Data Architecture Archives - Page 2 of 2

Eight crucial steps for Telcos to get TSR ready

Posted on: 1 February 2022

Following the introduction of the Telecommunications (Security) Act into UK law in late 2021, all telecommunications providers will soon need to comply with ‘one of the toughest telecoms security regimes in the world’ or risk financial penalties up to £10m.

With the clock counting down for Telcos to enter a new era of security, we consider the critical steps for providers to prepare for the regulatory road ahead.

1. Identify your gaps

Understanding your current state is the first step in achieving a successful transformation. A full audit of your security strategies, plans, policies, and effectiveness will expose your weaknesses and gaps, enabling you to take the right actions to protect your business and ensure compliance.

2. Prioritise your most pressing threats

While gathering data can provide better visibility of your network, taking reactive action to lower your risk isn’t the most efficient approach. Establishing levels of prioritisation will ensure your resources are being used to reduce risk in the right areas.

3. Get the right people in place

From gap analysis to operating model design, programme delivery, and reshoring, it’s likely you’ll need more people in place and new competencies developed. Getting the right partnerships and people now is key to getting ahead.

4. Incorporate legacy issues into your planning

Today’s telecommunications industry is built on multi-generational networks, and legacy systems continue to underpin critical infrastructure. While extracting these systems is not going to happen overnight, dealing with your legacy infrastructure should be an integral part of planning your implementation of the new Telecoms Security Framework.

5. Implement transparent designs

Failing to disclose evidence of a breach could result in a £10m fine, so built in transparency and traceability are key to your programme. Consider the likely information requests that are to come to ensure your design changes enable clear tracking and reporting.

6. Embed a security-first focus

Mitigating the risks facing the UK’s critical national infrastructure is the driving force behind the TSRs, and telecommunications providers will need to ensure that this mindset is embedded in the everyday. Buy-in from the business is core to any cultural shift, so align your leadership with a shared, cross-functional vision and get some early delivery going to build gradual momentum.

7. Prepare for more legislation

In November 2021, the Government announced The Product Security and Telecommunications Infrastructure Bill (the PSTI) to ensure consumers’ connected and connectable devices comply with tougher cybersecurity standards. As cybersecurity evolves, so will the threats to organisations, and telecommunications providers must be prepared for more regulatory oversight.

8. Embrace the benefits of built-in security

Ultimately, security that is built in rather than bolted on will enable providers to offer better protection and performance for customers, as well as foster trust with greater transparency. While the industry may not have been seeking the Telecoms Security Act, its passing prompt action to remove the constraints of old and reimagine and reshape to seize the opportunities of a new era.

For more information about TSR, download The impact and opportunities of the Telecoms Security Requirements report.

7 key things you need to know about the Telecoms (Security) Act

Posted on: 27 January 2022

The introduction of The Telecommunications (Security) Act into UK law late last year marked the arrival of a new era of security for the telecommunications sector, where everyone – from executive to employee – is responsible for protecting the UK’s critical network infrastructure against cyber attacks.

However, embedding a security conscious culture from top to bottom requires significant resource and expertise to steer towards success. With the clock already counting down, telecommunications providers are under pressure to begin their TSR compliance journey whilst ensuring that existing change programmes stay on track. Here, we consider the key considerations for communications leaders to ensure successful navigation and utilisation of the obstacles and opportunities that lie ahead.

Clear visibility is critical

Protecting your network, applications and data has never been more critical. However, blind spots, missing data, and the risk of dropped packets make management and protection of these challenging, not to mention the scale and complexity of many providers’ hybrid network infrastructure. Nonetheless, providers must ensure they are able to monitor security across the entirety of their network and can act quickly when issues arise.

Security and service quality will need to be carefully balanced

Whilst enhancing security is the ultimate goal of the Act, this cannot be at the cost of network performance. Outages themselves can put providers in breach of the regulations.

Security scanners are a key line of defence for network security, helping to identify known vulnerabilities which can be exploited if the correct mitigation steps aren’t followed, so ensuring you have a robust vulnerability management process is critical. Incorporating the right vulnerability scanning tools and following the required change management processes to correctly implement tools will help to secure your network whilst minimising any potential performance impact to your existing infrastructure or service outages.

Auditing abilities are a new superpower

Demonstrating compliance with the new legislation may pose a significant challenge to providers, particularly as they attempt to flow down security standards and audit requirements into the supply chain. However, implementation of robust auditing processes to identify and eliminate weaknesses and vulnerabilities are a must for keeping providers on the right side of the regulations.

Knowledge is power

With any significant legislature change comes a period of uncertainty as businesses adapt to change, so getting to grips with the new regulation changes ahead of the game is key. Many providers have already begun the search for talent with the technical skills and experience to deliver their TSR programmes; however, with the jobs market at boiling point, some providers may find utilising external partnerships provides a more practical route to successful delivery as well as a means to upskill and educate internal teams.

You’ll be tested

In 2019, OFCOM took over TBEST – the intelligence-led penetration testing scheme – from DCMS and has been working with select providers on implementation of the scheme. Whether through TBEST or not, providers will be expected to carry out tests that are as close to ‘real life’ attacks as possible. The difficulty will be in satisfying the requirement that “the manner in which the tests are to be carried out is not made known to the persons involved in identifying and responding to security compromises.”[1] Providers may need to work with an independent vendor to ensure compliant testing.

Costs are still unclear

While the costs for complying with the new regulations are still undermined, an earlier impact assessment of the proposed legislation carried out by the government indicated that initial costs are likely to be hefty: “Feedback from bilateral discussions with Tier 1 operators have indicated that the costs of implementing the NCSC TSR would be significant. The scale of these costs is likely to differ by size of operator and could be of the scale of over £10 million in one off costs.”[2].

Culture may challenge change

Technology will, of course, be at the forefront of communications leaders’ minds, yet the cultural changes required to successfully embed a security-first mindset are of equal importance and must be considered in equal measure. Change is never easy, particularly when there is a fixed deadline in place; however, delivery that is well-designed and meticulously planned is key. Ultimately, the onus will be on leaders to craft a clear vision – achieving network security that is intrinsic by design – as well as mapping out the road to get there.

Looking for more information about TSR? Download The impact and opportunities of the Telecoms Security Requirements report.

[1] The Electronic Communications (Security Measures) Regulations 2021 [draft]

[2] The Telecommunications Security Bill 2020: The Telecoms Security legislation

How to spot a failing outsourced relationship

Posted on: 8 November 2021

A relationship breakdown is never easy, not least when it’s with your IT outsourcing partner. But what makes a seemingly good relationship go bad, and can you spot the signs of impending IT outsourcing failure before it’s too late? To get some insight from both sides of the relationship, we asked Backbone Connect Co-founder and Director, David McLeod, as well as our own CACI Network Services Sales Director, Liam Delaney, to share their outsourcing experiences, reveal the red flags to watch, and the secret to maintaining a successful relationship with an IT outsourcing partner. Here’s what they told us…

1. Communication has broken down

One of the earliest warning signs that your relationship with your IT outsourcing partner is flagging is that the frequency of your communication has dropped. “There’s always a honeymoon period with any new outsourcing relationship – the energy levels are high, and contact is constant,” explains David. “The issues arise when that contact becomes less routine and conversations turn forced and fractious,” he continues.

“Confusion about how a team should communicate with their outsourcing partner can also lead to protracted conversations and frustrations from both sides of the relationship if they’re not clearly defined at the outset,” says Liam. Further, changes over time can significantly contribute to communication barriers. “Through the duration of any long-term outsourcing relationship, team members leave, and a legacy starts to develop, which limits the potential of your outsourcing partnership,” says David. Liam agrees, “Whenever there’s a major personnel change on either side of the partnership, it’s time to review the service and make sure that it’s still meeting your needs.”

2. The vision has become (or already was) blurry

While both David and Liam agree that a successful IT outsourcing relationship is one that evolves over time, Liam highlights the necessity of starting the relationship with clear expectations. “You can’t outsource a problem that you can’t define,” he warns. “Outsourcing partnerships can bring a wealth of expertise and experience into your team as well as achieve cost savings, but you need to be clear on what success you’re looking to achieve.” If the goals aren’t clear, it can be difficult for an outsourcing provider to take effective action.

David also advocates working with outsourcing partners whose cultural values align with your business to ensure longevity in the relationship. “Your business’s culture is the one constant, unchangeable thing, so it should be one of the key measures you use when considering any potential outsourcing provider.” He adds, “Put simply, if you’re wearing t-shirts, and they arrive in business suits, you’re likely to have a problem.”

3. Fingers are being pointed

“When something goes wrong and blame is being thrown around, you stop being on the same team and your pathway forward becomes blocked,” says David. Liam agrees, “A good outsourcing provider is one that acts as an extension of your team, always looking to add value and deliver positive outcomes, especially when tackling an unexpected challenge.”

While it’s important to understand why a problem has occurred, both David and Liam agree that maintaining open, honest and constant communication can ensure both sides of an outsourcing relationship resolve conflicts and challenges together, although David notes that “when you seem to have a stream of issues, a stigma can become attached to the outside party, making it difficult for that partnership to continue effectively if it’s not addressed.”

Liam says that establishing a communications flow which facilitates continuous feedback is one way to avoid minor problems becoming bigger issues, although he also acknowledges the value in a proactive vendor – “At CACI, we’re always trying to anticipate our clients’ potential roadblocks and challenges, so we’re providing solutions before something becomes a problem.”

4. Your contract has become a constraint

A contract provides both parties in an outsourcing relationship the benefit of structure and protection, but it can become a barrier to progress when projects pivot in a new direction. Working with a vendor that can be flexible and offer an element of elasticity in their approach can help to avoid partners becoming stuck in a bind.

However, the size of an outsourcing provider can also impact on how agile a partner can afford to be, warns David. “Smaller organisations are typically more agile than bigger providers, but they can be highly volatile as they grow and evolve, which can lead to issues later. On the flip side, a very large outsourcing provider may not be able to offer the personal, value-add partnership that you’re looking for.”

Liam also advises that businesses pay attention to the finer details when firming up their outsourcing requirement. “It’s important to consider the unexpected and unusual use case scenarios. You can’t capture everything, but having awareness and alerting your vendor of the potential changes and challenges ahead means they can be prepared to act and adapt, preventing your project from coming to a standstill.”

5. You’re not growing together

“A clear sign that your outsourced relationship isn’t working is when you start to feel anchored,” says David. An outsourced relationship that continues to evolve and enhance your business as it grows is one that is truly valuable according to our experts. One way to form a relationship that adds long-term value is to select an outsourcing partner that has a wider capability offering. “I’m always thinking about the longevity of a relationship, looking beyond the initial requirement, and thinking about what else we can do to add value to our clients,” says Liam.

Nonetheless, capability isn’t the only thing to look out for. As Liam explains, having a future-focused mindset is also critical to a long-standing relationship. “I believe that the most successful partnerships are the ones where the provider brings both vision and value. They’re not just focused on what the client currently does, but they’re looking at what else they can be doing to improve.”

However, both our experts noted that, like any relationship, an outsourcing relationship requires investment and trust to realise its full potential. “It’s all about building and nurturing a partnership,” says Liam. David agrees and adds, “Trust is critical, and it’s not established overnight. Take the time to get the basics right – once you’ve got that with the right partner, you can achieve much bigger things.”

Looking for an outsourcing partner to help with your network operations? Contact our expert team today.

3 network transformation opportunities – and how to make them happen

Posted on: 28 September 2021

With digital transformation initiatives high on many organisations’ agendas and the impact of COVID-19 changing how most of us work forever, network transformation has never been more important.

And the truth is, there are a wide range of network transformation vendors to choose from. But most take a transactional approach to network transformation, delivering little value beyond the basic works carried out.

Rather than an “in and out” service, great network transformation relies on an end-to-end partnership-based approach, with your vendor working closely to understand all your requirements. It can also sometimes mean working across multiple lines of business and projects to deliver network transformation programmes at scale.

In working on multiple network transformation projects with one of our major transportation clients, there were some interesting opportunities we’d like to share. Here are three potential opportunities to be had by working with a network transformation specialist.

Opportunity #1 – Turn spare network capacity into additional revenue

For organisations with vast internal networks, there’s significant opportunity to commercially monetise spare capacity and offer greater flexibility to customers.

With a significant fibre network across its estate stretching tens of thousands of miles, our client realised that any spare capacity could be used for commercial applications to help generate additional revenue.

Using an end-to-end delivery process, we developed and launched a dark fibre service to help our client deliver connectivity as a service, in a way that was repeatable and efficient.

We kicked off the project by mapping out the client’s service lifecycle to identify any capability gaps. Once this was established, we brought together a selection of our client’s stakeholders virtually and ran interactive workshops to walk through draft processes, focusing on providing end customer service.

Following a successful service launch, several end customers now use our client’s services, with our client driving continuous improvements across the network. And we’re now working with our client to deploy the service across its wider network and develop a service model and approach for future deployments – allowing our client to develop its offering.

Opportunity #2 – Tackle customer complaints to strengthen relationships

In large organisations, it can often be a challenge to discover and resolve issues that directly impact customers. Following the regionalisation of our client’s legacy telecom assets, our client found that many of its asset managers were concerned about whether its legacy voice estate was fit for purpose.

Working with our client’s leadership team, we devised and managed a service improvement plan, which involved understanding the issues and what was needed to resolve them.

To help stakeholders mobilise the plan, we set up management reporting processes and acted as an intermediary between our client’s leadership and account management teams.

In just four weeks, we helped our client reach a resolution around its legacy voice estate, and moved the focus to other areas of concern – delivering improved service to our client’s regions.

Opportunity #3 – Dramatically reduce data centre costs

Outdated technology can be a significant drain on resources. And while it can be all too tempting to throw money and resources at the problem, this strategy can often cause more problems than it solves.

Our client had an ageing data centre infrastructure which was interfering with its ability to deliver a reliable service. What’s more, it was keen to ensure its mission-critical applications were always available. With its legacy technology approaching end of life and support, we recommended an infrastructure migration.

We worked closely with key stakeholders to create a test organisation at the start of the project to support the migration, helping our client build two new data centres with modern technology stacks.

Ensuring a thorough assurance process was used throughout to maintain regulatory compliance, we oversaw the design, implementation, and migration phases. And to confirm all programme deliverables were managed correctly, CACI developed a project management and testing platform using Jira and Zephyr.

By working closely with our client throughout the project, we helped the company save £40K and delivered the project two months ahead of schedule. Looking to the future, we’re now working with our client in an advisory role, helping it to shortlist an operating partner.

Network transformation: a world of opportunity

While network transformation opportunities can be wide-ranging and cover several lines of business, it’s important to select an outsourced vendor that also understands the importance of being a familiar point of contact.

Often embedded in clients’ teams for maximum impact, our end-to-end services allow our clients to benefit from a portfolio of skills and resources, helping them free up their teams to focus on more strategic activities.

To find out more about how we can help you design and implement network services – and even unite third party stakeholders – across your organisation, get in touch with our team of experts today.

7 signs that your company needs to outsource IT

Posted on: 21 September 2021

From reducing costs to meeting tight project deadlines and accessing specialist expertise, there are many advantages that come with outsourcing IT, but when does outsourcing offer the most benefit to businesses? We asked Brian Robertson, Resource Manager at CACI, to reveal the common signs that indicate a business would be better with an outsourced IT solution.

1. Your IT costs are high

Are budget worries keeping you up at night? Cost control is the most obvious reasons for businesses outsourcing IT. Indeed, a 2020 study by Whitelane Research found that 71% of UK businesses said that cost reduction was the main driver for outsourcing IT. But, is outsourcing really cost-effective?

“Just having a couple of IT specialists on your payroll can really rack up costs,” says Brian. It’s not just high salaries and the cost of employee benefits that are a concern. Companies that opt to run in-house IT departments also face the costs of purchasing, maintaining, and upgrading hardware as well as purchasing the software they need. “With outsourcing, these fixed costs become flexible, allowing you greater control of your budget,” says Brian.

2. You have skills gaps

The severe shortage in tech skills has long been a challenge for businesses, but as Brian explains, “The pandemic put organisations across every industry on a fast-speed trajectory to digitalisation.” He adds, “now, the focus is to keep that momentum going, but we’re seeing that many of our clients are looking for very specific expertise in a fiercely competitive and increasingly expensive marketplace.”

With recent research by ManpowerGroup finding that 69%, of employers globally are struggling to find workers with the right blend of technical and interpersonal skills, it’s clear that many businesses are fighting a losing battle. “This is where working with a trusted IT outsourcing partner can prove to be a strategic move,” says Brian. “A good outsourcer will always assess their client’s requirements holistically – matching skills and experience as well as cultural fit with end goals.”

3. Your IT infrastructure is outdated

“IT infrastructure is a vital component in every business, but it can become a huge drain on productivity, not to mention a growing security risk if not invested in,” warns Brian. He adds, “However, upgrading an outdated infrastructure is a resource investment that many lean I.T departments can ill-afford, creating a stalemate situation that prevents a business from maintaining competitive advantage.”

Therefore, if a business is struggling to maintain and manage its day-to-day IT operations, outsourcing may provide a practical solution. In addition to unlocking access to the latest and greatest tech, working with a reliable IT outsourcing partner will ensure your IT operations are optimised for enhanced performance, releasing your in-house staff to focus their efforts on achieving your business objectives.

4. Your business is vulnerable to security threats

Cyber security breaches are increasing. According to a survey released by GOV.UK last year, 46% of UK businesses and charities reported a cyber attack during the year, with 33% of those claiming they experienced a cyber breach at least once a week in 2020 – up from 22% in 2017.

The growing sophistication of cybercrime puts immense pressure on in-house teams as they struggle to stay on top of critical security practices such as 24/7 networking whilst also maintaining the myriad security systems they have in place. As Brian warns, “When it comes to cyber security, it’s not just a case of having the right technology in place, you need round-the-clock specialists that have the experience and expertise to utilise those tools and prevent potential threats before they become a problem.”

The global shortage in professionals with the right security skill sets are an additional challenge for businesses as they struggle to recruit and retain the specialists they need. Partnering with a trusted IT outsourcer can provide a cost-effective and reliable solution, as outsourcing removes vulnerabilities by ensuring a business’s security defences are ‘always on’.

5. Compliance is a concern

While cyber security is one concern, ensuring regulatory compliance is another, particularly in heavily regulated industries such as financial services. Failure to comply can lead to reputational damage and hefty fines, but to ensure compliance, organisations must have the capability to implement, maintain, monitor, and accurately report on IT infrastructure and security processes. As Brian explains, a partnership with a reliable IT outsourcer can offer significant value to a business that is under pressure to maintain compliance, “As well as providing the necessary resources and expertise to ensure compliance, an outsourcing partner will keep abreast of regulation changes, so your business is always one step ahead.”

6. You need flexibility

When you’re embarking on a new project, getting the right people with the right skill sets in place can be a difficult task. While upskilling your existing team members can be beneficial, inexperience coupled with a limited bandwidth can pose major risks to your project delivery as well as have a negative impact on your day-to-day operations. These problems are more acute if your delivery deadline is tight.

“Hiring new talent in-house is an option, but often it’s not the best one if a project is short-term or requires a range of specialist skill sets,” explains Brian. In these instances, partnering with an IT outsourcer can provide the most strategic, timely and cost-effective route forward because solutions are tailored to your specific needs. “Clients also gain from the insights and expertise of an experienced team – with the added benefit of elasticity to adapt if requirements change,” says Brian.

7. You need niche expertise

More budget-friendly than hiring a team of in-house specialists, and more reliable than challenging your existing team, outsourcing IT is often the most effective option when it comes to delivering projects that require niche expertise such as cyber security. Brian also highlights the benefit of introducing an outside perspective, “One of the most overlooked benefits of outsourcing is that businesses don’t just get access to specific skills and knowledge, they get to tap into a whole wealth of experience.”

“That’s why it’s so important to look for an IT outsourcing partner that has a proven record of proficiency and delivering results. Knowing what’s worked before, how to handle specific challenges, and what pitfalls to avoid –is truly invaluable to finding the solution that’s really going to work for your business.”

Looking for a reliable IT outsourcing partner? Share your requirements with our expert team today.