Home
News
Making digital delivery 3-9 MAY 2016 of public services standard practice
DevOps advocates bust myths around enterprise agile software development HS2 accelerates innovation Interview: HS2 CIO James Findlay juggles The high-speed rail project aims to connect industry, today’s planning and the skills and the technology of the future technology of tomorrow
Editor’s comment
Buyer’s guide to graph databases
CW@50: British innovation in the fight against cyber threats
Downtime HS2/GRIMSHAW computerweekly.com computerweekly.com 3-9 May 2016 1 NEWS IN BRIEF
Home
News DDoS attacks hit three-quarters HMRC weighs up desktop of global brands in 2015 services and cloud collaboration Making digital delivery More than seven in 10 global HM Revenue & Customs (HMRC) of public services standard practice brands were hit by distributed has issued two prior information denial of service (DDoS) attacks notices worth a total of £215m. VODAFONEGROUP
DevOps advocates in 2015. Few organisations were HMRC is looking for management bust myths around spared DDoS attacks, according to and support for user devices worth enterprise agile software development a survey by communications and £200m, and an integrated cloud- analysis organisation Neustar. The based collaboration system worth
Interview: HS2 CIO survey of 1,000 IT professionals £15m. The larger of the two con- James Findlay juggles revealed that 73% reported DDoS tracts includes the build, deploy- today’s planning and the technology of tomorrow attacks in 2015, with 82% suffering ment, maintenance and support of repeated attacks and 57% suffering user devices such as Blackberrys Editor’s comment subsequent theft. and managed desktop services.
Buyer’s guide to Lloyds Bank offshores IT roles Barnet Council audit finds graph databases to India in cost-cutting plan Capita services lacking Lloyds Banking group is reducing its Barnet Council’s audit reports show CW@50: British innovation in the fight UK IT workforce by 80 people, with failings in IT disaster recovery and against cyber threats half moving to India as part of a cull IT change management, run by of more than 600 jobs at the bank. Capita. The internal audit is the British Library puts Downtime John Morgan-Evans, regional officer first review of the services Capita Shakespeare on phone at union Unite, said the move to provides to the council since it offshore IT jobs to cut costs was signed the contract in 2013. The The British Library is enabling people to alarming. The cuts are part of a 10-year contract, worth £32m a download digital facsimiles of first edi- three-year plan announced in 2014, year, transferred IT and back-office tion Shakespeare plays to their devices when the bank said it would cut functions such as human resources using “digital wallpaper”. 9,000 jobs and close 150 branches. (HR) and payroll to Capita.
❯Catch up with the latest IT news online computerweekly.com 3-9 May 2016 2 NEWS IN BRIEF
Home
News Banks’ mainstream adoption OpenStack Foundation calls for of Blockchain 10 years away enterprise open source input Apple CEO looks to Making digital delivery Financial services firms should treat The OpenStack Foundation is call- of public services services as device standard practice blockchain as a lab project and pre- ing on enterprises to step up their pare for another decade before the involvement with the open source revenues fall
DevOps advocates technology hits the mainstream, community to ensure its work Apple chief executive Tim Cook is look- bust myths around according to Forrester Research. It keeps pace with the rate of inno- ing to the company’s services division enterprise agile software development predicted a three-phase evolution vation occurring in the internet of as revenue from device sales fell for the of blockchain deployments. things and big data era. first time in 13 years. Despite warnings
Interview: HS2 CIO from Apple in January 2016, shares fell James Findlay juggles IPv6 alone will not secure IoT Business fail to learn the 8% in after-hours trading in reaction to today’s planning and the technology of tomorrow Internet Protocol version 6 (IPv6) lessons of past cyber attacks quarterly revenue of $50.6bn, alone will not make internet of Organisations are failing to learn down 13% compared with the Editor’s comment things (IoT) communications the lessons of past cyber attacks, three months ending secure, warned Hanns Proenen, the latest Verizon Data Breach 26 March the year Buyer’s guide to chief information security officer Investigations Report reveals. before. Apple had graph databases (CISO) at GE Europe. Although IPv6 The analysis shows they are not forecast a decline is essential to IoT he said IPv6 is addressing basic issues and well- of between 9% CW@50: British innovation in the fight not more secure than IPv4. known attack methods. and 14%. against cyber threats Volvo tests self-driving cars Spike in outsourcing in 2016 Downtime Volvo will trial autonomous driv- Restructured deals fuelled a sharp ing in 2017, with 100 self-driving increase in IT and business process ❯ Mobilised workforces drive performance and productivity Volvo vehicles taking to the streets outsourcing in Europe, the Middle ❯ UFO broadband network sees promising pilot results of London. Participants in the Drive East and Africa during the first ❯ Government accepts data ethics council proposal Me London programme will be real three months of 2016. ISG said the ❯ Apple Pay signs up a million users a week families using their cars in their value of deals was €2.25bn, 19% usual day-to-day situations. higher than Q1 2015. n
❯Catch up with the latest IT news online computerweekly.com 3-9 May 2016 3 INTERVIEW
Home News Accelerating government’s digital Making digital delivery of public services standard practice transformation with passion and drive
DevOps advocates bust myths around The government’s minister for digital reform, Matt Hancock, talks to Lis Evenstad about creating a Digital enterprise agile software development Leadership Academy, learning valuable lessons in how to run digital services and his love for open data
Interview: HS2 CIO James Findlay juggles ith a larger budget than ever before, the Government today’s planning and the technology of tomorrow Digital Service (GDS) is on a mission to transform Wgovernment services and departments from analogue Editor’s comment to digital, something Cabinet Office minister Matt Hancock is “incredibly excited about”. Buyer’s guide to Speaking to Computer Weekly at GDS’s annual event, Sprint 16, graph databases Hancock says he wants to break down the silos and change the way government operates, not just focusing on “a few transac- CW@50: British innovation in the fight tions, but using digital, technology and data to improve all of the against cyber threats services we provide”. “We’re on a journey,” he says, from a government that was behind Downtime the times to one increasingly using digital services. He hopes that by the end of this parliament, we will have a government where “digital delivery of public services is standard practice”. Matt Hancock: “There “The job of GDS is to provide thought leadership, but also to chal- are big lessons for how to run lenge and support all parts of government, so that people know digital services from the about the best technology, the best standards and techniques, and past 20 years” also so the questions are asked of where we can do better.”
computerweekly.com 3-9 May 2016 4 INTERVIEW
Home
News GDS’s £450m budget over the course of this parliament will Hancock says the government is “constantly learning lessons in have to deliver efficiency savings ahead of its funding. how to do these things better”. Making digital delivery Computer Weekly revealed last year that savings of £3.5bn “There are big lessons for how to run digital services from the of public services standard practice are expected in return, with the money mainly being spent on past 20 years,” he says. “One lesson is don’t let huge, long con- common technology services (CTS), where it hopes for savings tracts and then forget about them; instead, let more smaller con-
DevOps advocates of £1.1bn; government-as-a-platform (GaaP), delivering £1.3bn tracts and manage them actively. Another lesson is don’t put bust myths around in savings; and the Gov.uk Verify identity scheme, saving GDS an unnatural deadline on a project; rather keep iterating it and enterprise agile software development another £1.1bn. improving it. Another is to design something in an agile way from While the funding is welcome, Hancock understands that the the start so you can alter it when it interacts with reality in the
Interview: HS2 CIO task ahead is not an easy job. With GDS aiming to turn up the delivery. Always focus on the user need.” James Findlay juggles pace and the volume of digital services, there are many hurdles Hancock calls these his four key principles, and adds that there today’s planning and the technology of tomorrow that need jumping. is no easy answer. “We try to keep a state of mind of constantly learning and improving,” he says. Editor’s comment Closing the skills gap One of the biggest challenges, highlighted by a National Audit Digital leadership Buyer’s guide to Office report late last year, is that there is abig digital skills gap In fact, Hancock is working hard to tackle the skills gap. Last graph databases in government. year, he launched lunchtime coding clubs for civil servants to The NAO survey found that funding, cultural issues, career develop opportunities for “civil servants to roll up their sleeves CW@50: British innovation in the fight paths and cross-government competition “are all perceived to and get stuck into data”. against cyber threats have a negative impact on developing staff and improving capa- Now he is planning the launch of a Digital Leadership Academy: bility and capacity”. “To make sure that we train people in how to run digital projects, Downtime The skills problem has been apparent in large government IT and crucially where we can take the lessons from both successful programmes, such as the rural payments digital service, where the and unsuccessful projects.” the Department for Environment, Food and Rural Affairs (Defra) The academy will be for everyone running digital projects: “Both was expected to provide systems integration skills to bring the people with digital backgrounds and the people with the policy different elements of the programme together. However, it “did and business delivery backgrounds, and others from outside,” not have the necessary skills in-house, and did not know how to says Hancock. “You can learn a lot from how things are done from obtain them”. other governments and the private sector.”
computerweekly.com 3-9 May 2016 5 INTERVIEW
Home
News Ultimately, he says, “the best experience is to be part of a completed successfully is not to put a date on them, because you digital transformation”. want to drive the project to successful conclusion rather than Making digital delivery Hancock also recently announced a GDS Advisory Board force it to an unnatural death.” of public services standard practice which includes experts from retail, digital, data and technology Hancock is committed to open data and told the audience at sectors. The board will meet quarterly to advise and challenge Sprint 16: “We need to make sure that where we have datasets
DevOps advocates the government to deliver better services for users and evalu- they are open where possible, but where we choose, for good rea- bust myths around ate how emerging digital technology trends can be applied to son, for them to be restricted, that is what happens.” enterprise agile software development public services. “Their job is to keep us on our toes and to show Explaining further to Computer Weekly, Hancock says that direction and leadership, and to challenge and support us as we although the government has released more than 20,000 data-
Interview: HS2 CIO challenge and support the rest of government,” says Hancock. sets so far, quality is more important than quantity. James Findlay juggles today’s planning and the technology of tomorrow Open data Another passion of Hancock’s is open data. “I love it,” he “A way to ensure digital projects Editor’s comment exclaims. The government has just announced a new piece of work on creating open data sources, or “canonical registers”, get completed successfully is Buyer’s guide to ensuring data is stored once, and kept up to date centrally. graph databases The first register is on the different countries in the world. There not to put a date on them” are currently seven different lists of countries floating around Matt Hancock, GDS CW@50: British innovation in the fight government, but that will soon be cut down to one, held by the against cyber threats Foreign Office, which will be responsible for that list. “Another example is the register of what companies exist in the “The quality matters. Making sure they are mashable, machine Downtime UK. It’s reasonable to have one register of which companies exist, readable and not published in PDFs is important,” he says. “So so that’s another example of the sorts of areas we can go,” he yes, we are expanding the numbers and that’s driving ahead, but says. “Ultimately, it’s about creating a modern data infrastructure at the same time we have to make sure they’re kept accurate and in government and holding it securely.” up to date and that they are held securely.” How quickly these canonical registers will be deployed, Hancock Remarkably, he adds, there is very little resistance to publishing is tight-lipped about. “In due course,” he says. “One of the things the data. “People have seen the impact of open data to improve I’ve learnt about digital projects is that a way to ensure they get services, so there’s a very strong agenda there,” he says. n
❯ GDS will help government departments to help themselves computerweekly.com 3-9 May 2016 6 ANALYSIS
Home News DevOps advocates bust myths around Making digital delivery of public services standard practice enterprise agile software development
DevOps advocates bust myths around Continuous software delivery experts tell Caroline Donnelly why organisations are missing out if they shun DevOps enterprise agile software development
Interview: HS2 CIO nterprises risk missing out on the business agility benefits “Moving to smaller, more frequent releases gives you that feel- James Findlay juggles of adopting DevOps because of concerns about the level of ing of post-intervention relief more frequently because you’re not today’s planning and the technology of tomorrow Erisk to operations. Despite the likes of Gartner hailing 2016 playing with massive bombs anymore,” he said. as the year DevOps hit mainstream levels of adoption, anecdotal Several other speakers at the event shared the sentiment, Editor’s comment evidence shared by day-to-day practitioners of the software deliv- including DevOps enthusiast and Tripwire founder Gene Kim, ery method suggests not all enterprises are as keen as others. who shared data showing firms that use DevOps tend to deploy Buyer’s guide to Over the course of the two-day DevOpsDays conference in code changes 200 times faster than those that do not. graph databases London, advocates for the software delivery method spoke about “When something goes wrong, the mean time to restore ser- some of the misconceptions that persist in enterprise circles vices is usually 168 times faster,” he said. CW@50: British innovation in the fight around its use. One commonly held concern – cited by several against cyber threats speakers – was the belief among enterprises that pursing a con- Culture shock tinuous delivery approach to IT code deployments increases the Getting to a point where an organisation can securely and effi- Downtime risk of something going wrong. ciently roll out multiple code changes a day often requires enter- Speaking at the event, Kris Saxton, principal consultant of prises to undergo substantial re-organisation to create multi- Automation Logic, said the reverse tends to be true. He said disciplined and collaborative teams, populated by developers that, during his time as a systems engineer, he tended to become and IT operations staff. more anxious the longer a piece of IT kit he was responsible for This can prove offputting for senior management types who remained up and running, before going on to experience “post- often have the final say on these projects, unless the department intervention relief” after the inevitable outage occurred. pushing DevOps can demonstrate value from adopting it.
computerweekly.com 3-9 May 2016 7 ANALYSIS
Home
News However, without buy-in from senior management, IT depart- “You’re persuading senior management this is something worth ments may struggle to get their DevOps ambitions off the ground doing, so you have to use the language they understand,” he said. Making digital delivery on a company-wide level. “For example, the main benefit from DevOps to a development of public services standard practice “Interest in DevOps is widespread at a grass roots level, but team might be the ability to move quickly, but it might work better there is arrested development for that to spread in a meaning- to pitch it as reducing operational expenditure. Both statements
DevOps advocates ful way without senior management sponsorship,” Saxton told are true – but you need to tailor the message to your audience.” bust myths around Computer Weekly. enterprise agile software development “Otherwise, you can innovate in a local sense in your silo or No shortcuts to DevOps team, but you won’t be able to connect it up to other services to Another stumbling block is the lack of product that can fast-track
Interview: HS2 CIO make it meaningful. Your development efforts around innovation an enterprise into the world of DevOps, said Bridget Kromhout, James Findlay juggles will wither and die in the long run because of that lack of innova- principal technologist at platform-as-a-service provider Pivotal. today’s planning and the technology of tomorrow tion and sponsorship.” “DevOps is not that shiny thing you get in a box or you see on your balance sheet that you will definitely finish with in Q2,” she Editor’s comment said. “It’s something you have to choose and do in your organisa- “Being 200 times faster than tion. It’s a cultural practice of co-operation and sharing, and it’s Buyer’s guide to not something you achieve through tools alone. graph databases competitors makes a significant “People think that, if they get the right tools, if they go to cloud and break down silos and add some containers, they will have CW@50: British difference in the marketplace innovation in the fight ” achieved DevOps. Tools are necessary, but they’re not sufficient.” against cyber threats Gene Kim, Tripwire founder For organisations that manage to negotiate these obstacles, the rewards can be varied and surprising. Kim claimed that improving Downtime the IT department’s performance can result in financial benefits To get the ball rolling, Saxton said IT departments should embark for the wider business too. on a small-scale DevOps trial to begin with, before sharing the He said the way a server administrator or a developer works can results of this endeavour with senior management. have an effect on profitability and share price: “When you look at Metrics to back the point that DevOps can make a difference to how every organisation acquires customers and delivers services the way the organisation is run are important to share at this point to customers, being 200 times faster than competitors makes a – but they must be presented in a business-savvy way. significant difference in the marketplace,” he said.n
❯Click here to learn how to develop a DevOps-friendly business culture computerweekly.com 3-9 May 2016 8 INTERVIEW
Home News HS2 CIO James Findlay juggles today’s Making digital delivery of public services standard practice planning with the technology of tomorrow
DevOps advocates bust myths around The man behind the high-speed railway’s technology talks to Lis Evenstad about infrastructure, open data and SMEs enterprise agile software development
Interview: HS2 CIO n HS2’s Canary Wharf offices, everything is high speed, says James Findlay juggles CIO James Findlay. One year from beginning construction on today’s planning and the technology of tomorrow Ithe controversial high-speed rail link between London and north England, there remains a lot of work to be done. Editor’s comment The £33bn project is one of the largest infrastructure projects ever undertaken in the UK and HS2 is responsible for everything, Buyer’s guide to from the construction of the railway to the passenger experience graph databases and stations – which, Findlay says, is “really exciting”. “You have got to think about things like the passenger experi- CW@50: British innovation in the fight ence coming through the stations – how we can get people off against cyber threats the platform as effectively as possible and how they are going to interact with other services that are not provided by HS2,” he says. Downtime “We also need to look ahead to what will happen in the next 10 years and ensure all our technology systems – whether it’s the rail- way systems, passenger systems or construction systems – are Findlay: “I’m passionate open enough and can cope with the likely technology refreshes. about the SME market. “We might see this emerging technology, that will suddenly We’ve had quite a few come from left field, that might be game-changing. You have to working with us and they create a platform that can actually cope with that.” are very innovative.”
computerweekly.com 3-9 May 2016 9 INTERVIEW
Home
News But there remains a while to go before the railway becomes But it may not be so straightforward. The project is controver- operational. In the short term – over the next six to 12 months – sial, with several anti-HS2 campaign groups attempting to stop it. Making digital delivery HS2 will begin testing the market and begin looking for suppliers. Campaigners have petitioned Parliament several times, calling for of public services standard practice Findlay envisages a mix of larger suppliers and small and a stop to the programme, claiming the scheme will cost taxpay- medium enterprises (SMEs) that can bring innovation to the table. ers money that could be spent elsewhere and that the project will
DevOps advocates Mention “SME” to Findlay and his face lights up: “I’m passionate damage the environment, among other objections. bust myths around about the SME market,” he says. “We’ve had quite a few working enterprise agile software development with us in IT and they are very fleet of foot and innovative.” Visualising data HS2 needs to work with larger suppliers too, because “once we Findlay says he understands concerns about the project. HS2 is
Interview: HS2 CIO get into construction, an SME would not be able to support some collecting all the design, environmental and other data and visu- James Findlay juggles of the big logistical things”, he says. alising it, so that the people affected can access it. today’s planning and the technology of tomorrow “It’s a blend of the two – but certainly more at the innovative “This programme obviously has an impact,” he says. “It has an side of the spectrum.” impact on individuals, on businesses and the environment, and it Editor’s comment is incumbent on us to provide all the information that we gather Supporting the technologies of the future as part of the development of the programme to our stakeholders, Buyer’s guide to The core technology will have to be well known because it needs to Parliament and beyond, so they can fully interact with it as part graph databases to meet various international standards, especially concerning of the democratic process. health and safety. But there is also a “huge push” to be as inno- “What we have been doing with the data is creating 3D models CW@50: British innovation in the fight vative as possible and make sure that what HS2 creates will be and YouTube videos. All of that data – geospatial data and envi- against cyber threats able to support the technologies of the future, says Findlay. By ronmental data – is on data.gov.uk as well.” the time the HS2 rail link goes live, the technology landscape HS2 is constructing 5D models of the railway, factoring in not Downtime will have changed dramatically. just location, but time and cost as well, so it can interact with the There remain some serious hurdles to clear. HS2 does not yet supply chain in a collaborative way. This is intended to realise a have the powers from Parliament to begin construction, but with number of efficiencies in the construction of the programme and the third reading of the bill due shortly, Findlay is optimistic. onwards during its operation, says Findlay. “Subject to the various parliamentary processes, Royal Assent The organisation has also joined the Open Data Institute to sup- will be later this year or early next year, which is when we really port people’s interaction with the programme, “so we can have a start gearing up,” he says. much more informed debate”, he says.
computerweekly.com 3-9 May 2016 10 INTERVIEW
Home
News Part of a macroeconomic strategy The National College for “HS2 is part of a much greater macroeconomic strategy,” says High Speed Rail will open in Making digital delivery Findlay. “It’s not just about getting to Birmingham 15 minutes September 2017 and teach of public services standard practice faster – it’s much broader than that.” students in the mainstream He explains that more than 95% of the UK’s trade imports come education system
DevOps advocates by sea, in large containers that need to be transported further. At bust myths around the same time, the UK’s GDP continues to struggle for growth enterprise agile software development and, coupled with various infrastructure and capacity issues, something needs to change, he says.
Interview: HS2 CIO James Findlay juggles today’s planning and the technology of tomorrow “It is a huge challenge –
Editor’s comment it is not just high speed by name, but in its nature Buyer’s guide to ” graph databases To deal with the trade volumes, ports need to be dredged, CW@50: British innovation in the fight motorways need to be extended and the exisitng rail network will against cyber threats be stretched to maximum capacity, says Findlay. So the network must increase its capacity to deal with that, and the way to do it is Downtime to get inter-city passengers onto something else – which is where HS2 comes in. “The project is controversial in some quarters, but in others less so,” he says. Chancellor George Osborne announced in his 2015 autumn statement that the second phase of the HS2 project, the inter- change at Crewe, would be delivered six years early – a year after
the Birmingham interchange is opened. HS2
❯Click here to read an interview with Susan Cooklin, CIO of Network Rail computerweekly.com 3-9 May 2016 11 Home
News Findlay’s enthusiasm for the project is obvious and infectious. HS2’s head of service transition in IT has been working on how “It is a huge challenge – it is not just high speed by name, but in its the organisation can back the curriculum on the technology side, Making digital delivery nature,” he says. and support apprenticeships and graduates. Findlay says this of public services standard practice One of HS2’s biggest tasks is the infrastructure control platform. demonstrates a widespread recognition of the shortage in skills Based on the Government Digital Service’s government-as-a- and capabilities in the digital and technology sector.
DevOps advocates platform strategy, the platform will be used right through the con- bust myths around struction and operations. The platform will be a mix of in-house enterprise agile software development development and engagement with large and smaller suppliers. “We are all fishing from the The main factor will be open application programming interfaces
Interview: HS2 CIO (APIs), open standards and open data, says Findlay. same pool – and it is a great James Findlay juggles “We know there are going to be so many technology refreshes today’s planning and the opportunity to have some input” technology of tomorrow that we cannot afford to be locked into any one supplier or tech- nology,” he says. “If we secure the data as open data in a non- Editor’s comment proprietary format exposed to us through an open API, then job “We are all fishing from the same pool and that is why it is a done. The technology itself sits in between and will come and go.” great opportunity to have some input into that,” he says. “It’s not Buyer’s guide to Findlay says no one has created a platform like this in the infra- often a CIO can influence that, it’s amazing.” graph databases structure business before, which is “very exciting”. HS2 has taken on a number of apprentices, which Findlay says HS2 already has a proof-of-concept in place, which is being “feels like you’re giving back to the wider technology community”. CW@50: British innovation in the fight developed in parallel with the business case “so we can actually He describes HS2 as a catalyst for growth, and hopes the skills against cyber threats show people this thing”, he says. and capabilities gained from the programme will contribute to the wider UK economy. Downtime Skills for the future The project may be controversial and a substantial expense Findlay also supports the National College for High Speed Rail to the taxpayer, but Findlay believes it will end up saving the UK the Department for Business, Innovation and Skills will set up as economy more than it costs. Working for the high-speed rail pro- part of its national college programme. The college, which is due ject means being ruthless about priorities and it attracts people to open in September 2017, will teach a mix of people coming who are “energised” by the pace and work hard to deliver some- through the education system, as well as working as a “top-up thing they believe in: “Failure doesn’t even enter my head – it’s not place” for people already working in the industry. an option,” Findlay says. n
computerweekly.com 3-9 May 2016 12 Computer Weekly, 2nd Floor, 3-4a Little Portland Street, London W1W 7JB EDITOR’S COMMENT HOME General enquiries 020 7186 1400 Home Editor in chief: Bryan Glick 020 7186 1424 | [email protected] News Managing editor (technology): Cliff Saran 020 7186 1421 | [email protected] IT leaders’ crystal ball for tech investment MakingHead of premium digital deliverycontent: Bill Goodwin 020of 7186public 1418 services | [email protected] standard practice Services editor: Karl Flinders ne of the questions most commonly asked of technology journalists is: “What’s the next big thing?” 020 7186 1423 | [email protected] DevOps advocates It’s easy enough to answer – at the moment, you would point to internet of things (IoT), blockchain, artificial intelligence (AI), bustSecurity myths editor: around Warwick Ashford service automation, and maybe a few others. 020enterprise 7186 1419 agile | [email protected] O The question that’s rarely asked – but which really matters – is: “Why are they the next big thing?” There is a common thread underly- softwareNetworking development editor: Alex Scroxton 020 7186 1413 | [email protected] ing all these emerging technologies that helps to understand if and how they might be as transformative as previous “next big things”
Interview:Management HS2 editor: CIO Lis Evenstad like the internet, mobility, cloud or big data. The real trend we’re experiencing – the fuel of the digital revolution – is the commoditisation 020James 7186 1425Findlay | [email protected] juggles of technologies that had previously been available only to corporations with deep pockets. today’s planning and the technologyDatacentre editor: of tomorrow Caroline Donnelly The internet commoditised communications. Mobility commoditised user computing. Cloud is the same for storage and processing 020 7186 1411 | [email protected] power. And big data is commoditising high-volume information. It’s a predictable trend, repeated through history. The industrial revolu- Editor’sStorage comment editor: Antony Adshead tion started when steam engines were commoditised; the age of the car began when Henry Ford mass-produced vehicles. 07779 038528 | [email protected] But an underlying facet of successive waves of commoditisation is that each depended on the previous stage. You wouldn’t have com- Business applications editor: Brian McKenna Buyer’s guide to 020 7186 1414 | [email protected] modity mobile devices without commoditised communications. The move to cloud couldn’t happen until mobile devices were near- graph databases ubiquitous to access all that computer power. And without cloud, you would never have affordable capacity to process big data. Business editor: Clare McDonald 020 7186 1426 | [email protected] What does that tell us about the next big things? The emergence of blockchain, AI and service automation represents a new phase in CW@50: British innovationProduction in editor: the fight Claire Cormack this evolution. They don’t represent the commoditisation of technology – they are the first examples of commoditising processes. 020against 7186 1417 cyber | [email protected] threats Blockchain promises to make the process of financial transactions into a commodity. Transactions that were once only possible for Senior sub-editor: Jason Foster huge organisations could, with blockchain, be open to startups and individuals. Service automation will make customer engagement 020Downtime 7186 1420 | [email protected] processes a commodity – allowing companies to offer customer services previously only available to those with access to a contact Sub-editor: Jaime Lee Daniels centre, for example. AI will commoditise access to knowledge processes. 020 7186 1417 | [email protected] Forrester Research predicted last week that blockchain is about 10 years away from being mainstream. That feels about right. But for IT Sub-editor: Edward Pearcey 020 7186 1478 | [email protected] leaders looking to plot a course for how these next big things will benefit their business, understanding the underlying commoditisation of technologies, and then of processes, gives a valuable indicator of when and how to invest. n Sales director: Brent Boswell 07584 311889 | [email protected]
Group events manager: Tom Walker Bryan Glick, editor in chief 0207 186 1430 | [email protected]
❯Read the latest Computer Weekly blogs computerweekly.com 3-9 May 2016 13 BUYER’S GUIDE TO GRAPH DATABASES | PART 1 OF 3
How to tease out patterns hether you are setting about customer analytics, fraud detection, risk assessment or building com- plex social networking applications, you need in divergent data stacks connected data. Today’s enterprises are spending Wmore time looking to answer complex business questions. Linking Graph databases – the technology that links relations between datasets a few data sources is often simple – but to do so with significant – will revolutionise the insights of data analytics, writes Noel Yuhanna amounts of heterogeneous data requires a radical approach. Without doubt, it is critical to re-envision your business not as a standalone entity but as part of an ecosystem where custom- ers assemble suppliers according to their needs, using businesses that collaborate and share data and services. And the need to support customer interactions across multiple touch points is forcing enterprises to analyse data more intelligently and in an integrated manner. A graph database allows organisations to think differently and create intelligence-based business opportunities that weren’t possible before. Such a database constitutes a powerful, opti- mised technology that links billions of pieces of connected data to create sources of value for customers and increase operational agility for customer service. Graph databases excel in navigating or processing large amounts of connected data, giving customers insights and intelligence that were next to impossible with traditional technologies. Enterprise architects who champion investment in graph databases will be ready to use data to create customer insights, respond quickly to changing market demands and competitive threats, and grow their organisations faster than their competitors by delivering innovative products and services. SHAI-HALUD/ISTOCK HOME
computerweekly.com 3-9 May 2016 14 BUYER’S GUIDE
Home
News Many use cases use graph databases, including recommendations, graph-based search, social customer recommendation engines, big data ana- ❯Facebook’s Graph Search networking, fraud detection, network and iden- Making digital delivery lytics, fraud detection, master data management, application puts the spotlight on tity management, and MDM. Neo Technology of public services graph database designs aimed standard practice social networking, internet of things (IoT) analysis at capturing and organising has many enterprise customers, including and real-time data analytics. The graph database data relationships. CenturyLink, Cisco Systems, eBay, HP, Lufthansa.
DevOps advocates market is expected to see significant success in the Snap Interactive, a dating app company, uses bust myths around coming years as organisations combine people, Neo4j to support a social graph with one billion enterprise agile software development processes and technology to close the gap between people and more than seven billion relationships. insights and action. The adoption for graph databases stands at n DataStax’s acquisition of Aurelius – the startup behind open
Interview: HS2 CIO 15% worldwide but is likely to double in the next three years. graph database Titan – will enable it to add a graph compo- James Findlay juggles nent to its DataStax Enterprise data platform built on Apache today’s planning and the technology of tomorrow The graph database market Cassandra. The graph database functionality offers enterprises Although there are more than a dozen graph database suppliers, multimodel capabilities to store, process, and access various Editor’s comment these are the leading ones: data sets to support broader use cases for transactional and n Neo Technology first released Neo4j, an open source NoSQL operational applications. Organisations are likely to use the plat- Buyer’s guide to property graph database in 2007, under an open source licence form for recommendation and personalisation engines, fraud graph databases and then as a generally available commercial version in 2010. detection, risk assessment, mobile data management and IoT It supports transactional operations in the context of mission- applications. Global connected data is becoming critical for all CW@50: British innovation in the fight critical systems running real-time queries. Customer feedback enterprises and DataStax’s scalable distributed platform along against cyber threats indicates that Neo Technology’s with graph capabilities is likely to key strengths are its ability to sup- appeal to many. Downtime port native storage and process- “Key use cases for OrientDB n Orient Technologies is the key ing of graph data models and its contributor to and supporter of full Acid (atomicity, consistency, include social networking, OrientDB, an open source NoSQL isolation, durability) compliance, graph database written in Java flexible data models, and high recommendation engines and released in 2010. OrientDB sup- performance for connected data. fraud detection ports schema-less and schema- Customers often use it for real-time ” based data modes and uses SQL
computerweekly.com 3-9 May 2016 15 BUYER’S GUIDE
Home
News as its query language for both community. Currently, no com- structured and unstructured data, “FlockDB is suitable for set mercial suppliers support it, so Making digital delivery on top of the traditional Gremlin businesses are cautious about its of public services and Sparol. Customers often men- support and roadmap. However, standard practice operations requiring horizontal tion its multimodel engine, ease it’s suitable when a team of devel-
DevOps advocates of use, reliable performance, and scalability with low latency, opers is looking to get its hands bust myths around small footprint as core strengths. dirty with code and customise enterprise agile such as fraud detection” software development OrientDB has a fully Acid-compliant it for specific graph applications graph database to support transac- where commercial systems fall
Interview: HS2 CIO tional and operational use cases. Key use cases for OrientDB short. FlockDB is suitable for set operations requiring horizon- James Findlay juggles include social networking, recommendation engines and fraud tal scalability with low-latency environments, such as social today’s planning and the technology of tomorrow detection. Customers deploying OrientDB include CenturyLink, networking or fraud detection. n Ericsson, Pitney Bowes, Sky and Warner Music. Editor’s comment n FlockDB is an open source distributed graph database that This is an extract of the Forrester Research report, “Market Overview: Graph Databases” Twitter built to store relationships and later released to the (May 2015), written by Noel Yuhanna, principal analyst at Forrester. Buyer’s guide to graph databases
CW@50: British innovation in the fight against cyber threats DERRREK/ISTOCK Downtime
computerweekly.com 3-9 May 2016 16 CELEBRATING 50 YEARS OF BRITISH TECHNOLOGY INNOVATION Computer Weekly is marking its 50th anniversary this year with a series of articles celebrating 50 years of British technology innovation
ritain has a proud tradition of innovation, but in the field of information security, much of this innovation has been performed under a cloak of secrecy. So, while some past innovations are only now coming to light, Bothers may remain hidden. Information security – once the concern of relatively few people in political, military or diplomatic roles – is now part of the eve- ryday lives of the billions of people using computers, tablets and smartphones around the world. However, back in September 1966 when Computer Weekly was born, few computer users would have had even the slightest concern about information security. They were more concerned UK proves fertile breeding about matters such as storage and retrieval of data, training for computer operators and analysts, and the potential export mar- ground for information ket for business-related UK computer technology. Modern computing can trace some of its roots back to wartime innovation at Bletchley Park, which includes the development of security advances mechanical computers known as bombes that helped decipher the Enigma code, and the Colossus computer that helped break Warwick Ashford looks at the evolution of information security the Lorenz code used to encrypt secret messages between Hitler and his generals. threats and some of the British innovation to counter the risk It also turns out that information security, as we now know it, owes much to the efforts of those same pioneers because, at the end of the war, the Bletchley Park expertise in cryptography was
HOME
computerweekly.com 3-9 May 2016 17 : SECURITY
Home
News rolled into the UK’s Government Communications years after the GCHQ cryptographers had made Headquarters (GCHQ). ❯Check out all the articles in the same breakthrough, enabling non-government Making digital delivery The invention of public-key cryptography is prob- Computer Weekly’s anniversary- computer users to protect data from unauthorised of public services inspired editorial programme standard practice ably the single most important development in the celebrating 50 years of British access, which is the core of information security. history of electronic information security, accord- technology innovation. But almost from the beginning, the US govern-
DevOps advocates ing to Fred Piper, emeritus professor and former ment sought to exert influence overcryptogra - bust myths around head of the information security group at Royal phy standards and how cryptography was used, enterprise agile software development Holloway, University of London, but for years that with the NSA starting to lobby to get a law that innovation was claimed by the US alone, thanks to the secrecy of would regard all cryptographic information as classified at
Interview: HS2 CIO the work done at GCHQ. birth, recalls Diffie. James Findlay juggles today’s planning and the technology of tomorrow Missed opportunity Malware is born The invention of public-key cryptography has long been attrib- Although information security has been a concern since ancient Editor’s comment uted to US cryptographers Whitfield Diffie, Martin Hellman times, it only became an issue in the world of computing once and Ralph Merkle, whose work was refined and implemented formerly standalone computers were connected – about three Buyer’s guide to by Ronald Rivest, Adi Shamir and Len Adleman (RSA), but it years after Computer Weekly’s debut. graph databases was revealed in December 1997 that GCHQ cryptographers The first-ever connection between remote computers was James Ellis, Clifford Cocks and Malcolm Williamson had established on the Advanced Research Projects Agency Network CW@50: British innovation in the fight beaten them to it. However, GCHQ had failed to patent and com- (Arpanet) on 29 October 1969, which was mainly enabled by the against cyber threats mercialise their discovery because the work was classified as top concept of packet switching developed by British computer scien- secret. For the same reason, other British innovations in the field tist Donald Davies. Downtime of information security may still be unknown. It could be argued that ever since the advent of Arpanet, infor- “After almost three decades of secrecy, Ellis, Cocks and mation security in the modern sense has become increasingly Williamson received the acknowledgement they deserved,” important, particularly as Arpanet led to the connection of multi- writes Simon Singh in his book The Code Book, noting that Ellis ple networks and eventually the rise of the internet. sadly never lived to see the day, having died a month earlier. It was not long before the first piece of malicious software, or Not bound by any secrecy classification, the RSA asymmet- malware, made an appearance, with the detection in 1971 on the ric cypher for public-key cryptography went public in 1977, four Arpanet of the Creeper worm, an experimental and relatively
computerweekly.com 3-9 May 2016 18 : SECURITY
Home
News harmless self-replicating piece of software that used the Arpanet to infect the PDP-10 mainframes. Before that, there had been sev- Making digital delivery eral pieces of malware, but they relied on the sharing of floppy of public services standard practice disks for distribution. In 1982, the Elk Cloner virus written for Apple II systems is considered by some to have been responsible
DevOps advocates for the first large-scale computer virus outbreak in history, and bust myths around was followed by the first virus for MS-DOS machines in 1986 – enterprise agile software development the Brain virus – but these and others still relied on floppy disks. The power of the internet was still to be harnessed as an effi-
Interview: HS2 CIO cient mass distribution tool. James Findlay juggles It was at that time that one of the oldest British cyber security today’s planning and the technology of tomorrow firms, Sophos, was founded by Jan Hruska and Peter Lammer to produce antivirus and encryption tools. Today, the company Editor’s comment proudly claims a 30-year history of innovation.
Buyer’s guide to Malware expands rapidly graph databases As the popularity of email and bulletin boards increased, the first internet-borne malware began to emerge, with theMorris CW@50: British innovation in the fight worm that infected internet-connected machines running Unix against cyber threats becoming the first widespread worm in November 1988. In 1991, the internet went public, with two million users of email Downtime and bulletin boards, and rapidly increased in size and popularity mainly because of the invention of the web browser by British sci- As the popularity of the entist Tim Berners Lee while working for Cern in Switzerland. web increased, businesses Web traffic increased exponentially in 1993 as internet users became the targets of moved from email and bulletin boards to web-based services, with malware, and with that the need for security grew businesses soon seeing the value and potential of linking local
operations to international transactional and storage systems. PINGWIN/ISTOCK
computerweekly.com 3-9 May 2016 19 : SECURITY
Home
News But this revolutionary means of exchanging information came This essentially led to the rapid growth and expansion of the at a price, rapidly becoming a target for attackers typically in information security industry. Making digital delivery search of intellectual property data and personal data with the But not everyone immediately understood the need for informa- of public services standard practice aim of making money through fraud and extortion, in addition to tion security or the future it would have, so when Royal Holloway the activities of attackers pursuing the goals of state-supported introduced its first qualification in information security in 1992,
DevOps advocates cyber espionage. not everyone was convinced. bust myths around By the mid-1990s, once-impreg- “It is probably fair to say people enterprise agile software development nable organisations were highly thought we were nuts,” says Piper. connected and highly vulnerable to When Royal Holloway “It turned out to be quite a good Interview: HS2 CIO attack, ushering in the first large- move, but nobody at the time – James Findlay juggles scale use of public-key encryption in introduced its first qualification including us – foresaw just how today’s planning and the technology of tomorrow the form of the secure sockets layer in information security in 1992, important it was going to become.” (SSL) computer protocol. This com- Another area where the UK has Editor’s comment bines public-key and symmetric-key not everyone was convinced led innovation, he says, is in cer- encryption to secure a connection tification forpenetration testing Buyer’s guide to between two machines, typically a through the Crest not-for-profit graph databases web or mail server and a client machine, communicating over the organisation led by its president, Ian Glover. internet or an internal network. “I am impressed by people who do things like Ian Glover,” says CW@50: British innovation in the fight “Public-key cryptography was the technology that enabled Piper. “As a result of his efforts, we have UK-based world stand- against cyber threats e-commerce, e-government and all other online transactions,” ards for penetration testing, putting it way ahead of any other says Royal Holloway’s Piper. branch of cyber security.” Downtime Although demand for information security products and ser- Infosecurity industry expands with threats vices grew throughout the 1990s, it really accelerated through In the 1990s, cryptographers recognised that the internet could the first decade of the new millennium as cyber threats prolifer- only function if there were commercial private sector solutions ated. By 2003, the amount of information on the internet had sur- and if security could evolve to meet the challenges, according to passed all other information in human history. US cryptographer Bruce Schneier, former chief technical officer “IT security was being asked to defend more ground than any of BT Counterpane. other interest in the history of our species,” says Schneier.
computerweekly.com 3-9 May 2016 20 : SECURITY
Home
News The Melissa virus was perhaps the most notable piece of mal- One of the most recent and high-profile examples of govern- ware in the 1990s, preceding a string of infamous worms in the ment expertise moving into the private sector is Iain Lobban, who Making digital delivery early 2000s that included the LoveBug, Nimda, SQL Slammer, retired as director of GCHQ in October 2014, and within a year of public services standard practice Blaster, Sobig, MyDoom, Netsky, Sasser, Koobface and Conficker. was reportedly advising oil and gas multinational Shell and corpo- However, the most famous worms were undoubtedly Stuxnet, rate intelligence firm Hakluyt & Company, itself set up by former
DevOps advocates Flame and Duqu, which introduced the concept of cyber weapons. members of secret intelligence service MI6. bust myths around The decade also saw the rise of As far as cyber security compa- enterprise agile software development Trojans such as Zlob, Zeus, Torpic nies are concerned, one of the best (Sinowal), SpyEye, GameOver Zeus Since the 1990s, each but perhaps most unlikely examples Interview: HS2 CIO and Regin, and remote access tools is BT, which after privatisation in James Findlay juggles (Rats) such as Beast, Nuclear Rat information technology 1991, became one of the UK’s lead- today’s planning and the technology of tomorrow and Bandook. ing suppliers of information secu- Since the 1990s, each information advance has created new rity services, including distributed Editor’s comment technology advance has created vulnerabilities, in turn creating denial of service (DDoS) mitiga- new vulnerabilities, in turn creating tion, managed firewalling and threat Buyer’s guide to opportunities for information secu- opportunities for innovation monitoring. graph databases rity innovation. British multinational defence tech- nology company QinetiQ is another CW@50: British innovation in the fight British innovation, GCHQ influence and legacy example of a UK company that emerged out of a former govern- against cyber threats In the UK, government in general and GCHQ in particular have ment department, owing its existence to the privatisation of part been the natural breeding grounds for information security inno- of the government’s former Defence Evaluation and Research Downtime vators, and since the Second World War, some of that expertise Agency (Dera) in June 2001. has gradually found its way into the private sector. These and other British cyber security firms count former GCHQ Many UK information security companies employ former gov- and other intelligence agency members among their founders, ernment experts, while some government departments have leaders and advisers, but a fair amount of innovation has come been privatised and some products and services developed for out of the private sector too, although many of these firms have government have been made available to businesses through been founded by those with experience working with or for the government commercial organisations. UK government and military.
computerweekly.com 3-9 May 2016 21 : SECURITY
Home
News Innovative British cyber security companies that The year 2013 was a watershed, not for inno- have arisen from the private sector include nCi- ❯Cyber security 2016 and vation, but for the revelations by whistleblower Making digital delivery pher – acquired by Thales in 2008 – which was beyond: Studies reveal a Edward Snowden about the mass internet surveil- of public services worrying disconnect between standard practice founded in Cambridge in 1996 to develop internet perception and reality in the lance programmes being run by the US National security products using advanced cryptography; face of cyber threats. Security Agency (NSA) and allied countries,
DevOps advocates Becrypt, formed in response to demand for mobile including the UK. bust myths around security in 1994; Digital Shadows, founded in 2011 These revelations have since stirred much enterprise agile software development to provide a cyber threat monitoring service; and, debate, particularly around the use and control of more recently, Glasswall Solutions, which innovates to tackle all encryption, harking back to similar debates in the 1970s, when
Interview: HS2 CIO document-based attacks with patented technology that breaks public-key encryption was introduced. How this debate will James Findlay juggles down every file to byte level, searching only for “known good” and influence innovation, particularly within Europe, in the years to today’s planning and the technology of tomorrow matching the files against manufacturers’ standards to pass only come, is not yet clear. Another major influence on information clean, regenerated files on to users. security innovation and business models could be the final text Editor’s comment The military-grade cyber defence capability assessment tool of the UK’s draft Investigatory Powers Bill, which is inching its (CDCAT) is an example of a tool originally developed for the way to becoming law. Buyer’s guide to military to help deal with the Conficker worm that is being made A short-term effect of the Snowden revelations, however, was to graph databases available to commercial business. push the government into at least appearing to be more transpar- The CDCAT cyber security management and maturity assess- ent. In June 2014, GCHQ announced plans to help critical national CW@50: British innovation in the fight ment tool was developed for the Ministry of Defence (MOD) infrastructure firms defend against cyber attack in a pilot for shar- against cyber threats by the UK Defence Science and Technology Laboratory (DSTL), ing threat intelligence and to share declassified intellectual prop- but accreditation organisation APMG has since been charged erty to support new business ventures. Downtime with taking the risk management tool to market by Ploughshare Under the government’s National Cyber Security Plan, there has Innovations, which manages the commercial licensing of defence also been investment in UK cyber security startups, with more technology developed by the DSTL. planned for the future. The UK government appears to be recognising the contribution In September 2014, the government announced £4m funding that can be made, rather than continuing the former practice of for a competition to help small and medium enterprises (SMEs) using secrecy as the reason for ensuring British information secu- develop ideas for countering cyber threats, and in January 2016, rity innovation never found its way into commercial applications. the government announced a £250,000 cyber security startup
computerweekly.com 3-9 May 2016 22 : SECURITY
Home
News support programme that will offer help and advice to develop Other notable British cyber security startups include real-time products and services and bring them to market. risk assessment firm CyberLytic; secure data transmission firm Making digital delivery SQR Systems, which was the result of a research programme at of public services standard practice British security startups the University of Bristol; password protection firm Silicon Safe; Existing UK cyber security startups with links to GCHQ and mobile security firm Wandera; data loss prevention company
DevOps advocates other intelligence agencies include the Falanx Group, which was GeoLang; and high-end security services firm Corvid. bust myths around founded by a former British Army “A purely product-based approach enterprise agile software development officer and employs former mem- to security is doomed to failure,” bers of the security and intelligence “A purely product-based says Andrew Nanson, chief technol- Interview: HS2 CIO communities, and Darktrace, argu- ogy officer at Corvid. “Instead, you James Findlay juggles ably one of the UK’s most success- approach to security is doomed need a continually evolving platform today’s planning and the technology of tomorrow ful cyber security startups to failure. Instead, you need a of capability and to be as agile as Although Darktrace’s founders the attackers.” Editor’s comment include senior members of the UK continually evolving platform This is by no means an exhaustive government’s cyber community from list of innovative British informa- Buyer’s guide to MI5 and GCHQ, it also has close links of capability and to be as agile tion security companies, but illus- graph databases to Cambridge University, pointing to as the attackers trates that there is an abundance of UK universities as another important ” such innovation and that it is finally CW@50: British ndrew anson orvid innovation in the fight breeding ground for British innova- A N , C moving out of the shadows of gov- against cyber threats tion in information security. ernment and military secrecy into Darktrace, founded in 2013, has developed an innovative cyber commercial products and services. Downtime attack detection system that is modelled on the human immune But the government continues to be pivotal and could play an system and based on cutting-edge machine learning and math- extremely positive role. While recent announcements around ematics developed at Cambridge. “Darktrace is designed to be cyber security funding and support for cyber security companies self-learning, to understand the behaviour of the enterprise and are encouraging, it remains to be seen if the various government every person and device in it, to adapt by calculating probability initiatives truly deliver the help that UK cyber security firms need. based on evidence, and to do all this in real time as things are hap- According to some of those companies, there is still much work pening,” says John Dyer, account director at Darktrace. to be done. n
computerweekly.com 3-9 May 2016 23 DOWNTIME
Home
News
Making digital delivery of public services standard practice
DevOps advocates bust myths around enterprise agile software development
Interview: HS2 CIO James Findlay juggles today’s planning and the technology of tomorrow
Editor’s comment
Buyer’s guide to graph databases Fact or fiction: HBO’sSilicon Valley ‘news’ reports compression technology startup Pied Piper, while poking (not so CW@50: British innovation in the fight are keeping technology hacks on their toes gentle) fun at the activities of some of the Valley’s biggest players, against cyber threats HBO has started publishing fictional technology news on Google research teams and company failures. – a move set to cause headaches for IT journos used to trawling This week’s series opener, for example, saw one main character Downtime the search giant’s news pages (or Computer Weekly, ahem) for try (and fail) to kick a robotic deer to death, while the previous their daily “scoops”. series saw another hapless soul kidnapped by a driverless car. The US TV channel’s falsified news output is being churned out The deer incident has already been extensively documented by as part of the publicity machine that is supporting the arrival on Code Rag, which has the look and feel of a genuine IT news site. screen of series three of HBO’s Emmy award-winning sitcom, This prompts Downtime to ponder: how long will it take before Silicon Valley. some unsuspecting technology publication really gets duped by The show charts the ups and downs of middle-out data this fabricated set-up? n
❯Read more on the Downtime blog computerweekly.com 3-9 May 2016 24