Category: Cloud Infrastructure

GDPR is now in place to keep personal data safe at every stage of its lifecycle – from acquisition and processing, all the way through to storage and deletion. Unfortunately though, it is inevitable that events will sometimes happen that are outside of the data controller’s power. These events may include the accidental or purposeful alteration or deletion of data, situations where data becomes unavailable, such as a software provider outage, and the now all-too-common data breach.

Businesses can’t rest on their laurels and assume that the vendors they rely on have their backs. For example, many organisations still wrongfully assume that their Office 365 data is backed up by Microsoft, although the tech giant makes it very clear that protecting your data is ultimately your responsibility.

Organisations therefore need to be confident in their ability to recover lost data, access this information in a timely manner and react to any issues in a compliant way. Failing to do so could result in hefty fines and immeasurable reputational damage now that GDPR is in full effect.

The regulation leaves plenty of room for interpretation, and in order to cover all GDPR bases, businesses will likely need to adopt a number of different solutions that complement each other. When we drill down into specifics, it is clear that a number of articles within the regulation can be addressed through the secure backup of data.

Article 4

Firstly, Article 4 defines a personal data breach as ‘a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed’. Considering this definition, we can see that having backups of data helps to protect organisations from a number of scenarios that could result in disciplinary action.

Article 5

This article states that personal information must be up-to-date and consistently available, whilst being protected against loss, destruction or damage. This may seem like a difficult task on the face of it, but automatically backing up data is a good way to make sure that data sets are easily accessible at all times. Restoring this data in a timely fashion can also be done easily using eDiscovery with advanced capabilities that allow flexible search, recovery and export options.

Articles 28 and 32

These articles relate to the security of data processing, and state that organisations must be able to restore the availability and access to personal data in a timely manner if a physical or technical issue arises. They also highlight the need for regular testing and the evaluation of processes to ensure data is continuously safeguarded. Carrying out regular health checks of backup data and ensuring that a storage-level corruption guard is in place would help to adhere to these articles by offering peace of mind that backup information is easily accessible and can be restored at a granular level.

Compliance with GDPR requires multiple solutions and processes which work together in harmony. Once this is established, organisations will reap the benefits of a more secure, streamlined way of working. The easiest way to achieve compliance with the specific articles mentioned here is to adopt a backup solution that has been designed with GDPR in mind from the get-go. Fast-growth companies that require more flexibility and scalability should also consider backup-as-a-service options, which often offer additional layers of security. Either way, it is important that organisations can guarantee that nothing is missed.

Office 365 has, understandably, become a key fixture in almost all offices; as well as plenty of time and investment dedicated to optimising user experience, Microsoft has put a lot of effort into helping businesses secure their Office 365 tenancy, as more organisations completely migrate their exchange infrastructure to the cloud.

It makes sense, then, to assume that security comes as a guarantee with all Office 365 software. Unfortunately, this is simply not the case. In fact, Microsoft is very clear that Office 365 customers are ultimately responsible for protecting and controlling access to their own data.

The platform is only offered alongside very basic security measures and doesn’t provide sufficient disaster recovery options. Like any other software, Office 365 is not infallible, so it’s important to note that, without having a third-party backup solution in place, data could be at risk if is it deleted by mistake, breached or made unavailable for some reason. With that in mind, it’s advisable to have dedicated products in place to maintain a strong security posture.

We recently heard a story from a client that serves as a good reminder: the company had migrated to Office 365 some time ago and recently discovered that two members of the board’s email accounts had a rule set-up to forward all emails to an unknown Gmail account. They had no idea how long these accounts had been compromised, and subsequently performed an investigation. Needless to say, the compromised accounts had very weak passwords, such as the organisation name appended with a number.

Of course, even if this organisation had enforced a reasonable password policy, this is a very viable attack vector. Threat actors often make several unnoticed login attempts to Office 365 every day, putting sensitive data at risk. A successful breach could lead to a whole host of issues. For example, it could alter datasets or make important data unavailable and pause daily operations. Another possibility might be that a breach might cause data to be permanently deleted or held to ransom.

Authentication and access controls have come a long way, but protection like multi-factor authentication can sometimes impact on productivity in the workplace. It’s therefore crucial to have a basis of strong organisational security awareness and dedicated security solutions throughout your organisation. This ensures your most important assets and sensitive data are safeguarded, while enabling employees to remain productive.

Our Office 365 backup solution, powered by Veeam, protects your business-critical information and enables the continuous availability of sensitive data, in line with GDPR requirements. To find out more about how we can help to you work safely and office peace of mind that your Office 365 data is always available whenever you need it, click here.

The Bunker-Ultra Secure, like a number of local companies, struggles to find IT talent. For us, the challenge is particularly in the Open Source, Microsoft and Networking teams where the ability to not only build complex and bespoke IT solutions is essential, the ability to ‘fail fast and learn and adapt quickly’ is key. Based in the beautiful Kent countryside, we can struggle to compete with the lure of London and City salaries, so we focus on ensuring our roles are varied and engaging, with the opportunity of personal development and a great work-life balance. We love apprenticeships and have been using them for many years to develop and nurture talent, however, have often found that the course syllabus can be seriously out of date, if not irrelevant.

We are excited about a new initiative where, in partnership with Holiday Extras, we are working with the East Kent Colleges to support and share information and feedback on the relevant behaviours and skills being taught in their IT faculties at NVQ L2, 3 and 4. Our aim is to ‘positively influence learners in our local area, helping them to not just be immediately employable but ‘actively sought after’, by employers’ who know they have been given an amazingly well-rounded education in IT over their time with the college. It will also give us the opportunity to improve our visibility and reputation as a local employer of choice.

#NicholasHolbrook-Sutcliffe, Principal of the Dover Campus of #EastKentCollege, reached out to us a few months ago to help his understanding of how local companies feel about the local colleges, as well as how we could potentially impact the learning landscape for students. As firm believers in giving young people every opportunity for success and the understanding that we could have the opportunity to directly impact, nurture and inspire the local collegiates to be driving for IT roles in the local area, we ran out of time and were keen to open up the discussion to a wider audience! We both agreed we want to ensure that East Kent College is producing top talent for local companies, be it directly from college into roles or through the apprenticeship path as well as to help them understand that there are aspirational roles in the local vicinity.

Fast forward to last week, where along with my colleague from Best Companies Top 100 employer #HolidayExtras, #NatalieAdams, I spent a super-interesting few hours with heads of faculty from a number of East Kent Colleges, discussing how as a tech employer, we want to support the learning of young people in East Kent as well as aid our understanding of the excellent courses already available through campuses in Dover, Ashford, Canterbury, Broadstairs and Folkestone. Having had a few days to reflect on our discussions, it is clear that by local businesses sharing information and specialism in an area with learning establishments, we can really support local learning institutions getting the very best from their learners. It was also clear the passion and enthusiasm the college has for making their syllabus one of the best in the country.

With the curriculums across their 5 campuses covering cyber security, networking, computer science, programming, app development and design, the future in these areas will no doubt be bright and individually, I am extremely excited and proud that we are able to help shape the approach and help shine a light on local companies who need these skills and talents, hopefully adding a real edge to the talent in East Kent.

A particularly interesting aspect of the discussion was around the fact that the focus for companies is not necessarily having students ‘graduate’ with in-depth IT, but instead be given the encouragement and development of traits and behaviours that will equip them for success. So what traits need to be nurtured? We discussed resilience, courage, flexibility, an interest in transformative tech, an inquisitive and disruptive approach and that as enablers we must help them be genuinely excited about change.

From a technical perspective a strong grounding in data security and how all IT is underpinned – a strong understanding of IT infrastructure and history to build upon, need to be installed into everyone no matter the specialism was also discussed.

So what are the next steps for us in this journey? I am looking forward to continuing further discussions with Nick and colleagues, with the aim of sharing the opportunity with the wider employment base in the area and for the faculties to start thinking about how we can help them deliver and mould their upcoming curriculum (and particularly IT curriculum from 2020). This is a real opportunity for us to continue to build ties and relationships throughout East Kent’s working and learning establishments and I for one, am looking forward to the challenge!

#TheBunker #supportinglearning #excitingopportunity #thosewhocan

Amazon Web Services (AWS) is a secure public cloud service and everyone wants a part of it. Offering on-demand delivery of compute power, database storage, applications and other IT resources through its cloud services platform via the internet with pay-as-you-go pricing, it is a commercially viable option for start-ups, Fintechs and other companies not looking to make large upfront investments in hardware.