Security | Service Express https://serviceexpress.com/uk/resources/topics/security/ Global Data Center Solutions & Support Thu, 05 Mar 2026 21:50:49 +0000 en-GB hourly 1 https://wordpress.org/?v=7.0 https://serviceexpress.com/uk/wp-content/uploads/sites/5/2023/04/cropped-cropped-Favicon-32x32.png Security | Service Express https://serviceexpress.com/uk/resources/topics/security/ 32 32 From hype to payoff: The missing link in AI strategy https://serviceexpress.com/uk/resources/from-hype-to-payoff-the-missing-link-in-ai-strategy/ Fri, 22 Aug 2025 14:26:42 +0000 https://serviceexpress.com/uk/?p=77632 How can you implement AI to work for you? Darren Smith discusses how to simplify ROI calculations and ensure AI delivers meaningful results for your business.

The post From hype to payoff: The missing link in AI strategy appeared first on Service Express UK.

]]>

There’s no escaping it: AI is everywhere. Every boardroom conversation, vendor pitch and LinkedIn post seems to promise a future transformed by artificial intelligence. Everyone wants to harness its power, but the path to making it work is rarely clear. As our CTO, Jake Blough, says, “AI is easy to conceptualize but very difficult to operationalize.” 

The hype is real, but so is the confusion. If you’re wondering how to turn AI’s potential into practical business value, you’re not alone. 

To cut through the noise, I’ll explain what you need to consider before jumping in so you can simplify your ROI calculations and ensure AI delivers meaningful results for your business. Here are my five tips for creating a strong AI strategy. 

1. Define a clear business objective

First things first: start with a clear business objective. AI is not a silver bullet; it’s a tool, and like any tool, its effectiveness depends on the problem you choose to solve. 

Before considering algorithms or models, ask yourself, “What do I want to achieve?” Are you looking to improve customer service, automate repetitive tasks, boost sales or uncover new business insights? A well-defined objective keeps your AI project focused. 

From there, define your use cases. While pursuing the shiniest, most ambitious AI applications is tempting, the most successful projects start small and specific. Whether it’s automating invoice processing, predicting equipment failures or personalising marketing campaigns, a targeted use case makes it easier to measure success and demonstrate value. 

2. Pick the right AI

Once you’ve defined your use case, it’s important to understand the different types of AI available. The approach you choose will shape both your implementation and your potential ROI. 

At one end of the spectrum, you have fully custom-trained models, which require building and training an AI from the ground up using your data. Although very powerful, they’re often resource-intensive, costly and best suited for highly specialised needs. 

Fine-tuning is simpler, allowing you to adapt an existing model to your requirements with less effort. Retrieval Augmented Generation (RAG) combines large language models with your data sources, enabling AI to provide intelligent and contextually relevant answers. There are also in-app AI features, where AI integrates with software you already use, along with API-based AI services and prompts (think ChatGPT). These allow you to connect your systems to powerful AI capabilities through simple integrations, focusing on crafting the right inputs to get the best results from existing generative AI tools. 

Many organisations seeking quick wins often find that the fastest ROI comes from three approaches: in-app AI features, API-driven AI with prompt engineering and RAG. Take ChatGPT as an example. You’re leveraging an API to access a powerful language model, and the real magic comes from crafting the right prompts to get the answers you need. It’s a blend of integration and creativity that can be rapidly deployed to support everything from customer service to content creation. 

Meanwhile, RAG is increasingly popular among businesses that want AI to access their knowledge bases. Think of a support chatbot that not only understands language but also uses your company’s documentation to give accurate, up-to-date responses. These approaches save time and unlock new ways to engage customers and empower teams, often with minimal setup. 

3. Use the right data

Of course, AI runs on data, and not just any data. The adage holds: good data in, good data out. If your data is incomplete, inconsistent or riddled with errors, your AI outcomes will be, too. 

Invest time in understanding your data landscape, cleaning up what you have and establishing robust data governance. The quality of your data will determine the success of your AI initiative. 

4. Be security conscious

Security is another non-negotiable. AI systems often require access to sensitive business information and protecting that data in transit and at rest is critical. 

Think about who has access, how data is stored and what safeguards are in place to prevent leaks or misuse. Don’t let a security oversight compromise your investment. 

5. Use AI ethically

Ethical use is equally important. AI can amplify biases, make questionable decisions or unexpectedly affect people’s lives. Incorporate transparency, fairness and accountability from the start. Consider the societal impact of your AI applications and ensure you’re using the technology responsibly. 

Remember that AI should augment your people, not replace them. The best results happen when AI automates the mundane and empowers your teams to focus on higher-value work. Think of AI as a digital colleague that makes your workforce smarter, faster and more effective, rather than one that replaces human judgment and creativity. 

AI tends to give superpowers to those who are already skilled at their jobs, helping them achieve even more. For those who aren’t, AI won’t magically transform performance. It’s a force multiplier for talent, not a substitute for it. 

Next steps in your AI journey

Regarding ROI, align your expectations with your use case. Are you seeking cost savings through automation, increased productivity, revenue growth from smarter recommendations, higher customer satisfaction, new business insights or the ability to scale operations more efficiently? Be realistic about what success looks like and set measurable targets so you can track progress and course correct as needed. 

Don’t lose sight of the future either. AI is evolving rapidly, as are the regulations that govern its use. Build with scalability in mind so your solutions can grow with your business. Stay alert to legislative and regulatory changes and be prepared to adapt your approach as the landscape shifts. 

In summary, implementing AI isn’t about chasing the latest trend; it’s about making deliberate, strategic choices that drive real business value. Start with a clear objective, focus on quality data, prioritise security and ethics and use AI to empower your people. Measure what matters and keep an eye on the road ahead. 

If you’re ready to move beyond the AI hype and start building something that works for your business, let’s talk. The right strategy today will set you up for success tomorrow. 

The post From hype to payoff: The missing link in AI strategy appeared first on Service Express UK.

]]>
Introducing Generative AI as a Service: Data security in a world of AI https://serviceexpress.com/uk/resources/introducing-generative-ai-as-a-service-data-security-in-a-world-of-ai/ Wed, 13 Aug 2025 07:00:00 +0000 https://serviceexpress.com/uk/?p=77617 How safe is the data you enter into a Generative AI platform? Explore how GenAI as a Service helps utilise the power of AI whilst protecting data integrity.

The post Introducing Generative AI as a Service: Data security in a world of AI appeared first on Service Express UK.

]]>
Whether it’s helping you fine-tune an important email or create action figures of you and your pets, there’s no doubt that artificial intelligence (AI) is becoming an integral part of our lives. But what about the data we upload? How safe is it? Who else can access it?

What is AI?

Simply put, AI is a field of science that explores the combination of data, math and computing power to enable machines to think, act, and, most significantly, learn like humans. Whilst the earliest iterations of AI were used to play chess and checkers in the early 20th century, recent years have seen exponential growth in AI complexity and advancements in machine learning (ML). 

ML is a sub-field of AI focusing on algorithms enabling systems to learn from data. For example, Netflix recommends a movie you might like based on your recent viewing history. 

What are large language models (LLMs)

LLMs are a specific type of ML model taught to specialise in processing and generating human-like content. Think ChatGPT and those cute photos of your dog as an astronaut. 

The key part of LLMs is the training. LLMs can be taught to write and talk like humans using vast data. They cannot think or know but can use learnt patterns to predict a suitable response to a prompt. But there’s a problem: LLMs can only use the data they’ve been trained on, which can be incomplete, inaccurate or outdated. When it doesn’t have the relevant data to produce the correct response, it’ll produce outputs that can be false, misleading or nonsensical but present them as factual and coherent. These “hallucinations” can lead to mistrust in the capability of your LLM and undermine the value of AI to your organisation. This is where retrieval-augmented generation (RAG) comes in. 

Retrieval-augmented generation (RAG)

RAG is a process by which the quality of LLMs’ responses is enhanced through specific data sources that can lie outside of the LLM’s training data. In short, the user’s prompt is used to query the knowledge base (document, database, internet) and the relevant passages, documents and data are retrieved. The retrieved information is then combined with the original prompt to create an augmented prompt. The LLM users this augmented prompt to add additional context to its own internal knowledge and create a coherent response.  

RAG has many advantages over simpler GenAI models, notably that the results are far more accurate (fewer hallucinations) and that the LLM doesn’t need to be retrained each time it needs to be updated. 

Data security & AI sovereignty

Regardless of how you utilise AI, the truth remains that AI uses data and the more data it has, the better it’ll perform. This raises important questions around the security of the data you upload. If it’s a photo of your pet or an email to a friend, you can likely accept the risk. However, if you use a public LLM to upload your company’s financial data to help you develop insights into company performance, is that an acceptable risk to take?

AI sovereignty refers to an organisation’s control over its AI technologies, data, and the infrastructure used to develop and deploy them. Without the proper controls in place, sensitive data could be inappropriately uploaded to public AI models and could be repurposed or even shared with others. Such a compromise in your sovereignty could leave your organisation vulnerable to competitors, bad-actors or facing legal action over mishandling of data.  

The need to independently create, manage, and utilise AI systems, aligning with local priorities, values, and security needs is growing in prevalence across all sectors. But can you protect your organisation’s AI sovereignty whilst still harnessing the power of AI?  

GenAI as a Service

We’ve built a service to help your organisation explore the benefits of AI in a way that’s secure, private, and built to scale with you. It’s designed to give you full control of your data while supporting you through: 

  • Private and secure AI infrastructure
  • Enterprise-ready integration
  • Custom model selection
  • Retrieval-Augmented Generation (RAG) tuning
  • Advanced security layer through Identity Access Management (IAM)
  • A future-proof AI strategy

Contact us to learn more about GenAI as a Service today.

The post Introducing Generative AI as a Service: Data security in a world of AI appeared first on Service Express UK.

]]>
One box to run them all: The power of managed containers https://serviceexpress.com/uk/resources/one-box-to-run-them-all-the-power-of-managed-containers/ Thu, 26 Jun 2025 18:35:17 +0000 https://serviceexpress.com/uk/?p=77574 Using containers doesn’t have to be complicated. Managed Containers as a Service gives you the flexibility to manage applications your way.

The post One box to run them all: The power of managed containers appeared first on Service Express UK.

]]>
Walk into any modern tech office, and you’ll hear discussions about containers. While it’s easy to dismiss this as just another buzzword, containers have quietly transformed how we build and run software. I’ve spent years breaking down complex tech for people, and I can confidently say that containers are here to stay — not because they’re trendy, but because they solve real problems in simple ways. 

What are containers?

Think about the last time you tried to move a project from one computer to another. Maybe it worked perfectly on your laptop but failed to run on a colleague’s machine or the company data centre. Containers put an end to that headache. Imagine packing up your app, all its code and everything it needs, like libraries and settings, into a neat box. No matter where you take that box, it works. Developers can stop worrying about hidden system differences and start building essential features. 

This isn’t just theory. Picture a team at Netflix rolling out new features to millions of viewers. They can’t afford downtime or glitches. By using containers, their engineers can build and test new ideas on their laptops, knowing those containers will behave the same way in production. It’s like having a universal plug for every socket — no more fiddling with adapters or hoping things will fit. 

How are containers used?

Before containers, we relied on virtual machines (VMs). VMs were like renting an entire flat for every guest, complete with a kitchen, bathroom and all the amenities; great but cumbersome and slow to set up. Containers are more like giving each guest their own room in a shared house. They share the basics but still get their own space. This makes containers much lighter and quicker, allowing you to fit more on the same hardware. 

Of course, with more moving parts, you need to be careful. Security is always essential. It’s like double-checking that every box you send out is locked, labelled and tracked. We ensure that only trusted boxes are used, monitor who can open them and regularly check for any signs of tampering. When done correctly, containers can be just as safe, if not safer, than the old ways. 

Why containers are the right choice for your organisation

For many IT teams, containers have become the solution to persistent challenges, such as software functioning in one environment but not another, slow updates and the struggle to scale quickly when demand spikes. We built our platform to alleviate these headaches. You can seamlessly move workloads, reduce wasted resources and adapt to changes in your business without missing a beat. 

We’ve designed our Managed Containers Platform to be easy to adopt, whether you’re a small startup or a large company with outdated systems to modernise. There’s no need to lock yourself into one vendor or way of working. The goal is to provide you with choice and control, not additional obstacles to navigate. 

What’s exciting is how containers open doors for everyone involved. Developers can build and test faster, operations teams can implement changes smoothly and businesses deliver new features to customers sooner and with fewer hiccups. It’s no wonder that more and more organisations, from online shops to banks, are making the switch. 

Getting started shouldn’t be a chore. We’ve made it easy for you to deploy our platform wherever you need it — on your servers, in the cloud or a mix of both. With straightforward guides and automation, you’ll spend less time setting up and more time building what matters. 

Ultimately, containers aren’t just another tool; they’re a means to deliver better software, faster. They help teams work together, keep things secure and ensure you’re ready for whatever comes next. That’s why containers are shaping the future of technology, one simple, powerful box at a time. 

The post One box to run them all: The power of managed containers appeared first on Service Express UK.

]]>
IBM i 7.6 raised the bar on security: See what’s new https://serviceexpress.com/uk/resources/ibmi-7-6-raised-the-bar-on-security-see-whats-new/ Mon, 23 Jun 2025 19:06:40 +0000 https://serviceexpress.com/uk/?p=77543 From built-in MFA to ASP Encryption, IBM i 7.6 packs new features to take security to the next level. IBM Champion Steve Pitcher explains why it's time to upgrade.

The post IBM i 7.6 raised the bar on security: See what’s new appeared first on Service Express UK.

]]>
With the arrival of IBM i version 7.6, IBM is once again proving that this platform is not only alive and well but actively evolving. 

What are some slick features inside IBM i 7.6?

Security is finally at the forefront of everyone’s minds, rightfully so. With breaches, ransomware and cyberattacks making daily headlines, companies are under increasing pressure to tighten how they protect their data. Just yesterday, I sat in a CFO’s office describing a Disaster Recovery as a Service (DRaaS) proposal. His biggest question? “How do you protect my data?” 

My most favourite new feature? Well, there’s two: 

Built-in multi-factor authentication (MFA)

First, IBM i 7.6 offers built-in multi-factor authentication (MFA).

That means you can now require users to confirm their identity with a secondary factor, like with an app on their phone. The integrated MFA is an additional layer that validates a user is who they say they are and strengthens the IBM i overall security posture. This extra layer of protection doesn’t cost one penny extra or require any additional software. It just works right out of the can.

Auxiliary storage pool (ASP)

Second, we now can encrypt the system Auxiliary Storage Pool (ASP).

Before this, to encrypt the system ASP, you’d need to purchase external storage and encrypt those disks before presenting logical unit numbers (LUNs) to the IBM i. Customers on the smaller end of the spectrum can’t usually justify purchasing a SAN, so this feature is tipping the hat to the smaller shops. The only requirement to encrypt the system ASP is option 45 of the operating system licensed programme, Encrypted ASP Enablement. The feature is accessed from inside Service Tools and doesn’t require any downtime to enable.

Additional honourable mentions

The CFGHOSTSVR command

Another cool feature is the CFGHOSTSVR command, which enables and even forces encrypted connections to IBM i host servers, such as database, file, network print and sign-on servers.

Previously, to prevent your host servers from operating on unencrypted ports, you’d have to mess around with TCP/IP port restrictions; this has never been a simple or straightforward task for the average administrator.

IBM Navigator for i

IBM Navigator for i (the main web-based interface for managing the system) continues to improve steadily. It’s become a clean, more intuitive interface. It includes helpful wizards for setting up things like TLS encryption, managing digital certificates, enabling those new MFA options and managing the host servers we just discussed. Administrators will love how much easier it is to see what’s happening at a glance, especially when managing multiple systems. Some significant new dashboards track license expirations, security events and performance trends.

Is that all there is? Not in the slightest!

In fact, there are a whole bunch of features that I haven’t even touched on here, including many related to security. Digital Certificate Manager had a facelift. IBM Debugger clients can now secure their connections. The ability to view (not change) specific system parameters previously required *IOSYSCFG special authority.

Stronger AES encryption is enabled out of the gate instead of the older DES and triple-DES encryption for Kerberos and Enterprise Identity Mapping configurations. The security PTF group apply date is visible on the WRKPTFGRP screen to show you how old your security fixes are.

However, because of the two main features (in my opinion) of System ASP encryption and multi-factor authentication, the question shouldn’t be whether you should upgrade to IBM i 7.6. It should be when.

And the answer is: yesterday.

The post IBM i 7.6 raised the bar on security: See what’s new appeared first on Service Express UK.

]]>
iAdmin 2025: Top 12 Session Recordings https://serviceexpress.com/uk/resources/iadmin-2025-top-12-session-recordings/ Fri, 09 May 2025 14:11:56 +0000 https://serviceexpress.com/uk/?p=77499 Missed iAdmin 2025? Watch the top 10 most-attended session recordings from the virtual conference, now available on demand for IBM i professionals.

The post iAdmin 2025: Top 12 Session Recordings appeared first on Service Express UK.

]]>
iAdmin 2025 Header
iAdmin Logo

iAdmin 2025: Top 12 Session Recordings

Clean Up Your IBM i | iAdmin

Clean Up Your IBM i

Deconstructing and IBM i Penetration Test | iAdmin

Deconstructing an IBM i Penetration Test

Fortifying IBM i Malware Prevention, Identification and Remediation | iAdmin

Fortifying IBM i – Malware Prevention, Identification and Remediation

I Never Though of That – I Do Need HA! | iAdmin

I Never Thought of That, I Do Need HA!

Intro to PTFs and OS Upgrades | iAdmin

Intro to PTFs and OS Upgrades

Rapid Fire Admin | iAdmin

Rapid Fire Admin

Reading a Job Log | iAdmin

Reading a Job Log

What You Need to Know to Depoy Access Client Solutions (ACS) | iAdmin

What you need to know to deploy ACS

What's New with IBM i and IBM FlashSystem Storage | iAdmin

What’s New with IBM i and IBM Flashsystem Storage?

Worst Practices in System Security | iAdmin

Worst Practices in System Security

Selecting Your Hosting Environment | iAdmin

Selecting Your Hosting Environment

Psychology of a Bad Password | iAdmin

Psychology of a Bad Password

The post iAdmin 2025: Top 12 Session Recordings appeared first on Service Express UK.

]]>
Ransomware recovery: Why immutable data and isolated recovery environments 
are your best defence https://serviceexpress.com/uk/resources/ransomware-recovery-immutable-data-isolated-recovery-environments/ Thu, 17 Apr 2025 20:41:02 +0000 https://serviceexpress.com/uk/?p=77460 Ransomware is becoming more sophisticated than ever. Discover how you can defend your organisation’s data with Immutable Data and Isolated Recovery Environments.

The post Ransomware recovery: Why immutable data and isolated recovery environments 
are your best defence appeared first on Service Express UK.

]]>

Ransomware attacks have become one of the most disruptive threats in today’s digital landscape, affecting organisations of all sizes and sectors. While reports indicate a decline in ransomware payments, dropping to approximately $813 million in 2024 — a 35% decrease from the previous year’s record of $1.25 billion, the number of reported ransomware incidents has hit an all-time high. Attackers target more victims, even if fewer give in to their demands.  

The rise of Ransomware as a Service (RaaS) has made launching sophisticated attacks easier than ever. Cybercriminals can now purchase or lease ransomware tools, lowering the barrier to entry and dramatically increasing the frequency of attacks. Organisations must prepare to defend their data, not just their infrastructure.

What is recovery assurance? 

Recovery assurance is the ability to confidently restore IT systems after a ransomware attack or data loss event. Traditional backup strategies often assume that hardware failure is the primary concern, meaning recovery focuses on reinstalling software and restoring backups. However, ransomware and other cyber threats invert the problem: your hardware is fine, but your software, applications and data can no longer be trusted. This shift highlights the difference between traditional disaster recovery (DR) and cyber recovery.   

  • Traditional DR assumes backups and software are intact, but infrastructure has failed.   
  • Cyber recovery assumes infrastructure is fine, but software and data are compromised.   

Organisations must implement regular recovery testing to validate that backups aren’t compromised before they’re restored to ensure safe and trustworthy recovery. Doing so requires a dedicated, secure testing environment that ransomware cannot reach.   

Incident response plans also play a crucial role in recovery assurance. A strong plan includes a well-trained Incident Response Team (IRT) skilled in penetration testing, forensic analysis and network security. Regular training ensures employees know how to identify and respond to threats, reducing human errors that can lead to infections.

What is RTO and RPO? 

Two critical metrics define an organisation’s ability to recover from an attack: Recovery Time Objective (RTO) and Recovery Point Objective (RPO). RTO measures how quickly operations must be restored to prevent severe disruption, while RPO defines how much data loss is acceptable. Organisations must move beyond traditional backups and embrace solutions for modern cyber threats to achieve the lowest possible RTO and RPO.  

RPO and RTO Infographic

How to safeguard valuable data 

Data is an organisation’s most valuable asset, and cybercriminals know it. Whether it’s customer records, financial transactions or intellectual property, losing access to data can be catastrophic. Immutable data storage and Isolated Recovery Environments (IREs) provide a robust defence by ensuring data remains untouched, accessible and instantly recoverable.   

What is immutable data storage? 

Immutable storage is a game changer in ransomware defence because data cannot be modified, encrypted or deleted once written, even by administrators, protecting it from malicious attacks. Unlike traditional backups, which can be encrypted or erased by ransomware if attackers gain access, immutable data guarantees there’s always a clean, untampered copy available.   

Instead of relying on nightly backups, which can leave organisations vulnerable to 24+ hours of data loss, immutable data solutions create multiple snapshots during the day. This approach allows organisations to restore data from a precise point before an attack, minimising disruption and reducing an organisation’s RPO to near zero. 

What are isolated recovery environments (IREs)? 

An IRE takes immutable data storage one step further by creating a secure, offline environment to test, validate and restore business-critical systems. This environment is separate from the primary network, ensuring ransomware cannot infect or corrupt recovery points.   

Key features of IREs include:   

  • Unalterable data: Ensures backups cannot be encrypted, manipulated or erased 
  • Multiple copies for fast recovery: Reduce RTO by allowing businesses to restore systems rapidly using multiple recovery points 
  • Robust reporting and visibility: Provides insight into backup integrity and potential security risks, allowing IT teams to make informed decisions 

One of the biggest mistakes organisations make is storing their incident response plan on internal systems, only to find it encrypted and inaccessible after an attack. A simple but effective solution is maintaining a “lockbox” copy of critical response documentation in a secure, offline location, such as an IRE. This ensures IT teams can access clear recovery instructions immediately without wasting time searching for missing files.

Key benefits of immutable data storage include:  

  • Protection against cyberattacks: Prevents data loss and ensures quick and easy data restoration.  
  • Maintains compliance: Meet various regulatory requirements, including General Data Protection Regulation (GDPR) and others, while ensuring the integrity and confidentiality of personal data.  
  • Faster recovery times: Significantly decreases the time needed to recover from a data loss event. 
  • Scalability and flexibility: Easily add additional storage capacity as data and business requirements grow.  
  • Reduces risk: Removes the ability to modify or delete backups once created, so data is always protected.  

When time is critical, you need a fast solution 

Ransomware recovery is a race against time. The longer systems remain locked, the greater the financial and operational impact will be. Whether it’s lost productivity, missed revenue or compliance fines, the consequences escalate quickly. A slow or uncertain recovery process is no longer an option.   

An IRE provides the fastest and most secure way to restore operations. When combined with immutable storage, it delivers a clean, trustworthy recovery solution that can be deployed in minutes.  

Combining forces 

The technical advantages of immutable storage and IREs lead to significant business benefits:   

  • Minimised downtime: Faster recovery reduces operational disruption and financial losses 
  • Regulatory compliance: Supports data protection regulations like GDPR, PCI-DSS and ISO 27001 
  • Cyber resilience and business continuity: Ensures businesses can withstand and recover from attacks without lasting damage 
  • Cost savings: Eliminates the need to pay ransoms, reduces legal exposure and protects brand reputation 

When combined, these solutions transform ransomware recovery from a reactive scramble to a proactive, well-structured strategy that guarantees business continuity. By investing in these technologies, businesses shift from hoping their backups will work to knowing their recovery strategy is bulletproof.   

Modernising disaster recovery

Ransomware is no longer a question of if but when. As cyberattacks become more sophisticated and relentless, businesses must move beyond traditional disaster recovery approaches and adopt solutions explicitly designed for cyber resilience. Immutable data and IREs provide the strongest line of defence, ensuring your data remains untampered, your recovery process is tested and reliable and your downtime is minimised. 

By implementing immutable storage, organisations can guarantee that their critical data remains untouched by ransomware, preventing attackers from holding data hostage. Pairing this with an IRE ensures recovery in a secure, air-gapped environment free from lingering risks of reinfection. Automated testing, forensic analysis and detailed reporting ensure that organisations can restore operations quickly and confidently when disaster strikes. 

Traditional disaster recovery is no longer enough. Cyber threats have changed the game, and businesses need a modern, proactive recovery strategy that keeps them one step ahead of attackers. By integrating immutable data and IREs, organisations can eliminate uncertainty, take control of their recovery and ensure ransomware never dictates their future. 

The post Ransomware recovery: Why immutable data and isolated recovery environments 
are your best defence appeared first on Service Express UK.

]]>
IBM i security: Malware prevention and remediation https://serviceexpress.com/uk/resources/ibm-i-security-malware-prevention-and-remediation/ Wed, 13 Nov 2024 13:34:48 +0000 https://serviceexpress.com/uk/?p=77316 IBM Champion, Steve Pitcher, shares tips to prevent IBM i security risks, how to ensure a successful remediation and more in our on-demand session.

The post IBM i security: Malware prevention and remediation appeared first on Service Express UK.

]]>

Do you think remediating a malware or ransomware attack includes a simple restore? Think again. Originally presented at iAdmin 2024, one of our IBM Champions, Steve Pitcher shares the following:  

  • How to limit and prevent your IBM i risk  
  • Actions to take in the event of a breach 
  • Tips for a seamless and successful recovery  

The post IBM i security: Malware prevention and remediation appeared first on Service Express UK.

]]>
Secure data destruction and disposal methods https://serviceexpress.com/uk/resources/secure-data-destruction-and-disposal-methods/ Tue, 03 Oct 2023 18:19:47 +0000 https://serviceexpress.com/uk/?p=76603 Just because hardware with sensitive data is out of sight doesn’t mean your files aren’t at risk. Keep reading to know why data destruction is important.

The post Secure data destruction and disposal methods appeared first on Service Express UK.

]]>

Companies worldwide frequently comb through their IT hardware to dispose of and recycle unused or decommissioned equipment; this process is called IT Asset Disposition (ITAD). Before equipment is recycled, reused, or safely destroyed, it’s critical to take precautions to protect sensitive information on retired devices.

What is data destruction?

Data destruction is the process of disposing of and ensuring vital data is irretrievable.

Why is data destruction important?

Just because hardware with sensitive data is recycled doesn’t mean the files are magically unretrievable. Below are several reasons why secure data disposal is essential: 

  • Protects against cyberattacks, data breaches, etc.
  • Upholds your company’s reputation.
  • Supports legal and compliance requirements.

Common data destruction methods

There are several methods for secure data destruction; however, all techniques aim to destroy data, so it doesn’t end up in the wrong hands.

Wiping, overwriting and erasing

Wiping, overwriting and erasing all fall under the same data destruction umbrella. Each method involves overwriting data by writing a sequence of ones and zeros over existing information, rendering it unreadable. 

Degaussing

Degaussing uses magnetic force to neutralise and permanently destroy data. This method demagnetises the device, erasing the data and making it unrecoverable. Degaussing works for tape storage, flopping disks, VHS, etc. It’s important to note that degaussing permanently damages the device, making it impractical for repurposing devices. 

Physical destruction and shredding

As you can imagine, physical destruction and shredding use excessive force to destroy physical hardware, making it unrecoverable. Like a paper shredder, physical shredding destroys hard drives, circuit boards and storage devices by turning them into small, shredded pieces.

Data destruction standards and compliance

ITAD specialists follow regulations and policies for secure data destruction. The standards vary between country and region, but all aim to establish safe and compliant data destruction practices.

The most common data destruction standards in North America and Europe:

As you can imagine, it’s critical to have a reputable and experienced provider assist with your data destruction needs. Make sure to verify their experience, methods, certificate of data destruction, guidelines, security measures and more. Partnering with a reputable vendor for data disposal will protect your organisation from potential threats or vulnerabilities.

The post Secure data destruction and disposal methods appeared first on Service Express UK.

]]>
6 ways to enforce ransomware attack prevention https://serviceexpress.com/uk/resources/6-ways-enforce-ransomware-attack-prevention/ Mon, 21 Nov 2022 18:00:00 +0000 https://serviceexpress.com/uk/?p=72983 Ensuring your organisation doesn't fall victim to ransomware doesn't mean attaining a technology. We have 6 essential ransomware attack prevention methods to address vulnerabilities that this malware usually exploits.

The post 6 ways to enforce ransomware attack prevention appeared first on Service Express UK.

]]>

Ensure you’re not a victim of this increasing malware trend 

There were 304.7 million ransomware attacks in the first half of 2021, a 151% increase since 2020, so reports an infographic from SonicWall. The phenomenon of this malware shows no sign of stopping. 

For the attackers, the financial rewards can be huge, and for the victims, the losses can run into the millions, even forcing some to bankruptcy

With that in mind, we’ve put together 6 tips for recognising and dealing with vulnerabilities that ransomware typically will exploit.  

1. Keep your systems and applications updated

If your operating system (OS) or applications are not up to date, it could become a point of entry for ransomware. Without any security patches, a hacker can deploy common methods to access to your IT environment. 

No matter how much those security patches and OS upgrades bug you, it’s vital to take them seriously. Most attackers target the low-hanging fruit, so applications and systems must be updated regularly. 

2. Perimeter shields are not the be-all and end-all of cybersecurity 

When implementing cybersecurity, a common thought is that activity from outside is bad and your staff’s internal activity is above board. While this is understandable, it fails when ransomware attackers deploy phishing emails or malicious links on websites, potentially bringing in an attack through one of your workers. 

3. Reshape your network topology 

If your IT estate is sitting on a flat network topology, you need immediate action. Flat network topology is where all devices are connected to a single switch instead of separate switches.  

Sure, the upside of a flat network topology is a reduction of cost and maintenance, plus it provides better ease of use, but the security risk is immense. This lack of a hierarchal design can enable ransomware and other malware to spread quickly from system to system. 

Our advice is to introduce scalable network segmentation. This design reduces the attack surface and prevents lateral movements, resulting in a breach being contained rather than affecting all your IT infrastructure. 

4. Establish air-gapped backups 

We’re not against online backups. They’re speedy, convenient and rapidly get you back on your feet. Our concern is when an organisation is fully dependent on them, which we don’t recommend. 

Ransomware aims to attack every connected system and has no mercy for backups. If you’re able to restore your IT infrastructure from a backup, then the purpose of ransomware is practically nullified. It’s why such threats are designed to take out as many backups as possible.  

A combination of offline and off-site backups is ideal. Utilising both increases reliability, as they’re insulated against ransomware attacks. Never abandon your online backups but complement them with a backup strategy outside your network, which will truly galvanise your IT security. 

5. Stamp out network and system vulnerabilities 

Unused services and open ports are an attacker’s dream. Outdated or default configurations provide an easy entry point. 

Ransomware variants like to target Remote Desktop Protocol (RDP) port 3389 and Server Message Block (SMB) port 445. You may have these ports open for your purposes, but you should take practical steps to limit connections only to trusted hosts. Review the settings for both on-premises and cloud environments, working with your cloud service provider to disable unused RDP ports. 

6. Ensure your staff are informed about IT security risks 

It’s vital that every member of your workforce can easily spot the common tactics and traps of malware. Bring in mandatory security training for every member of staff. Through this, you’ve created your frontline of defence. 

In recent years, phishing simulations have been used in workplaces to teach employees about emerging tactics used in phishing emails. 

Ransomware will cost victims over $265 billion annually by 2031.  

Cybersecurity Ventures Magazine

Why investing in ransomware is important 

You may well be already implementing some, if not most, of the above pointers. With the ever-shifting landscape of IT security, we can’t stress enough how the above advice is crucial to any organisation in any industry. The most common ransomware victims are in the industrial goods and services sector, but without adequate protection, you’re not immune from this problem. 

The post 6 ways to enforce ransomware attack prevention appeared first on Service Express UK.

]]>
Transforming to a secure, vigilant and resilient model https://serviceexpress.com/uk/resources/transforming-to-secure-vigilant-and-resilient-model/ https://serviceexpress.com/uk/resources/transforming-to-secure-vigilant-and-resilient-model/#respond Mon, 07 Nov 2022 18:00:00 +0000 https://serviceexpress.com/uk/?p=72916 Countering modern threats and vulnerabilities means going beyond traditional disaster recovery (DR). Here's a look at the solutions that ensure you can quickly recover information and applications.

The post Transforming to a secure, vigilant and resilient model appeared first on Service Express UK.

]]>

Learn what disaster recovery as a service (DRaaS) can do for your IT infrastructure.

It’s vital to keep your IT infrastructure protected with a solution that can recover your business data in the event of a disaster or a cyberattack. Speed must be a top priority of any disaster recovery (DR) solution, as each hour of downtime can cost revenue and jeopardise customer confidence. 

Therefore, industries are turning to DRaaS, which performs much faster than traditional DR and has far more capabilities for resilience. No matter what’s behind a disruption, DRaaS reacts quickly to recover information and applications, keeping the impact to a minimum. 

What is disaster recovery as a service (DRaaS)? 

First, if you’re not familiar with disaster recovery, it’s the practice of restoring IT infrastructure after a cyberattack or any other event resulting in unexpected downtime. 

Simply put, DRaaS is cloud-based disaster recovery. It’s slicker, stronger and speedier. Conventional backup and recovery plans take a lot longer to stand your IT estate up after a disruption. 

Why DRaaS is important? 

A study of over 500 UK businesses, conducted by Beaming, found nearly 50% of companies risk losing critical data and nearly four million companies put their very existence in danger by having inadequate backup and recovery strategies. 

93% of companies filed for bankruptcy after significant data loss, according to an investigation by Texas A&M University. These findings applied to businesses that were without their data centre for ten days or more. 

In the traditional sense, disaster recovery starts with the setup of a dedicated physical site, which needs essential maintenance and support to maximise protection, meaning it can prove to be a rather costly and resource-intensive method. 

According to IDG research, 77% of CIOs say they wish to reduce the overall costs of DR solutions, and many are looking to DRaaS providers to do so. The DRaaS advantage over conventional DR is that it comes with best practices, and it sits on the provider’s purpose-built infrastructure.

If the cost of downtime to your business would result in bankruptcy within a day – then a solution that fits those needs must be in place. 

These are the serious risks to your data. Data loss is not always the result of a sophisticated cyberattack. Businesses can struggle to recover from a variety of disasters, such as: 

  • Hardware or system malfunction 
  • Human errors, such as accidental deletion or misfiling 
  • Software crashes 
  • Malware virus infections 
  • Software corruption 
  • Virus attacks 
  • Natural disasters such as fire, floods and hurricanes 

Why should your company have a DRaaS plan? 

No business should be without DRaaS. It’s a combination of tough security and a speedy reaction, ensuring optimal protection for your digital assets. 

When delivered “as a service,” DR becomes lighting fast and has extra resilience at a stronger level. DRaaS can rapidly replicate critical portions of your IT infrastructure — or even your entire IT environment — to another location. With multiple replication target host sites, it ensures geographic diversity.  

DRaaS ensures the time to return applications to production is reduced because the data does not need to be restored over the internet. The service can be especially useful for small and medium-sized businesses that lack the necessary expertise to provision, configure and test an effective disaster recovery plan. Using DRaaS also means your organisation doesn’t have to invest in – and maintain – its own off-site DR environment.  

Create the best defence for your business 

By working with you to respond to IT complexities across all cloud and on-premises resources, Service Express can help improve your ability to respond and recover from disruptive or disastrous events, minimising economic impact, brand damage, or potential for legal liability. 

We also offer support for a wide range of operating systems, including IBM i, AIX, Linux and Windows, whilst supporting your x86 and AMD hardware, along with storage, network, private and public cloud environments. 

If you’re looking to reduce costs, increase agility and maximise uptime, we can meet your needs with a completely personalised, proactive and cost-effective service, making your IT work harder and smarter for your business. 

The post Transforming to a secure, vigilant and resilient model appeared first on Service Express UK.

]]>
https://serviceexpress.com/uk/resources/transforming-to-secure-vigilant-and-resilient-model/feed/ 0
Why a typical disaster recovery (DR) plan isn’t enough to defeat ransomware https://serviceexpress.com/uk/resources/why-a-typical-disaster-recovery-plan-isnt-enough-to-defeat-ransomware/ https://serviceexpress.com/uk/resources/why-a-typical-disaster-recovery-plan-isnt-enough-to-defeat-ransomware/#respond Mon, 07 Nov 2022 18:00:00 +0000 https://serviceexpress.com/uk/?p=72922 Many businesses are unaware of the right approach to combat ransomware. Relying solely on a disaster recovery (DR) process can leave you highly vulnerable.

The post Why a typical disaster recovery (DR) plan isn’t enough to defeat ransomware appeared first on Service Express UK.

]]>

A simple backup option may not be enough to rescue your business. 

There’s been an explosion in ransomware activity over recent years, up 715% across the twelve months ending June 2020. Analysts point to the increase in remote working and insecure Wi-Fi connections as key factors for this boom in cyberattacks. 

Thankfully, Service Express has the expertise to expand your DR strategy to include a vital component shielding your business from the worst outcomes of a ransomware attack. 

Here in the information age, where data is regarded as “the new oil,” a cybersecurity breach can cause widespread financial losses and even result in bankruptcy. 

The looming risks for finance, retail and healthcare 

“There are increasing attacks on production systems and their backups. If you’ve only got one copy of production data and you’re in the financial industry, that will hold your only copy of client and transaction records. If it gets attacked, encrypted or stolen, and you have no secondary backup, then you will be at the mercy of whoever attacked you.” 

When it comes to banks, fintech and other highly regulated organisations, inadequate protection can land you in trouble with the regulators as well as lose you significant amounts of money. 

“The Prudential Regulation Authority (PRA) regulates and supervises the UK’s financial sector. You must meet their requirements. Not only have you been attacked, and the data gets encrypted or stolen, but there’s a lot of brand damage. Customers might not trust you. You’re going to lose a lot of money, and it will be quite a public event. There was an increased focus on healthcare during the pandemic. Valuable data such as medical records caused an increase of ransomware aimed at the NHS and other healthcare providers.” 

Product Manager at Service Express

Small and medium businesses are often exposed 

Ransomware attacks are up against small and medium businesses because they can’t or haven’t invested in the level of cybersecurity that protects both production and backup environments. 

There’s understandable reluctance from ransomware victims and negotiators to disclose payment amounts. According to IBM’s Definitive Guide to Ransomware 2022, ransom amounts have gone from small double-digit demands to jaw-dropping seven-figure and eight-figure amounts. 

The rise of ransomware, in numbers 

The following statistics may be chilling reading for those looking after IT infrastructure, but we’re on hand to provide advice for those seeking to boost their cybersecurity. 

The typical perception of a hacker is that they go into your system and bang! They’ve immediately launched an attack and wiped out your business. 

Real life isn’t like that, as most attackers will come into your system quietly and reside there for quite a while, perusing your information and collecting what they need to cause maximum harm to you. When they’re ready, they launch their attack, and it’s always on their terms. 

The reality of cybersecurity is that the attacker only must be right once, whereas you must be right every time as a defender. Thankfully, as cybersecurity tools develop, this paradigm is changing where the attacker must be perfect to avoid detection once on the system, but these tools may be expensive. 

Gambling with tape 

For many decades, IT infrastructures have backed data up onto tape. Many businesses still rely on this traditional method. In optimal conditions, there’s nothing wrong with this solution, but it often takes a long time to get back online because you’ve got to find the tape, plug it in and stand everything up. 

Quite a few system administrators have stories of tape failures. It’s not the most reliable backup method when compared to modern storage such as solid-state disk. 

The answer is in an offsite backup 

An offsite backup is vital in ensuring complete backup and DR. This establishes data redundancy. Service Express has considerable skills and resources, along with the technology partnerships, to set up the required hardware and networking that fits into your existing IT estate. 

This strategy brings in a substantial degree of resilience when it comes to cybersecurity threats aimed at your industry. It’s a difference maker that no company should be without. 
 

The post Why a typical disaster recovery (DR) plan isn’t enough to defeat ransomware appeared first on Service Express UK.

]]>
https://serviceexpress.com/uk/resources/why-a-typical-disaster-recovery-plan-isnt-enough-to-defeat-ransomware/feed/ 0
Mitigating the risk of ransomware attacks with a disaster recovery plan https://serviceexpress.com/uk/resources/mitigating-risk-of-ransomware-attacks-with-disaster-recovery-plan/ https://serviceexpress.com/uk/resources/mitigating-risk-of-ransomware-attacks-with-disaster-recovery-plan/#respond Tue, 18 Oct 2022 20:34:24 +0000 https://serviceexpress.com/uk/?p=72901 Watch to learn about the key considerations when building a disaster recovery plan to ensure business continuity and reduce the risk of ransomware attacks.

The post Mitigating the risk of ransomware attacks with a disaster recovery plan appeared first on Service Express UK.

]]>

How organisations are mitigating the risk of ransomware attacks with the right disaster recovery plan

How are organisations thinking about protecting their data from ransomware attacks? Chris Smith, our Director of Customer Sales, interviews a panel of experts from Service Express, IBM and Veeam as they discuss how cyberattacks can impact organisations in different industries.

Watch now to learn more about:

  • The current and growing cybersecurity trends and challenges
  • The risk of ransomware attacks
  • How to build a disaster recovery plan that could save you from financial loss and reputation damage and ensure business continuity

This 45-minute webinar provides a holistic view of cybersecurity and ransomware trends with practical guidance on what organisations need to think about in terms of disaster recovery.

The post Mitigating the risk of ransomware attacks with a disaster recovery plan appeared first on Service Express UK.

]]>
https://serviceexpress.com/uk/resources/mitigating-risk-of-ransomware-attacks-with-disaster-recovery-plan/feed/ 0