Capability: Network Optimisation

DORA & NIS2: Key considerations for senior management

Posted on: 30 November 2023
DORA & NIS2: Key considerations for senior management

 

In our increasingly digital world, safeguarding the digital infrastructure and information systems that uphold financial companies is now critical. Two key regulatory frameworks, DORA and NIS2, have emerged as essential regulations designed to enhance the protection of financial companies’ operations and systems.

My first blog of the four-part DORA and NIS2 blog series introduced the new financial regulations in-depth. In the second blog, I explained how these new regulations will impact UK financial companies. This blog will explore the key considerations around DORA and NIS2 for senior management.

In light of DORA and NIS2 taking effect, it is integral that senior stakeholders within financial companies are aware of the considerations that must be taken to effectively comply with these regulations and adhere to them accordingly. A few of the key considerations for senior management to be aware of are as follows:  

Navigate the cost of compliance 

It is important for senior management within certain financial companies to consider that complying with regulations may accrue significant financial costs. This is particularly likely in small and medium-sized enterprises (SMEs). Becoming digitally resilient and implementing the necessary measures to meet DORA requirements may require a hefty investment in technology, resources and expertise. This may, however, prove small in comparison to the cost of a breach, incoming fine, loss of reputation or even customers.  

Carefully assess maturity and capabilities 

The maturity and complexity of a financial company’s governance and internal practices will affect the challenges it faces in complying with DORA. Companies with lower maturity profiles may need to invest more resources and effort to meet DORA’s requirements. At every maturity level, it is vital for senior management to conduct thorough evaluations of the current state, identify any existing gaps and allocate the appropriate resources for compliance.  

Turning requirements into actions can be complicated

DORA introduces new compliance obligations and expectations for financial companies. It requires them to embed digital resilience throughout their operations, develop a Digital Resilience Strategy, implement a Digital Resilience Framework and address areas such as operational resilience testing, threat intelligence sharing and third-party risk management. Senior management must prepare themselves for the likely challenging undertaking of understanding the specific requirements and translating them into actionable steps across the wider business.  

Ensure third-party service providers’ compliance

Financial companies often rely on third-party ICT service providers to support their operations. DORA also applies to these service providers, imposing additional compliance obligations and oversight requirements. Therefore, it is critical for senior management to verify that third-party providers adhere to the prescribed standards and align with DORA’s requirements, which may involve renegotiating contracts or conducting due diligence to ensure compliance.  

Adhere to the compliance timeline 

While the European Parliament has approved DORA, it is only set to enter into force in 2025. Conducting a thorough gap assessment, developing a roadmap and implementing the necessary changes can be time-intensive, particularly due to the complexity of the requirements and potential need for significant operational adjustments. Therefore, senior management must plan compliance efforts and resources accordingly to align with the designated timeframe. 

How can CACI help? 

With over 20 years’ experience in helping deliver effective IT and security strategies to financial companies, CACI can help you navigate the changes and challenges brought on by DORA. Our experienced security and compliance experts can bolster your understanding of your network assets, help you conduct maturity assessments, address compliance gaps regarding the fulfilment of DORA implementation requirements, and much more.  

For more information, please read our recent whitepaper “Compliance with DORA and NIS2: Essential steps for UK financial companies”, which explores the impact of DORA and NIS2 on financial companies in the UK, key considerations for senior management and best practices for achieving compliance. You can also get in touch with the team here.

Network Automation: Should it matter to your business?

Posted on: 30 March 2023
Network Automation: Should it matter to your business?

PT Barnum once said, “Comfort is the Enemy of Progress!”

Keeping up with the rapid technological changes is essential for staying competitive, as is developing new ways to utilise your current technology capabilities.

With this in mind, have you explored how automation can benefit your business with increased productivity, reliability and reduced operating costs.

Let’s discuss a few areas where automation can change how your business works whilst futureproofing the solution.

Over the years, your business has grown, evolved and expanded. This can create highly complex configurations making network management, security update and innovation more tedious, expensive and challenging to implement.

In another instance, fast-growing companies look for further improvements in efficiency and productivity to ensure they get the best out of their teams and attract the best talent.

Network automation tools have been created for over 20 years and ClickOPS is still prominent, with more than 30% of enterprise network actions being automated. Nevertheless, there is renewed interest in concepts like GitOps and NetDevOps, which are quickly gaining popularity.

How does automation benefit you?

As detailed by MicroFocus, a Japanese financial institution stated that “Network automation has proven extremely effective for configuration management. Managing approximately 300,000 interfaces and 45,000 modules with Excel just isn’t feasible. It automatically collects firmware, CPU, power supply, and other detailed information from network devices, making real-time information management possible. As a result, the company can reduce information collection man-hours by 30% and increase the efficiency of various management tasks.”

Automating manual tasks or processes can improve accuracy and efficiency, so your IT team can focus on critical functions and strategic projects. You may tap into their creative and critical skills to discover their hidden talents.

Network automation allows you to complete changes and migrations with fewer resources, altering your teams to be more strategic and efficient, resulting in less human error.

Currently, most network maintenance is manual, logging into routers, switches, device discovery, and more. Consider what your teams can work on if they are not tied up with mundane but essential changes or provisioning.

It is essential to maintain regulatory compliance, but do you know that process automation can help your business to build a compliance program? The selected process is completed the same way every single time, which reduces the errors made. How does 100% accuracy in your audit trail sound?

Banks and financial institutions can easily find themselves over their heads with many rules and regulations to comply with. Fortunately, automation makes it easier. By automating complex banking workflows, such as regulatory reporting, banks can ensure end-to-end compliance coverage across all systems.

To deal with the ever-increasing complexity of networking, infrastructure and hybrid working environments, automation can make your teams more productive, the network more reliable, and the business easier to scale up.

So, as we said at the beginning, will you stay in your comfort zone or will you embrace the opportunity to use our specialists’ expertise to develop a strategy that will maximize your future opportunities.

How CACI can help

We have a great team of Network and Automation specialists who are happy to align with your strategy. We can futureproof your business to stand out from competitors by efficiently leveraging the full advantage of automation tools.

Get in touch with us today to find out more.

 

Note:
Nomura Securities Case Study (microfocus.com)

How to find the right IT outsourcing partner

Posted on: 17 March 2023
How to find the right IT outsourcing partner

Looking to work with an IT outsourcing provider? Finding the right partner to deliver your requirements can be a tricky and time-consuming process. But, done right, a successful outsourcing relationship can bring long-term strategic benefits to your business. We asked our experts to share their top tips on how to find the right IT outsourcing partner.

Evaluate capabilities

Having the right expertise is the obvious and most essential criterion, so defining your requirements and expectations is the best way to start your search.

When it comes to narrowing down your vendor choices, it’s important to consider the maturity of an organisation as well as technical capabilities. “The risk of working with a small, specialised provider is that they may struggle to keep a handle on your project,” warns Brian Robertson, Resource Manager at CACI. Inversely, a larger organisation may have the expertise, but not the personal approach you’re looking for in a partner. “Always look for a provider that demonstrates a desire to get to the root of your business’s challenges and can outline potential solutions,” Brian advises.

Find evidence of experience

Typically, working with an outsourcing provider that has accumulated experience over many years is a safe bet; however, Daniel Oosthuizen, Senior Vice President of CACI Network Services, recommends ensuring that your prospective outsourcing provider has experience that is relevant to your business, “When you bring in an outsourcing partner, you want them to hit the ground running, not spending weeks and months onboarding them into your world.” Daniel adds, “This becomes more apparent if you work in a regulated industry, such as banking or financial services, where it’s essential that your provider can guarantee compliance with regulatory obligations as well as your internal policies.”

So, how can you trust a provider has the experience you’re looking for? Of course the provider’s website, case studies, and testimonials are a good place to start, but Daniel recommends interrogating a vendor’s credentials directly, “A successful outsourcing relationship hinges on trust, so it’s important to get a sense of a vendor’s credibility early on. For example, can they demonstrate an in-depth knowledge of your sector? Can they share any details about whom they currently partner with? And can they confidently talk you through projects they’ve completed that are similar to yours?”

Consider cultural compatibility

“When it comes to building a strong, strategic and successful outsourcing partnership, there’s no greater foundation than mutual respect and understanding,” says Brian. Evaluating a potential provider’s approach and attitudes against your business’s culture and core values is another critical step in your vetting process. As Daniel says, “If you share the same values, it will be much easier to implement a seamless relationship between your business and your outsourcing partner, making day-to-day management, communication and even conflict resolution more effective and efficient”.

While checking a company’s website can give you some insight into your prospective provider’s values, it’s also worth finding out how long they’ve held partnerships with other clients, as that can indicate whether they can maintain partnerships for the long-term.

However, Daniel says, “The best way to test if a provider has partnership potential is to go and meet them. Get a feel for the team atmosphere, how they approach conversations about your challenges, and how their values translate in their outsourcing relationships.” Brian adds, “Your vision and values are what drive your business forward, so it’s essential that these components are aligned with your outsourcing provider to gain maximum value from the relationship.”

Assess process and tools

Once you’ve determined a potential outsourcing provider’s level of experience and expertise, it’s important to gain an understanding of how they will design and deliver a solution to meet your business’s needs. “It’s always worth investigating what tech and tools an outsourcing provider has at their disposal and whether they are limited by manufacturer agreements. For example, at CACI, our vendor-agnostic approach means we’re not tied to a particular manufacturer, giving us the flexibility to find the right solution to meet our clients’ needs,” Daniel explains

Speaking of flexibility, determining the agility of your potential outsourcing provider’s approach should play a role in your selection process. “There’s always potential for things to change, particularly when delivering a transformation project over several years,” says Brian, adding “that’s why it’s so important to find a partner that can easily scale their solutions up or down, ensuring that you’ve always got the support you need to succeed.”

Determine quality standards

Determining the quality of a new outsourcing partner’s work before you’ve worked with them can be difficult, but there are some clues that can indicate whether a vendor’s quality standards are in line with your expectations, says Daniel, “A good outsourcing partner will be committed to adding value at every step of your project, so get details on their method and frequency of capturing feedback, whether the goals they set are realistic and achievable, and how they manage resource allocation on projects.”

Brian also recommends quizzing outsourcing providers about their recruitment and hiring process to ensure that you’ll be gaining access to reliable and skilled experts, “It’s easy for an outsourcing provider to say they have the best people, so it’s important to probe a little deeper. How experienced are their experts? How are they ensuring their talent is keeping up to date? What is their process for vetting new candidates? All these questions will help to gain an insight into an outsourcing provider’s quality bar – and whether it’s up to your standard.”

Assess value for money

For most IT leaders, cost is one of the most decisive factors when engaging any service; however,
when looking for an IT outsourcing partner, it’s critical to consider more than just a provider’s pricing model. “Contractual comprehensiveness and flexibility should always be taken into account,” says, Brian. “A contract that is vague can result in ‘scope creep’ and unexpected costs, while a rigid contract can tie businesses into a partnership that’s not adding value.” He adds, “Ultimately, it comes down to attitude, a good outsourcing provider can quickly become a great business partner when they go the extra mile.”

Daniel agrees and advises that IT leaders take a holistic view when weighing up potential outsourcing partners, “Look beyond your initial project, or resource requirements and consider where your business is heading and whether your shortlisted providers can bring in the skills and services you need. After all, a truly successful outsourcing partnership is one that can be relied on for the long haul.”

Looking for an outsourcing partner to help with your network operations? Contact our expert team today.

Delivering data & insights to provide Bright Horizons with a new approach to childcare

Posted on: 29 November 2022
Delivering data & insights to provide Bright Horizons with a new approach to childcare

Highlights

• Bespoke data dashboard and InSite tools
• Acorn geodemographic data for multiple propositions and locations
• Customer and employee profiling to assess community need
• Enabling demand-led growth for genuine customer value
• Rapid report generation to inform many stakeholders

About Bright Horizons

Trusted by families to look after their children for over 30 years, Bright Horizons is an award-winning nursery provider. The company operates over 300 community and workplace nurseries throughout the UK: each is individually designed to serve the needs of its community. Bright Horizons provides tailored childcare for corporate clients and for families, at home, at work and in local settings.

The Challenge

Bright Horizons initially approached CACI for data to support their new site opening and acquisition insight programme. Property Asset Manager Oliver Brookes needed reliable data that was quick and easy to interpret for new site and location decision-making.

Marketing Manager Eddie Thorogood saw a further opportunity to use demographic data to support Bright Horizons’ proposition development and to better understand existing as well as potential catchments.

The Solution

CACI provided Acorn demographics, profiling and mapping, giving insight into specific postcodes and communities. High level demographic maps are instantly visible in InSite’s Locator tool.
Eddie explains: “The blend of data creates reliable and up-to-date information about the demand for our services, to support decision-making about how and where we can expand our operations so we can deliver high quality childcare where it’s needed. It also helps us improve our business model, so we can manage our portfolio and flex and balance our sites to meet changing needs.”

The Benefits

Bright Horizons’ three pillars are ‘people, quality, growth’. Eddie emphasises, “We’re not about just growing for the sake of it. We always want to be where we are needed – where parents can find us and our services will be useful. With this data insight at local level, we can provide a clear picture of community and workplace need to our senior leadership team, so they can sign off new facilities.”

Eddie explains

We have a complex business where everything is audience-centric, so we have multiple offerings. It’s a deeply human business – it’s all about nurturing young children.
The CACI data and dashboard reporting gives us tools to look through every single lens, to understand all the factors that matter to people.

Eddie Thorogood, Marketing Manager, Bright Horizons

Find out more

Please view the full customer story here. If you want to learn more or have any questions please get in touch with us.

How to spot a failing outsourced relationship

Posted on: 8 November 2021
How to spot a failing outsourced relationship

A relationship breakdown is never easy, not least when it’s with your IT outsourcing partner. But what makes a seemingly good relationship go bad, and can you spot the signs of impending IT outsourcing failure before it’s too late? To get some insight from both sides of the relationship, we asked Backbone Connect Co-founder and Director, David McLeod, as well as our own CACI Network Services Sales Director, Liam Delaney, to share their outsourcing experiences, reveal the red flags to watch, and the secret to maintaining a successful relationship with an IT outsourcing partner. Here’s what they told us…

1. Communication has broken down

One of the earliest warning signs that your relationship with your IT outsourcing partner is flagging is that the frequency of your communication has dropped. “There’s always a honeymoon period with any new outsourcing relationship – the energy levels are high, and contact is constant,” explains David. “The issues arise when that contact becomes less routine and conversations turn forced and fractious,” he continues.

“Confusion about how a team should communicate with their outsourcing partner can also lead to protracted conversations and frustrations from both sides of the relationship if they’re not clearly defined at the outset,” says Liam. Further, changes over time can significantly contribute to communication barriers. “Through the duration of any long-term outsourcing relationship, team members leave, and a legacy starts to develop, which limits the potential of your outsourcing partnership,” says David. Liam agrees, “Whenever there’s a major personnel change on either side of the partnership, it’s time to review the service and make sure that it’s still meeting your needs.”

2. The vision has become (or already was) blurry

While both David and Liam agree that a successful IT outsourcing relationship is one that evolves over time, Liam highlights the necessity of starting the relationship with clear expectations. “You can’t outsource a problem that you can’t define,” he warns. “Outsourcing partnerships can bring a wealth of expertise and experience into your team as well as achieve cost savings, but you need to be clear on what success you’re looking to achieve.” If the goals aren’t clear, it can be difficult for an outsourcing provider to take effective action.

David also advocates working with outsourcing partners whose cultural values align with your business to ensure longevity in the relationship. “Your business’s culture is the one constant, unchangeable thing, so it should be one of the key measures you use when considering any potential outsourcing provider.” He adds, “Put simply, if you’re wearing t-shirts, and they arrive in business suits, you’re likely to have a problem.”

3. Fingers are being pointed

“When something goes wrong and blame is being thrown around, you stop being on the same team and your pathway forward becomes blocked,” says David. Liam agrees, “A good outsourcing provider is one that acts as an extension of your team, always looking to add value and deliver positive outcomes, especially when tackling an unexpected challenge.”

While it’s important to understand why a problem has occurred, both David and Liam agree that maintaining open, honest and constant communication can ensure both sides of an outsourcing relationship resolve conflicts and challenges together, although David notes that “when you seem to have a stream of issues, a stigma can become attached to the outside party, making it difficult for that partnership to continue effectively if it’s not addressed.”

Liam says that establishing a communications flow which facilitates continuous feedback is one way to avoid minor problems becoming bigger issues, although he also acknowledges the value in a proactive vendor – “At CACI, we’re always trying to anticipate our clients’ potential roadblocks and challenges, so we’re providing solutions before something becomes a problem.”

4. Your contract has become a constraint

A contract provides both parties in an outsourcing relationship the benefit of structure and protection, but it can become a barrier to progress when projects pivot in a new direction. Working with a vendor that can be flexible and offer an element of elasticity in their approach can help to avoid partners becoming stuck in a bind.

However, the size of an outsourcing provider can also impact on how agile a partner can afford to be, warns David. “Smaller organisations are typically more agile than bigger providers, but they can be highly volatile as they grow and evolve, which can lead to issues later. On the flip side, a very large outsourcing provider may not be able to offer the personal, value-add partnership that you’re looking for.”

Liam also advises that businesses pay attention to the finer details when firming up their outsourcing requirement. “It’s important to consider the unexpected and unusual use case scenarios. You can’t capture everything, but having awareness and alerting your vendor of the potential changes and challenges ahead means they can be prepared to act and adapt, preventing your project from coming to a standstill.”

5. You’re not growing together

“A clear sign that your outsourced relationship isn’t working is when you start to feel anchored,” says David. An outsourced relationship that continues to evolve and enhance your business as it grows is one that is truly valuable according to our experts. One way to form a relationship that adds long-term value is to select an outsourcing partner that has a wider capability offering. “I’m always thinking about the longevity of a relationship, looking beyond the initial requirement, and thinking about what else we can do to add value to our clients,” says Liam.

Nonetheless, capability isn’t the only thing to look out for. As Liam explains, having a future-focused mindset is also critical to a long-standing relationship. “I believe that the most successful partnerships are the ones where the provider brings both vision and value. They’re not just focused on what the client currently does, but they’re looking at what else they can be doing to improve.”

However, both our experts noted that, like any relationship, an outsourcing relationship requires investment and trust to realise its full potential. “It’s all about building and nurturing a partnership,” says Liam. David agrees and adds, “Trust is critical, and it’s not established overnight. Take the time to get the basics right – once you’ve got that with the right partner, you can achieve much bigger things.”

Looking for an outsourcing partner to help with your network operations? Contact our expert team today

3 network transformation opportunities – and how to make them happen

Posted on: 28 September 2021
3 network transformation opportunities – and how to make them happen

Exploring network transformation opportunities

With digital transformation initiatives high on many organisations’ agendas and the impact of COVID-19 changing how most of us work forever, network transformation has never been more important.

And the truth is, there are a wide range of network transformation vendors to choose from. But most take a transactional approach to network transformation, delivering little value beyond the basic works carried out.

Rather than an “in and out” service, great network transformation relies on an end-to-end partnership-based approach, with your vendor working closely to understand all your requirements. It can also sometimes mean working across multiple lines of business and projects to deliver network transformation programmes at scale.

In working on multiple network transformation projects with one of our major transportation clients, there were some interesting opportunities we’d like to share. Here are three potential opportunities to be had by working with a network transformation specialist.

Opportunity #1 – Turn spare network capacity into additional revenue

For organisations with vast internal networks, there’s significant opportunity to commercially monetise spare capacity and offer greater flexibility to customers.

With a significant fibre network across its estate stretching tens of thousands of miles, our client realised that any spare capacity could be used for commercial applications to help generate additional revenue.

Using an end-to-end delivery process, we developed and launched a dark fibre service to help our client deliver connectivity as a service, in a way that was repeatable and efficient.

We kicked off the project by mapping out the client’s service lifecycle to identify any capability gaps. Once this was established, we brought together a selection of our client’s stakeholders virtually and ran interactive workshops to walk through draft processes, focusing on providing end customer service.

Following a successful service launch, several end customers now use our client’s services, with our client driving continuous improvements across the network. And we’re now working with our client to deploy the service across its wider network and develop a service model and approach for future deployments – allowing our client to develop its offering.

Opportunity #2 – Tackle customer complaints to strengthen relationships

In large organisations, it can often be a challenge to discover and resolve issues that directly impact customers. Following the regionalisation of our client’s legacy telecom assets, our client found that many of its asset managers were concerned about whether its legacy voice estate was fit for purpose.

Working with our client’s leadership team, we devised and managed a service improvement plan, which involved understanding the issues and what was needed to resolve them.

To help stakeholders mobilise the plan, we set up management reporting processes and acted as an intermediary between our client’s leadership and account management teams.

In just four weeks, we helped our client reach a resolution around its legacy voice estate, and moved the focus to other areas of concern – delivering improved service to our client’s regions.

Opportunity #3 – Dramatically reduce data centre costs

Outdated technology can be a significant drain on resources. And while it can be all too tempting to throw money and resources at the problem, this strategy can often cause more problems than it solves.

Our client had an ageing data centre infrastructure which was interfering with its ability to deliver a reliable service. What’s more, it was keen to ensure its mission-critical applications were always available. With its legacy technology approaching end of life and support, we recommended an infrastructure migration.

We worked closely with key stakeholders to create a test organisation at the start of the project to support the migration, helping our client build two new data centres with modern technology stacks.

Ensuring a thorough assurance process was used throughout to maintain regulatory compliance, we oversaw the design, implementation, and migration phases. And to confirm all programme deliverables were managed correctly, CACI developed a project management and testing platform using Jira and Zephyr.

By working closely with our client throughout the project, we helped the company save £40K and delivered the project two months ahead of schedule. Looking to the future, we’re now working with our client in an advisory role, helping it to shortlist an operating partner.

Network transformation: a world of opportunity

While network transformation opportunities can be wide-ranging and cover several lines of business, it’s important to select an outsourced vendor that also understands the importance of being a familiar point of contact.

Often embedded in clients’ teams for maximum impact, our end-to-end services allow our clients to benefit from a portfolio of skills and resources, helping them free up their teams to focus on more strategic activities.

To find out more about how we can help you design and implement network services – and even unite third party stakeholders – across your organisation, get in touch with our team of experts today.