We have all heard of hacked baby monitors, transport ticket machines infected with ransomware and internet connected vehicles being hacked. But, what does this have to do with enterprise networks?

With the McKinsey Global Institute estimating that 127 new IoT devices are added to the internet every second; and Gemalto reporting that only 33% of IT teams believing they have control over IoT devices on their networks, it feels as though a storm is brewing.

After working in this industry for over a decade, you very quickly get used to “the next big thing”. Sometimes it is no more than a storm in a teacup which peaks the attention of marketers but nobody else; other times it goes on to define the next few years (sometimes longer) of IT strategy and discussion.

SECaaS seems to be in the latter category - and there are two reasons why I think that is the case.

When thinking about automation in our workplace IT networks, it is easy to get carried away and conjure up sinister Bladerunner-style robots who work in-place of humans, slowly replacing us one by one.

So here we are. At that juncture which we have all be expecting, where warning and preparation meet reality. The GDPR has delivered intention of its first astronomical penalty value, with British Airways in its cross-hairs, to the tune of £183 million.

After last years high-profile data breach, it was expected that British Airways would be made an example of; and what an example it is.

We are often told that security is a game of when, not if - data breaches and cyber attacks for a long time have not been a roll of the dice but instead, a ticking clock. Cybercrime is such a lucrative and somewhat untraceable activity that the cross-hairs do not discriminate.

For some, it might have felt like the GDPR was a little bit of an anti-climax. Relative hysteria in the build up to May 2018 has not led to the end of marketing departments, mass administration of fined companies or denial of service by DPIA's.

Instead, in the 12 months since its enforcement, all has been a little quiet.

Or has it?

In today's IT environments, you would be hard pushed to not find some element of cloud usage. Whether that be email, storage or virtual machine hosting and computational power, this is no more evident than the 2018 growth statistics for Microsoft's Office 365; sitting at between 2 and 3 million new accounts added each month.

If there is one topic which most channel partners are keen to address, then it is managed security services. Keen to be more than just peddlers of security software; and wanting to provide a wider service, channel partners are faced with a bountiful marketplace of small-to-medium sized businesses who desire high-grade solutions with lesser pricing and more flexibility.

What is it that you think of when reading or hearing the term "machine learning"? Chess playing robots? That gadget that cuts the grass of your lawn while you enjoy your new-found spare time? or the terminator relentless chasing Sarah Connor through a movie franchise and TV series?

From smart automated homes to WiFi enabled children's toys, this Christmas was a bounty for manufacturers of gadgets and gizmos offering internet connected functionality. Otherwise known as IoT or the Internet of Things.

But, what exactly is IoT and what concerns does it bring to companies and organisations who adopt such technology?

There is a very good chance that you have used multi-factor authentication (sometimes referred to as two-factor authentication) at some stage over the past few years, even if you are not familiar with the term.

By now I am sure you have seen and read enough IT security "predictions" for 2019. As cynical as it may seem, I often chuckle at the alignment of an author's predictions and the solutions and services that they sell. Coincidence? Or good marketing?

AI, ML, DL... we live in an age of jargon which is sometimes hard to keep up with. You probably have a general awareness of what artificial intelligence (AI) is or you may even have worked with an IT solution which professes to use AI in some manner.

There are many myths surrounding the creation and naming of Black Friday, that yearly American imported shopping bonanza, which seemingly includes almost anything these days. Including, the dark web where it was reported that cyber criminal gangs were selling stolen credit card details at a limited discount.

With the final months of 2018 in full swing, every vendor, marketing agency and outlet will be busy evaluating the events of the year; and looking into their crystal balls, in an attempt to predict the trends of 2019.

Despite it being punished under the Data Protection Act 1998, the penalty handed out to Equifax recently in reaction to their catastrophic handling of a widely reported data breach in 2017, has pushed the issue of data protection and the GDPR right back under the spotlight.

If you have been following our blog for the past few weeks, you will know that we have been focusing on the well-known virtues of third-party managed IT security solutions, otherwise known as managed security services providers (MSSPs).

For anyone who works in IT or compliance, you will be more than aware that the year 2018, has been seen more than its fair share of new regulations and updates to industry standards. This year alone we have seen the introduction or update of:

It seems that every IT-related conversation involves some element of cloud today. From cloud-hosted email, to cloud-hosted file storage and even cloud-based telephony through the use of centrally hosted VoIP services.

I am sure that we can all agree that cloud hosted software or SaaS (Software as a Service) is generally more cost effective, more convenient and easier to maintain. But in the back of our minds, there is always a concern about security; and whether or not submitting to the cloud means losing control.

It is both curious and comical to me how certain topics surrounding the GDPR (General Data Protection Regulation) seem to generate more buzz than others, whether they are correct or not. Such as the topic of consent being the only form of lawful processing, the overriding right to be forgotten in any circumstance and the belief that all forms of outbound marketing have been confined to history.

Hot on the heels of The GDPR (General Data Protection Regulation), yet enforced just fifteen days before, the directive on security of network and information systems (NIS) has been created to achieve a high, common level of network and information systems security across the European Union.

In the scramble of the final days leading up to the 25th of May 2018, Google crawl bots would have noticed universal updates taking place across the internet. Privacy policies for an unquantifiable number of organisations and companies were being adapted to fit the GDPR.

The 25th May 2018 has arrived and you as a data subject have been empowered with Europe's most ambitious and forward-thinking data protection regulation to date, the GDPR. As the ultimate steward of your personal data, you now have control over its use in most scenarios making data privacy a fundamental right. But what about instances where your personal data is available publicly? Is personal data fair game, once it is in the public domain?

By now you have probably learned that the processing of personal data does not always require an act of consent. Whilst much of the internet is obsessing over consent, re-consent and double opt-in consent, you have correctly discovered that it is not the only way to legally process personal data.