Blog by Mike Small

Blog
AWS Announces EU Sovereign Cloud
by Mike Small
On October 25th, 2023, AWS announced their intention to launch AWS European Sovereign Cloud. This is an important announcement which reflects the impact of EU GDPR regulation and the EU recent Schrems II judgement . What was Announced AWS European Sovereign Cloud will be a new, independent cloud for Europe that is designed to help public sector organizations and those in highly regulated industries meet the regulatory data residency and operational requirements. This cloud service will be located and operated within Europe. It will be physically and logically separate from...
Read More
Blog
Cloud Security Alphabet Soup
by Mike Small
Organizations are exploiting cloud services to accelerate business changes without the need for capital expenditure or lengthy procurement delays to obtain hardware. However, the dynamic nature of cloud services creates new security challenges that need a dynamic approach to governance and security controls. In addition, the responsibilities for security and compliance are shared between the CSP (Cloud Service Providers) and the cloud customer and it is up to the customer to ensure that they use the cloud in a secure and compliant manner. On top of that, each cloud service...
Read More
Blog
UK Data Protection – What Is Changing
by Mike Small
On March 8 th , 2023, the UK Government introduced a new Data Protection and Digital Information Bill (2) into parliament.  The government announcement of this bill claimed that “British Businesses to Save Billions Under New UK Version of GDPR”.   What does this mean in practical terms for businesses and consumers? Nothing has changed - yet This announcement needs to be put into context.  Firstly, the political context is that the government has been under pressure to show some tangible benefits from Brexit.  In September 2022, the UK...
Read More
Blog
How Does Using Cloud Services Alter Risk
by Mike Small
I am often asked “does using a cloud service alter risk?” I always reply to this question with “well it depends”. Every organization has its own set of circumstances, and the answer needs to take these into account. It is also important to think about how the responsibility for security is shared between the service provider and the customer. This blog outlines the core business risks and what organizations need to consider. Business Risks While much discussion focusses on the technical risks, at the business level there are three distinct cyber risks, and...
Read More
Blog
Digital Transformation - Multi-Cloud and Multi-Complex
by Mike Small
Organizations are going through a digital journey to exploit the digital systems to create new services, get closer to their customers and to improve efficiency. This process has been accelerated by the COVID pandemic where survival depended upon being able to change. This has led to a fragmented IT environment using multiple cloud services as well as on premises and edge. The challenge is now how to manage the complexity this has created. There are now many solutions on the market with acronyms like CSPM, CNAPP, CIEM, CWPP. What are these solutions, and do they really help? Digital...
Read More
Blog
Prepare, Prevent and Protect
by Mike Small
Is your Digital Supply Chain your weakest Link? In the 1950’s the Lyons restaurant chain in the UK built their own computer and wrote all the applications that they needed to manage and optimize their operations. This was called LEO – Lyons’ Electronic Office.  Today, this would be impractical, and all organizations now rely on IT software and services delivered from external suppliers. The creates a supply chain that is very attractive to cyber adversaries because of the leverage it provides.  One compromised component is delivered to many potential...
Read More
Blog
When will Ransomware Strike? Should you Hope for the Best or Plan for the Worst
by Mike Small
Why Backup and Disaster Recover is ever more important In May 2021, the Irish health Service (HSE) was hit by a ransomware attack. According to the BBC this caused substantial cancellations to outpatient services and staff having to resort to paper-based systems. The service was still recovering from this attack four months later and, although it said than 95% of its servers had been recovered it still had an area of its website devoted to giving updates. Ransomware has become a rich vein that is being mined by cyber-criminals . Any organization that has money and time critical...
Read More
Blog
Log4j – How Well Did You Perform?
by Mike Small
Over the past few weeks since this vulnerability was made public much has been written by many on what your organization should do about it.  This is not the end of the story; Apache has already released 3 patches for related vulnerabilities, and you need to be ready for the next one when it arrives. With the beginning of 2022 now is the time to step back and review how well your organization met the challenges that this posed.  What will your new year’s resolutions be? In this blog, I will outline some of the questions that you should ask yourself.  How well did...
Read More
Blog
A Sovereign Cloud Is About More Than Just Privacy
by Mike Small
Using cloud services has now become an essential component of digital transformation.  However, the dominant cloud service providers are not European and, following the recent Schrems II judgment, transferring personal data to these services has become increasingly problematic. This is just one factor behind the increased interest in the idea of the sovereign cloud. The Impact of Globalisation Globalization has provided many benefits allowing nation-states and organizations to obtain what they need, when they need it from wherever it is cheapest. This has reduced the costs for...
Read More
Blog
Google Cloud Digital Sovereignty Announcement
by Mike Small
On September 8 th , 2021 Google and T-Systems announced their intention to build and deliver sovereign cloud services for German enterprises, the public sector, and healthcare organizations.  So, what are a sovereign cloud services and why does this announcement matter? Sovereign Cloud The sovereign cloud is seen as a solution to the risks that arise from the increasing dependence of organizations on cloud services that are owned by foreign entities and delivered from outside of the local jurisdictions.  These risks include loss of critical services through geopolitical...
Read More
1 2 3 4 5 6 7 Next