Upcoming article: software supply chain attacks

My next feature for The Daily Swig will be an in-depth look at supply chain software attacks.

In light of the SolarWinds incident, organisations are on their guard for this type of attack, but how can they find and block them?

The piece will ask:

What is a software supply chain attack?

Where have we seen such attacks

What makes supply chain attacks so dangerous?

What damage can be caused?

and

How to prevent, or protect against, supply chain attacks

Please submit leads for research, opinion or offers of interviews no later than 1700 GMT, Tuesday 19th January. As usual, all submissions by email please.

Upcoming articles for Computer Weekly: storage

For Computer Weekly I am writing two further articles on storage technology. One on and one on Flash storage and RAID, the other on hyper-converged use cases.

Flash storage and RAID

For this article, we will look at how RAID technology works with Flash storage. Why does RAID still matter with Flash, and how will it operate with new storage technologies that could eventually replace Flash?

We will include:

  • Which RAID level is best for flash performance?
  • What benefits and drawbacks are there with parity based RAID in flash?
  • What are the benefits and drawbacks of mirrored RAID levels with flash storage?
  • What proprietary or branded RAID levels do the main vendors of flash storage offer? How do these translate into the commonly understood RAID levels?
  • What will supersede RAID as a means of drive/array data protection? For example erasure coding?

The deadline for submission of material is 1700, Wednesday 18th November. I can quote analysts and consultants; although I can’t quote vendors I welcome white papers or technical papers and case studies, as well as relevant product information.

Hyper-converged storage use cases

This article will look at five current use cases for hyper-converged storage.

The article will look at how hyper converged infrastructure works and where storage sits within that.

I am open to suggestions for the key use cases but the feature is likely to include:

  • Virtual machines and virtual desktops
  • Backup and recovery using HCI
  • High-performance, data rich applications such as AI and advanced analytics
  • Containers
  • Possible use of HCI by smaller businesses.

The deadline for submission of material is 1700, Monday 23rd November. The same quotation rules apply.

Filming during COVID-19

Camera solo operator

The global pandemic has restricted live events and filming. But Interviews and pieces to camera are still the cornerstone of programmes and corporate video.

Online video calling services are good, but can’t fully replace a professional interview.

So that we can provide face to face filming in the current conditions, we have put together two new video packages.

These are designed to minimise the risks from COVID-19, but still allow interviewees or presenters to appear on camera, in person.

To do this we have:

  • picked a venue that is large enough for social distancing and flexible enough to allow different set-ups
  • designed a single-person production workflow, reducing the numbers on set
  • provided links for communications teams and others to view the production remotely
  • undertaken industry-recognised training in COVID compliance measures
  • put in place strict procedures for cleaning equipment and the venue
  • limited bookings to two a week, so there is 72 hours between each client’s shoot

Our set up includes

  • Two 4K video cameras
  • Sound recording, via a boomed mic (no lavalier or handheld mics)
  • Lighting
  • Backdrops as required

The costs for these filming packages are:

  • Half day: £625
  • Full day: £875

The above prices include the location hire and parking, we are located in SW London.

Footage can be supplied as .mov files uploaded to the client’s servers, or edited. Editing starts at £400 a day. 

If you would like to find out more about the service please email stephen.pritchard@ensmedia.co.uk or call 0207 099 4862 and we will call you back.

Note all costs exclude VAT at the current UK rate.

Upcoming article: where next for the EU and cybersecurity?

This month, Germany took over the EU’s rotating presidency.

For the Daily Swig, this piece will investigate the German Presidency’s plans to improve the EU’s cybersecurity posture.

One of the Presidency’s six priorities is strengthening security and common values. For security, this is focused on better cross-border collaboration, inn crime and counter-terrorism.

For cyber specifically, the Presidency wants closer cooperation on network and information security, especially for critical national infrastructure and “other enterprises in the public interest”. And devices sold in the EU will need a minimum level of IT security.

How will the EU achieve these goals? And are these the right priorities right now? The feature will ask whether the EU’s objectives will mean greater security for citizens, and also assess its impact on the cyber security community, including business, security vendors, the workforce and academia and research.

I’m keen to speak to experts from across the cybersecurity space, especially those who have worked on EU initiatives. Please email

your suggestions for interviewees, or background information, by 1700 BST, Thursday 9th July.

New podcast episode: securing home working

In the latest episode of my Security Insights podcast, I speak to Amar Singh about steps organisations can take to secure home working.

Amar is the CEO of the Cyber Management Alliance, a cyber security adviser and crisis management firm. Amar is well-known as a security practitioner, speaker, and former CISO.

The CMA recently issued a free-to-use checklist on the steps security and IT teams can take to ensure working from home isn’t opening up businesses to undue risks. To listen to the interview, go over to the podcast on the Security Insights page.

If you are, or know, an expert in security who’d be a good guest for the podcast, please drop me an email. The podcast sets out to address strategic security issues and thought leadership in both the physical and cyber domains.

Upcoming article: Latest government data breaches in 2019/2020

I am researching an analysis into security breaches in the public sector. We are looking especially at globally significant incidents.

In the piece, we will examine the trend – how did 2019 compare with 2017 and 2018?

Are there any notable changes in geography, or in the type of breach?

Which organisations are being attacked, and is that changing?

What size of incidents are we seeing? Are they larger, or having a greater impact?

The piece will then look at the cost of public sector data breaches, and their impact. And we will ask if there are specific steps public sector IT and security leads should be taking to protect their assets.

The piece will appear in The Daily Swig. This earlier piece in the series, on healthcare, is a guide for what we are looking for.

Submissions of content or suggestions for interviewees, by Thursday 6th February, by email in the first instance.

Upcoming article: a deep dive into DDoS

For The Daily Swig, I’m writing an explainer on DDoS attacks, and how organisations can prevent them.

The article will include:

– A definition of a DDoS attack, and why they happen
– How a DDoS attack works, including its various stages
– Types of DDoS attacks
– Their impact on businesses
– The legal status of DDoS attacks
– Actions organisations can take to prevent or stop attacks and how to mitigate their impact.
We are also keen to include details of recent attacks, and any up to date research on the topic.

The deadline for submission of ideas, leads or content is 1700, on Thursday 21st November.

As ever email is the best way to reach me.

Upcoming articles: Disaster recovery planning, and Disaster Recovery as a Service

For Computer Weekly I am writing two linked articles on DR. The first is a top level overview on disaster recovery planning. The second looks more deeply at Disaster Recovery as a Service – a market analysts say is growing rapidly, and could soon outstrip conventional DR tools.

Essentials of disaster recovery planning

This article will cover the key points organisations need to consider when developing a disaster recovery plan. This will include:

Identifying the risks to of the organisation – this is about more than just IT. It will include physical, human and (cyber) security risks.

Identifying the key components of the IT system and the potential damage downtime or failure could mean to the organisation.

Determining RTOs and RPOs for each component of the IT system.

Developing a response strategy, which can comprise elements that range from premises and people to technology.

How disaster recovery can be provisioned in house, off site and in the cloud

Maintaining the DR plan. How is the plan validated, tested and updated?

Key DRaaS options

This is a drill-down into the key as-a-service options available for DR.

Why is DRaaS changing and how is the cloud influencing this?

What are the key features of:

  • managed,
  • assisted,
  • and self-service DR options

How does each work in terms of infrastructure, data transfer, and recovery etc and which types of use cases, size of organisation etc they are best suited to?

Finally, the piece might add pointers to help IT directors choose the right provision for their business.

Deadlines:

Customer case studies, research reports, technical information and white papers only please for these articles. For the Essentials, the deadline is 1700hrs, London time, Friday 15th November. For DRaaS, the deadline is 1700hrs, London time, Thursday 21st November. Please send information by by email in the first instance.

Upcoming article: Who needs object storage?

This article, for Computer Weekly, will be an explainer on on-premises object storage. It will set out the key differences between object and block and file, and their pros and cons.

The article will ask:

  • What is object storage?
  • What are its key use cases?
  • What workloads need object storage?

The second half of the article will be a product section giving a vendor-by-vendor run-down on whether they provide hardware or software products, their architecture, scaling, speeds and feeds, data protection methods and other notable features.

There will also be a box out on cloud-based object storage.

Please submit background information such as white papers and case studies, product information, and suggested interviewees/experts, by 0900hrs Friday 19th July by by email in the first instance.

Please do not submit pre-written commentary or quotes.

New website section: recent work

I’ve just added a new page to the website, which links to a selection of recent projects.

These are mostly journalistic assignments; for reasons of confidentiality I’m not always able to share non-journalism work in public.

Do check back as I will add further links when I can.

The page is here: