how software protects peopledocs.media.bitpipe.com/io_12x/io_129050/item... · relaunch of its it...
TRANSCRIPT
computerweekly.com 9-15 February 2016 1
Home
News
DDoS is most common method of cyber attack on financial institutions
The launch of Windows 10 could herald the comeback of the PC
Gatwick aims to make technology really take off for customers
Editor’s comment
Buyer’s guide to containers and microservices
How software boosts safety in aerospace, healthcare, oil and gas
Six CIO tips for business innovation with data
Downtime
computerweekly.com
ZH
ENG
ZA
ISH
AN
CH
U/F
OTO
LIA
Home
9-15 FEBRUARY 2016
How software protects people
The use of software to maintain safety in high-risk fields such
as oil and gas extraction holds lessons for other industries
computerweekly.com 9-15 February 2016 2
Home
News
DDoS is most common method of cyber attack on financial institutions
The launch of Windows 10 could herald the comeback of the PC
Gatwick aims to make technology really take off for customers
Editor’s comment
Buyer’s guide to containers and microservices
How software boosts safety in aerospace, healthcare, oil and gas
Six CIO tips for business innovation with data
Downtime
NHS 24 staff not trained properly ahead of IT system go-liveNHS 24 is aiming for a June relaunch of its IT system and says it has learned from its mistakes last year, when it had to withdraw the system 10 days after its origi-nal go-live on grounds of patient safety. A “lessons learned” report presented to NHS 24’s board this month said that launching the sys-tem in the middle of winter pres-sures had been “high risk” and that staff had not been properly trained before the system went live.
BT broadband network suffers technical faultBT’s broadband network and some phone services experienced technical difficulties that left users without service on 2 February. Reports of problems first emerged on social media at about 2pm. Service status website Downdetector.co.uk reported a spike in complaints at about 3pm. The outage affected users across the country.
TalkTalk loses more than 100,000 customers following cyber attackTalkTalk has lost 101,000 custom-ers since the October 2015 breach that saw the personal information of 155,000 people compromised in a major cyber attack on its website. The breach shut down TalkTalk’s sales operation for some time and substantially affected its ability to bring on board new customers and upsell mobile, broadband and TV services, it said. Full functionality was finally restored to its mobile services sales operation last month.
IT director Gerry Pennell leaves Manchester UniversityGerry Pennell, the University of Manchester’s director of IT, intends to leave the position at the end of March. Pennell joined the university in July 2013. He led its IT transformation programme, dubbed Manchester 2020, with the aim of making Manchester one of the leading universities in the world by 2020.
Accenture revs up Six Nations analytics Accenture’s data analytics programme for the RBS Six Nations Rugby Championship is stepping up a level for this year’s tour-nament, which kicked off on 6 February. Rugby experts Nick Mallett, Ben Kay and David Flatman are joining the data analysts, and virtual reality technology will also play a part. Nick Mallett, former head coach of the Italy and South Africa national rugby union teams, is rejoining the analysis team. He will be partnered by former England players Ben Kay and David Flatman.
❯Catch up with the latest IT news online
NEWS IN BRIEF
PHIL
MIN
GO
/PIN
NA
CLE
computerweekly.com 9-15 February 2016 3
Home
News
DDoS is most common method of cyber attack on financial institutions
The launch of Windows 10 could herald the comeback of the PC
Gatwick aims to make technology really take off for customers
Editor’s comment
Buyer’s guide to containers and microservices
How software boosts safety in aerospace, healthcare, oil and gas
Six CIO tips for business innovation with data
Downtime
NEWS IN BRIEF
Ofcom: Three acquisition of O2 would damage competitionOfcom has outlined concerns about the proposed acquisition of mobile network operator O2 by rival Three. Just days after EE was swallowed up by BT in a £12.5bn deal, the telecoms regulator’s CEO said British consum-ers had enjoyed innovative services and falling prices through healthy competition, and allowing the small-est UK network, Three, to control 40% of the market would risk that.
TfL shifts corporate archive to AWS public cloudTransport for London (TfL) has begun moving its first 3TB of corporate archive data to Amazon Web Services (AWS) with the help of Preservica.
Most UK firms lack cyber resilience, finds studyMost UK firms lack cyber resil-ience, according to a Ponemon Institute survey of 450 security and IT professionals at medium to large companies across several verticals.
Google parent Alphabet ousts Apple as top global companyGoogle parent Alphabet replaced Apple as the highest valued company in the world after its share price rose by 9% to around $750 in after-hours trading in response to strong fourth quarter results. In the first quarterly results since officially switching to the Alphabet structure on 2 October 2015, the company reported profits of $4.9bn on revenues of $21.3bn.
HSBC online services hit by DDoS UK bank HSBC said it fought off a distributed denial of service (DDoS) attack that targeted its personal banking websites, claiming it did not affect customer transactions.
Further staff cuts at Yahoo as it reports $4.43bn lossYahoo announced plans to reduce the company’s workforce by 15% and close five offices by the end of 2016 in continuing efforts to cut costs after reporting a $4.43bn quarterly loss. n
PAC criticises Universal Credit programme for lack of transparencyThe lack of clear milestones for the roll-out of the Universal Credit digital service creates uncertainty, according to a Public Accounts Committee (PAC) report. The national roll-out of the service will begin in May 2016 for completion in March 2021 – six months later than previously planned.
❯ Gartner predicts 5% increase in worldwide BI sales.
❯ Google Chrome to flag deceptive embedded content.
❯ Service provider turns RAM into VDI storage.
❯ Insurance giant RSA outsources to Wipro.
❯Catch up with the latest IT news online
EDST
OC
K/I
STO
CK
computerweekly.com 9-15 February 2016 4
Home
News
DDoS is most common method of cyber attack on financial institutions
The launch of Windows 10 could herald the comeback of the PC
Gatwick aims to make technology really take off for customers
Editor’s comment
Buyer’s guide to containers and microservices
How software boosts safety in aerospace, healthcare, oil and gas
Six CIO tips for business innovation with data
Downtime
DDoS is the most common method of cyber attack on financial institutionsThe recent cyber attack on HSBC is typical for the financial sector, but no business, of any size, should consider itself unlikely to be targeted in this way, warn security experts. Warwick Ashford reports
Last month’s distributed denial of service (DDoS) attack on HSBC’s online banking services is not unusual or surprising, according to information security experts.
With financial institutions underpinning entire economies, they are a choice vertical target for an impactful DDoS attack, said Richard Brown, European director for channels and alliances at Arbor Networks.
“Add to this the fact that 29 January was payday for many people – meaning more people trying to access the website and therefore a bigger audience – HSBC was an ideal target,” he said.
Verizon’s 2015 Data Breach Investigations Report (DBIR) showed that DDoS attacks are the most common form of attack against financial services businesses, accounting for 32% of all attacks analysed in the report.
And Arbor Networks’ recent Worldwide Infrastructure Security Report found that 57% of financial institutions have experienced a DDoS attack – the highest proportion in any sector.
Mainly about disruptionLaurance Dine, managing principal, investigative response, at Verizon Enterprise Solutions, said that unlike other types of cyber attack that expose sensitive data, DDoS attacks are mainly about disruption. DDoS attacks typically flood online sys-tems, such as internet banking sites or online trading platforms,
CYBER CRIME
“As 29 JAnuAry wAs pAydAy for mAny people – meAning more people
trying to Access the website And therefore A bigger Audience – hsbc wAs An ideAl tArget”
RichaRd BRown, aRBoR netwoRks
computerweekly.com 9-15 February 2016 5
Home
News
DDoS is most common method of cyber attack on financial institutions
The launch of Windows 10 could herald the comeback of the PC
Gatwick aims to make technology really take off for customers
Editor’s comment
Buyer’s guide to containers and microservices
How software boosts safety in aerospace, healthcare, oil and gas
Six CIO tips for business innovation with data
Downtime
with vast amounts of data in an attempt to overload them and take services offline.
HSBC said it had successfully fought off a DDoS attack to avoid disruption to customer transactions, but services were unavail-able to many customers for most of the day on 29 January.
Because the financial services sector is a regular target for DDoS attacks, most organisations in the industry are fairly well prepared, but such attacks are not confined to this sector, so all organisations need to take the threat seriously.
The Arbor Networks report also showed that average-intensity DDoS attacks are now powerful enough to knock most
businesses offline. The report noted that DDoS attacks are being used mostly by cyber criminals to demonstrate their attack capa-bilities, mainly for extortion purposes.
Other cyber criminal groups sell DDoS services that are aimed at enabling business organisations to disrupt the online services of their competitors.
A growing number of businesses are also seeing DDoS attacks being used as a distraction or smokescreen for installing malware and stealing data.
Taken together, these trends mean that virtually no organisation can say it is unlikely to be hit by a DDoS attack because DDoS
CYBER CRIME
TASH
ATU
VAN
GO
/FO
TOLI
A
Cyber criminals are using DDoS attacks to demonstrate their
attack capabilities, mainly for extortion purposes
computerweekly.com 9-15 February 2016 6
Home
News
DDoS is most common method of cyber attack on financial institutions
The launch of Windows 10 could herald the comeback of the PC
Gatwick aims to make technology really take off for customers
Editor’s comment
Buyer’s guide to containers and microservices
How software boosts safety in aerospace, healthcare, oil and gas
Six CIO tips for business innovation with data
Downtime
services make attacks easier to carry out by a range of actors for a variety of motives.
“Distributed denial of service attacks are a huge problem for organisations in all industries and of all sizes,” said Craig Young, security researcher at Tripwire.
Many organisations do not include DDoS mitigation as part of their security strategy because they do not see DDoS attacks as a real security threat, but failure to have systems and procedures in place to mitigate such attacks could expose any organisation to significant financial losses, particularly those that depend on interacting with customers online.
E-commerce sitesDDoS is a serious matter affecting e-commerce sites and corpo-rate and online assets, according to security company Imperva Incapsula. Even though DDoS attacks are often associated with
large organisations, research shows that 51% of all companies – no matter the size – have experienced an attack and 70% of DDoS attack victims are targeted more than once, the firm’s vice-president of marketing, Tim Matthews, wrote in a blog post.
“DDoS attacks can last several days, so it is vital to have a plan in place to deal with such a threat,” said Verizon’s Dine. This includes having a well-tested response plan that details what to do if initial DDoS defences fail, he said.
“It’s best not to wait for an incident to occur to discover that there are gaps or failures in the response plan,” he added. “It should be tested in advance to make sure it works. Tests should be undertaken regularly as infrastructure and processes change and as new DDoS techniques emerge.”
Dine also advised putting critical systems on their own separate networks, so that less critical systems cannot be used as gate-ways to more important ones.
The potential economic and reputational damage that DDoS attacks can inflict should be enough motivation for businesses to ensure they have the necessary mitigation systems and processes in place, but DDoS attacks are also becoming a security issue.
Malware installedMost DDoS mitigation service providers report a rapid rise in the use of DDoS attacks to distract organisations while malware is installed on internal networks and data is exfiltrated.
Either way, commentators say all organisations should now include DDoS attacks as a potential risk to data security as well as their ability to conduct business online. n
“distributed deniAl of service AttAcks Are A huge problem
for orgAnisAtions in All industries And of All sizes”
cRaig Young, tRipwiRe
CYBER CRIME
❯Average DDoS attacks are fatal to most businesses, report reveals
computerweekly.com 9-15 February 2016 7
Home
News
DDoS is most common method of cyber attack on financial institutions
The launch of Windows 10 could herald the comeback of the PC
Gatwick aims to make technology really take off for customers
Editor’s comment
Buyer’s guide to containers and microservices
How software boosts safety in aerospace, healthcare, oil and gas
Six CIO tips for business innovation with data
Downtime
PCs set to redefine the workspaceThe launch of Windows 10 could herald the comeback of the PC after years in decline, writes Cliff Saran
Next-generation PCs are not only faster than previous models – they can do a lot more. During the Consumer Electronics Show (CES) in Las Vegas last month, HP Inc
unveiled its latest EliteBook Folio, which the company said brings premium consumer design into a commercial-grade device.
HP Inc said its EliteBook Folio is its thinnest business-class notebook to date, at only 12.4mm and weighing under 1kg. The device’s screen is attached via a 180-degree piano hinge, allow-ing the folio to open completely flat. Other features include a Windows 10 gesture-enabled clickpad, and two USB-C ports with Thunderbolt 3 for fast data transfers and 4K displays. Users can ditch the dongles with the optional HP USB-C Travel Dock.
The optional Ultra HD (UHD) 4K display, provides what HP Inc said is a paper-like display with pixel density of 352 pixels per inch. The UHD panel enables 95% of the Adobe RGB gamut to make images more vivid and lifelike, according to HP Inc.
The device includes Windows 10 Pro and is built with a 6th gen-eration Intel Core M vPro processor. HP Inc claimed battery life of up to 10 hours is attainable. The supplier said the design and materials of the device also allow HP engineers to maximise space for an HP long-life battery, built to last more than three years.
Rival Lenovo expanded its X1 range. The X1 Tablet uses an Intel Core m7 Processor, providing up to 10 hours’ battery life. Lenovo offers a set of modules to extend functionality. The Productivity Module increases battery life by 15 hours, according to Lenovo, the Presenter Module includes a pico projector and HDMI port, while the 3D Imaging Module provides a rear-facing Intel RealSense camera.
The X1 Yoga is a convertible device, which features a Samsung OLED display option and a rechargeable active pen.
At the top end is the latest version of Lenovo’s X1 Carbon laptop. This can be configured with up to 1TB high-density, low-power Samsung M.2 NVMe SSD storage, which Lenovo claims offers speeds up to five times that of standard SATA SSD. Enterprise class connectivity is available via the Qualcomm Snapdragon X7 LTE modem with 4G LTE Advanced Carrier Aggregation sup-port for up to 300Mbps download speeds. Wireless docking is also available via WiGig and, as in previous generations, there is a touch fingerprint reader and Trusted Platform Module (TPM) security chip.
Dell also introduced a set of Latitude laptops: a 13in Ultrabook, and 12.5in and 10.8in hybrid devices.
ANALYSIS
computerweekly.com 9-15 February 2016 8
Home
News
DDoS is most common method of cyber attack on financial institutions
The launch of Windows 10 could herald the comeback of the PC
Gatwick aims to make technology really take off for customers
Editor’s comment
Buyer’s guide to containers and microservices
How software boosts safety in aerospace, healthcare, oil and gas
Six CIO tips for business innovation with data
Downtime
Among the laptop trends of 2016 will be the roll-out of the industry-standard USB Type-C connector, allowing a single cable for docking, power, video, audio and data. USB Type-C also sup-ports Thunderbolt 3, which offers 8x faster data transfer than USB 3.0 and enables users to run two 4K displays simultaneously.
As well as refreshing its laptop range, Dell introduced two wireless monitors: the UltraSharp 24 Wireless monitor and Dell 23 Wireless monitor. According to the company, these allow users to wirelessly display and manage content from a Windows-powered laptop and Android smartphone con-currently via Miracast. The Dell 23 Wireless monitor has built-in speakers and a wireless charging stand for compatible mobile devices.
At CES, Acer unveiled a range of Windows 10 machines. Like other manufacturers, Acer’s top-end laptops – the 15in and 17in Aspire V Nitro Black Edition notebooks – offer Intel RealSense Camera. According to Intel, this camera offers a better sensing range of up to 1.5m from the device and more precise gesture tracking, control and object recognition.
PC manufacturers have been working hard to make the next generation of Windows 10 tablets a viable option on the tablet market dominated by Android devices at the low end, and pre-mium Apple and Samsung products.
Industry experts anticipate that enterprises will start deploying the Windows 10 operating system (OS) by the middle of 2016 – much faster than previous Windows releases.
Loren Loverde, IDC vice-president, Worldwide PC Tracker, said: “PC replacements should pick up again in 2016, particularly later
ANALYSIS
Industry experts anticipate that enterprises will start deploying Windows 10 by
the middle of 2016.
computerweekly.com 9-15 February 2016 9
Home
News
DDoS is most common method of cyber attack on financial institutions
The launch of Windows 10 could herald the comeback of the PC
Gatwick aims to make technology really take off for customers
Editor’s comment
Buyer’s guide to containers and microservices
How software boosts safety in aerospace, healthcare, oil and gas
Six CIO tips for business innovation with data
Downtime
in the year. Commercial adoption of Windows 10 is expected to accelerate, and consumer buying should also sta-bilise by the second half of the year. Most PC users have delayed an upgrade, but can only maintain this for so long before facing security and performance issues. We believe most of these users will purchase another PC, motivated by new products and attractive pricing.”
A different desktopThe CES launches show that, while Windows 10 was a free upgrade to consumers, PC makers are using the OS as a platform for a range of innovative devices. What is different to previous OS launches is that the Windows 10 and hardware are not simply about doing the same tasks faster.
The RealSense Camera offers a dif-ferent user experience, through gestures and facial recognition, to complement the Microsoft Hello biometric authentication feature in Windows 10.
While Windows 8 was optimised for a touch-user interface, touchscreens never took off on the desktop. With
Windows 10, RealSense delivers a touch-like user interface (UI) without a touchscreen.
It works as a 3D scanner, to support the 3D printing market. It could also
help PC makers capture a piece of the retail industry, where
tablet devices have powered augmented reality projects.
USB C and Thunderbolt are not just faster connec-tors. They could change the way offices are organ-ised. A single cable for monitors, keyboards and mouse simplifies desk clut-
ter. Moreover, with Dell’s wireless monitors there are
even fewer wires needed.New ways of working with
PCs are not about a shiny new device. Some, like RealSense, need
new software, such as for augmented reality, collaborative technology or 3D
scanning. Others benefit from new office infra-structure, where wireless connectivity and a single
connector can simplify the layout of desk space. n
ANALYSIS
❯Before rolling out an OS update, it may be time to revise your IT estate
Dell unveiled its Ultrabook range at last month’s Consumer Electronics Show
in Las Vegas
computerweekly.com 9-15 February 2016 10
Home
News
DDoS is most common method of cyber attack on financial institutions
The launch of Windows 10 could herald the comeback of the PC
Gatwick aims to make technology really take off for customers
Editor’s comment
Buyer’s guide to containers and microservices
How software boosts safety in aerospace, healthcare, oil and gas
Six CIO tips for business innovation with data
Downtime
Ground control: Gatwick aims to make technology really take off for customersAbhilash Chacko, Gatwick Airport’s head of IT commercial, wants to abandon old ways of thinking and collaborate with airlines to use technology to improve the passenger experience. Lis Evenstad reports
At Gatwick Airport, technology is at the forefront of offer-ing a better experience to passengers, airlines and every-one else at the airport.
Abhilash Chacko, head of IT commercial at Gatwick, tells Computer Weekly that with a tech-savvy executive team, any good idea will be taken forward fairly quickly.
Chacko’s role is to innovate for the airport’s customers, includ-ing airlines, airport retailers, restaurants and hotels, all of which are vying for passengers’ attention.
Historically, there has always been a debate around “who owns the relationship with the passenger”, he says.
Going somewhere“A passenger is not coming to the airport to have an airport tour – they are coming because they bought a ticket and they are going somewhere. They just happen to use an airport to get to that place,” says Chacko. “Airports have difficulty in acknowl-edging that, and sometimes they compete for the attention of
INTERVIEW
Abhilash Chacko: “My view is that we should make our technology available to any passenger who is travelling
through the airport”
computerweekly.com 9-15 February 2016 11
Home
News
DDoS is most common method of cyber attack on financial institutions
The launch of Windows 10 could herald the comeback of the PC
Gatwick aims to make technology really take off for customers
Editor’s comment
Buyer’s guide to containers and microservices
How software boosts safety in aerospace, healthcare, oil and gas
Six CIO tips for business innovation with data
Downtime
the customer and this can cause a bit of a conflict between the airport and the airline.”
Gatwick is taking steps to avoid that, however. The airport has begun feeding airport information to airlines’ smartphone apps in a bid to give passengers easier and more personalised journeys through the airport.
This is beneficial for all parties involved, says Chacko. “You avoid competition or conflict with the airlines, and the other thing is you
have easy access to a large segment of passengers because they typically use the airline app,” he says. “So you automatically get access to the airline passengers and can customise or personalise your offer to each specific passenger.”
The end game, says Chacko, is to make sure that passengers have a pleasant experience – and it doesn’t matter how they get their information. “There are tendencies in some airports to make the information and services available from the airport exclusive
INTERVIEW
Gatwick has begun feeding airport information to
airlines’ smartphone apps
computerweekly.com 9-15 February 2016 12
Home
News
DDoS is most common method of cyber attack on financial institutions
The launch of Windows 10 could herald the comeback of the PC
Gatwick aims to make technology really take off for customers
Editor’s comment
Buyer’s guide to containers and microservices
How software boosts safety in aerospace, healthcare, oil and gas
Six CIO tips for business innovation with data
Downtime
to the airport channel,” says Chacko. “By definition, that means you are excluding a large number of people from getting all of the services available. My view is that we should make our technol-ogy and other types of service available to any passenger who is travelling through the airport.”
If the passenger wants to look at the big screens in the depar-ture hall, they are welcome to, he says, but if they choose to use a smartphone app, whether it’s an airline or an airport app, the information should be the same.
“Instead of the passenger staring at the fixed flight informa-tion display screen to see what the gate number is to board their flight, they can actually enjoy a drink in the pub and will be noti-fied at the appropriate time that they should make their way to the gate,” says Chacko.
Airport informationSo far, easyJet is the only airline app to go live with airport infor-mation, informing passengers about gate numbers and baggage belts, for example. Gatwick is currently in talks with a number of other airlines to make such information available through their apps, too.
Gatwick has already invested in an integration platform, based on Microsoft Azure, to make airport operations more efficient, and using the same platform to share airport information is sim-ply a matter of “leveraging the investment we already have and extending it for the passenger experience”, says Chacko.
He says it would never have been viable to make that invest-ment simply to make baggage belt and gate information available
on its own, but using what is already there means the extra invest-ment needed to make it available for passengers is very small.
EasyJet pays a small monthly fee to get real-time data, and the reasoning for this charging is not just about recovering the incremental cost, says Chacko, but also to validate the benefit for Gatwick’s customers.
“We operate on a commercial model, which means we invest and innovate for our customers,” he says. “However, we don’t just give it for free, because the danger then is that we might invest in the wrong place.
“We come up with a service fee which is reflective of the cost we are incurring, and if the customer is not willing to pay that ser-vice fee, we don’t pursue or progress with that idea. The valida-tion of an idea or innovative solution is when our partners want it.”
Every two months or so, Gatwick runs an IT customer forum, to which it invites all ground handlers and businesses associated with the airport to “explore avenues of collaboration”.
“We want to avoid spending or investing in technology for the sake of technology,” says Chacko. “The validation of ideas
“we operAte on A commerciAl model, which meAns we invest
And innovAte for our customers”aBhilash chacko, gatwick aiRpoRt
INTERVIEW
computerweekly.com 9-15 February 2016 13
Home
News
DDoS is most common method of cyber attack on financial institutions
The launch of Windows 10 could herald the comeback of the PC
Gatwick aims to make technology really take off for customers
Editor’s comment
Buyer’s guide to containers and microservices
How software boosts safety in aerospace, healthcare, oil and gas
Six CIO tips for business innovation with data
Downtime
❯Gatwick Airport’s Community App keeps everyone better informed
through a customer forum is working out brilliantly, because we take the idea through a multi-stage process, which includes vot-ing by the customers. If it doesn’t get enough votes, we won’t take it forward.”
The next project Chacko is working on is making check-in times available on the airlines’ mobile apps. This will allow pas-sengers to see immediately how long they will have to wait to check in for their flight.
Chacko says passengers can often get overwhelmed or worried that they are going to miss their flight if they see a lot of people queuing in the check-in area. In reality, the flow rate is quite high, often with 15 or 20 check-in desks open, and it goes much more quickly than it may look at first glance.
“Through the system, we can reassure them,” he says.
Queue measurementGatwick’s queue measurement system uses sensors with cam-eras mounted in the ceiling. The sensors measure the height and shape of the objects below and can detect people with almost 100% accuracy, says Chacko.
The system has been installed for the easyJet and Norwegian Airlines check-in zones so far, and is being extended to share the information through the airlines’ apps. “We have already trialled it with easyJet and it works, but we need to do more work on the external publishing of the information,” he says.
“The check-in queue measurement system brings tremendous amounts of transparency between the airlines and the ground handlers,” he says, adding that the airlines have contracts with
the ground handlers based on performance and key perfor-mance indicators.
“Traditionally, one difficulty between airlines and ground han-dlers is that they don’t have a transparent measurement relating to queue performance. This solution has solved that problem.”
In the future, says Chacko, similar technology could be used to drive the performance and behaviours of the airlines and ground handlers, based on incentives associated with queue performance. n
Mobile apps will inform passengers when they need to make their way to the departure gate
INTERVIEW
computerweekly.com 9-15 February 2016 14
Home
News
DDoS is most common method of cyber attack on financial institutions
The launch of Windows 10 could herald the comeback of the PC
Gatwick aims to make technology really take off for customers
Editor’s comment
Buyer’s guide to containers and microservices
How software boosts safety in aerospace, healthcare, oil and gas
Six CIO tips for business innovation with data
Downtime
Computer Weekly, 2nd Floor, 3-4a Little Portland Street, London W1W 7JB
General enquiries 020 7186 1400
Editor in chief: Bryan Glick 020 7186 1424 | [email protected]
Managing editor (technology): Cliff Saran 020 7186 1421 | [email protected]
Head of premium content: Bill Goodwin 020 7186 1418 | [email protected]
Services editor: Karl Flinders 020 7186 1423 | [email protected]
Security editor: Warwick Ashford 020 7186 1419 | [email protected]
Networking editor: Alex Scroxton 020 7186 1413 | [email protected]
Management editor: Lis Evenstad 020 7186 1425 | [email protected]
Datacentre editor: Caroline Donnelly 020 7186 1411 | [email protected]
Storage editor: Antony Adshead 07779 038528 | [email protected]
Business applications editor: Brian McKenna 020 7186 1414 | [email protected]
Business editor: Clare McDonald 020 7186 1426 | [email protected]
Production editor: Claire Cormack 020 7186 1417 | [email protected]
Senior sub-editor: Jason Foster 020 7186 1420 | [email protected]
Sub-editor: Jaime Lee Daniels 020 7186 1417 | [email protected]
Sales director: Brent Boswell 07584 311889 | [email protected]
Group events manager: Tom Walker 0207 186 1430 | [email protected]
Data protection a long way from perfect
Many US and European businesses no doubt breathed a sigh of relief when the European Commission announced it had agreed a basis for replacing the defunct Safe Harbour data protection agreement with the US government.
Now we have a Privacy Shield in place to ensure that European citizens’ personal data is subject to comparable data protec-tion principles when transferred into a US-located database. At least, that’s the theory.
However, as privacy campaigners point out, there seems little more to the new arrangement than a letter from America promising that EU residents’ data will not be subject to mass surveillance. “Honest it won’t,” said a draft of the letter. “We really promise, pinky swear, that we won’t use it for mass surveillance. Because hey, we don’t do mass surveillance anyway! (Hey Chuck, do you think they’ll notice we had our fingers crossed?)”
OK, maybe that’s not what the letter said. But given the US government’s attitude to data privacy, a nicely worded note might not prove to be the basis for a lasting and secure agreement.
The underlying problem has not been addressed – that current approaches to data protection remain a 20th century attempt to solve a very 21st century problem; analogue solutions in a digital world. Data protection laws are entirely predicated on the assumption that corporations and governments hold all our personal data. It’s based on the concept that all the data that matters is held in big databases, somewhere apart from the person whose data has been collected.
Data protection remains a database-centric approach to regulation, when the “digital way” is data-centric – a very important distinction. Data-centric means that laws and IT systems start from the data itself, not from a centralised place in which that data is aggregated with everyone else’s. This data-centric approach puts control in the hands of the individual and negates the need for international data protection agreements because if you’re happy for your data to be accessed or stored by a US company, that’s your decision.
The Safe Harbour/Privacy Shield row only serves to show that legislators are a very long way from understanding the potential to put control of our data back into our own hands. A truly digital solution would be to legislate for the introduction of technology, such as personal data stores, to make that happen. The choice should be yours. n
Bryan Glick, editor in chief
❯Read the latest Computer Weekly blogs
EDITOR’S COMMENTHOME
computerweekly.com 9-15 February 2016 15
Containers encapsulate discrete components of applica-tion logic provisioned only with the minimal resources needed to do their job. Unlike virtual machines (VM), containers have no need for embedded operating sys-
tems (OS); calls are made for OS resources via an application pro-gramming interface (API).
Containerisation is, in effect, OS-level virtualisation (as opposed to VMs, which run on hypervisors, each with a full embedded OS). Containers are easily packaged, lightweight and designed to run anywhere. Multiple containers can be deployed in a single VM.
A microservice is an application with a single function, such as routing network traffic, making an online payment or analys-ing a medical result. The concept is not new; it has evolved from web services, and stringing microservices together into functional applications is an evolution of the service-oriented architecture (SOA), which was all the rage a few years ago.
Not the same thingContainers and microservices are not the same thing. A micro-service may run in a container, but it could also run as a fully
What are containers and microservices?
Bob Tarzey explains how independently deployable modules can be used to build agile applications, and looks at some of the main players
BUYER’S GUIDE TO CONTAINERS AND MICROSERVICES | PART 2 OF 3
REFR
ESH
(PIX
)/FO
TOLI
A
HOME
computerweekly.com 9-15 February 2016 16
Home
News
DDoS is most common method of cyber attack on financial institutions
The launch of Windows 10 could herald the comeback of the PC
Gatwick aims to make technology really take off for customers
Editor’s comment
Buyer’s guide to containers and microservices
How software boosts safety in aerospace, healthcare, oil and gas
Six CIO tips for business innovation with data
Downtime
provisioned VM. A container need not be used for a microser-vice. However, containers are a good way to develop and deploy microservices, and the tools and platforms for running contain-ers are a good way to manage microservice-based applications. In many cases, the terms can be interchanged.
Containers have been integral to Unix and Linux for years. A recent change has been the ease with which they can be used by all developers, and an entire supporting ecosystem has grown up around them. Containerisation is not something happening on the fringes of IT, it is core to the way many web-scale services oper-ate and is increasingly being adopted by more conservative organisations. The suppliers mentioned in this article cite customers ranging from the NHS to large banks.
There are many suppliers involved, but no one disputes that Docker has led the charge and sits at the heart of the market. Docker says millions of devel-opers and tens of thousands of organi-sations are now using its technology. However, another statistic indicates the novelty of containerisation for many, with only 40% of Docker’s customers running containers in production.
Docker’s dominance does not mean it holds a monopoly; far from it. Across the whole container ecosystem, there is plenty of choice. There are many startups and the great and good of the
IT industry are all on board, as a glance at the sponsors of the February 2016 Container World event shows. The top sponsor is IBM, which is one of Docker’s three main global go-to market partners, along with Microsoft and Amazon Web Services (AWS).
Open source componentisationMultiple containers are deployed in clusters and managed using a range of tools. Many of these containers will be pre-built compo-nents that can be layered together to build up application images. A prime benefit is that it is easy to “overwrite” an individual con-
tainer while the application is still running – less scheduled downtime means better business continuity.
This has led to the rise of the DevOps concept, which allows faster deploy-ment of new software capabilities directly into an operating environment.
Much of the core containerisation technology is open source, and sup-pliers that have previously eschewed it, such as VMware, are being drawn in. At its heart is the Open Container Initiative (OCI) launched in 2015. This operates under the auspices of the Linux Foundation to create open
industry standards around container formats and their runtime environment. Docker has donated its own format and runtime to the OCI to serve as the cornerstone.
BUYER’S GUIDE
contAinerisAtion is not something hAppening on the
fringes of it, it is core to the wAy mAny web-scAle services
operAte And is increAsingly being Adopted by more
conservAtive orgAnisAtions
computerweekly.com 9-15 February 2016 17
Home
News
DDoS is most common method of cyber attack on financial institutions
The launch of Windows 10 could herald the comeback of the PC
Gatwick aims to make technology really take off for customers
Editor’s comment
Buyer’s guide to containers and microservices
How software boosts safety in aerospace, healthcare, oil and gas
Six CIO tips for business innovation with data
Downtime
Many containerised components are downloadable from open collaboration projects such as GitHub and Docker Hub. As with all open source technologies, the suppliers that operate in the market must earn their money by providing stable versions with associated support services.
The containerisation stackThere are four technology layers that need consideration:
1. Container operating systemsEven though containers do not have an embedded OS, one is still needed. Any standard OS will do, including Linux or Windows. However, the actual OS resources required are usually limited, so the OS can be too.
This has led to the development of specialist container oper-ating systems such as Rancher OS, CoreOS, VMware Photon, Ubuntu Snappy, the Red Hat-backed Project Atomic and
BUYER’S GUIDE
CYNOCLUB/FOTOLIA
There is a danger of containerisation ending up like
herding cats, which is a problem for application portability
computerweekly.com 9-15 February 2016 18
Home
News
DDoS is most common method of cyber attack on financial institutions
The launch of Windows 10 could herald the comeback of the PC
Gatwick aims to make technology really take off for customers
Editor’s comment
Buyer’s guide to containers and microservices
How software boosts safety in aerospace, healthcare, oil and gas
Six CIO tips for business innovation with data
Downtime
Microsoft Nano Server. The benefit here is that the VMs provi-sioned to run containers are lightweight (some run in about 25MB) and when it comes to security, the attack surface is minimised. Cloud platform providers are embedding their own support.
2. The container engineThis is where Docker dominates, but there are competitors, such as CoreOS Rocket (Rkt). AWS says Docker is by far the most pop-ular engine with its customers, and therefore the focus of its sup-port plans. Engines come with supporting tools, for example the Docker Toolbox, which simplifies the setup of Docker for developers, and the Docker Trusted Registry for image management. There are also third-party tools, such as Cloud66.
3. Container orchestrationContainers need to be intelligently clustered to form functioning applications, and this requires orchestration. Orchestration is where much of the differentia-tion lies in the containerisation ecosystem and it is where the competition is hotting up most.
The engines provide basic support for defining simple multi-container applications, for example Docker Compose. However, full orchestration involves scheduling of how and when contain-ers should run, cluster management and the provision of extra resources, often across multiple hosts. Tools include Docker Swarm, the Google-backed Kubernetes and Apache Mesos.
You could use general-purpose configuration tools, such as Chef and Puppet (both open source) or commercial offerings such as HashiCorp Atlas or Electric Cloud ElectricFlow. None of these is container-specific, however.
4. Application support servicesMany additional tools are emerging to support containerised applications – some examples follow.
There is a danger of containerisation ending up like herding cats, which is a problem for application portability. An organisation
may want to move an app from one cloud platform to another. Software suppliers will need to consistently recreate their applications for user deployments. How do you ensure all the dependencies and necessary containers are copied and recreated? Rancher Labs’ core product (it also
has an OS) enables applications to be built up from containers so that the full operating environment can be recreated, including the containers themselves, load balancers, networking, and so on.
Networking is an issue, especially across platforms. In 2015, Docker released Docker Networking to enable virtual connec-tions between containers. UK-based Weaveworks also focuses on networking with WeaveNet, a micro-software-defined net-work (SDN). Metaswitch’s Project Calico is all about making con-tainer networking more secure through the dynamic construction of firewalls, taking policy from orchestrators.
BUYER’S GUIDE
the open source nAture of the contAiner mArketplAce mAkes it eAsy to Access the technology
computerweekly.com 9-15 February 2016 19
Home
News
DDoS is most common method of cyber attack on financial institutions
The launch of Windows 10 could herald the comeback of the PC
Gatwick aims to make technology really take off for customers
Editor’s comment
Buyer’s guide to containers and microservices
How software boosts safety in aerospace, healthcare, oil and gas
Six CIO tips for business innovation with data
Downtime
Docker, too, is developing new tools to support the lifecycle of containerised applications. Last year, it acquired a company called Tatum, an on-demand service for building, deploying and managing appli-cations. The Docker Universal Control Plane (UCP) provides similar on-premise capability. Both products are yet to go into production. Weaveworks also has a tool called WeaveScope for production monitoring of containerised applications.
Containerisation platformsAll the big industry players are joining the containerisation bandwagon, with a range of initiatives under way.
Google is an old hand with containers – it has been developing and deploying billions internally for years. The company has been a major contributor to various container-related open source pro-jects, included the Kubernetes orchestrator, which it donated. Google has now opened up this expertise to its customers and added the Google Container Engine to the Google Cloud Platform.
Microsoft has added container support with Windows Server Containers enabling the sharing of the OS kernel between a host and the containers it runs. Hyper-V Containers expands on this by running each container in an optimised virtual machine. For the cloud, there is the Azure Container Service (ACS), developed in conjunction with Docker, which can manage clusters of contain-ers with “master machines” for orchestration. ACS also supports other orchestration tools, such as Kubernetes.
AWS customers were quick off the mark to deploy contain-ers on its EC2 platform, so AWS has followed up by providing
a cluster management and scheduling engine for Docker called the EC2 Container Service (ECS). This is supported by the EC2 Container Registry (ECR) to support the storing, management and deploy-ment of container images. ECS is widely available,
whereas ECR is currently available only in the eastern US.VMware has not taken the move to containers lying down. Later
this year, it will release vSphere Integrated Containers, using VMware’s Photon OS to turn VMs into Docker-like containers based on OCI. This will allow users to take advantage of existing vSphere support tools. In a first for VMware, it has open-sourced both the PhotonOS and the associated Photon Controller.
Other examples include IBM Containers for Bluemix, Rackspace Carina (based on OpenStack Magnum, embedded support for containers and orchestration). Another open source initiative is Deis, a platform-as-a-service (PaaS) based on CoreOS.
Big decisionsFor developers, the open source nature of the container mar-ketplace makes it easy to access the technology and support-ing tools and crack on with building agile applications through a DevOps-style process.
This offers many benefits to businesses, but they must consider the supporting platforms and technologies that are endorsed to ensure longer-term stability and support. Making such decisions will not be easy as the containerisation market changes. n
Bob Tarzey is analyst and director at Quocirca.
❯Why use Docker’s container software when VMs do the job?
Is one better than the other?
BUYER’S GUIDE
computerweekly.com 9-15 February 2016 20
Software is used to maintain safety in many high-risk fields, including aerospace, railways, automotive, nuclear power and healthcare.
“If you look at many sectors, at least 85% of the func-tions seen by users, whether a car driver or an aircraft pilot, are, to some extent, enabled by software,” says John McDermid, profes-sor of software engineering at the University of York.
This is particularly true for aerospace, where the use of software in safety has been growing slowly over a long period. Some 10-15 years ago, aircraft depended much more heavily on software than other engineered domains, but other areas have been catching up rapidly, says McDermid.
Particularly in automotive, medical and consumer technologies, “it has been increasing at an incredible rate”, he adds.
This has left different industries regulating safety-critical soft-ware in different ways, says McDermid, with aerospace and nuclear power using a regulator to assess software and decide whether it complies with standards. “In some other sectors, for example automotive, in effect there is self-regulation,” he adds.
McDermid says there is a tension over whether or not safety-critical software should be formally approved. Regulatory checks are expensive and often quite slow, but aerospace software has an excellent record. “It’s a question of what balance of risk you take,” he says.
The US Federal Aviation Authority is currently looking at the cost of assuring aviation software, to see if this can be reduced,
How software boosts safety in aerospace,
healthcare, oil and gasSafety-focused industries have developed safety-critical software and
services from which other sectors can learn. SA Mathieson reports
SAFETY-CRITICAL SOFTWARE
MEILUN/ISTOCKHOME
computerweekly.com 9-15 February 2016 21
Home
News
DDoS is most common method of cyber attack on financial institutions
The launch of Windows 10 could herald the comeback of the PC
Gatwick aims to make technology really take off for customers
Editor’s comment
Buyer’s guide to containers and microservices
How software boosts safety in aerospace, healthcare, oil and gas
Six CIO tips for business innovation with data
Downtime
says McDermid. “As we develop more autonomy in road vehicles, I think we’ll find that the standards in automotive get more stringent,” he adds.
Medical devices have rapidly made more use of software, says McDermid, and although the US Federal Drug Authority has some regulatory power, more rigour may be required, with numer-ous examples of failures.
“I think that would be the one obvious area where more care and attention is needed,” he says. “We’re going from individual devices, such as the pacemaker, to connecting lots of devices in hospitals and also trying to support people in their homes more. We need to do much more to understand the interactions of these systems.”
One way in which healthcare providers are using software for safety is by analysing the data staff already collect. Some hospi-tals run an algorithm on basic patient observations to allocate risk levels, with people in more danger being checked more often by more senior staff as a result.
Digitising the National Early Warning ScoreMany NHS hospitals use the Royal College of Physicians’ National Early Warning Score for this, calculated from measures such as temperature, blood pressure and level of consciousness.
The calculation can be worked out by hand, but this is time-con-suming and prone to error. In research published in the Elsevier journal Resuscitation, Portsmouth Hospitals NHS Trust and the universities of Portsmouth and Bournemouth found that moving
the calculation from paper to electronic entry via iPods cut the average time from 67 to 43 sec-onds, while the resulting incorrect clinical actions dropped from 14% to 5%.
The score, which includes recommended action, also makes it easier for nurses to provide a measure of severity to colleagues, rather than simply saying they are worried about a patient. “By having a score
they can refer to, it makes that communication much quicker and slicker – there’s a common language,” says Paul Schmidt, a Portsmouth Hospitals consultant in acute medicine.
Portsmouth Hospitals began developing the VitalPAC software it uses for this in 2005, and deployed it across the hospital in 2009. It was originally intended to capture nurses’ observations for research on patient deterioration, but the trust realised it could use the data to help slow or prevent such deterioration.
Electronic records reduce norovirus outbreaksOne example has been to greatly reduce outbreaks of the noro-virus winter vomiting bug. Portsmouth Hospitals cut the num-ber of cases by 91% between 2009-10 and 2013-14, far more than the 28% drop recorded across England, according to a 2015 paper for BMJ Quality and Safety.
Through functionality developed with The Learning Clinic to record nausea and vomiting electronically, the trust was able to rapidly notify its infection prevention and control team, which could move patients into isolation, increase hygiene measures and order intensive cleaning. “Our responses are much more
SAFETY-CRITICAL SOFTWARE
❯The Chinook helicopter crash: Was it computer software
failure or a cause we will never know?
computerweekly.com 9-15 February 2016 22
Home
News
DDoS is most common method of cyber attack on financial institutions
The launch of Windows 10 could herald the comeback of the PC
Gatwick aims to make technology really take off for customers
Editor’s comment
Buyer’s guide to containers and microservices
How software boosts safety in aerospace, healthcare, oil and gas
Six CIO tips for business innovation with data
Downtime
targeted and much quicker,” says Schmidt. “The consequence is to virtually eradicate ward closures.”
The trust has also used the VitalPAC system to reduce mortality rates from cardiac arrests suffered by patients while in hospital and is using it to compare the frequency of patient observations on different wards.
Schmidt says standard electronic patient record systems in hos-pitals simply digitise what healthcare professionals used to write on paper. “That is not necessarily transformative,” he says. “If you look at how industry uses this technology, it’s for process control.
“People aren’t widgets, but they are subject to harm,” he adds, with 30% suffering some kind of damage during a hospital admis-sion. “What we’re bringing to healthcare is the kind of technology that industry and airlines use.”
Safety software in oil and gasSome of these industries are expanding their use of software for safety by extending it to staff training. In oil and gas extraction, certificates (and a passport) are used to check people boarding helicopters to rigs on the UK continental shelf, with similar sys-tems operating in other countries.
The certificates show that an individual has up-to-date train-ing on everything from escaping from a crashed helicopter underwater to medical checks. Some certificates are permanent, while others last between six months and three years. Handling these certificates is a big administrative task – but an essen-tial one. “If you arrive at the gate to be mobilised without the correct certificate, you won’t be allowed to travel,” says Kevin
SAFETY-CRITICAL SOFTWARE
GLO
BALS
TOC
K/I
STO
CKOne way healthcare providers are using software
for safety is by analysing the data staff already collect. Some hospitals run an algorithm on basic patient observations to allocate risk levels, with
people in more danger being checked more often by more senior staff as a result
computerweekly.com 9-15 February 2016 23
Home
News
DDoS is most common method of cyber attack on financial institutions
The launch of Windows 10 could herald the comeback of the PC
Gatwick aims to make technology really take off for customers
Editor’s comment
Buyer’s guide to containers and microservices
How software boosts safety in aerospace, healthcare, oil and gas
Six CIO tips for business innovation with data
Downtime
Coll, managing director of Solutions Aberdeen, an oil industry-focused software and consultancy firm.
Coll, whose firm has provided IT services to oil and gas firms for 25 years, noticed many clients had tried to build systems to manage these certificates, or man-aged them through a set of spread-sheets. This led Solutions Aberdeen to develop Onboard, a web-based software suite that records certifi-cation and levels of competency. It can also track staff and contractor contact details, their location and availability, and integrate with other software when customers want to retain existing applications.
Features particularly useful in the North Sea include nicknames, so that someone commonly known as Jock can be found by this in the sys-tem, as well as by his actual name; and the ability to hold different con-tact details for emergency and rou-tine queries. The system covers mobilisations on 59 of the 146 manned platforms in the North Sea.
Norwegian oilfield services firm Archer has 1,400 people on the system, gathering data previously held on separate systems and spreadsheets. “No longer did we need to lose time tracking down data – it was right there and we could access it when needed,”
says Archer operations manager Mark Cowieson, quoted in a University of Aberdeen Business School case study.
Getting certification wrong can have a major impact on safety. If someone is blocked from travelling to a rig, that may leave it
short of staff. And if they manage to get there without the right training – including on something specific to that rig – the consequences can be dire. Different rigs employ identical equipment, such as pipeline valves, but with different settings – one may be set to 150psi while another is at 1,500psi.
“If you go out on a rig using a piece of equipment that could blow up, you have to be trained and competent in its use for everyone’s safety there,” says Solutions Aberdeen’s Coll.
Money-saving benefitsOnboard can also be used to avoid wasting money on safety issues.
“An operator might insist that all of a group of personnel are trained on forklifting, but having reporting visibility would allow you to push back on the operators and query why it is needed when only a select few actually ever use them,” says Coll. “We could then save £250,000 a year by not training people who are never going to be allowed to operate the forklift anyway.”
SAFETY-CRITICAL SOFTWARE
in oil And gAs extrAction, certificAtes Are used to
check the credentiAls of people boArding helicopters to trAvel to rigs. hAndling
these certificAtes is A big AdministrAtive tAsk – but An
essentiAl one to ensure sAfety
computerweekly.com 9-15 February 2016 24
Home
News
DDoS is most common method of cyber attack on financial institutions
The launch of Windows 10 could herald the comeback of the PC
Gatwick aims to make technology really take off for customers
Editor’s comment
Buyer’s guide to containers and microservices
How software boosts safety in aerospace, healthcare, oil and gas
Six CIO tips for business innovation with data
Downtime
The spare skills capacity adds little to the safety of a rig, because such skills require regular practice as well as training, he adds.
Similar software could be used in other regulated industries, such as in the health service to fill gaps in rotas and show the availability of locums, says Coll. “There is no high-level nation-wide system that we are aware of that says who is available and what skills they have,” he adds. “That used to be the case in the North Sea.”
There is also potential in the nuclear industry and for providers of public-service vehicles, he points out.
Danger of over-reliance on softwareBut is there a danger of over-reliance on software to avoid dis-asters? “There are a lot of things that computers and software are better at doing than human beings. They are much better at being consistent and reliable, and so on. But human beings are very much better at dealing with unanticipated things,” says the University of York’s McDermid.
However, this leads to the paradox of automation, with evidence mounting over a number of years that with aircraft increasingly run by software, pilots are not dealing with problems as well as before. “When something goes wrong, they don’t necessarily have the seat-of-the-pants flying skills or the understanding of the aircraft that they used to,” adds McDermid.
Software can also provide part of the solution, by improving training for disasters through simulations. This may not quite be real world, but there are clear advantages to pilots and others gaining experience of unsafe events without risking any lives. n
RO
B EL
LIS/
ISTO
CK
Getting certification wrong can have a major impact on safety. If someone is blocked from
travelling to a rig, that may leave it short of staff. And if they manage to get there without the right
training the consequences can be dire
SAFETY-CRITICAL SOFTWARE
computerweekly.com 9-15 February 2016 25
First Utility CIO Bill Wilkins has a job that relies on data. The company started as a small, entrepreneurial business in 2008 and experienced rapid growth as a pioneer in smart meters. By 2014, the firm had become the seventh-
largest energy supplier in the UK, with more than a million cus-tomers and a market share of 2%.
“Because of the company’s rapid growth, every year has been different,” says Wilkins.
The firm is now scaling up for further growth through a focus on its digital platform. Wilkins, who joined First Utility full-time in 2010 after spells with Sun Microsystems and SeeBeyond, is draw-ing on his experience to push a data-led process of innovation.
Wilkins offers six best-practice tips for other CIOs from his expe-riences of running data projects, covering areas such as organisa-tional culture, external partnership and continuous innovation.
1. Create a customer-driven approach to data analytics
Wilkins says First Utility benefits from access to a huge data asset that it uses in three key ways. First, the business runs a number of information-led initiatives to boost customer engage-ment. “We are, essentially, a retailer and we want to have long-term, valuable relationships with our clients,” he says.
The second way it uses data is for optimisation. “Information helps us to understand what processes work, which processes are causing us problems and how we can use our experience around those processes to make the business better,” says Wilkins.
Six CIO tips for business innovation with data
First Utility CIO Bill Wilkins advises IT leaders on how to run data projects to deliver real business benefits. Mark Samuels reports
DATA PROJECTS
JULI
EN E
ICH
ING
ER/F
OTO
LIA
HOME
computerweekly.com 9-15 February 2016 26
Home
News
DDoS is most common method of cyber attack on financial institutions
The launch of Windows 10 could herald the comeback of the PC
Gatwick aims to make technology really take off for customers
Editor’s comment
Buyer’s guide to containers and microservices
How software boosts safety in aerospace, healthcare, oil and gas
Six CIO tips for business innovation with data
Downtime
The third way the firm uses information is strategically, says Wilkins. “Now we’ve built a platform, we want to know our tech-nology is working and where the business can use systems and services to develop and grow,” he adds. “It’s all about making the most of data to find new opportunities and to market to new sets of customers.”
Wilkins says the firm’s customer-driven approach goes further – other external stakeholders are included, too. “From a very early stage of operation, the firm – because of its strong focus on data – has had access to detailed market infor-mation,” he says. “It was not until the IT team built an application on top of that data that a wide base of users started making the most of our knowledge. The awareness within our organisation about how competitive we are in the marketplace is now much clearer because we created a visual representation of data for our employees.”
2. Get your organisational structure rightWilkins says that although his firm’s use of data is very broad, he can benefit from a tight organisational set-up. “We have the advantage of still being focused as an organisation, despite rapid growth,” he says.
Take information management, for example. Here Wilkins ben-efits from access to a single data team. “If you go into many other
billion-pound businesses, you’d have a much more established set of functions with their own silos of data,” he says.
“We’ve managed to retain a coherent organisational structure. We also have a central repository for data and that represents a huge advantage, because it means we can look at information
and synthesise it in many different ways,” he adds.
Wilkins says he has strived to achieve an integrated approach to data, both in terms of human skills and technical resources. One key factor is that he combined the role of head of enterprise architecture with that of data delivery at a very early stage of his tenure as CIO.
This single manager has design authority for data inputs, but also needs to drive insight from the information. “In a period of rapid growth and innovation, we can use this integrated approach to make sure our aims and objectives are still as aligned as they possibly can be,” he says.
3. Look to evolve, rather than continually starting afresh
From the start, says Wilkins, the investors at First Utility recog-nised that the company would use technology to create a com-petitive differentiation. The firm wanted to deliver smart, rather than standard, energy, and it spent a lot of time building an end-to-end infrastructure.
DATA PROJECTS
“we hAve A centrAl repository for dAtA And thAt represents
A huge AdvAntAge”Bill wilkins, FiRst utilitY
computerweekly.com 9-15 February 2016 27
Home
News
DDoS is most common method of cyber attack on financial institutions
The launch of Windows 10 could herald the comeback of the PC
Gatwick aims to make technology really take off for customers
Editor’s comment
Buyer’s guide to containers and microservices
How software boosts safety in aerospace, healthcare, oil and gas
Six CIO tips for business innovation with data
Downtime
“At the time, you couldn’t get a smart gas meter,” he says. “The business ended up building its own hardware to measure volume and send the data back to the office. The senior executives got involved in a lot of low-level, but clever, technology to get their smart proposition set up.”
On joining the business, Wilkins inherited this foundation work. The company had already solved the problem of taking heterogene-ous data and creating a normal-ised, standard view of information that worked in a billing system. The problem, however, was that the sys-tem did not scale.
The answer to that challenge was to modify the foundation, which Wilkins says represents key advice to other CIOs facing a similar data conundrum. “What you have to do is to take what’s already there and look at ways to evolve that approach,” he says.
4. Partner with external specialists to build customer engagement
With the platform in place, Wilkins started to look at other ways to help First Utility develop its smart approach to energy pro-vision. He realised there was a huge opportunity for using the firm’s half-hourly collected smart meter data to create a new form of engagement with customers.
“The call to action was that we realised we had this rich dataset which contained lots of interesting information. What we had to do was turn it into knowledge that could inform our customers about their energy use,” says Wilkins.
He explains how the firm initially partnered with external special-ist Opower to create its My Energy programme. “That’s another tip from me – don’t try to build it all yourself,” he says. “Innovation hap-pens in many places, so look for partners that can complement what you do. We worked with Opower, as the leading US player in energy ana-lytics, and learnt from its knowledge and experience.”
First Utility then decided to bring the My Energy initiative back in-house, because it thought the US-centric platform was not necessarily the best way to serve its UK customer base. “Partnering allowed us to get a product out there and to learn from its use in the real world very quickly,” says Wilkins.
5. Use experience to build your own data platformKnowledge from the first, externally developed iteration of My Energy proved essential as First Utility created its own version of the platform, which was launched at the end of 2014. “For other CIOs, I would say the lesson is to work with a partner, learn from
DATA PROJECTS
“we hAd this rich dAtAset which contAined lots of interesting informAtion. we hAd to turn it into knowledge thAt could
inform our customers”Bill wilkins, FiRst utilitY
computerweekly.com 9-15 February 2016 28
Home
News
DDoS is most common method of cyber attack on financial institutions
The launch of Windows 10 could herald the comeback of the PC
Gatwick aims to make technology really take off for customers
Editor’s comment
Buyer’s guide to containers and microservices
How software boosts safety in aerospace, healthcare, oil and gas
Six CIO tips for business innovation with data
Downtime
their experience, innovate for your customers and differentiate from your competitors,” says Wilkins.
To achieve this level of differentiation, Wilkins built a dedicated team of internal specialists. He initially thought First Utility would need to employ a broad range of analytical specialists, but soon found that customer experience expertise would be more useful.
“As we started building out the My Energy platform, we realised we needed people who could trans-late the data into areas that custom-ers would be keen to investigate and use,” says Wilkins. “We inevitably spent much more time and money on the look and feel of the service and less on the data side. We have learnt that the way you present information to different stakehold-ers is very important. Half-hourly updates have a very low value for consumers, but we’ve used My Energy to take that information and present it in a more informative manner for customers.”
6. Think in an entrepreneurial fashion and continue to innovate
As a smaller utility firm, First Utility must try to keep pace with its larger competitors, but often with fewer resources, says Wilkins. He points to the firm’s mobile programme, which – when compared to the big budget spend of some competitors – was launched with the help of just four engineers in under a year.
One area of pioneering development is the firm’s partnership with Cosy, a Cambridge firm specialising in the development of smart heating systems. Wilkins says First Utility’s aim is to be in a position to offer the Cosy technology to all its customers in the near future.
“Cosy is all about bringing in a new dataset concerning the heat-ing characteristics of a house,” he says. “Customers get to control
their heating from an app, and we get fine-grain information on their requirements and the efficiency of their boiler and insulation. That information is then fed back into the My Energy platform.”
Wilkins says data becomes more valuable when it is woven together and used for cross-purposes. As well as Cosy, First Utility is also set to launch an “auto read” fea-
ture as part of its mobile app for customers who do not yet have smart meters. A UK first, the app uses the phone’s cam-era to take a snapshot of the meter and helps to create more accurate readings.
“Both innovations – Cosy and Auto Read – are concerned with how we can get better-quality data into our analytics engine,” he says. “Getting an accurate view of energy consumption is a chal-lenge for utility firms. Unless you get it right, you start billing esti-mates, which isn’t great for customers and doesn’t help create certainty in terms of revenue for the business.” n
DATA PROJECTS
“getting An AccurAte view of energy consumption is A
chAllenge for utility firms”Bill wilkins, FiRst utilitY
computerweekly.com 9-15 February 2016 29
Home
News
DDoS is most common method of cyber attack on financial institutions
The launch of Windows 10 could herald the comeback of the PC
Gatwick aims to make technology really take off for customers
Editor’s comment
Buyer’s guide to containers and microservices
How software boosts safety in aerospace, healthcare, oil and gas
Six CIO tips for business innovation with data
Downtime
Google staff are not for poaching, at least not when it comes to chicken eggs. Quail eggs, on the other hand...It had all the ingredients for a smart way of letting London’s tech talent know of its existence, but one company in the recruitment game didn’t bank on Michelin star tastes
Clozer, a platform that connects sales professionals and com-panies anywhere in the world, tried to attract talent by offering free poached egg sandwiches outside Google offices in the hope it would turn their heads. Get it? Poached.
But the company got off to a bit of a scrambled start when it decided to target Google staff. The same Google that apparently
offers its employees Michelin standard food for free anyway. “Is it quail or duck?” asked one Google developer.
Clozer, which sees itself as the Uber of sales, has used the same tactics at companies such as McKinsey and Ernst & Young, explaining the flexibility and oppor-tunities afforded by working with Clozer. n
DOWNTIME
❯Read more on the Downtime blog
The eggs of the humble chicken aren’t enough to tempt Google staff away from their free canteen