Mastering Microsoft’s Price Shifts: What UK Orgs Need to Know

Mastering Microsoft’s Price Shifts: What UK Organisations Need to Know

In the ever-evolving landscape of IT services, staying informed about vendor changes is crucial for effective budgeting and strategic planning. As a trusted IT partner, Gardner Systems is committed to keeping you updated. Last year, Microsoft announced some changes in their pricing structure that could influence your organisation’s expense with further changes. 

Understanding the Changes 

Microsoft’s Price Increase in 2023 

Last year, Microsoft raised its service prices by 9% in the UK. This adjustment was part of an effort to harmonies prices across various regions, including aligning UK prices with those in the US. This callows Microsoft to provide consistent pricing in different markets. 

Introduction of Semi-Annual Price Cadence 

Microsoft has also introduced a new pricing model: the semi-annual price cadence. This model allows it to modify prices twice a year, aligning with market dynamics and maintaining consistency across regional pricelists. However, this could introduce some unpredictability for customers, especially those without long-term contracts. 

Why Does This Matter for Your Organisation? 

For organisations not under long-term agreements, these semi-annual adjustments could lead to unexpected cost increases. Factors like inflation and further pricing adjustments from Microsoft could significantly impact your IT budget.  

Microsoft plans to regularly evaluate pricing in local currencies every six months, factoring in currency fluctuations compared to the USD. Its aim is to enhance transparency and predictability for customers worldwide. 

What can you do? Consider a 12-Month Contract 

To reduce these uncertainties, consider a contract with a minimum duration of 12 months. This approach could provide several benefits: 

  1. Price Stability: A 12-month contract would “lock in” your current pricing, shielding your organisation from potential mid-year increases. 
  2. Budget Predictability: With stable costs, you can plan your budget more effectively, knowing your Microsoft expenses will not change for the next year. 
  3. Strategic Flexibility: This arrangement allows you to align your IT strategy with Microsoft’s evolving services without concerns about sudden price fluctuations. 

Why Gardner Systems? 

  • Expertise: Our experienced team is well-equipped to handle modern IT complexities, providing solutions that address your specific challenges. 
  • Customized Approach: We understand every business is unique. Our services are designed to meet your precise needs, offering comprehensive support from consultation to ongoing management. 
  • Results-Driven: We’re committed to enhancing your IT operations, reducing costs, and helping you stay competitive in the digital landscape. 

Our Key Offerings: 

  • Cost Optimisation advice: Gain detailed insights into your cloud usage and spending, with tailored recommendations to maximise efficiency and reduce costs without compromising performance. 
  • Exclusive Microsoft Workshops: Keep your team ahead with customized learning paths led by Microsoft-certified trainers, covering the latest technologies and best practices. 

How We Can Help 

Our team at Gardner Systems is ready to assist you in adapting to these changes and finding solutions that best fit your organisation’s unique needs. For any queries or to discuss this in more detail, please do not hesitate to contact us. 

Call us at 0151 220 5552, email us at contactus@gardnersystems.co.uk or fill out a contact form here.  

CTO Insights January Newsletter

CTO Insights January 2024  

A new year, a new set of technology challenges and opportunities to tackle in 2024. As always with a new year, it’s a chance to look forward. This being IT let’s not look too far forward though! What’s likely to be challenging us in the first part of 2024? 

No escaping the AI beast 

The use of AI will continue to dominate business IT conversations. Microsoft’s co-pilot, OpenAI, Google etc are all continuing to push driving these technologies into every area of our lives. Co-Pilot is a particularly interesting one, with Microsoft already including it as an app in Windows 11, free as part of its Bing Chat service, and of course as an increasing presence across Microsoft 365.   

It’s not just here though. At the recent Consumer Electronics Show (CES2024) AI was front and centre. This included the intriguing Rabbit R1 which is an AI-powered “pocket companion”, imagine a smartphone with an AI interface. Techradar also ran a story from CES about Volkswagen being the latest car manufacturer to build ChatGPT into their cars, although I’m not sure I’m quite ready for that, it shows how AI will continue to become ever more pervasive. 

As IT business leaders we do need to prepare for this and have the appropriate controls in place to protect to ensure we use AI appropriately in both business and personal settings. 

The Cybersecurity threat isn’t going anywhere 

No surprise here as cybersecurity is never going to be done. A friend of, Kirk Ryan, recently posted this blog regarding cybersecurity trends in 2024.  Two tips caught my attention. His “AI Arms Race” pointed towards the cyber security threat posed by AI. How technology such as deepfake presented new threats that in reality are difficult to stop. This is an emerging area business and security leaders need to understand and find ways to identify these threats, much of this will need to be manual, however, as right now it’s hard for technology alone to stop. 

He also discusses “The Great Cloud Caper. Cloud has certainly increased the threat posed by leaked credentials and poorly configured security. While leaked credentials leading to the deletion of cloud infrastructure is thankfully rare, less rare is the threat posed by misconfigured cloud accounts and services, we continue to hear of misconfigured cloud repositories leading to significant data leaks.  

How secure is your cloud infrastructure? This is a question we should all be asking. Certainly, we should be carrying out regular basic security auditing to ensure we don’t have basic misconfigurations. We should ensure we are not over-provisioning guest access to our Teams groups and SharePoint sites or having under-protected, over-elevated accounts that if breached can be used to raise havoc in our cloud environments.  

Managing Costs  

Not surprisingly, we are going to see continued economic pressures on business and IT is a part of that. Whether it’s capital expenditure or operational costs the need for better insights into them is becoming increasingly in demand, especially with cloud spend. Having insights, especially predictive insight, into cloud costs should be a consideration for anyone with any kind of complexity to their cloud environments, especially those with multi-cloud setups. Knowing the best place to run a workload, and understanding how to ensure you are right-sizing them can have a significant impact on overall costs reducing them significantly.  But this is also true on-premises, making sure we are running a right-sized environment can reduce capital and operational costs. It’s a difficult area to manage, but it is, and rightly, going to stay high on the agenda as we move through 2024. 

While no doubt there are other areas of interest, I imagine much of the initial part of 2024 will see us dealing with those three areas. 

Tech Takeaways 

New year, new episodes! In 2024’s first episode, we are discussing alternative networks. These are connectivity providers who live outside of the UK’s traditional BT and Virgin media networks. Alt-nets own their infrastructure and build their services, which opens a range of custom services that can appeal to businesses of all types. Is an Alt-Net something that you could use? Dave Ferry of ITS joins us to explain more. Find the video version here or if you prefer audio it’s here 

CTO Insights  

In episode 2 of CTO Insights, I’m joined by NetApp field CTO, Grant Caley. With 20+ years at storage vendor NetApp, Grant has great experience and he shares a broad set of insights into the data industry. Join me as we explore the future of data ranging from cost optimisation to backup and recovery. 

You can watch the video here or if you prefer listen to the audio version here. 

Thanks for reading CTO Insights, look out for more coming soon. 

 

Optimising Your Microsoft 365 Environment: Why It Matters

In today’s digital age, businesses are increasingly relying on cloud-based solutions for their productivity and collaboration needs. Microsoft 365 (formerly known as Office 365) has emerged as a go-to platform for organisations seeking to enhance their workflow and boost efficiency. However, simply adopting Microsoft 365 is not enough. To truly maximise its benefits, it’s crucial to optimise your M365 environment. In this blog post, we will delve into the importance of Optimising your Microsoft 365 environment and provide some practical tips to get you started. 

The Significance of a Well-Optimised M365 Environment

  1. Enhanced Productivity

An optimised M365 environment ensures that your employees can work seamlessly and efficiently. When your tools and applications are configured to align with your specific business needs, tasks become easier to complete. This, in turn, leads to increased productivity across the organisation. Features like real-time collaboration, cloud storage, and integration with other business apps become more powerful when optimised. 

  1. Cost Efficiency

Optimising your Microsoft 365 environment can help you make the most of your investment. By ensuring that you’re only paying for the features and licenses your organisation truly needs, you can reduce unnecessary costs. Additionally, streamlining processes and automating routine tasks can lead to significant savings in time and resources. 

  1. Enhanced Security

Security is a top concern for any organisation, and an improperly configured M365 environment can pose risks. When you optimise your environment, you can implement robust security measures, including access controls, data encryption, and multi-factor authentication. This reduces the chances of data breaches and ensures the confidentiality of sensitive information. 

  1. Scalability

As your business grows, your IT requirements will evolve. An optimised M365 environment is flexible and can easily adapt to accommodate changes in your organisation’s size and structure. Whether you need to add new users, departments, or features, an optimised environment makes scaling up or down a smooth process. 

  1. Improved User Experience

A well-optimised M365 environment leads to a better user experience. Employees will find it easier to collaborate, communicate, and access the tools they need. This can boost morale and job satisfaction, ultimately leading to higher employee retention rates. 

Practical Tips for Optimising Your M365 Environment 

Now that we’ve highlighted the importance of optimisation, here are some practical tips to get you started: 

  1. Conduct a Thorough Assessment

Begin by assessing your current M365 environment. Identify areas that need improvement, such as licensing, permissions, and configuration settings. A comprehensive audit will help you pinpoint areas for optimisation. 

  1. Customise Your Environment

Tailor your M365 environment to match your organisation’s unique needs. Customise SharePoint sites, Teams channels, and other applications to align with your business processes. Implement automation and workflows to simplify repetitive tasks. 

  1. Implement Security Best Practices

Enhance security by implementing best practices such as multi-factor authentication, data loss prevention, and email encryption. Regularly update security policies and educate your staff on cybersecurity awareness. 

  1. Monitor and Maintain

Continuous monitoring is crucial for ensuring your M365 environment remains optimised. Regularly review usage patterns, troubleshoot issues, and apply updates and patches as needed. Consider investing in management and monitoring tools to simplify this process. 

  1. Train Your Team

Proper training for your staff is essential. Ensure they are well-versed in using M365 tools efficiently and securely. Encourage ongoing learning and provide resources for continuous improvement. 

  1. Seek Expert Assistance

If your organisation lacks the in-house expertise to optimise your M365 environment, consider consulting with Microsoft 365 experts or managed service providers. Their experience can help you navigate complex configurations and ensure you’re getting the most out of your investment. 

In conclusion, Optimising your Microsoft 365 environment is not just a one-time task but an ongoing effort that reaps numerous benefits. Enhanced productivity, cost savings, improved security, scalability, and a better user experience are all outcomes of a well-optimised M365 environment. By following the practical tips outlined in this blog, your organisation can harness the full potential of Microsoft 365 and stay competitive in today’s digital business landscape. 

Free Health Check 

Unsure of the savings you could be making in your Microsoft 365 or Azure environment? Want to know more about your employees’ adoption and usage of new solutions? Keen to better understand security and identity vulnerabilities?  

We’ve been running free health checks with our clients to help answer two simple yet significant questions:

• Am I investing in the right licenses?
• Am I making the most of my licenses?

This helps our clients optimise, secure, and control their environments, that can result in savings between 19% and 36%. 

To claim your free M365 health check, fill in a contact form here or call us at 0151 220 5552 

Not convinced? Why not check out a series of podcasts that give you more information on the value of Optimising your environment.  

Stop spending too much and optimise your m365 costs | Ep 2 

Unlocking Cloud Optimisation Strategies | Ep 25 


Optimising cloud costs | Ep 30 

CTO Insights December Newsletter – Black Hat Europe Special

CTO Insights December Newsletter – black hat Europe Special 

The end of the year is quickly approaching and of course, your mailbox will be full of lookbacks and look-forwards, so I’ll save you one more by not doing any of that here. Instead, I thought I’d share with you some of my findings from my trip last week to black hat Europe in London (Dec 4th– 7th), now that’s much more fun, isn’t it? 

The sessions 

As it turned out I didn’t get a chance to do as many sessions as I would have liked, but the ones I did were interesting.  

The threat of DeepFakes 

I’ve spoken with a few industry experts on this topic this year and it’s going to be a huge challenge. This year has seen the commoditisation of Generative AI. This has created opportunities for businesses to find new ways to innovate, but it has also introduced new ways to innovate for cybercriminals. If you think about some of the uses of this tech, we already see from Instagram to Zoom, the ability to, in real-time, add filters, change the look of someone, and add backgrounds, all in an app at the click of a button. Cybercriminals are similarly using these accessible tools to carry out more innovative attacks. For example, companies such as resemble.ai which allow for speech creation are being used to try to carry out attacks against either voice security or to try to con an individual into engaging in a conversation. This type of attack is very difficult to recognise and stop and shows the scale of the challenge. There is little by way of technology that can tackle this currently, so awareness and education are crucial in trying to tackle it, knowing it’s a risk and looking at how to recognise it is essential. One good but of advice here was to remember some of the basics of cybersecurity if you are not expecting it then treat it as suspicious. 

As a little addition to this, I grabbed this screenshot of something that raised a smile. It shows how creative criminals can be! Here using fake fingers to come up with an AI defence in court, technology eh! 

Threat trends 

It’s always interesting to understand where threats are coming from. Threats continue to develop across a broad spectrum of areas. There were a few interesting statistics I picked up during my time at the event, that should help to provide us with some focus on future threat vectors. 

API-based attacks – There has been a doubling of cyber-attacks on APIs in the past 12 months. This makes sense as you look at our increased demand for integration and automation between platforms. In many instances, we no longer consider solutions if they don’t “publish their APIs”. However, that presents a potentially significant risk, with unsecured APIs are great route for a cyber attacker. Luckily this is an increasing number of API security tools available in the market, and their adoption can deliver high value. But it is not yet a table stake for many as we review our security options. 

Ransomware – continues to dominate, with some shocking statistics shared from various vendors, this included a 143% growth in zero-day attack victims and a 42% increase in attacks on manufacturing. A rapidly evolving space to try to tackle this challenge is network micro-segmentation. This is usually based on software-defined policies with extremely granular controls allowing for context-based segmentation. This has two potential benefits, firstly it builds new security boundaries into your network environment, and in the event of an attack, it can more effectively reduce the “blast” from an attack, by limiting how much lateral movement an attacker can gain from a compromised machine. 

DDoS attack growth – this was an interesting area, almost like welcoming back an old friend, while basic as an attack method it can be hugely effective in reducing access to systems and services. Threat actors have recognised this with growth in DDoS attacks across a variety of sectors including manufacturing and financial services. Stopping these attacks can be difficult, but there are technology shifts to help try to reduce the impact of DOS attacks. This includes architecturally building DNS resilience with Edge Platforms and cloud services. Also the development of scrubbing technology both at the edge and across cloud apps and infrastructure. 

The threat landscape does continue to change, and it is important as CTOs that we try to stay ahead of potential threats and the mitigation steps we can take. Events like Black Hat are always useful in that way and can be a good source of education and an effective way to evaluate a range of the leading vendors in the space. 

Beyond Black Hat

The second of our CTO Insights videos is now available for you to enjoy. This time my guest is NetApp Field CTO, Grant Caley. Grant has over 20 years in the data and storage industry, with much of that time spent at NetApp. During our 25-minute chat, we talk about a wide range of modern data challenges and how, some of our more traditional approaches to dealing with them, are more than valid today. Grant shares insight on data management, optimisation, data platform integration, and the important part that your data storage plays in your business security.  

Grant’s a great guy to chat with and offers some insightful views of the evolving world of data. 

The full video is available on our YouTube channel or if you prefer it in four bit-sized chunks, then we have that too, you’ll find part one here. If you’d like to checkout our range of Tech Takeaway podcasts, you can see those here.

Merry Christmas  

That leaves me with just one thing to say at this time of year and that is to wish you all a Merry Christmas and enjoy the Christmas break, if you are lucky enough to get one. While the world of technology never really stops, this is at least a chance to pause, enjoy time with those closest to you and set yourself up to tackle 2024 head on. 

Enjoy the holidays and CTO Insights will be back in the new year. 

Strengthening Security with Multi-Factor Authentication

In today’s digital era, safeguarding the security of your online accounts and sensitive data is crucial. The conventional username and password combo, once seen as a robust security measure, no longer provides sufficient protection. As cyber threats continue to evolve, becoming ever more sophisticated, it’s high time to embrace Multi-Factor Authentication (MFA) to fortify your digital defences. 

What Exactly is Multi-Factor Authentication (MFA)? 

Multi-Factor Authentication, often known as MFA or 2FA (Two-Factor Authentication), necessitates users providing two or more forms of identification before gaining access to an account or system. This introduces an additional layer of security beyond the traditional username and password, making it considerably more challenging for unauthorised individuals to gain access. 

How Does MFA Function? 

MFA typically incorporates three distinct authentication factors: 

  • Something You Know: This corresponds to the conventional username and password. It’s the knowledge-based factor and serves as the initial line of defence. 
  • Something You Have: This can be a physical device like a smartphone or a hardware token. Following the input of your username and password, you’ll be required to provide a code generated by the device or received through a mobile app or SMS. 
  • Something You Are: This refers to biometric authentication, such as fingerprint recognition, retina scanning, or facial recognition. The inclusion of biometrics enhances security significantly. 

The Benefits of MFA 

  • Heightened Security: MFA substantially minimises the risk of unauthorised access, even if an intruder manages to acquire your password. They would still need access to your second-factor authentication method. 
  • Resilience Against Phishing: MFA serves as a robust defence against phishing attacks. Even if you inadvertently disclose your password to a fraudulent website, the attacker will still require your second-factor authentication. 
  • Compliance Obligations: Many regulatory frameworks and industry standards, such as GDPR and HIPAA, mandate the implementation of MFA to safeguard sensitive information. 
  • User-Friendly Experience: Modern MFA solutions are designed to be user-friendly and convenient. Mobile apps and biometric methods have streamlined the process for users. 

Deploying MFA Within Your Organisation 

To effectively implement MFA within your organisation, consider the following steps: 

  • Select the Most Appropriate MFA Method: Choose the MFA methods that align with your organisation’s specific requirements. Options include SMS-based codes, mobile apps like Google Authenticator, or hardware tokens. 
  • Educate Your Users: Provide comprehensive training and guidance to your employees or users on setting up and using MFA. Ensure they appreciate the significance of this additional layer of security. 
  • Continuous Testing and Monitoring: Regularly assess your MFA system and closely monitor for any suspicious activity. Be prepared to respond swiftly to any security incidents. 
  • Explore Adaptive Authentication: Certain MFA solutions offer adaptive authentication, which evaluates the risk level of login attempts and adapts the authentication requirements accordingly. 

In conclusion, Multi-Factor Authentication stands as a vital tool for safeguarding your digital assets in a progressively perilous online landscape. By incorporating MFA, you can significantly elevate your security posture and diminish the risk of unauthorised access to your accounts and systems. Stay one step ahead of cyber threats and make MFA an integral component of your cybersecurity strategy today. 

Want to learn more about MFA? Listen to a recent Tech Takeaway episode titled – The Evolution Of MFA

If your organisation needs help in deploying MFA, please feel free to contact our team by filling out a contact form by clicking the ‘contact us’ button in the top right of the page. Alternatively, you can email us at, sales@gardnersystems.co.uk and a member of the team will be in touch.  

 

CTO Insights November Newsletter

Welcome to this latest CTO Insights November newsletter, it has been a hectic time recently so please excuse the extended gap between editions. I’m sure you are keen to know what’s been catching my attention since we last spoke? 

Something new

Welcome to this latest CTO Insights November newsletter, it has been a hectic time recently so please excuse the extended gap between editions. I’m sure you are keen to know what’s been catching my attention since we last spoke

As a CTO I’m always looking for new crazy ideas to share information, and here’s one of them, our new CTO Insights videos! This series of videos sees me chat with an industry expert about a particular topic. First is Jon Hope, Senior Technologist at Sophos. Jon joined me for a wide ranging chat about the current state of cyber security and what the future holds. 

The overall chat is around 30 minutes, but to make life a little easier I’ve broken it down into bite size 5 minute videos. 

The first two of these (alongside the longer version) are available for you now. 

In part one we discuss the recently released Sophos Ransomware Threat report and what it means for CTO/CISOs and whether paying ransoms is ever the right thing to do. 

You’ll find part one here. 

In part two, we discuss the inevitability of attacks, how attacks have modified into double and triple “dip” attacks and what to do about them. We also discuss incident response plans and why it’s essential to have them.  

I’d love your feedback on the format and what topics you’d like me to cover in future videos. 

Looking after your security team

Back in mid-September I attended a Future of Cybersecurity event in Manchester. There was the usual mix of vendors and presentations. But two in particularly caught my attention as they discussed Cybersecurity wellbeing. The sessions shared a couple of troubling facts.  

  • Gartner reported 25% of Cyber Security Leaders will change careers by 2025 due to burnout. 
  • Forrester reported that of IT security staff 66% of them felt they were suffering stress and of those a further 50% were taking medication to help. 

Those statistics are not things we can accept, and we cannot shrug our shoulders and hope it gets better. Even from the most basic of business views, it is untenable as over stressed staff are more likely to make mistakes and when it comes to cybersecurity it is mistakes that threat actors prey on.  

How do we remove stress from our team? I imagine there is no easy answer and I’m not going to try to give one, but I did find a couple of good tips in this Watchguard Blog. 

End user education – Education can help reduce threats and incidents and therefore the burden on your security teams. 

Automation – Automate repetitive and time-consuming tasks so the team can stay focused on the priority areas. 

Consolidation – Reducing the amount of technology vendors in your security suite, this can help both reduce risks caused by gaps between tools and also improve operations by allowing more to be achieved within a single platform. 

There’s a couple of other additions I’d consider. 

Managed Services and AI – Managed solutions such as MDR can help greatly reduce the burden on security teams, providing them with experienced security team on hand 24×7. It’s also worth looking at how vendors are using AI to reduce time consuming tasks and help prioritise risk and threats. 

Security Culture – Build as positive a security culture as you can, make sure both your staff and your security teams feel that they are taken seriously, listened too and supported and if the worst happens, there will be no scapegoating. Security is too complex to expect perfection, so let’s not apply pressure by thinking that it is. 

Your Copilot to the future 

Welcome to this latest CTO Insights November newsletter, it has been a hectic time recently so please excuse the extended gap between editions. I’m sure you are keen to know what’s been catching my attention since we last spoke

Back in October I attended Microsoft’s Envision conference in London. Which brought out the Microsoft “big guns” none bigger than CEO Satya Nadella (Seen here with UK CEO Clare Barclay). The event was focused on Microsoft’s Copilot technology. Copilot is the product name for its integration of generative AI throughout its Cloud Platforms. This ranges from the generally accessible Bing Chat service, which provides you with GPT 4 powered integration with its search engine, through to its subscription add on services like integrating data sets for building learning model and its soon to be available Security Copilot. 

Copilot is interesting, as it is likley to be the first fully enterprise managed, large scale AI that many businesses will see. It will be baked into everyday tasks, from content creation to summarising long documents and Teams meetings. It is this, in a common everyday application like Microsoft 365, which is likley to bring business AI to the masses. I’m fascinated to see how this will be adopted and were it will lead to both innovation and better understanding of risks. We recently did a Tech Takeaways Episode – Exploring the Horizon with Microsoft Copilot discussing a little more about Copilot and its potential impact. 

I’d be interested to hear from others about your thoughts and plans for Copilot, so do please share them. 

That’s all for this edition of the newsletter, I have a couple of week’s of travel coming up, with a little holiday in Denmark before setting off to London for BlackHat Europe, so if you are going to be at the event, let me know. 

Look out for the next CTO Insight Newsletter coming soon.  

Trick or Treat: Hacker’s tricks and how to treat them

Trick or treat: Hacker’s tricks and how to treat them

As the nights draw in and the eerie period of Halloween takes hold, our thoughts turn to the spooky cyber threats lurking in the digital shadows. Much like the ghostly apparitions and mischievous spirits of Halloween, hackers revel in mischief, preying on vulnerable networks and unsuspecting individuals. In keeping with the Halloween spirit, let’s delve into the tricks employed by hackers and the treats we can utilise to fend them off. 

Trick 1: Phishing Schemes 

Phishing remains a favourite among hackers, casting out deceptive emails or messages, aiming to entice victims into divulging sensitive information. 

Treat: Implement robust filtering solutions to catch these deceptive emails before they reach inboxes. Conduct regular training sessions to educate your team on recognising phishing attempts and establish a clear protocol for reporting suspicious communications. 

Trick 2: Malware Attacks 

Malware is the digital bogeyman, lurking unseen only to wreak havoc once within the confines of your systems. 

Treat: Ensure your antivirus software is up to date, and schedule regular scans to catch and remove any malicious software. Educate your team on safe browsing practices and the risks associated with downloading files or software from untrusted sources. 

Trick 3: Ransomware Hauntings 

Ransomware is the modern-day haunting, hiding in the dark corners of your infrastructure waiting for the right moment to jump out and scare your data into hiding behind the couch of encryption! The waiting for payment before coming back out again! 

Treat: Maintain regular backups of critical data to mitigate the damage of a ransomware attack. Keep your systems updated with the latest security patches and employ network segmentation to contain and isolate any ransomware outbreaks. 

Trick 4: Social Engineering Spells 

Through cunning social engineering, hackers weave a spell to manipulate individuals into revealing confidential information or performing actions that compromise security. 

Treat: Foster a culture of security awareness within your organisation. Run regular training sessions to help your team recognise and resist social engineering attempts, focusing on skepticism and verification as key defensive measures. 

Trick 5: Unsecured Wi-Fi Witches 

Unsecured Wi-Fi networks serve as witches’ cauldrons, brewing trouble for any who dare to connect. 

Treat: Secure your Wi-Fi networks with robust encryption, change default credentials to remove unauthorised access, and consider employing a virtual private network (VPN) to provide an added layer of protection. 

Conclusion 

This Halloween don’t overlook the importance of fortifying your digital realm against the myriad trick’s hackers may deploy. By embracing the right cybersecurity treats, you can ensure a safe, spectre-free environment for your organisation, keeping the digital demons at bay. 

If you’d like some more information on how Gardner Systems can help your business stay protected, then head over to Gardnersystems.com, contact us at sales@gardnersystems.com or 0151 220 5552.

Want to keep up to date with tech’s biggest issues? Subscribe to the weekly airing Tech Takeaway’s podcast here

CTO Insights September Newsletter

CTO Insights September Newsletter 

Incredibly it is already September, and Britain’s long hot summer is starting to head off towards the sunset! But the warm glow of CTO Insights remains. So, settle in for some of the things that have caught my attention over the last few weeks 

How do you engage with your organisation? 

One thing that people in IT don’t consider often enough, in my opinion, is the importance of engaging with an organisation. Asking questions to help better understand what the organisation needs from its IT team, in order to function better and be more successful. Too often we find ourselves, delivering IT solutions that were not asked for and we are then surprised when we get “push-back” to its adoption. It is important to remember that IT is there to empower and enable an organisation, rather than to launch “cool” IT solutions upon it.  

Recently I had a fantastic chat with an IT Director of a large manufacturing company who provided me some great insight into this very challenge and his approach to overcoming it. His approach was interesting and not something I’ve come across before. To ensure they properly asked the business what it was they needed for IT they employed an Engagement Manager. The role was specifically to have open discussions across the entire business and understand what is needed to deliver new capabilities, efficiencies and services. Interestingly the role also focussed on asking whether they had any applications they’d found that would help them more effectively do their jobs. That’s a refreshing approach, asking people who are experts in their roles about tools they may find useful, is a smart idea and not one that we naturally adopt in IT, but one we certainly should. 

It got me thinking about what tips others have for effectively engaging with their organisation. So, if you’ve got some tips, I’d love to hear them so send them over to me or pop them in the comments. 

Is MDR (Managed Detection and Response) now the only answer? 

A couple of recent articles caught my attention and have me wondering whether the answer to many organisations’ cybersecurity needs external support is. I do say that as CTO of a company that can offer such services, but bear with me! 

Recently I saw this article over at Cybermagazine.com which discussed a state of cybersecurity report from security automation company Swimlane. The article quoted Swimlane’s findings that 33% of companies surveyed felt they would NEVER have a fully staffed cybersecurity team. This was also paired with UK research that suggested that 51% of companies have a basic cyber skills gap.  

If what we are saying is that we have an ever-evolving cybersecurity threat, paired with organisations who lack the resources they need, this is only likely to have one outcome. What then is the answer? 

The answer maybe within another announcement that caught my attention and that was Microsoft’s announcement of its own MDR service, providing managed SOC (Security Operations Centre) capabilities to augment its security platforms. The use of managed services continues to grow and Microsoft are the latest leading vendor adding human beings to their technology to support customers.  

As the cybersecurity threat landscape becomes more complex and resources scarcer, maybe it is time to consider MDR. To provide a little more on the topic, I recently published the article “As Microsoft joins the party, is it time to try MDR? ”  over at GigaOm. Have a read and see what you think. 

Network as a service – future of enterprise networking 

The world of the CTO is not all about cybersecurity of course. There are a range of other things IT leaders need to consider as they look to modernise and transform the way IT and technology is used within an organisation to allow them to remain competitive in their market. 

One such topic is covered in this article from a colleague of mine over at GigaOm, Andrew Green. Andrew recently posted an interesting article looking at Networking-as-a-service and how this can be used to drive enterprise network innovation. It is not an area that I’ve ever considered and I’m not sure networking innovation is high on people’s list. But Andrew makes a great case for why perhaps it should be. Have a read here. 

Come and join us at our IT Leaders Forum 

For those of you in and around Liverpool on September 20th we are running one of our regular IT Leaders Forums. These events bring together local IT leaders with their peers and global IT vendors to share ideas and provide feedback on business challenges and vendor strategy. These are usually lively and interesting affairs, and you are welcome to join us. 

Our next event brings to Liverpool Sophos, where we are going to be joined by Jon Hope, Senior Technologist and Peter Mackenzie, Director of Incident Response. They will be sharing insights into the current threat landscape and Peter will be sharing practical advice on how to respond to an incident and build incident response plans. This is a great opportunity to raise your cybersecurity concerns, share your experience or just chat with true subject matter experts. 

If you are in town and want to join us, then find out more details here Events – Gardner Systems 

That’s all from this edition of CTO Insights. If you have ideas or would like to have a chat, then contact me at cto@gardnersystems.co.uk find me on LinkedIn or Twitter and Threads @techstringy or book a chat via my meeting link 

 

CTO Insights August Newsletter

CTO Insights August Newsletter

August has rolled around and while nobody had told the British weather that it’s summer, let’s see if we can provide some CTO summer vibes for you to enjoy. 

IT Sustainability 

The idea of sustainability continues to be a prime conversation topic whether it’s politicians, media, the public or the boardroom and the desk of the CTO. What does sustainability mean for businesses? In reality, is much too broad a topic for a simple answer. But as IT pros we need to understand it and that starts with breaking it down into identifiable and measurable chunks. 

One such area is the impact of poorly managed and controlled data storage on sustainability. It’s an intriguing idea and one covered in this piece that an industry friend of mine Matt Watts, from NetApp, wrote for Tech Radar, Technology sector’s hidden issue: a landfill of data | TechRadar. It’s a good read and highlights an area in which we can make a difference. 

Microsoft flexing their cybersecurity muscles 

For those of you who keep an eye on Microsoft, It won’t have slipped your attention that they continue to rapidly develop their security portfolio. This has included a recent raft of announcements around their three security brands Defender, Purview and Entra. As I mentioned in the previous newsletter, Entra is Microsoft’s identity and access portfolio and this includes the rebranding of Azure Active Directory to Entra ID. But it is much more than that, to help people pick through these latest Entra announcements I’ve written this blog for my friends over at GigaOM and thought you may find it useful too Microsoft takes Entra to the edge – GigaOm. 

Microsoft’s announcement did not stop there. Another one that caught my attention was their move into the Managed Detection and Response (MDR) space. MDR is something that is gathering a lot of momentum in many organisations I speak with, as they try to augment their overburdened security teams. MDR is potentially an ideal solution, and It’s no surprise to see Microsoft launch their own MDR service to complement its Defender platform. To find out more here’s a Microsoft launch blog Microsoft Defender Experts for XDR | Microsoft Security. For the next newsletter I’m currently working on a more detailed blog looking at the MDR space in general, so stay tuned.

Security Incidents  

Cybersecurity incidents are not going away and to highlight this, a couple of recent Cyber Security incidents caught my attention. First up was the incident that impacted Capita, as reported here by Techerati. What this article provides is an insight into the real-world costs of a ransomware incident. The breach at Capita is reported to come with a likely price tag in the region of £15m-£20m. This is before any potential regularity punishment. The costs of a cyber incident are real and should be included when assessing risk to our organisations. 

The UK elections watchdog has also revealed that it has been the victim of a complex attack, as reported here by the BBC. Data was accessed which included names and addresses and it mentioned that control systems were also accessed. This is a good example of the statement “assume breach”. It’s a good approach to take when considering security, we just cannot assume that everything on the inside of our network is okay and should have carte blanche access. We must secure all of our systems and continually monitor access to ensure that any unauthorised access does not get to access our most sensitive information. 

CTO tips 

Finally, this came from a suggestion from one of my industry friends and newsletter readers, Phoebe Goh, from NetApp, who asked for some good tips for CTOs and senior execs. As someone new to the CTO role myself and doing this at a company that hadn’t previously had a CTO, I thought what a good idea because gaining tips from experienced CTOs has been invaluable to me. So I’ve put together three things that I took from conversations with other CTOs in terms of the role and what a good CTO should strive to do. Particular thanks to Howard Holton for these. 

What is the CTOs role?  

There will be more things here, but at a high level, the following makes sense to me. 

  • Define the tech stack – what should your technology stack look like to meet business/customer needs? 
  • Where do we invest? – What technologies should we be investing in to make sure we maintain our edge over our competition? 
  • What are the emerging technologies we should be looking at? – What’s next for our business, what are the technologies that are around the corner that we should, at the very least, understand? 

What should a CTO strive to do? 

Not only, what is the role, but for someone trying to do a good job as a CTO what should we strive to do? (I’m very much still working on this!) 

  • Be available – be a person that colleagues and customers can talk to about technology – it’s important to be able to do this at all levels, not just talk “techie” but speak in a language that makes sense to those asking. 
  • Formulate ideas around Technology quickly – While this doesn’t mean you should be an expert in all areas, it does mean, being aware of technology and being able to have an idea of how that technology can impact your business – being able to articulate, what it is and where we could use it in our business. 
  • And where you don’t have an idea about a technology – then be able to understand the impact that technology can have and what that may mean for your organisation. 

Be visible. 

It was the idea of being visible that led to this newsletter.  A newsletter can be a great way of sharing ideas and inviting conversations with your organisation, partners and customers. And hopefully, that’s what we can do here with CTO insights. 

If you’re new to the role or looking at ways to develop then hopefully some of these ideas will help. Of course, I’m pretty sure, others will have their own thoughts and I’d love to hear them, so we can share them more broadly. 

That’s all from this edition of CTO Insights. If you have ideas or would like to have a chat then contact me at cto@gardnersystems.co.uk find me on LinkedIn or Twitter and Threads @techstringy or book a chat via my meeting link 

The Northwest Tech Leaders Forum Thought Leadership Piece

The Northwest Tech Leaders Forum brings together a select group of industry experts and visionaries and provides a unique opportunity to delve into the key technology topics with global tech companies. The goal is to foster pragmatic discussions and offer valuable feedback, shaping the direction of the industry. With a history of successful technology leadership events, Gardner’s aims to regularly host these forums.  

In this year’s first forum, our leaders were joined by Lenovo to discuss pressing IT issues, to share their strategy for addressing them and hear from our forum guests about the issues they are facing and whether Lenovo’s strategy can help. 

Session Highlights 

Sustainability: Nurturing a Greener Future 

The session began with a focus on sustainability, where the prominence of Lenovo, a tech leader in this domain, became evident. Lenovo’s relentless innovation was evident in their commitment to using 75% recycled leather, recycled aluminum, and their journey towards net-zero emissions. Their dedication to sustainability extended to their global supply chain, making it easier for procurement to gauge their energy consumption. Notably, Lenovo had transitioned to plastic-free bamboo packaging that was easier to recycle, and they emphasized bulk packaging to minimize waste. Furthermore, it offers asset recovery services, facilitating the responsible disposal and recycling of equipment like printers and servers. They also provided a CO2 offset service, allowing customers to pay a levy for offsetting their carbon emissions. It also enabled customers to obtain a certificate from their website to highlight their commitment to sustainability. 

During the discussion, it was highlighted the significance of baseline sustainability and the positive impact of Lenovo’s CO2 offset initiative. One of our leaders agree, saying “that while sustainability might increase costs, Lenovo had re-invested these costs to develop industry leadership” and “as more modern machines became recycled, the industry would benefit.” The group agreed that no one wanted the technology sector to become the “Volkswagen” of sustainability, acknowledging that ESG credentials were becoming increasingly important, it had to be a real and measurable benefit. Interestingly one of our attendees pointed out how they were seeing new hires inquiring about sustainability, and how providing a sustainability certificate in their welcome pack offered a competitive edge in attracting top talent. Furthermore, it was noted that sustainability now factored into procurement decisions, emphasizing a cultural shift towards carbon neutrality by 2030 or 2035. 

Device as a Service (DaaS): Unleashing Flexibility and Sustainability 

The discussion transitioned to Device as a Service (DaaS), a concept that offered hardware, software, and services for a predictable periodic fee, reducing Total Cost of Ownership (TCO) by up to 20%. The global DaaS market was projected to grow from £50 billion £202 billion within the next five years.  

Feedback on DaaS was mixed, with some expressing uncertainty due to their existing capex-based purchasing approach. One speaker highlighted the challenge of dealing with device disposal at the end of their lifecycle. However, another suggested that offloading this responsibility to HR could be beneficial, allowing the IT team to focus on strategic initiatives rather than day-to-day operations. One speaker shared that his organisation had already implemented DaaS successfully, with devices financed over a longer period and ordering devices in advance without immediate payment being hugely beneficial. This then posed a question about the specifics of the DaaS financial model. While DaaS is a leasing model it is important to understand its additional benefits such as scalability and the ability to return unused devices, providing a more flexible model than existing leases. 

Modern Workplace: Empowering Collaboration and Efficiency 

The concept of the Modern Workplace, highlighting the license-based model of Microsoft’s Asure, Dynamics 365, and Mobility solutions was also explored. Lenovo’s Cloud Market Place, offering self-service capabilities, was also discussed. The group acknowledged the benefits of the Modern Workplace, including cost savings and the convenience of three-year licenses. 

Concluding Remarks 

The session was fascinating, and the attendees appreciated Lenovo’s involvement and honesty in sharing their initiatives and strategic ideas.  

Key Takeaways 

1.Sustainability: A Shift in Priorities 

Sustainability is now a key focus area, driven by internal governance, compliance requirements, supply chain considerations, and employee expectations. The days of choosing suppliers solely based on price competitiveness are waning, and organisations are realising that embracing sustainability can lead to a competitive advantage, attract talent, and secure funding. 

2. Device as a Service: Redefining Technology Procurement 

DaaS offers a more flexible and sustainable approach to technology procurement, reducing TCO while allowing for scalability. This model addresses the challenge of responsibly disposing of devices at the end of their lifecycle. 

3. Local Community Engagement: Repurposing Devices for Digital Inclusion 

The importance of collaboration between tech companies and local communities can be extremely valuable, particularly in repurposing devices to enhance digital inclusion initiatives. Partnerships with large organisations and the creation of national device banks can foster digital empowerment and enable access to technology for underprivileged communities. 

4. Modern Workplace: Streamlining Operations with Licensing Models 

The Modern Workplace, powered by license-based models such as Microsoft Azure, Dynamics 365, and Mobility, offers organisations the opportunity to streamline operations and leverage self-service capabilities. 

The Northwest Tech Leaders Forum aims to be a catalyst for thought-provoking discussions, setting the stage for continued progress in sustainability, technology procurement, community engagement, and workplace efficiency. By embracing these key takeaways, organisations can position themselves as leaders in their respective fields and contribute to a brighter and more sustainable future. 

See our full range of blogs and thought pieces here

More of a listener? Check out the Tech Takeaways Podcast here

Free Security Audit

Get a 1 hour FREE security audit!

Get in touch