Microsoft Azure Hybrid Cloud

Microsoft Azure Hybrid Cloud

by | 28 Aug 2019 | Cloud, Technology

Microsoft Azure launches 3 new tools to speed migration to hybrid cloud and optimize deployment

In a Microsoft blog post, the company detailed three new tools to aid in cloud adoption: Cloud Migration Assessment, Azure Hybrid Use Benefit, and Azure Site Recovery

Microsoft launched three new resources for the enterprise focused on getting companies to the cloud faster, and saving them money once they get there, the company announced in a blog post on Wednesday.

Most of the companies Microsoft executives work with are considering a hybrid cloud approach to their infrastructure, according to the post, written by Microsoft’s general manager of cloud platform marketing Mike Schutz. In order to best assist companies in understanding the size of their environment and how they can plan financially for a move to the cloud, Microsoft released three new tools focused on cloud migration and economics.

SEE: Build your own VM in the cloud with Microsoft Azure (Tech Pro Research)

Here’s a breakdown of the three new tools and what they can offer businesses.

  1. Free cloud migration assessment

This assessment will help customers more easily find and better understand their current server setups, to help them determine the cost and value of moving to the cloud, the post stated. Once the servers are discovered, the tool can analyze their configurations, and give the user a report of the potential cost drop of moving to Azure.

Additionally, data center administrators can export the results of the assessment into a customized report, the post said. For those looking to gain some extra funding for a cloud project, the report could provide some valuable data and statistics for your conversation with the CFO.

  1. Azure Hybrid Use Benefit

This tool is intended to save users money on their cloud deployments. According to the post, customers can activate the Azure Hybrid Use Benefit in the Azure Management Portal, which could save them up to 40% on their Windows server licenses, by optimizing what resources you’re using. The post noted that it is available on Windows Server virtual machines in Azure, to all customers.

“Use your on-premises Windows Server licenses that include Software Assurance to save big on Windows Server VMs in Azure,” the tool’s web page said. “By using your existing licenses, you pay the base compute rate and save up to 40 percent.”

  1. Azure Site Recovery

Azure Site Recovery is meant to ease the process of migrating virtual machines to Azure. Applications running on AWS, VMware, Hyper-V, or physical servers can be moved. Additionally, a new feature in Azure Site Recovery will “allow you to tag virtual machines within the Azure portal itself,” the post said. “This capability will make it easier than ever to migrate your Windows Server virtual machines.”

Other features include automated protection and replication of virtual machines, remote monitoring, custom recovery plans, recovery plan testing, and more.

By Conner Forrest a Senior Editor for TechRepublic
Picture from Microsoft

Having spent a majority of my career working with and supporting the Corporate CIO Function, I now seek to provide a forum whereby CIOs or IT Directors can learn from the experience of others to address burning Change or Transformation challenges.

Craig Ashmole

Founding Director CCServe

CISO moves to the top

CISO moves to the top

by | 2 Jun 2019 | Consulting, Technology

The CISO moves from the basement to the boardroom

A growing threat landscape has changed the role of the chief information security officer in the past decade. Here’s why this position and its evolution are vital in the modern enterprise.

“With the recent ransom virus affecting so many global businesses the executive boardroom stakeholders now have their attention”, stated Craig Ashmole, Founding Partner for London based Interim consulting firm CCServe. “Talking with a Security consultant colleague on the train the other day, he said that the insurance firm he’s engaged with did not feel the need for a CIO or CISO role until the resent infamous Ransom virus. That’s now all changed”

The rapidly expanding cybersecurity threat landscape has driven the chief information security officer (CISO) out of the basement and into the boardroom in many enterprises. While these tech professionals were traditionally seen as security enforcers, they have now clearly got the attention of the executive stakeholders and are taking a seat at the table as strategists helping the enterprise avoid cybercrime.

“The CISO’s role has changed from a pure technologist to understanding what the business is trying to do, and to make sure security is part of the business strategy, not an afterthought,” said Steve Martino, CISO and vice president of information security at Cisco. A 2016 Cisco study found that business leaders today believe that cybersecurity is a prime growth enabler, reinforcing the need for those in charge of security to increasingly think in business terms.

Cyber threats have changed dramatically in the past decade in terms of sophistication and volume, Martino said. That change has been driven by two factors: Organizations becoming more connected through the Internet of Things (IoT), and cybercriminals shifting from making political statements to cybercrime as a business.

This changing landscape and added responsibility means CISOs need to develop a new set of soft skills, including learning how to talk with a line of business leaders about risk, privacy, user experience, and balancing the trade-off of security with features.

“Five to ten years ago, the C-suite really didn’t have a relationship or a dialogue with the information security team or leader,” Martino said. “Today, we do. In order to be effective, you have to have this business context, and be able to have a business dialogue with many different functional leaders.”

That means understanding what the different parts of the business—finance, sales, marketing, etc.—prioritize, and be able to translate risk issues to their language.

“CISOs need to have that business knowledge and multi-lingual capability to be able to translate what you’re trying to get across in terms of risk to the business owner,” Martino said. “Both are required to be effective at the speed of business, and earn the respect and trust required.”

Developing new skills

Training is helpful for CISOs who have been called to report to the C-suite for the first time, said Gary Hayslip, an ISACA expert on cybersecurity, the former CISO for the City of San Diego, and the current CISO at Webroot. “It’s a different view of risk, and on the use of resources and costs,” he said. “You have to start really getting into the strategy of where the organization is going.”

Hayslip recommends finding another C-suite member who has reported to the board before, and partnering with them to learn how the board meetings typically proceed, and what the individual board members are like, what they look for as a group, and how they process information.

“If you’re a CISO dealing with the C-suite and it’s relatively new for you, don’t be scared—ask a mentor so you can start learning about what they look for, so you make sure when you do report to a board, the information you’re presenting is relevant to the discussion,” Hayslip said.

It’s key to remember that the CISO does not own the risk—the business does, said Forrester analyst Jeff Pollard. “CISOs are now transferring ownership of risks back to business units,” Pollard said. “Instead of the CISO possessing the power to stop the business in its tracks, they are advising and coaching business unit leaders on the risks and security ramifications of decisions but the business owns the risk and makes the decisions.”

Don’t be the barrier factor

Rather than becoming a barrier, this new model allows CISOs to work with, instead of against their colleagues, Pollard said. However, the CISO does need to be flexible, and understand that the security system in place must be resilient. “You’re going to take breaches,” Hayslip said. “There is no totally secure network. If you factor that in, you can start looking at where your risks are, how your teams are trained, and what policies are in place.”

If the CISO is overwhelmed with projects, it can be helpful to determine which departments you are serving, who the stakeholders are, and what is critical to them, Hayslip said. That will help you create a more narrow list of issues to tackle. It’s often wise to start with cyber hygiene, he added: If you have basic security policies and patch management, antivirus, and firewalls in place, updated, and managed, it builds a strong foundation for your organization’s cyber health.

CISOs also have an opportunity to redefine their role as a business strategist during the digital transformation, Pollard said. To prove their value, they should spend time mapping the firm’s technology touchpoints, foster security champions across the company, and get involved with customer-facing activities like product design and development, he added.

“We’re in this transition as an industry from being a technologist and a protector to being a business enabler,” Martino said. “In order to cross that chasm, the CISO has to earn a place at the table, by bringing business relevancy, and helping the business get to their goals faster.”

By Alison DeNisco  (TechRepublic)

Having spent a majority of my career working with and supporting the Corporate CIO Function, I now seek to provide a forum whereby CIOs or IT Directors can learn from the experience of others to address burning Change or Transformation challenges.

Craig Ashmole

Founding Director CCServe

How PMs succeed in procurement

How PMs succeed in procurement

by | 1 May 2018 | Consulting

How project managers can succeed with procurement management

Check out these tips on how to successfully use procurement management in your projects. Also, two experts share their experiences on what simplifies the procurement process for their businesses

Procurement management is critical to successful project management—and yet, some project managers are unfamiliar with the practice, or perhaps are intimidated by what seems to be a daunting process. These are the procurement management basics you need to know.

What is procurement management?

More for CXOs

Procurement management is the practice or process of acquiring products or services from an outside vendor for the purpose of initiating or maintaining business operations. Procurement involves, at the very least, the process of determining requirements, researching options, requesting information, quotes, and proposals from vendors, as well as the final selection, approvals, the processing of vendor orders and payment and all subsequent activities until project close.

Procurement is common in the world of project management, where there are formal processes that have been established and identified in the Project Management Body of Knowledge (PMBOK). Procurement management is an area of increasing focus as more companies are outsourcing due to benefits that include cost savings, decreased administrative burden, increased efficiencies, and improved access to outside expertise.

According to IDC’s worldwide procurement forecast from June 2016, the market for procurement software is expected to reach $5.6 billion by 2020. In fact, IDC analysts note that “procurement is the second largest contributor of eight application markets within the ERM [Enterprise Risk Management] market.”

SEE: Understand the PM’s role in procurement management (TechRepublic)

Four phases of the procurement process

  1. Plan for procurements:Put together a procurement management plan that identifies all of the necessary requirements and details.
  2. Execute the plan: Send vendors requests for information (RFI), requests for quotes (RFQs), and requests for proposals (RFPs), among other things. During this phase, evaluate all of the vendor information in relation to the procurement management plan and requirements, as well as the overall project goals. Following the evaluation, select a vendor’s products or services.
    • RFIs: This is the first set of requests from vendors and is an initial step to explore project requirements, procurement needs, and vendor offerings. This a broad, yet simple, request and format.
    • RFQs:After specific project/procurement requirements are clearly identified and documented, RFQs are sent out to vendors to determine which ones can meet the requirements, as well as request specific pricing, which is a significant part.
    • RFPs: Companies will often send vendors an RFP and include information on specific issues they are trying to resolve, or project goals. The vendors will use this information to sell the company on their product or service in relation to those needs. This is a much more comprehensive document and leaves vendors a significant amount of flexibility to customise their response and solutions. RFPs are widely used.
  3. Control and monitor procurements: The control procurements process should be initiated to manage the vendor relationship, monitor and evaluate all aspects of the vendor offerings, and make changes as required.
  4. Close out the procurement: Once the vendor products or services are fully accepted, the project procurements can be officially closed.

Tips on achieving successful procurement management

Each organization develops their own unique internal policies and procedures when it comes to projects and procurement; however, these procurement management tips can apply to all businesses.

  • Develop a clear understanding of all goals and unique challenges
  • Focus on vendors’ capabilities and on how their solutions will help to achieve goals and address obstacles
  • Resist the temptation to weigh final decisions solely based on cost
  • Make sure solutions are not just short-term (unless that’s the primary goal)—sustainability and future support are also factors to consider

Procurement experts share what works for their businesses

Greg Tennyson, Chief Procurement Officer of a global vision care company, says:

“Setting a specific process for how sourcing requests are managed is key for our company’s procurement success. By using a centralised sourcing platform that works for our team, suppliers and the business allows us to engage opportunities earlier. The result is we collaboratively compare options and proactively manage work streams that drive greater value creation back to the company.”

Rendi Miller, Director of Travel & Procurement at Splunk, a leading platform for operational intelligence, says:

“At a hyper-growth company like Splunk, our tactic for sourcing success is being one step ahead of business needs. We use a cloud-based e-sourcing provider to help us deliver essential resources to the business faster, and at a lower cost. The platform automates our process so that we can manage more spending, giving us more bandwidth for strategic projects, and keeps us ahead of the game at all times.”

By Moira Alexander from TechRepublic

Having spent a majority of my career working with and supporting the Corporate CIO Function, I now seek to provide a forum whereby CIOs or IT Directors can learn from the experience of others to address burning Change or Transformation challenges.

Craig Ashmole

Founding Director CCServe

Website Hacking on the increase

Website Hacking on the increase

by | 10 Apr 2017 | Consulting, Technology

Here are the top 6 ways websites get hacked, according to Google

Google recently noted that it had seen a 32% rise in hacked website over 2016. Here are the most common tactics it found.

In 2016, the number of hacked websites rose by 32%, according to a blog from Google. And, unfortunately, the search giant said it believes that number will continue to rise as hackers become more sophisticated.

While 84% of webmasters who “apply for reconsideration” were able to clean up their sites, the post said, 61% were never alerted by Google that they had been hacked. The primary reason for this disconnect for more than half of hacked webmasters is that their sites weren’t verified in Google’s Search Console, which the company uses to communicate information about websites.

In a post by Google Security Team, Google outlined some of the common hacks that are affecting websites today, such as the Gibberish Hack, the Japanese Keywords Hack, and the Cloaked Keywords Hack. Citing the old adage “a chain is only as strong as its weakest link,” Google said that prevention is key in keeping these hacks at bay.

To improve prevention, it is important to know how these attacks are being carried out. Google outlined the following six ways that websites get hacked by spammers:

1. Compromised passwords

Whether an attacker is using guessing techniques to obtain a password, or simply trying out common variations of passwords, compromised account credentials are a serious issue. It’s important to create a strong password, not use the same password across multiple web properties, and use additional security tools like two-factor authentication, the post said.

2. Missing security updates

Old software that hasn’t been updated may be missing an essential patch to account for a serious vulnerability, the post said. Make sure your web server software, CMS, plugins, and other essential software are all set to update automatically. If that isn’t an option, set up a cadence by which you’ll manually check for updates.

3. Insecure themes and plugins

In addition to making sure your plugins and themes are patched, be sure to “remove themes or plugins that are no longer maintained by their developers,” the post said. Also, be careful when using free plugins, or ones that may only be available through an unfamiliar website.
“It’s a common tactic for attackers to add malicious code to free versions of paid plugins or themes,” the post said. “When removing a plugin, make sure to remove all its files from your server rather than simply disabling it.”

4. Social engineering

Social engineering attacks, like phishing, try to trick the user into thinking they are providing needed information to an actual webmaster or account manager, for example. Check to make sure the email address matches perfectly to a person you know, and never give out personal information to someone you aren’t familiar with.

5. Security policy holes

Bad security policies, such as allowing users to create weak passwords, giving admin access too freely, and not enabling HTTPS on your site can have negative consequences, the post said. To better protect your site, Google recommends making sure you have the highest security controls configured, that user access and privileges are properly managed, that logs are checked, and that encryption is used.

6. Data leaks

When data is mishandled, or improperly uploaded, it can become available as part of a leak. One method, “dorking,” can utilize common search engines to find the compromised data. Make sure only trusted employees have access to the data they need, and use URL removal tools to make sure that sensitive URLs don’t display in Google search results, the post said.

Sourced from TechRepublic
By Conner Forrest

Having spent a majority of my career working with and supporting the Corporate CIO Function, I now seek to provide a forum whereby CIOs or IT Directors can learn from the experience of others to address burning Change or Transformation challenges.

Craig Ashmole

Founding Director CCServe

Bad Management affecting your business

Bad Management affecting your business

by | 21 Feb 2017 | Consulting, Outsourcing, Technology

How to avoid hiring bad managers

Ineffective managers can drive productivity down and turnover up. Here are three ways to make sure the right people get hired or promoted

Several years ago, the catchphrase “people don’t leave companies, they leave bosses,” began to circulate. There is merit to it if we look at survey results.

In a 2015 Gallup poll of 7,272 adults, 50% of respondents said that they left their companies because of their bosses. Aware of this, human resource departments conduct exit interviews when employees leave, and many HR units keep a tally of employee resignations by manager so they can see where the potential management trouble spots are in their organisations.

Sometimes the managers quit on by the most employees have endeared themselves to the organisation as high level technical performers who have been promoted, but who lack people and management skills. Other times, especially in small companies, the culprits are the founder-owners of the business themselves, and there’s not much you can do. In still other cases, companies (and their HR departments) lack the time and resources to tackle attrition and problems with managers.

Just what should be done?

The most obvious step is to develop managers within the organisation who have the ability to not only run projects and departments, but to create a winning culture in their work teams.

These people tend to lead by example, to create open and clear communications, to work collaboratively and not as autocratic leaders, to be approachable, and to generate a sense of purpose in their staffs. Talents like these aren’t always easy to find, corroborated by the same Gallup poll mentioned above, which revealed that only three out of 10 bosses have the natural or coachable talent to become great at managing people.

To improve the odds of finding strong management talent, companies can vet candidates for management positions for their ability to lead and to manage, as well as for their expertise in the departments that they are being asked to lead. If companies can’t find suitable management talent internally, they should get it from the outside—even if there is initial resentment from someone who might be passed over.

A second step is to understand (and make sure that your managers understand) what it is that employees value most from their managers.

In a survey of 500 employees conducted by Korn/Ferry scholar in residence Terry Bacon for his book, What People Want, Bacon concludes that employees want managers who are honest, fair, trustworthy dependable, genuine, participative, responsive and collaborative. On the flip side, employees are less concerned if managers are friendly or chatty.

One way companies can improve management’s awareness of what is important to employees is to have HR conduct internal employee surveys to see what is meaningful for employees in their work environments, in how they do their work and in the work direction that they are getting from their managers. These surveys should be conducted with assurance of anonymity so that employees feel comfortable completing them. To help reassure employees that their answers are confidential, some HR departments elect to use independent outside consultants to conduct the surveys.

Another step that HR departments can take is to perform analytics on what departing employees tell them during their exit interviews. In most cases, HR does ask departing employees questions about the work environment, about their managers and the work direction they received, etc., but all too often this information remains in files and is forgotten. Especially if a company has a serious employee retention problem, it is important for HR to enter the data from these reports into an analytics software that can probe the information and assist in coming up with actionable recommendations.

A third step is to develop metrics that help to reveal where there are disconnects between managers and staffs in the organisation.

One way to do this is by looking at company attrition. If there is a standout department where attrition is inordinately high, this could point to a manager who isn’t connecting well with his or her staff. Departments with troubled management also tend to show reduced rates of productivity (e.g., a finance department with a troubled manager-staff relationship might begin to take four days instead of two to perform the month-end close).

When I was a senior executive at a bank, we looked at attrition rates across the organisation and found that turnover was over 50% in the teller lines at our branches. We initially identified the problem to our compensation package, which was less than what our local competitors were offering, so we fixed that. However, the higher attrition rates continued to occur. When we looked at the situation more closely, we realised that we had managers in the field who stayed in their offices and gave little direction to staff members.

We eventually replaced these managers with individuals who were more collaborative, and also superior communicators. We succeeded in reducing the attrition rate.

It is not always easy to understand why some departments underperform and others don’t—but how managers manage is a definite factor.

“To avoid losing your best and brightest, I suggest a strategy that is aligned with a culture of recognising employees as far more than just function roles, making sure to reward more than we have seen since the 2008 financial collapse”, states Craig Ashmole, Founding Director of London based IT consulting firm CCServe.

Contibutions by Mary Shacklett from Techrepublic

Having spent a majority of my career working with and supporting the Corporate CIO Function, I now seek to provide a forum whereby CIOs or IT Directors can learn from the experience of others to address burning Change or Transformation challenges.

Craig Ashmole

Founding Director CCServe