Unified Communications: Coming of age?

Time to put it on the agenda?

Unified Communications (UC) is a term that has long been bandied about, but has yet to really gain the serious attention of businesses. Its slow uptake has not just been hampered by dire economic conditions, although this undoubtedly has had a negative impact on rate of adoption. Confusion around exactly what UC is has been a major barrier for companies when looking at it. The term Unified Communications was originally coined by the market in an attempt to encapsulate exactly what it was about. Unfortunately, it was an over-simplification that served to confuse more than convey, as many companies did not really grasp what UC included. In fact, UC, rather than being a broad, difficult to define solution set, is actually made up of a number of quite distinct components (such as Unified Directory, Unified Messaging and Presence Awareness, to name but three). And when businesses think in these more specific terms, then it becomes much easier to understand what UC involves.

Beyond this, however, companies often struggle with making the business case for UC – seeing it more as a ‘nice to have’ rather than a ‘need to have’. And while there are various case studies of successful UC implementations that they can call on as collateral, on the flip side, there is enough anecdotal evidence around implementations that have not proved so successful, to make them think twice about taking the plunge. So are the success stories the exception rather than rule. And can UC really deliver? According to recent research carried out by Freeform Dynamics UC can deliver very real benefits into the business. The chart below shows how what we have termed 'aggressive adopter' – companies - that have adopted UC more broadly across their business, and with a broader component set - report much better levels of communication and collaboration, which they attribute to their UC implementation.

It is important to note that this positive outcome is not solely down to broader adoption of UC. Simply implementing UC will not automatically result in a workforce that collaborates better, can carry out enhanced decision-making, and so on. UC is an enabler but only if it is implemented and worked into the business in the right way.

This is precisely what more aggressive adopters have done. They understood from the outset what they wanted it to deliver, how it would fit into their business, and, how it would be rolled out, including what support was required. There is clear recognition in this group of respondents that UC was essentially a new system that brought with it new capabilities, and this is where the real benefits lie. Companies often don't recognise and plan around this, and hence fail to realise the genuine benefits of UC.

Consider, for example, a technical call centre that handles customer queries. In a non-UC environment, the details of calls that can’t be handled straight away will be taken by a call centre operator, and followed up later with relevant technical support experts. Once a query has been resolved, the customer will be contacted by the call centre operator with (hopefully) a solution to their problem.

Coming at the same issue with a UC-enabled call centre can involve a completely different approach, with the call centre operator assessing the problem immediately, and then reaching out to a number of experts simultaneously, based on suitability and availability. Depending on the nature of the query, the call might be handed directly to an expert to resolve, or be dealt with by the operator directly, based on feedback from the expert.

The whole process can be geared towards first-call resolution, in a way that wasn’t possible before. While this might seem obvious, if a company implements UC, but carries on working in exactly the same way, then very little will change from a first-call resolution perspective, and any potential efficiency savings will be missed.

The story doesn’t end there. While the benefit of UC is that it enables staff to work differently, they will only do so if the change process is made relatively painless, and this is exactly what companies that succeed with UC have ensured. This translates into providing not just the usual technical support but also more process-based help. This might include step by step guides on topics such as setting up a videoconference from a given location, including where people can go for help if they get stuck. To assist people who are more reluctant to access such resources, locally embedded help, in the form of nominated ‘experts’ - people within the same department, for example - can work well. Getting this right goes a long way to ensuring that UC ‘delivers’.

So is UC coming of age, at last? While it is unwise to get caught up in the UC hype, it is at least worthy of consideration, even in the prevailing economic conditions. As the way that people work changes, UC becomes ever more relevant. Cross business collaboration, mobile workers, virtual workplaces, the 24x7 workforce and global teams are areas that can be assisted by UC. The caveat to this is to ensure that, like any implementation, there is a clear understanding about what it will deliver, and enough support in place to make sure it happens.

Originally published on http://www.cio.co.uk/ (registration required).

Is there a case for encrypting backups?

For most organisations, backups form an essential part of the day to day activities of IT operations. They keep users happy in the short term, as individuals can recover files lost due to accident, incompetence or system failure. They keep the business moving, as systems and services can be protected and recovered. And they help get things going again, in the case of ultimate disaster.

In all of these scenarios however, what we really mean is that it is the flipside of backup that is important. Backups are essentially a doorstop unless the systems or information can be restored to functional use. This is an area that all too many companies neglect to test regularly, and can be a significant business risk if not addressed. Tapes can, or more likely will, fail. Equipment such as the tape drive, once out of production, will rapidly become obsolete. While the backup may be tied closely to the physical system, even if the backup is good, a suitable system to restore to may not be available – although eBay may help in some cases! Even if one moves to use online or hosted services, there is no guarantee that the provider will remain in business, making backups even more important.

So, both backup and recovery are an essential element of business function and continuity. However, they are also a source of risk from a data protection point of view. Backups contain the low-level about the company – not just data, but entire systems, configurations and raw information. In addition, bnd backups tend to move about a lot. They move inside the organisation, they are transported outside and are frequently stored in multiple locations. Keeping track of backup media is hard, even for the best companies. We frequently hear of lost backups that cannot be traced.

Now, why should companies worry if the data on backups go missing? Surely we can just take another backup? That might cover the business risk internally, in terms of having something to restore should a failure or similar happen. However, it doesn’t cover the external aspects of the data loss, which is an area that is already under increasing scrutiny from regulators. Regulations surrounding the loss of data already have had sanctions increased while individual industry regulators may take their own view. With new regulations coming that will require any losses to be disclosed, the cost in terms of notification, compensation, reputation and brand will only go up and up.

The most effective method for reducing the level of risk associated with a backup is to encrypt the data it contains. This ensures that should the backup be lost or stolen, it is not feasible to access and restore the data without appropriate pass codes or decryption keys. Achieving this should be relatively straightforward, Many IT managers agree that backups are vital to protect, but few do so.

So if encryption of backups is so important, why isn’t everyone doing it? While not every organisation is aware of the risks of data loss through unprotected backups, there will also quite a number of companies that will have quantified the potential cost implications and decided to ignore the risks rather than doing anything about them.
Near the top of the list of challenges are also technology hurdles which get in the way of practical encryption implementations – software encryption has its own limitations such as loss of compression capability (increasing the number of tapes required), and higher processor requirements to encrypt the data. Hardware encryption may tie the backups to individual drives, resulting in complexities when recovering data.

Key management is another concern that has been talked about for years but still remains a bugbear. In many cases, different systems will have independent key management systems and processes. Bringing these together will be challenging, but necessary, with firm control of process, documentation and management tools. In many cases, key management for backup encryption will need to fit in with the key management systems across the business. Regular testing to ensure that nothing gets broken accidentally, particularly as systems are upgraded or keys are rotated. Crucially, testing should cover not just verification of recent backups which are top of mind in most cases, but should also cover the old information which is sitting in archive libraries, which many IT managers may have never touched.

Encryption on backups should be considered in the light of what it is that really matters, namely the successful restoration of systems and data, over a period of not only years, but potentially many decades given regulations regarding data retention for regulatory purposes. Perhaps the biggest mitigating factor is that encryption is not yet a seamless part of either process or infrastructure, leading to complex trade-offs and tactical decision making which fails to take the longer term issues into account.

Given the problems involved, it is no wonder that many companies choose to skirt the issue. As the shadow of compliance and legislation creeps ever closer, IT managers will have less and less wiggle room, so plentiful planning now will help to achieve a much better result at the end.

Originally published on InfoSecurity (www.infosec.co.uk)