outgoing – that way even if the email does end up in the wrong hands, there’s not much the recipient can do with it.
Are misdirected emails an issue where you work? Have you managed to make them an issue of the past? We welcome your thoughts or tips on how to mitigate this issue in the comments.

 

Author: Maria Varmazis, Naked Security Author (Sophos)

Top 4 Questions About the Value of the NetApp Data Fabric

The trouble most people have with understanding Data Fabric is that it’s not a product that you can just go out and buy. It’s NetApp’s answer to the future of IT. It’s a way of using a wide portfolio of products to enable continuous data availability across multiple on-premises and cloud platforms.

But the real value of data fabric is it provides a platform for transforming your business

While it’s not as simple or easily measurable as just expanding your bottom line, the real value of a Data Fabric is its power to transform your business.

I typically hear four questions about the value of a Data Fabric:

  1. How can it change how I utilise my infrastructure?
  2. How can it help me use my resources better?
  3. How can it help me use my data more efficiently?
  4. How can it help my business make money?

How can Data Fabric change how I utilise my infrastructure?

Whether you’re an existing NetApp customer with a data centre full of NetApp kit or not, the NetApp Data Fabric can help you get more out of your IT infrastructure.

Let’s say your business has a new requirement to provide backup, test and development in the cloud, but you don’t want to have a large admin team to manage all the different tools or equipment required to deliver this solution. So you need to make sure the solution is easy to manage, with full choice and control over your data.

You can build a data fabric to address these challenges and I don’t mean by some “one-size-fits-all” compromise either. I can think of three data fabric components that we can use to meet our needs: FlexArray, ONTAP Cloud, and AltaVault.

FlexArray would provide you with the capabilities to sweat the assets you already have, so you wouldn’t need to replace all your existing storage. In fact, if you wanted to keep it, you could use FlexArray to repurpose it to run ONTAP. This gives your existing storage and all the efficiency benefits of ONTAP

ONTAP Cloud now thinks about having on premises efficiency and control but in the cloud. With ONTAP Cloud you are able to replicate data from your onsite ONTAP array out into AWS or Azure. In an instance, it can provide a test and Dev environment without having to pay for hardware and enables you to operationally scale.

AltaVault provides you with end-to-end efficiency and security when moving data to the cloud. It supports all leading backup and archive software, giving you flexibility and choice to fit it into your existing infrastructure without compromise. It can be deployed as a physical, virtual, or cloud-based solution. In less than 30 minutes, you can be backing up your data from any of your on-premises environments to the cloud of your choice.

How can Data Fabric help me use my resources better?

The Data Fabric gives you choice without sacrificing control of your data. This is key to a successful IT strategy. Forget about trying to predict what you’re going to do in 3-5 years. Think about how your decisions can change your business today. With NetApp Data Fabric and the technologies that enable it, you can buy for what you need today and scale for what you need tomorrow. Your infrastructure is agile and adaptable to your dynamic business requirements.

How can Data Fabric help me use my data more efficiently?

ONTAP 9

ONTAP 9 is the pinnacle of NetApp’s quarter century of innovation and is at the very heart of NetApp’s data fabric strategy.

NetApp continues to build capabilities into the platform to ensure that your key data assets are not only stored efficiently but are highly available, protected and secured.

However, the true power of ONTAP is in its flexibility, the ability to not only run ONTAP on “traditional” physical controllers, but also as a software defined option with ONTAP Select or in the public cloud with ONTAP cloud, means not only can ONTAP allow us to seamlessly move data between storage tiers and controllers, but between virtual appliances and cloud providers to. All of this while maintaining all the same capabilities you expect on-premises meaning your data management, protection, security and analytics tools work in exactly the same way, regardless of ONTAP’s location.

Add to that NetApp’s desire to allow the ability to mirror data between any platform in its portfolio via SnapMirror to Anywhere technology, then you can see how your data fabric can take shape.

How can Data Fabric help my business make money?

A good portion of our IT budgets is probably spent just keeping the lights on. How much do you actually spend on development that moves the business forward?

A couple of months ago, a customer approached me to build an infrastructure that gives them the ability to run their business for peak workloads during heavy sales periods during the last three months of the year.

They wanted a virtualisation environment with a storage platform to run the required 200 servers during these peak times. The rest of the year, the environment runs at 50% of the peak workload (only having to run 100 servers). If this was a fixed, CapEx-based infrastructure, they would have unused equipment sitting around for most of the year. Over a three-year contract, that’s 27 months of wasted investment.

With a Data Fabric, we allowed them to achieve the same capabilities at a much lower cost. We started by deploying a virtualized flash platform on premises to account for standard workload and capacity requirements. While that flash platform may be able to cope with some of the burst that’s required as the business ramps up to its busy time, that’s not the only requirement. Compute and possibly additional storage may be needed for the extra 100 VMs.

A Data Fabric allowed us to use a hybrid cloud solution to address this challenge. By using ONTAP Cloud, we could seamlessly move data between the on-premises kit and either AWS or Azure.

Our fabric strategy also had the flexibility, if needed, to use a NetApp Private Storage (NPS) solution, allowing you to keep your data on your own NetApp systems for constant, guaranteed performance, whilst using your choice of public cloud providers for computing. This solution gives you the ability to scale up or down on demand and only pay for what you need when you need it, saving you that capital expenditure.

If you’ve been asking yourself, “What does Data Fabric mean for me and my business?” you’re not alone. Data Fabric is NetApp’s vision for the future of IT, and the benefits to your business both now and in the future are unmatched in the industry. I have spoken to a lot of customers over the past year and one thing I have learned is that the Data Fabric can help you solve your business challenges today and in the future so…

What are you waiting for?

 

Author: Mark Carlton, Group Technical Services Manager

Understand how GDPR could affect your business

Connexion Internet

I have been asked in a number of meetings over the past few months “what is GDPR?” and in some cases “What do I have to buy?”

But let’s get one thing straight from the start GDPR is NOT an IT problem you can’t just buy something and make it go away. This is a common misconception and I thought I would take the time to jot down what I have learned so far and see if it can help you.

The EU General Data Protection Regulation (GDPR) comes into force on 25th May 2018. It applies to all organisations processing personal data of EU residents, the regulation will introduce a new and enforced way that organisations handle data protection. The penalties for non-compliance of GDPR can be up to 20 million euros or 4% of company’s annual turnover. In addition, data subjects get a right to claim for compensation against an organisation under GDPR.

It is important to understand your obligations and to start working towards your compliance requirements. Being ready by 25th May 2018 will be a major undertaking, but the risks of not being prepared for GDPR are too big to ignore.

What are the new requirements?

Privacy by Design – GDPR has introduced formal principles of Privacy by Design into their Regulations which includes reducing your data collection to what you actually require and the retention of this data to gaining clear consent from the consumers to process their data.

Right to Erasure – The current EU data protection Directive already provides a right for consumers to request data deletion. But GDPR extends this regulation to include data that’s been published out to the internet. This is where you hear a second term known as the “right to be forgotten” which extends to keeping your data fully out of the public view and ensuring it is removed from all systems.

Breach Notification – Within 72 hours of a personal data breach been discovered you have to inform the appropriate authorities. This has to also be extended out to the data subjects if the data is classified as “high risk to their rights and freedoms”.

Fines – Now this is where most company’s ears perk up, GDPR introduces fines that can be up to 4% of a company’s global revenue or 20Million Euro – whichever is higher

Data Protections Impact Assessments (DPIA) –  A DPIA is required in high-risk situations, for example where a new technology is being deployed or where a profiling operation is likely to significantly affect a subject.

Data Protection Officer (DPO) – Not all companies have a DPO, but if you don’t I would advise that you assign this duty so someone in your organisation to take proper responsibility for your data protection compliance. Below are the regulation details identifying if you need a DPO.

“DPOs must be appointed in the case of (a) public authorities, (b) organisations that engage in large-scale systematic monitoring, or (c) organisations that engage in large scale processing of sensitive personal data (Art. 37).  If your organisation doesn’t fall into one of these categories, then you do not need to appoint a DPO.”

Consent – GDPR introduces new strict regulations around collecting data, you have to make sure that you are clear and concise when requesting consent from the subject. You have to define what the data is been collected for and make sure that all it is used for. As a controller of data, you are responsible for making sure you have an audit trail of consent for all data collected from a subject. You may as a business need to review how you’re collecting and recording consent and if you need to make any changes to your procedures.

Children data protection – GDPR will bring in special protection for children’s personal data, focused particularly on commercial internet services such as social networking. To put this into context if you collect data about children, then you will need consent from the parent or guardians to process any personal details lawfully. It may have significant implications for your organisation if your business is aimed at children and collects their personal data. All consent has to be again clear and defined when collecting children’s data and your privacy notice must be written in language that children will understand.

Does Brexit mean I have to comply?

There are few of misconceptions around Brexit when it comes to GDPR. The main one being that “Brexit means we don’t have to comply”. This is FALSE! Businesses will still have to adhere to this regulation, this an EU regulation that protects EU citizen’s data. Which means if you hold any details about an EU Citizen you have to make sure you are compliant and have taken the necessary steps regardless of the jurisdiction.

As I said above GDPR comes into force next year 25/5/2018 and we will still be in the EU so don’t burrow your head in the sand.

Now there are a number of other requirements that you may need to meet to comply with EU GDPR, but I am not a legal expert. So please take the time to investigate where you stand in relation to GDPR understand your risks and what data you hold. Attend an event and discuss it further with legal experts to help you start and build your foundations for GDPR.

Author: Mark Carlton, Group Technical Services Manager