Congratulations to Roy Russell who is the October Manager of the Month.
Roy is a big Chelsea fan so fits in well with Frank Lampard also winning the October Manager of the Month for the Premiership.
Strangely Roy currently only has 1 Chelsea player in his team….
Keep an eye on your team with the international break. It’s a good time to reassess your squad and transfer the non-performers or injured players out.
The SAM Club’s 6th Azure User Group meeting was kindly held at Neon Underwriters, a long-term client of ours based in London. The topic for this meeting was about a customer’s journey migrating to Azure. The SAM Club also presented on some of the licensing considerations that firms need to consider when planning their Azure migration.
Ian Nicholls from The SAM Club kicked the event off with a presentation on Azure licensing, discussing how Windows Server on premise licenses with SA (Software Assurance) can be used within Azure via the Hybrid Use Benefit. Emphasis was placed on the planning phase when considering moving to Azure and the importance of licensing.
Microsoft use the ‘Group of 8 Rule’ which refers to the number of cores, so a VM (virtual machine) must be licensed for 8 cores minimum. If a Windows Server Standard license for 16 Cores is used within Azure under Hybrid Use Rights, this can be used for a max 2 VM’s (2 x 8 Cores) based on the specification of the VM. The rule for a Standard license is that it can be used for an on-premise server or in Azure but not both. But you get 180 days of concurrent use rights whilst migrating servers.
This rule also applies to Windows Server Datacenter (DC) which seems strange as DC is for unlimited VM’s within a host server on premise. But within Azure there is no concept of a host server. A Datacenter license can be used both on premise & in Azure – based on the Group of 8 rule. So, a 16 Core DC license can be used for a max of 2 VM’s within Azure.
You can also stack licenses so by adding more cores, you can run a VM for 16, 24, 32 cores etc. Savings of up to 40% on VM’s can be seen when using the Azure Hybrid Use benefit.
The Azure Hybrid Use Rights for SQL Server within Azure only applies to the per core licensing model for SQL Server Standard and Enterprise per core licenses with SA.
SQL Server licenses on the server/CAL model are not applicable for Azure Hybrid Use Rights.
SQL Server Enterprise when used for General Purpose or Hyperscale Service Tiers are entitled to 4 cores for 1 core with SA owned and used. Business Critical or Azure Virtual Machines are only entitled to 1:1 core.
Each VM must be licensed for every core with a minimum of 4 cores per VM.
With migrating to Azure there is also 180 days of concurrent use rights to assist with the process.
Where software licenses that are owned and used within Azure outside of the Hybrid Use Benefit, such as SQL Server on the Server/CAL model, a License Mobility Verification Form must be completed within 10 days and submitted via the LSP/Reseller.
Azure Dedicated Host (DH) is a new service that is currently in preview from 1st August 2019 so has some limitations.
Azure Hybrid User Rights can be used for a Windows Server Datacenter license being applied to the DH for all the cores. A DH can also be used for SQL Server with an Enterprise License also being applied based on the number of cores on the DH.
It is also possible to group DH together, like an on premise ESX farm for example.
The DH addresses compliance requirements by giving the ability to place Azure VMs on a specific & dedicated physical server with host level isolation – no third party VM’s will be placed on your hosts.
With Azure VM’s, Microsoft complete and apply maintenance to the VM’s as required. With Dedicated Host servers, you have the option to defer host maintenance for up to 35 days, thereby gaining full control over the sequence and velocity of the maintenance process. Most maintenance events have little or no impact on your VM’s. But there may be some sensitive workloads where every second of pause could have an impact. You can therefore opt in to a maintenance window for control and to reduce the impact on your service.
Existing Azure VM’s can be moved to Dedicated Hosts and it is our understanding that portal support for this will be available soon.
Below are the current Dedicated Host options. It is worth noting, that with an on-premise server running VM’s there are no limitations on the number of VM’s.
With DH there is a limit based on the number of virtual CPUS available:
On 1st October 2019, Microsoft updated their licensing terms for dedicated hosted cloud services.
Due to the emergence of dedicated hosted public cloud services, beginning 1st October 2019 on-premise licenses purchased without software assurance and mobility rights cannot be deployed within the following public cloud providers: Microsoft, Alibaba, Amazon (including VMware Cloud on AWS), and Google. They will be referred to as “Listed Providers.”
These changes don’t apply to other providers and there will be no change to the Services Provider License Agreement (SPLA) program or to the License Mobility for Software Assurance benefit, other than to expand this benefit to cover dedicated hosted cloud services.
Neil Davison IT Director at Farrer explained, signing an agreement with Net Documents in 2013/14 was Farrer’s first toe in the water with their journey to the cloud. Farrer were one of the first law firms to move their infrastructure to the cloud, which was considered due to aging technology during a review of their infrastructure. There were server room issues, cabling issues and technology nearing end of life, so a full replace was needed. Dell worked with Farrer on a review strategy roadmap so they could consider replacing their on-premise infrastructure, versus Private and Public Cloud options. When this was presented to the board it was clear that Public cloud offered the best solution.
Any security issues that the board raised were addressed by Microsoft’s trust center and they found this resource invaluable in helping convince the board to approve the project. In 2016 the project was approved, so Farrer set about finding the right partner to help them with help from Microsoft. After tendering to 4 partners, SystemsUp were chosen and they led Farrer through every aspect of the migration.
The planning phase took 14 months and their infrastructure was mapped so they could see what was in place and which systems linked to each other. From here a migration plan was formulated and as the integration between systems was crucial, the decision was taken to move everything to Azure at the same time.
Microsoft offers a very high level of security, but it is still a shared responsibility. So, Farrer had to put a plan in place for security on servers and patching, mapping against CIS benchmarks – which is run by Microsoft and advises on measures to take to help improve your company’s security score.
A high-profile client did an audit at Farrer and security was a high concern all round, but Azure was not the concern, most questions were around the Net Documents software with Azure being a tick box exercise.
Farrer backfilled their infrastructure team and utilised SystemsUp to upskill the team so that they had in house knowledge once the project was completed.
Farrer have other security products in place aside from Microsoft’s; currently on the Microsoft M365 E3 plan they use products from Checkpoint and Tenable.io to complement their security and are considering moving to Microsoft M365 E5 next year.
Testing took thousands of hours and they had a team test the migration plan before it was executed live. Some of the systems were 20 plus years old so some latency was picked up. The decision was made to use the Amsterdam datacentre as this is one of the first locations to receive updates with London being the second datacentre location.
Changes did happen during the migration with updates from Microsoft coming through regularly in Azure, but SystemsUp understood Farrer’s environment and were able to adapt accordingly. A question was raised in the room about how this new adoption of technology is being received within the law firm. There is always resistance to change but that is the nature of the world we live in now and technology is becoming more of a competitive edge for law firms to have over the competition.
There is a testing group in place at Farrer who meet every 6 weeks to review changes and decisions made on which updates to implement.
The infrastructure team at Farrer have changed the way they work, and the team have reskilled using resources such as the Microsoft Enterprise Skills initiative for support and training. They are more focused on being proactive and looking at what’s coming; which makes them more agile and able to leverage new technologies such as AI.
Farrer see Azure as much more than a lift and shift and feel they have only touched the surface of what is possible in Azure. Re-platforming of systems is taking place now and considering other cloud services.
Since migrating their entire infrastructure to Azure and using Microsoft 365 Farrer have had 100% uptime.
Regarding Business continuity Farrer have completed fail over testing for a week with the London Datacenter being used during the DR (Disaster Recovery) period which ran as good as the live environment. Remote working is enabled through a Checkpoint VPN providing direct access with an always on VPN connection.
The next step for Farrer is a review of the infrastructure and costings, they have some servers on Reserved Instances (RI) now and they review them quarterly with SystemsUp.
Microsoft have a Fast Track Service team for Azure which is available based on eligibility.
Discussion on next topic and host
Ideas for the next meeting topic were:
The date and location are to be confirmed.
You can find blog articles from our previous events here:
Azure User Group meeting
Azure User Group meeting 2 Dev /Test
Azure User Group meeting 3 Security & Compliance
Azure AI Chatbots is the hype justified?
Microsoft Cloud Economics Assessment
Our 5th Azure User Group meeting was about the Microsoft Cloud Economics Assessment and was kindly held at Charles Russell Speechly’s head office in London. We had some new faces join the group which is always great and gives different perspectives on the challenges faced in the journey to cloud.
The meeting started with an update from The SAM Club and how we are evolving our services to support our customers as they consider the move towards Azure. The SAM Club is working towards becoming a Silver Partner with Microsoft to enable us to complete an Azure assessment to help our customers with their decision process and assessing tools such as Movere and Azure Migrate that are available. With Movere, we are considering becoming a partner to enable The SAM Club to be fully trained on the product and we will provide a separate blog on these tools in due course.
Zephaniah Chukwudum, Sr. Product Marketing Manager (Azure Data & AI), Microsoft
Our first guest speaker from Microsoft talked about some of the key trends in the marketplace. Digital Transformation is the focus for Microsoft, enabling employees internally and customers externally with technology. Professional Services (such as law) are in the Top 3 priority sectors for the Microsoft Azure team. Zeph talked about the ‘Digital feedback loop’ and how operations impact services within an organisation, which loops to employees and customers – all are pinned by data and intelligence. Microsoft aim to help organisations take the mass of data they have and to enable them to use it rather than it be locked up in a database somewhere.
There will be a rise in native app developers as employees using data come up with ways to automate processes with AI. Zeph mentioned that since 2014 there has been a 6X increase in the investment into AI by companies based on research by Deloitte. AI capabilities are now being integrated as standard into cloud-based software, so smart insights are available to organisations in the cloud.
Lewis Crawford, Engagement Manager in the Cloud Economic Assessment Team, Microsoft
The Cloud Economics Team at Microsoft are able to provide customers with an investment into their business of circa £15k which enables customers to benefit from a full scoping assessment of their entire IT infrastructure by breaking this down into a costing analysis, server optimisation analysis, workload/application identification, workload prioritisation for migration and also recommendations for mapping current infrastructure into Azure. Providing a universal view of infrastructure on premise and in the cloud, utilising the ARC scan (Actual Resource Consumption) within the assessment tool enables the delivery of an extensive analysis of what a customer’s infrastructure will look like in Azure, once right-sized and optimised, resulting in the additional benefit of large cost savings.
To qualify for the assessment there are two criteria:
• Executive / board level sponsorship to start cloud journey
• Cloud transition plan – compelling reason to move (EOS services / contract renewal)
The Assessment gives insight into
• Scope of Server count
• SQL and Windows Server EOS status footprint
• Outline of servers to remain on prem, decommission and migrate to cloud
Categorisation of in scope servers by workload type and detailed prioritisation of workloads and apps that would benefit from migrating to cloud. The assessment provides an in-depth analysis in order to create a business case for internal communications and to aid decision making with wider teams, board members and C level individuals.
The process looks like this:
It is advised that the 30-day process includes an end of month or end or end of quarter process for the 2 week scan, to obtain accurate peaks and troughs for the analysis to help with right sizing for the cloud. Maybe starting during the last week of the month. It is possible to run the scan for longer, but applications like Movere are licensed on a 30 day basis which includes the time to analyse the data.
The analysis can then be used to support the business case for moving to Azure and can consider areas such as:
• Servers at end of support
• Hardware older than 3 years
• Non-Production environments
• Lowest utilized production servers
• High end always on production servers
An area that can bring large cost savings is if you have existing licensing for Servers and SQL under Enterprise agreement with SA is the Azure Hybrid Use Benefit – which means you don’t pay twice for these licences when migrating to cloud as it is factored into the pricing.
The Azure Calculator is a useful resource for looking at costings, you can analyse cost savings with the Azure Hybrid Use Benefit, Reserved Instances* (RI) which dependant on VM size can offer savings of between 10% and 70% seen from an end user perspective.
*An Azure Reserved Virtual Machine Instance (RI) is a virtual machine (VM) on the Microsoft Azure public cloud that has been reserved for dedicated use on a one- or three- year basis.
It is possible to cancel an Azure Reserved VM Instance at any time (up to £37,265.45 per year). Cancelling allows you to return the remaining months of an Azure Reserved VM Instance back to Microsoft for an early termination fee of 12 percent. The remaining prorated balance, minus the fee, is then refunded via the original purchase. Alternatively, the Azure Reserved VM Instance could be reused or exchanged for use with another Azure Reserved VM Instance.
There are different levels of discount per VM size and some VM’s are not offered with this discount but the report at the end of the Cloud Assessment will detail costs of 3-year RI with AHUB (Azure Hybrid Use Benefit) so you can see which servers to optimise in the cloud.
Support is offered early in the process of moving to Azure, so even if your organisation is in the early stages of needing to present the ROI case to the board Microsoft Cloud Assessments can be carried out.
First, we heard from a legal client who has already made the transition to Azure in 2017. End of life was the reason for migration, and they had adopted Net Documents so it seemed the time to do it and they used a lift and shift approach into the cloud. As they found that SQL Paas was not supported by a lot of vendors pivotal to the legal sector, they over optimised servers initially. The exercise was less about cost saving on migration, but over time they have optimised server usage by monitoring them in Azure. Optimisation is the plan going forward and they are looking at Reserved Instances for further cost savings.
Initially, they said that regarding TCO – they saved a bit on the running costs, but they saved a lot on hardware, support and services that the hardware refresh would have incurred.
A major concern from the room was around the main Vendors when it comes to specifying the servers for their products. The room stated that these are often appeared to be over spec’d and for on premise servers which they are forced to follow due to the vendors support terms. When purchasing new software from a Vendor, their server spec is all that is available and using the Azure calculator the costs are considered too high. Microsoft also recognised this and are working with SI’s and vendors to help educate them. Microsoft suggested that as a group we identify and advise them on 10 vendors that can be investigated.
Ideas for the next meeting were discussed and some topics suggested were:
• Panel of peers to discuss their experience migrating to Azure and challenge Microsoft
• Microsoft and iManage to present the way to the cloud
• Azure Sentinal – Intelligent security analytics
The next meeting date and location is to be confirmed for mid-September
You can find blog articles from our previous events here:
Azure User Group meeting
Azure User Group meeting 2 Dev /Test
Azure User Group meeting 3 Security & Compliance
Azure AI Chatbots is the hype justified?
If you are changing your virtual server IT infrastructure, then you may need to split or combine your VMware vSphere licenses.
Photo by Daniel Chen on Unsplash
All vSphere licenses installed in the same VMware server farm must have the same Support Level, i.e. Basic (9×5 business hours) or Production (24×7).
So, if you have different support levels on your VMware vSphere licenses you need to take care when splitting and combining them.
Also, if you have VMware server farms installed in different countries and since vSphere licenses are licensed on a geographic regional basis (depending upon in which country they were purchased), you must take care not to split and combine licenses from different regions.
Of course, before combining license keys ensure that they are for the same release. You may need to upgrade some license keys via your MyVMware portal beforehand.
Also, see our earlier blog about splitting license keys.
Because of the complexity of VMware licensing, the SAM Club helps its Clients maintain their MyVMware licensing portals and maintains a synchronised single pane view of all licensing & support data in their SAM Workbooks.
If you might benefit from The SAM Club’s expertise and assistance with your VMware licenses, support renewals and MyVMware portal please contact us.
Do you know which version of Microsoft licenses your organisation owns and is licensed to use? The Microsoft Business Center Portal (BCP) by design displays the original license view in case of licensing model changes. For example, with the licensing model for Windows Server having changed from processor to core licensing with the 2016 release, are you able to tell what your organisation owns and is entitled to? So, as an example, with licenses for Windows Server 2012 R2 that expired on 31st October 2018, the SA term and the original order proves and guarantees entitlement to use Windows Server 2016 and/or 2019 instead of the 2012 R2 version. But the BCP does not show or highlight this in any way. In fact with a recent scenario we have seen the BCP shows no evidence of the SA term and expiry. This could lead organisations to purchase the current version when in fact it is already owned.
At The SAM Club, we maintain the records for our clients in their SAM Workbooks and provide the help and guidance to ensure new software purchases are not made when a license already exists. If you would like to know more about our service then please get in touch.
If you haven’t logged in to your MyCitrix portal recently you may find that your login doesn’t work.
For security reasons Citrix has been invalidating users’ previous passwords, thereby, forcing users to go through a password reset process.
We suppose that by doing this, Citrix will effectively purge the ability of users who are no longer active or who have left their firms from being able to login.
So, you may wish to check that your login still works and, if not, to reset it before an urgent, time-critical situation arises for you to access your MyCitrix portal.
P.S. Whilst you’re in your MyCitrix portal you might like to perform a health check &/or do some tidy up, e.g.
OR, The SAM Club can help you do this and look after your portal on an on-going basis as part of our Managed Service. It may seem like a simple thing to manage a licensing portal, but it’s easy to miss some of these little things that can actually save you thousands in licensing costs – read our Adobe licensing portal blog for more info.
Please contact us for an exploratory discussion.
As more organisations start to use Microsoft Azure it is important to review your Azure portal(s) on a regular basis.
There are two portals. The original portal, aptly named ‘Classic’ and the newer version Azure Resource Manager (ARM). Moving from Classic to ARM is not straight forward but it’s worth considering for potential cost savings as Classic has limitations.
As you start to migrate VM’s to Azure, your Windows Server Datacenter & Standard Edition licenses with SA or Windows Server Subscriptions can be used with Hybrid Rights for the OS’s hosting VM’s within ARM. This saves you licensing additional Windows Servers for the Azure VM’s thereby helping to reduce your costs. *Note that this option is not available with the ‘Classic’ portal.
If you review the Disks that you’ve purchased, there is a column called ‘Owner’. Where this is blank it indicates that the Disk is not being used by a VM. However, this Disk would have been purchased and is, therefore, contributing towards your costs.
This is where a VM can be reserved for dedicated use on a one- or three-year basis. RI’s require a one-time up-front payment but can offer discounts up to 70% when compared to the standard on-demand pay-per-use VM pricing model. *Note RI’s are not available within the ‘Classic’ portal.
The ARM portal also provides performance information on VM’s. After a 30-day period, you can see information on VM’s that may have been specified incorrectly and only using a small % of the CPU available. This provides another option to review and reduce Azure costs.
Are you using Azure for Test and Dev environments? Are you making full use of the Azure credits which come with your Visual Studio subscriptions? Visual Studio Professional provides a credit of US$50 per month and US$150 per month with Visual Studio Enterprise. But, these credits are for use by your named licenced developers and cannot be used on a team basis.
At The SAM Club, we monitor our clients’ Azure Portals and provide regular reports for review, highlighting potential cost savings for consideration. Contact us if you would like to know more about our independent Software Asset Management Service. We are not a license reseller, so you can be confident that the information we provide is unbiased and, in your organisation’s, best interest.
If you are considering moving to Microsoft Azure you might find attending our regular Azure User Group meetings useful.
Azure AI Chatbots was the topic of the 4th SAM Club Azure User group meeting, the meeting was kindly hosted by Gardiner & Theobald at their offices in London.
The conversations started with a client who is looking at developing Chatbots in Azure discussing the reasons they are considering AI Chatbots. Law firms are increasingly being asked what makes them different from their competitors. Technology is included in this for example: Can they get 24-hour access to policies that can be accessed via mobile apps? Chatbots can be developed to offer these services.
Microsoft invited ANS who are one of only 40 Azure Managed Service Partners (MSP) globally, but headquartered in the UK, who develop and design Chatbot’s. Chatbot’s are more than just a frequently asked question (FAQ) function on a website. The truth is the technology behind it is much more versatile.
Some examples of the different types of bots mentioned were:
For a website to help a prospect to find the right contact within a firm. An ExperienceBot could help point someone in the right direction of partners with the relevant knowledge.
Employees wanting to know how many days holiday they have, requesting holiday, maternity benefits etc this could all be accessed via the bot rather than contacting HR. Chatbots are not only able to automate tasks, they can be proactive. Feedback provided into the bot from staff can help answer common queries and can also be used as an anonymous way to capture data.
How many support calls are being received on what topics and it is possible to automate the responses to reduce the number of calls and increase response times.
A Chatbot is only limited by your own creativity. Could we see websites where you answer a few questions such as looking for a new car which then returns all makes and models for consideration?
An example of a successful Chatbot use case is the ‘Do Not Pay’ chatbot that was developed by Stanford University student, Joshua Browder. It is now perhaps the most recognisable name of any legal chatbot and is now known as “The world’s first robot lawyer”. It was developed to help users contest parking fines and has helped save motorists $13 million in parking fines.
The bot is now giving free legal aid to users through a simple-to-use chat interface. The chatbot, using Facebook Messenger, can now help refugees fill in an immigration application in the US and Canada. For those in the UK, it helps them apply for asylum support.
ANS created a parking Chatbot to help assist with their staff parking, using a camera in their carpark and data sources such as staff holidays, meetings and weather they can predict when parking spaces might be available.
A Chatbot can never answer every question that anyone will ask. But built in ‘error’ replies such as ‘I don’t know the answer but can ask someone to contact you’ can help. Gathering information on additional questions can then be beneficial to develop the Chatbot further.
ANS have created a ‘BaseBot’ which is free to download on GitHub that enables you to deploy an AI powered Chatbot in under 1 hour. A great starting point for a simple Chatbot for a pilot.
Microsoft offer an QnA Maker in Azure where you can create a simple FAQ service from existing content. This offers an ideal starting point for organisations thinking about Chatbot technology and can be set up for only a small investment.
There are many off the shelf bot technologies, but if more bespoke Chatbots are required then working in partnership with a developer is recommended so they can integrate your data and build to your specific requirements.
A final use case that ANS presented was with Staffordshire University, they developed an AI-driven coach and support assistant using intelligent Chatbot technology. It provides students with key information such as course timetables, campus facilities and extra-curricular activities. It is also a support tool to help identify any at-risk individuals who may be unhappy or unsettled and provide guidance and support.
Feedback from the roundtable highlighted resistance from partners and how to drive change and get buy in, as there can be too much technology. The suggestion is always to start small with a pilot group that can then champion the concepts. ANS recommended a collaborative approach; upfront involvement from partners to discuss their pain points with developers who can translate that into what’s possible with AI Chatbot technology. Also starting off with a version one of a Chatbot to prove it’s use, then develop it further with internal and external data.
The meeting rounded off with discussion on the topic for the next event which was agreed as Microsoft Cloud Assessments. This process looks at client’s workload on-premise and works out the costings/commercials for moving to Azure with a detailed report. The next event will be held in early August and will be announced soon.
You can find blog articles from our previous events here:
Azure User Group meeting
Azure User Group meeting 2 Dev /Test
Azure User Group meeting 3 Security & Compliance
Microsoft announce that they will not now remove the special Office Professional Plus installation rights that customers are currently entitled to with Microsoft 365 E3 and E5 From SA licences. The current rights are detailed on page 54 of the May 2019 Product Terms, and this announcement confirms that the rights are here to stay rather than being removed after 1st August 2019.
The SAM Club can help you understand your licensing position, document and maintain your software assets and help with new technology planning and renewals. Find out more.
Security and Compliance Azure was the topic of the 3rd SAM Club Azure User Group meeting, that was kindly held by HEMPSONS at their central London office. The group has grown with several new attendees to this event and it was great to have their insight on the journey to Azure.
The meeting kicked off with a presentation from Stuart Aston, National Security Officer at Microsoft. Discussing how the journey to Azure starts for many companies, it tends to start with Office applications via Office 365, or IaaS as it’s an easy left and shift of on premises services.
Stuart introduced the group to a great resource for fact finding around security and compliance of the Microsoft Cloud. This portal provides access to reports such as ISO surveillance, penetration test results and government blueprints.
Microsoft spend $1 billion a year on security to provide assurance to clients that their data will remain safe in the cloud and work closely with Government cybersecurity.
Identity – one of the first things to be targeted by hackers. Microsoft highly recommend using Multifactor authentication, it reduces the chances of success two-fold.
Device – Devices need to be secure and software updated, policies such as BYOD need to be reviewed if considering moving to cloud. A BYOD policy equals higher risk – the Martini effect: Anytime, Anyplace Anywhere. The end user device is where most data breaches happen and is where the hackers target. Consider regular health checks on the device and consider if it is safe for the end user to access firm data via that device.
Apps and data – decisions need to change around risk assumption, such as admin users having unrestricted access.
An example was raised of the Ashley Madison website hack, where 37 million user’s personal information was leaked and there were many work email addresses used. One in five people use the same password for work and personal use. How many people in your organisation are doing this?
Stuart recommended a new tool from Microsoft called Azure Sentinal which enables IT to see and stop threats before they happen. It is a Cloud and AI application that provides a bird’s eye view across the enterprise.
Microsoft share threat intelligence and are part of the CISP (Cyber security Information Sharing Partnership) which is an initiative between the government and industry to combat cyber threats.Information is shared on threat intelligence only, not any customer information or data.
Stuart recommended joining CISP if your firm is not already a member.
Stuart discussed the level of physical security at the 39 Microsoft datacenters around the world – such as tank traps, zigzagged roads, biometric and body scans people must get through before even entering the building.
Even then the data is totally anonymous, nobody in the building knows which company’s data is stored on a server and all hard disks that are not in use are destroyed on site.
There are several highly regulated industries already using the Cloud and it’s unlikely that most organisations would have the billions of dollars spent on security that Microsoft do.
There is access online to guidance on what to request from suppliers when compiling questions and gaining evidence to present to the board when moving to the cloud to address security and compliance concerns.
The round table session posed some questions from the group:
Stuart was asked to discuss an example of a use case where there was resistance to moving to the cloud and what the success factors were in converting them.
Cost – Microsoft state it’s generally cheaper to move infrastructure to the cloud
Security – it’s more secure, Microsoft carry out more PAT tests, they have an attack team who regularly try to penetrate their own systems. They have access to threat intelligence and are always using the latest Operating System.
New features are delivered faster in Cloud – this does also provide some level of risk.
Where data is held is the biggest fear for law firms
There are 39 Cloud regions worldwide. When starting with Azure you can decide on which region to use to store your data. Stuart mentioned the Microsoft Dublin data centre case to highlight the lengths Microsoft went to in ensuring an individual customer’s privacy. Microsoft took the case to one of the most expensive courts in the World to challenge a warrant seeking emails belonging to an individual stored in Dublin.
How AI is used to check for malware
Law firms are using Mimecast to protect their email and Microsoft also recommend Defender ATP, plus steps made internally to whitelist and stop people gaining admin access – making hacking harder. Scanning your own services for attacks – defence in depth should be a policy to lower the risks.
Multifactor Authentication outage
Microsoft’s outage of the MFA service caused users a lot of problems with accessing Office applications. Stuart said that whilst this was not good enough – it happened, and organisations should plan for offline working in case of any outage incidence.
OneDrive is a back up solution so that users can access office applications.
How can the IT dept keep up with the complexity of new features from Microsoft?
There are notifications from Microsoft of new features and Roadmaps provide details of the new features coming up, these are now drip-fed throughout the year rather than in one hit. Need to monitor and prioritise which vendors to invest time in tracking.
To help with training and implementing Azure and new features the following resources are available:
Microsoft direct account team
Fast track Azure Team
Online Learning – MSLearn
The Trust portal is a useful tool for presenting to the board, it can help you put together a matrix of questions and evidence to present to them.
Office 365 Security and Compliance guide
The meeting rounded up with an agreement on the next topic : Chatbots – how they are implemented and real use cases.
To find out what was discussed at our previous meetings, please see our recent blog posts – Azure User Group Meeting and Azure Dev Test. If you are interested in attending the next meeting please register.
