New podcast episode: securing home working

In the latest episode of my Security Insights podcast, I speak to Amar Singh about steps organisations can take to secure home working.

Amar is the CEO of the Cyber Management Alliance, a cyber security adviser and crisis management firm. Amar is well-known as a security practitioner, speaker, and former CISO.

The CMA recently issued a free-to-use checklist on the steps security and IT teams can take to ensure working from home isn’t opening up businesses to undue risks. To listen to the interview, go over to the podcast on the Security Insights page.

If you are, or know, an expert in security who’d be a good guest for the podcast, please drop me an email. The podcast sets out to address strategic security issues and thought leadership in both the physical and cyber domains.

Upcoming article: Latest government data breaches in 2019/2020

I am researching an analysis into security breaches in the public sector. We are looking especially at globally significant incidents.

In the piece, we will examine the trend – how did 2019 compare with 2017 and 2018?

Are there any notable changes in geography, or in the type of breach?

Which organisations are being attacked, and is that changing?

What size of incidents are we seeing? Are they larger, or having a greater impact?

The piece will then look at the cost of public sector data breaches, and their impact. And we will ask if there are specific steps public sector IT and security leads should be taking to protect their assets.

The piece will appear in The Daily Swig. This earlier piece in the series, on healthcare, is a guide for what we are looking for.

Submissions of content or suggestions for interviewees, by Thursday 6th February, by email in the first instance.

Upcoming article: a deep dive into DDoS

For The Daily Swig, I’m writing an explainer on DDoS attacks, and how organisations can prevent them.

The article will include:

– A definition of a DDoS attack, and why they happen
– How a DDoS attack works, including its various stages
– Types of DDoS attacks
– Their impact on businesses
– The legal status of DDoS attacks
– Actions organisations can take to prevent or stop attacks and how to mitigate their impact.
We are also keen to include details of recent attacks, and any up to date research on the topic.

The deadline for submission of ideas, leads or content is 1700, on Thursday 21st November.

As ever email is the best way to reach me.

Upcoming articles: Disaster recovery planning, and Disaster Recovery as a Service

For Computer Weekly I am writing two linked articles on DR. The first is a top level overview on disaster recovery planning. The second looks more deeply at Disaster Recovery as a Service – a market analysts say is growing rapidly, and could soon outstrip conventional DR tools.

Essentials of disaster recovery planning

This article will cover the key points organisations need to consider when developing a disaster recovery plan. This will include:

Identifying the risks to of the organisation – this is about more than just IT. It will include physical, human and (cyber) security risks.

Identifying the key components of the IT system and the potential damage downtime or failure could mean to the organisation.

Determining RTOs and RPOs for each component of the IT system.

Developing a response strategy, which can comprise elements that range from premises and people to technology.

How disaster recovery can be provisioned in house, off site and in the cloud

Maintaining the DR plan. How is the plan validated, tested and updated?

Key DRaaS options

This is a drill-down into the key as-a-service options available for DR.

Why is DRaaS changing and how is the cloud influencing this?

What are the key features of:

  • managed,
  • assisted,
  • and self-service DR options

How does each work in terms of infrastructure, data transfer, and recovery etc and which types of use cases, size of organisation etc they are best suited to?

Finally, the piece might add pointers to help IT directors choose the right provision for their business.

Deadlines:

Customer case studies, research reports, technical information and white papers only please for these articles. For the Essentials, the deadline is 1700hrs, London time, Friday 15th November. For DRaaS, the deadline is 1700hrs, London time, Thursday 21st November. Please send information by by email in the first instance.

Upcoming article: Who needs object storage?

This article, for Computer Weekly, will be an explainer on on-premises object storage. It will set out the key differences between object and block and file, and their pros and cons.

The article will ask:

  • What is object storage?
  • What are its key use cases?
  • What workloads need object storage?

The second half of the article will be a product section giving a vendor-by-vendor run-down on whether they provide hardware or software products, their architecture, scaling, speeds and feeds, data protection methods and other notable features.

There will also be a box out on cloud-based object storage.

Please submit background information such as white papers and case studies, product information, and suggested interviewees/experts, by 0900hrs Friday 19th July by by email in the first instance.

Please do not submit pre-written commentary or quotes.

New website section: recent work

I’ve just added a new page to the website, which links to a selection of recent projects.

These are mostly journalistic assignments; for reasons of confidentiality I’m not always able to share non-journalism work in public.

Do check back as I will add further links when I can.

The page is here:

Upcoming commission: unstructured data compliance

For Computer Weekly, I’m looking at the compliance issues around gathering, storing and processing unstructured data.

This article will examine the likely compliance risks in unstructured data, and suggest potential solutions. It will ask:

  • What is unstructured data? How does it compare to structured and semi-structured data types?
  • Why is compliance an issue at all?
  • Why is achieving compliance of unstructured data potentially problematic?
  • What are the key steps to achieving unstructured data compliance?

As businesses gather ever greater volumes of unstructured data, and develop new ways to process and analyse the information, compliance becomes increasingly important. This is especially the case when organisations start to combine data sets, and use advanced analytics to search for insights in the information. Does the original consent to hold and process the data carry over to this type of application? And what happens when unstructured data is mixed with other data sets?

For the piece I am keen to have comments from data scientists, compliance experts, academics, lawyers and end user IT organisations. As the deadline is quite short, please send pitches, initial comments and leads to me by 1200 London time, June 13th by email please.

Upcoming commission: storage for machine learning

Data storage is an often-overlooked part of machine learning and other AI deployments.

This article will appear in Computer Weekly. It will cover:

  • Definitions of machine learning/deep learning
  • Its storage requirements including
    • Sizing, capacity, performance (to match compute)
    • Scale
    • Media (SSD vs HDD, hybrids of the two)
    • Parallelism
    • Throughput vs IOPS
    • Locations – including use of the cloud

For this article we are open to comments from vendors, as well as analysts, consultants and other experts. Examples of ML use cases and how systems were designed to run it are most welcome.

Initial pitches and leads by Wednesday May 29th by email please.

Upcoming commission: virtual server storage

My next article for Computer Weekly will look at the best storage options for virtual servers, including SAN, NAS and hyper-converged infrastructure (HCI).

Specifically, the piece will ask:

  • What kind of storage requirements virtual servers and their data have?
  • What are the characteristics of a) SAN b) NAS and c) hyper-converged storage? 
  • What are the pros and cons of SAN vs NAS for virtual machine storage? What are the management and performance issues?
  • What about scale? Is a SAN, NAS or HCI better suited to large or smaller deployments?
  • What impact do workloads have on storage choices? Are all virtual machine workloads created equal in I/O terms?
  • What other factors affect storage choices, such as the applications being used, scale of the deployment and even skills on the IT team?

First and foremost I am looking for background information, analyst research/ technical papers and case studies which will help to answer the points above. If you or your client has expertise in this area, please contact me by email in the first instance. The deadline for input is Monday, 13 May.


Upcoming commission: Scale-out NAS storage

My next article for Computer Weekly will be on “Scale-out NAS in the age of cloud”. The outline for the piece is below.

Scale out NAS is a very important storage technology for those that want to store large amounts of file and unstructured data. 

But in recent years it has had to fight off other methods of storing large amounts of unstructured data, namely on-premises object storage and the rise of the cloud providers and their (often object storage-based) storage offerings.

So, who are the key scale-out NAS providers now? What do they offer in terms of products? And how are they meeting the challenge of the cloud?

If you or your client has expertise in this area, please contact me by email in the first instance. The deadline for pitches and initial input is Monday, 25 March.