Getting Wi-Fi implementation right – some best practice tips

15th January 2018

Wi-Fi implementation - getting it right

Many businesses are failing to take advantage of their Wi-Fi deployments. At Wanstor, we are finding that it is the planning and implementation of Wi-Fi deployments that make or break a successful Wi-Fi solution. To set up a successful enterprise Wi-Fi solution, Wanstor has developed a set of best practices.

By following the practices below, we believe any business can quickly and efficiently replace wired LAN access services in existing workspaces and implement Wi-Fi in new locations. So what are the secrets to Wi-Fi deployment success?

  • Plan for the future – Quite often businesses only plan for Wi-Fi usage which will satisfy user demands today and not the future. This means that the investments in Wi-Fi will satisfy an immediate need, but as we have seen in many businesses Wi-Fi usage continues to grow at an exponential rate as video, voice and internet usage continues to grow. This means IT Managers should take the time to understand their businesses Wi-Fi usage needs now and those up to 3 years in the future to make sure a robust, reliable and ever ready Wi-Fi network is in place.
  • Start Incrementally with Proofs of Concept (PoCs), Staged Deployments, and Standardized Components – This will help you to evaluate where and when traffic is flowing from and if there are any problems with certain devices or areas in buildings
  • Design for the best possible end user experience – Make sure your Wi-Fi design takes into account user needs and the activities they are likely to be undertaking on the Wi-Fi network. For example is your Wi-Fi network set up so live video can be streamed, high data applications used and can cope with several devices connecting at once?
  • Employ Redundancy to ensure reliability, availability, and coverage – For better coverage and more reliable performance, we suggest businesses use a dual-redundant infrastructure that includes two clouds, two WLAN controllers per building, and two APs to cover every physical point in a building. This infrastructure will give more APs per location and fewer users per AP. Thus providing greater reliability and availability since there is no single point of failure. If any infrastructure component fails, any connecting wireless device will automatically roam to a neighboring AP, minimising interruption to the user.
  • Perform site surveys and verify coverage – To adapt a Wi-Fi solution to different types and sizes of buildings, it is strongly suggested the IT Manager invests some time in using an automated Wi-Fi planning tool. This will help to meet the following criteria:
  • Enable a 15 to 20 percent AP overlap
  • Locate APs for redundancy and dynamic power allocation
  • Serve 15 to 20 users per AP
  • Make sure small cells are available for VoIP service
  • Provide coverage of conference rooms and shared areas separate from employee office apps
  • Test the quality of service for voice and video demands – Quite often Wi-Fi solutions are deployed with IT Managers thinking users will only be accessing email and a couple of low data usage apps. Nothing could be further from the truth. Walk past any coffee shop and you will see people on phones and tablets, making calls, streaming films and uploading images to social networking sites. This means the Wi-Fi design has to have the right coverage and bandwidth to accommodate users needs at all times of the day.
  • Base Wireless Infrastructure on Wi – Fi controllers – Wi-Fi controllers allow IT administrators to create AP groups for geographical management and security as well as to implement special features. If a change needs to be made to the wireless configuration of an entire building, such as adding an SSID (service set identifier), the administrator can simply apply that change to the group through the Wi-Fi controller. Implementing centralised management through WLAN controllers also enhances security by enabling IT administrators to check logs, configure security settings, and implement group policies for wireless users all from one location. Wi-Fi controllers also make it easier to detect defective APs
  • Follow the FCAPS model – To monitor and manage wireless infrastructure, Wanstor uses an FCAPS (fault, configuration, accounting, performance, and security) management model:
  • For IT notifications of errors (faults), we use a management solution that classifies, and forwards Simple Network Management Protocol (SNMP) traps and event messages based on severity.
  • To reduce configuration time and effort, we use a generic global configuration template supplemented with a local configuration template where necessary. For simple, global updates, we standardise as much as possible on a single firmware solution for APs across the enterprise.
  • Accounting/performance. For network health, we monitor coverage, load, utilization, and uptime. Our troubleshooting capabilities include addressing single and multiple clients, depending on the extent of the issue. To enhance security, we configure the system to identify and alert us to rogue devices using unauthorized networks.
  • To enhance security, we configure the system to identify and alert us to rogue devices using unauthorized networks.
  • Set up a separate Wi-Fi channel for internet access by employee-owned devices – Employees want the flexibility to perform their jobs using the platforms, applications, online tools, and services they use on their own devices. To enable employee-owned devices in the enterprise, we suggest a business sets up a separate channel where employees can access Wi-Fi which does not impact on business only devices separated by different firewalls.
  • Define and control access by user type – In providing the right level of access for each user type (employee using a corporate-issued mobile business PC, employee using an employee owned device etc), use different Wi-Fi networks and standards.
  • Control access to data with authentication and role-based trust – Make all access to the Wi-Fi as secure as possible. Use technologies such as federation, multifactor authentication, and certificate services to control access to data by performing role-based trust calculations and managing access privileges appropriately.

By incorporating some of the best practices above into your Wi-Fi planning and deployment phase, Wanstor believes businesses will be better prepared to take advantage of everything a wireless infrastructure has to offer.

For more information about Wanstor’s Wi-Fi services click here.

Read More

Is your private cloud strategy really working? What is your framework for success?

22nd December 2017

Is your private cloud strategy really working? What is your framework for success?

Whether you want to take your IT operations to the public cloud, keep them on-premise, host off-premise using a private cloud model, or indeed choose to invest in a hybrid configuration, the IT Manager must start with a clear understanding of what they are trying to achieve from an IT and business perspective before embarking on their cloud journey.

This may seem like stating the obvious, but at Wanstor we have seen several cases recently where businesses have invested in cloud computing models without thinking about the outcomes they want from a cloud computing strategy.

It can be tempting to get caught up in debates and discussions about “cloud technology”, after all it is a major IT trend which lots of IT and business leaders are talking about in various online and offline publications. However just because something is a hot topic doesn’t mean the fundamental questions of business need are not addressed:

  • What are the key drivers for change?
  • Do we need to change?
  • Are we trying to reduce operational costs?
  • What do we need to do to improve the IT infrastructure environment to better support the business?
  • How can we make staff more productive through IT?
  • What is the right approach for achieving IT objectives over the next 12 months?

Obviously these are not simple questions with simple answers. As Wanstor has learned from our experience of working with 100’s of businesses across the UK on private cloud migration projects, the unique challenges of cloud computing require new ways of thinking, planning, and cross business collaboration to achieve common IT and business goals.

We’ve also seen that success can happen early in a cloud computing engagement by those IT leaders who are able to frame a realistic strategy at the beginning, which has definition and appreciation for the capabilities and limitations of the businesses they lead.

At Wanstor we say business decision makers need to have a “cloud frame of mind.” We believe a “cloud frame of mind” should be used to tackle the various strategic considerations required in a private cloud deployment project.

So let’s start at the beginning, what are you trying to do with your private cloud project?

Generally private clouds are invested in for one of 3 major business reasons:


  • Reduce time to market: Implement new business solutions quickly to accelerate revenue growth.
  • Better enable the solution development life cycle: Speed up business solutions through better development and test, and a fast path to production.
  • Be more responsive to business change: Deliver quickly on new requirements for existing business solutions.


  • Reduce operational costs: Optimize daily operational costs like people, power, and space.
  • Reduce capital costs or move to annuity-based operational costs: Benefit from reduced IT physical assets and more pay-peruse services.
  • Make IT costs transparent: Service consumers better understand what they are paying for.


  • Consistently deliver to better defined service levels: Better service leads to increased customer satisfaction.
  • Ensure continuity of service: Minimise service interruption.
  • Ensure regulatory compliance: Manage the compliance requirements that may increase in complexity with online services.

Where businesses locate their needs amongst these primary drivers and define their objectives as they consider their cloud computing options is a basic starting point in the process. For many in IT the private cloud is proving especially attractive, mainly for what it offers in terms of control over matters of security, data access, and regulatory compliance. Their primary interest in a private cloud architecture revolves around the pressures to cut costs without sacrificing control over essential data, core applications, or business-critical processes. The main secondary interests around private cloud computing are more to do with business growth and the possibilities it offers in terms of scaling workloads at different times of the year. This shows that IT leaders are beginning to think seriously about cloud computing as a way to turn IT into a business enabler rather than being seen as a costly department by other business unit leaders.

As identified above there are several drivers IT leaders are investigating as a means of reasoning to move workloads to a private cloud model. Once the IT leader has identified business needs and objectives, they should take the time to understand the capabilities, limitations, and complexities of their current IT environment, which starts by performing an analysis of technical and organisation maturity vs different capabilities of cloud computing. The next step is then to determine where you want to take your IT team and the business it is serving, and assessing the prerequisites for the desired objectives.

Many of the businesses we work with, start at a basic stage along their cloud optimisation journey. Usually they have already managed to consolidate infrastructure resources for better cost efficiencies through virtualization. If your business fits this profile, an acceptable outcome might be to advance your business to the next stage by implementing more sophisticated infrastructure level resource pooling, which would achieve still greater cost savings as well as a measure of improved time to market. Similarly, your current business capabilities may put you somewhere in the middle of the cloud maturity model, with a relatively high degree of sophistication in business areas you consider your top priorities, such as being able to respond to seasonal shifts in demand for example.

While your ultimate goal might be to bring platform as a service (PaaS) and software as a service (SaaS) architectures so you can leverage a larger set of hybrid cloud capabilities, such as anytime, anywhere access for your customers built on a unified set of compute, network, and storage resources, your near-term focus in the context of an infrastructure as a service (IaaS) model may just be in moving the dial specifically on automated provisioning and de-provisioning of resources. It’s in this approach, by making deliberate, incremental progress in the service of a longer-term strategy that real IT transformation occurs on a private cloud model.

The way forward is to recognise that changing to a functional private cloud model is an evolutionary process, where the investments you make in technology solutions must be evenly matched at each step by the maturity of your business in managing them. Your strategy must be carefully applied in those areas where your business is likely to benefit most. Indeed, not all capabilities of a private cloud need to be, or should be exploited.

The real task lies in balancing the potential goods of a private cloud solution against actual business needs, understanding your capabilities and limitations at each stage of the process, and putting a plan in place that charts a realistic, achievable course of action for getting it done.

The objectives you choose for your private cloud will raise a number of questions about the various technical and organisational implications of implementing your solution. Below are some examples of the kinds of questions IT Managers need to be able to ask in order to frame a comprehensive and realistic strategy for achieving private cloud objectives.

Self-service – Do you want to allow your users to provision the resources they need on-demand without human intervention? How much control should you relinquish? What are the potential consequences of offering a self-service model for common tasks? Will cloud computing be left unchecked and unused if individual users can select their own licences and usage limits, if so how much money will this cost the business, if accounts are left unused?

Usage-based – Pay-per-service, or “chargeback,” is one of the hallmarks of cloud computing, and if your private cloud strategy includes driving greater transparency of costs for better resource planning, you need to know the incentives you are trying to drive. Are you trying to reward good behaviour and punish bad? Do you wish to push more round-the-clock workloads to night time operations for power savings that support your company’s environmental initiatives?

Elasticity – Being able to respond efficiently to fluctuations in resource usage can represent a major selling point for cloud computing. It is important to consider first whether you really need a sophisticated system of automated provisioning and de-provisioning of servers to deal with fluctuations in demand. If significant and relatively unpredictable, then this capability may be appropriate. If the need is regular and predictable, straightforward automation may be sufficient for your purposes. Other questions you need to ask: Which applications are priorities, and which can be pushed back in terms of priorities?

Pooled resources – Consolidating resources to save on infrastructure, platform, and/or software costs is a common goal for large-scale IT operations. If you’re in a medium/large business with several independent departments potentially with their own IT operations, you are likely to encounter critical questions of process: E.g. Will independent groups deal with the inherent limitations of shared infrastructure and services? Will standardised configurations come at the cost of the optimised systems to which they’ve grown accustomed? As you move forward in the process of pooling your resources to get the benefits, you need to be aware of the likely trade-offs in putting everyone on a standard set of services. It may well be worth the cost to the business as a whole, but it may not seem that way to those who lose capabilities or levels of service to which they’ve been accustomed.

Comprehensive network access – As you move out from behind the business firewall and away from tightly controlled client configurations and network access scenarios, there are several important considerations that will need to inform your strategy, beyond the obvious concerns over security, such as the nature and extent of supportability: What kinds of personal devices will you support and to what degree? How will mobile clients (smartphones, operating systems and tablets) access network resources, and will you have the right levels of bandwidth to service them? What forms of authentication will you support?

Whatever objectives you are aiming to achieve, the important point to note is that building a private cloud is a process for which there are numerous tactical and strategic considerations. A successful private cloud implementation relies on the ability to think through all facets of the undertaking, clearly understanding the dependencies, trade-offs, limitations, and opportunities of any particular strategy. The reality for most businesses is that an incremental private cloud strategy is the only realistic path, given the technical and organisational complexity of current IT operations which exist as the business has invested large sums of money into them over a period of time.

Expectations and realities of cloud computing in a business IT context can prove a challenge to resolve. Many IT leaders understand why an incremental approach is needed, but those outside IT, are less clear about the real implications of implementing a cloud solution. The right strategy for achieving private cloud objectives must also include an appropriate communications strategy for setting and managing expectations for the business as a whole. With the whole business informed, from the board room to the front office, the hard work of defining and executing on your private cloud strategy is far more likely to achieve its objectives and set your business on the path to long-term success in the cloud.

For more information about Wanstor’s private cloud services click here.

Read More

Reasons why business leaders need to consider outsourcing their IT service desk to a specialist provider

14th December 2017

Service Desk Operatives smiling

At Wanstor we have recently been talking to a number of existing and potential customers about their IT service desk support. Our discussions have highlighted a number of major trends which IT departments and business leaders were not aware of putting pressure on IT service desk resources. For example:

  • Employees are more mobile than ever before, meaning things break at different locations
  • Employees attitudes to work are changing from a place where you go, to something you do as and when required
  • Different business departments wanting access to cloud services
  • More and more applications are being developed and used in day to day business
  • Data management becoming a serious headache as employees and customers demand access to it 24/7
  • More and more devices being used – leading to security and patch management issues in terms of the right levels of resourcing and making sure users are safe at all times from potential attacks
  • New technology and new devices are being launched all the time – What is the best way to offer support?
  • Growing operational costs of supporting a sprawling mixed vendor IT infrastructure
  • End users complaining about the time it takes to solve issues through the IT service desk

Traditional IT help desks used to service the business during opening hours and at fixed locations, however this is no longer good enough. IT support staff are now required to be multi skilled across a range of technologies and provide support to staff at different locations 24/7.

As business technology has become increasingly complex, the need for dedicated IT support services has grown. Typically the IT help desk has provided end users with little more than basic trouble shooting and issue management services. In the past when technology was made by only a few manufacturers, staff could easily be trained and appear knowledgeable about computers and IT infrastructure. However as business has become more reliant on technology, a standardised and documented helpdesk approach is needed, one which offers a consistent set of services and protocols for help desk staff. Over the past decade, IT help desk staff have started to become hindered by the sheer speed at which enterprise technology has evolved. There are a number of trends that have made it increasingly difficult for traditional IT help desks to provide the kinds of support that end users need:

These trends include:

  • Improvements in users personal IT has changed perceptions and expectations of what IT can help them with in their working lives. The user experience of smartphones and laptops is significantly better than even 5 years ago. What’s more, many of the leading technology providers provide consumers with a high standard of customer service (Just think of the apple store). So, when they call up their company’s IT service desk, they quickly become frustrated by untrained staff, staff who do not keep lines of communication open or inefficient processes which they have to go through to get a simple problem fixed.
  • Most of the modern workforce have been using advanced technology for the majority of their lives. Many employees are now capable of resolving minor troubleshooting problems and are also used to looking for answers online through search engines. Quite often, the IT help desk is a last resort for more complex problems, meaning IT help desk staff must be prepared to resolve more difficult issues.
  • As technology has evolved users are using a variety of software and applications in their business lives. Today, the typical business will be using 100’s of applications, with staff constantly connecting to the network with different kinds of personal and mobile devices. Expecting the service desk to monitor and support this complexity alone is problematic, as every user has a different IT need in terms of software and applications.
  • Employees want to work when they want to not when they are told to. This change in mindset with regards to work alongside the widespread acceptance of cloud technology and mobile devices, means business users are now able to access company content from their smartphones or laptops at any hour of the day. Most of the time this is hugely beneficial to the user and the company, allowing workers to be productive whilst out of the office. However, when they have problems logging onto the system, or syncing a document to their device, they need support instantly. When an IT help desk is closed at weekends or after 5pm, the service simply does not match up to user and business requirements.
  • More pressure is being placed on IT helpdesks. Staff turnover is constant as many internal IT helpdesk staff simply cannot cope with the demands being made of them. The HDI regularly states that the staff turnover rate on IT service desks is as high as 40% with many staff who do not leave complaining of stress and stress related illnesses. Such a high staff turnover means internal IT service desks often have extremely large training bills as they are constantly struggle to train and retain skilled staff members alongside many positions remaining unfilled.

The issues identified above have led many businesses to explore alternatives to the traditional in-house IT support approach. At Wanstor we believe the aim is not to replace the talent firms already have. Rather, the goal should be to extend and enhance in-house IT staff, by letting them focus their attention on high value strategic activities, whilst using a mix of outsourced staff and technology to support wider business and IT goals for highly intensive administration tasks.

At Wanstor we believe by enhancing internal IT services teams with improved help desk technology and outsourced IT service desk teams for high volume/admin heavy tasks, businesses can fill the skills, cost and user satisfaction gaps which exist and achieve the best possible ROI from their technology. The main reasons many business leaders are talking to Wanstor about outsourcing their IT helpdesks are:

Improved communication – Focussed on the specific needs of the business and end users

Training – Outsourced IT service desk staff specialise in providing customer support for a wide range of technologies. This means that they are trained with the latest versions of software solutions. They can also be trained to help with a business’s specific technology set up.

Cost savings – Many IT outsourcing companies provide contracts that give businesses the option to only pay for the services they need and use. An internal IT service desk is a fixed cost in terms of people and technology which needs to be provided even when the business does not require large volumes of IT support. By moving to a pay as you go IT service model, it has been proven through many extensive studies that operational costs of IT service desks can be cut by over 20% in many cases.

Outsourcing part of your IT support service will only be successful if the solution and partner you choose aligns with the specific needs of your business. It is essential that business and IT decision makers develop a plan of requirements and expectations before they engage with an IT partner. By taking the time at the outset to decide what the business actually needs from an IT support partner you can decide on whether you are looking for a partner to resolve repetitive problems like resetting passwords, or are looking for a close partnership where your IT help desk is fully supported by an external team and best in class technology.

At Wanstor we recommend all businesses do 5 things before they engage with and decide on an outsourced IT service desk partnership. They are:

  • Discuss what is going wrong with your existing IT helpdesk team and see if there are any process or people improvements which could be made to alleviate pressure and improve the service required back to the business
  • Interview a selection of end users and find out what they want/expect from an IT service desk and then evaluate if you already have the skills/capabilities to satisfy those user demands or if you definitely need some help
  • Have a vision of what you want the IT service desk to look like. Can you provide that vision with internal staff or do you need expert outside help to reach your IT and business goals. If you do want external IT support what does your ideal IT partner look like and what services should they provide?
  • Engage with a partner who can support your vision and has the expertise and experience to turn it into reality. Your partner should be able to advise you on what is realistic, and you should expect them to be able to guide you to a degree.
  • Set KPIs to judge whether your partnership is successful, it is highly valuable to measure progress. Conduct regular customer satisfaction surveys to find out whether your business users are now happier with the service they are receiving.

In summary, the traditional IT help desk model is redundant. Business technology has moved on and is still moving through its various lifecycles at a real pace. As a result, traditional IT help desks are simply unable to cope with the increased demands being placed on them. At Wanstor we believe the future IT service desk model is a hybrid one. One which uses internal IT teams for strategic high value IT programmes of work and an external provider who can look after all of the operational IT demands from users such as patching, password re-sets, application updates and making sure the right security is in place. Get the internal/external IT service provider mix right and your business could benefit from access to highly trained staff as and when it needs them, lower operational costs and improved end user satisfaction levels.

To find out more about Wanstor’s vision of the IT service desk of the future download our whitepaper here.

Read More

Is your digital transformation working? Putting the basics in place

3rd November 2017

Digital Transformation

In the current business environment, it’s not enough to automate processes and increase efficiency. To succeed, companies need to be unique and truly differentiate themselves from the competition. Your customers are demanding a more personalised service, and their expectations about the service they receive from your business continue to rise every day. To meet rising customer expectations around their business, and stay competitive, companies need to move to a relationship/value based interactive model with their customers. This increasingly means starting with the customer impact first on any business project, initiative or budgetary spend. This is where digital strategies start and digital transformation can happen. Many businesses have started ‘digital’ programmes of work, but have not yet seen the rewards of their efforts.

At Wanstor we believe there are 4 things businesses should do before embarking on a digital transformation strategy. Under no circumstances is it good enough to dip a toe into digital transformation. Instead business leaders should either commit to a digital transformation programme of work fully or decide when they are going to commit to it. In summary – undertaking a digital transformation programme to execute a digital strategy is not an easy task and half-hearted approaches simply won’t work.

So what are the 4 things all business leaders should do if they want to successfully execute ‘digital’?

Take the time to develop a strategy

The strategy phase of the digital transformation process should help a business define and understand the problems it wants to solve and how it is going to solve them. The old way of working in business is to start with existing problems and requirements then develop a solution. This approach still has value, but only deals with problems that exist today, rather than looking at potential problems/pitfalls in the future. At Wanstor we recommend when building a digital transformation strategy, businesses should instead focus on outcomes and end goals if they are going to be successful. Ask questions such as – What does success look like? What customer experience do we want to create? What story do we want to tell to the business and customers?

Think about the key themes of your transformation and the experience you want to deliver. For example, a restaurant owner may want to personalise the dining experience further. Now the restauranteur has captured a vision of what they want to do, they now require a programme of work to help achieve the set vision. This is where digital comes into play. The restauranteur wants to create an actionable strategic vision that wraps around business objectives. To do this, they first of all need to identify gaps across people, processes, technology and offerings, and then create a roadmap to success. As well as having a clear plan, it is important that any digital initiative is completed at speed so as to stay ahead of the competition and improve the time to benefit ratio of projects which will affect the business and provide a customer with an improved experience.

Design with the customer experience in mind

Designing any solution to a problem in a digital world should always start with the customer in mind. This means thinking about how customers and staff will interact with technology to improve the dining experience for example. First of all think about focusing on the experiences you want to create for your end-users, not the requirements of the solution. Also consider how you can change the way employees engage and collaborate and the way customers interact with your business. Your goal here should be to build the right experience, and allows your staff and ultimately your customers to reach their end goals e.g. a more efficient front of house operation resulting in a better customer dining experience.

Put the right pieces in place

Having a strategy and a design is a great start to your digital transformation. But if you can’t assemble the right pieces – people, propositions, processes and technology you actually haven’t got anything apart from random parts. At this stage it’s time to start unifying the team, the processes and ultimately start shaping the experience. E.g. A restaurant wants to make online bookings easier on its website. To accomplish this, they need to connect the different points of the customer journey with the booking system. What does the customer do when they land on the restaurants website for example? How easy is it to find the booking application? How is the booking data relayed to the restaurant they want to book a table in? Do staff at the restaurant understand the booking system and the customer’s requirements when they book?

It doesn’t matter how many systems need to be involved, it should all be seamless and easy for the customer who should feel like they are accessing one single system. At Wanstor we usually find for processes like ‘restaurant booking’ most restaurant businesses already have the right pieces of technology and parts of the process, but it’s joining them together that is quite often the problem. The key to success is leveraging all disparate systems, services and existing technologies to power elements of the digital ecosystem. Quite often a simple gap analysis of where you are now vs where you want to get to, highlights areas which need to be joined up or require work for integration. By putting the disparate pieces together ‘digital’ can actually start to become a reality.

Get ready for success

The final piece of the digital transformation puzzle is getting and keeping everything running smoothly. Regardless of your deployment method, you will want to implement a plan for continuous management and support. This starts with a dedicated digital transformation team who can help implement governance and a plan to keep your ‘digital’ roadmap and architecture up-to-date at all times. For IT they should consider adding a shared support structure, along the lines of a shared services centre, with skills across a variety of disciplines, such as change management, process optimisation, and agile management, so they can build repeatable processes that are supported by a dedicated group of experts. If you don’t have these skills in-house, you should find a managed service partner who can supplement the team with these skills.

In summary at Wanstor we usually see digital transformation programmes failing or not delivering the benefits they promise as teams, people, processes and technologies are disconnected. By following the 4 steps above you should have by now, grasped that digital transformation is not just about technology but about business change. Those businesses which put together the right strategy, design, and processes in place will ultimately achieve their digital transformation goals.

At Wanstor we believe ‘digital’ can bridge many business and technology gaps. By bringing together a top-down business approach with bottom-up operational experience ‘digital transformation’ adds customer, employee, and operational value by leveraging disparate products, services, and existing technologies, to create, build, and manage digital ecosystems.

By using digital transformation programmes to innovate and improve, businesses can create a long-term competitive advantage. One that creates improved customer loyalty, more customer spend and reduced business operating costs.

Read More

GDPR is fast approaching – here’s what you need to know

27th October 2017


General Data Protection Regulation, or GDPR, will in many cases revolutionise how businesses process and handle data. Since data protection laws were created in the 1990s, they are now no longer fit for purpose.

GDPR is the EU’s answer to an ever growing problem of data volumes and how organisations are using, storing, analyzing and managing their customers, suppliers and partners data. GDPR will come into force on the 25th May 2018, but many businesses have still not allocated budget, time or resource to the new GDPR compliance guidelines. Because of the fines involved for non-compliance and the potential business benefits it could bring in terms of information management, GDPR is not something that should be ignored.

To help your business understand more about GDPR and what it needs to do in preparation, here is Wanstor’s brief guide to GDPR success.

What is GDPR?

GDPR is the EU’s new framework for data protection laws, replacing the 1995 data protection directive which UK law is based on. The EU’s GDPR website states that the legislation is designed to ‘harmonise’ data privacy laws across Europe, as well as to give greater protection and enhanced rights to individuals. Within GDPR regulations, there are significant changes for businesses who handle customer, supplier and partner information. The 25th of May 2018 is the most important date to remember with regards to GDPR – it is the date upon which this legislation goes live.

Why do we need to comply with GDPR? There are data protection laws in place.

Each member state in the EU operates under the current 1995 data protection regulation and has its own national laws. In the UK, the current data protection act of 1998 sets out how personal information can be used by companies, the government, and other organisations. GDPR changes how personal data can be used, stored and managed. The existing data protection laws in the UK will be updated based on new GDPR guidelines, which that means all businesses in the UK will have to adhere to a new set of data protection policies.

Okay, so the law is changing around data protection. How will my business be affected?

Individuals, organisations and businesses that are either controlling or processing personal data will be covered by GDPR. Both personal data and sensitive personal data are covered by GDPR.
Personal data is identified as a piece of information that can be used to identify a person. This can be a name, address, IP address, email address… you name it, and there is a strong likelyhood that it can be classified as personal data.
Sensitive personal data encompasses information such as genetic data, information about religious and political views, and sexual orientation. These definitions are pretty much the same as those within current data protection laws, and often relates to information that is collected through automated processes.

Where GDPR differentiates from current data protection laws is that data which could be interpreted as personal data may fall under the law, if it is possible that a person could be identified by information they have given which may or may not relate to them.

For businesses, this means undertaking a process of identifying all potential personal data that they hold, identifying where it is stored, ensuring that it is being managed correctly, and guaranteeing that they can delete it if requested. Although this may sound like a simple process, the reality is very different. Many businesses hold personal customer information in silos across the estate, as it is used by different departments for different purposes. So taking the time to identify all potential personal data is a challenging task which must be undertaken by the IT team and functional business units.

So, what’s different to existing data protection rules?

There are 99 articles setting out the rights of individuals and obligations placed on businesses covered by the GDPR regulation. These include allowing people to have easier access to the data that companies hold about them, a new penalty regime and a set of clear responsibilities for businesses when obtaining consent from people that they collect information about. Businesses covered by GDPR will be held more accountable for their handling of people’s personal information. This can include having data protection policies, data protection impact assessments and relevant documents in place on how data is processed.

Under GDPR, the ‘destruction, loss, alteration, unauthorised disclosure of or access to people’s data’ has to be reported to a country’s data protection regulator (the ICO in the UK) where it could have a detrimental impact on those who relates to. This can include issues such as financial loss, confidentiality, and damage to reputation. Under GDPR regulations, the ICO will have to be informed of any data protection breach within 72 hours of a business discovering such an event. Additionally, the people who it may affect must be informed of the breach. This additional stress on the data management process is likely to test even the most robust data management strategies, and is why Wanstor are recommending that businesses take action now to assess where data is stored and to make improvements to information management strategies before the new legislation comes into being. Come the 25th May, it may prove extremely costly should businesses prove unable to locate data which they are holding that is involved in any form of breach.

For businesses with more than 250 employees, there will exist a requirement demanding documentation that justifies the need to collect and process people’s information, describes the information that is held, how long it is being kept for, and descriptions of the technical security measures being employed in order to protect this data. Additionally, companies that have ‘regular and systematic monitoring’ of individuals on a large scale or that process large volumes of sensitive personal data will be required to employ a Data Protection Officer (DPO). For many businesses covered by GDPR, this will mean hiring a new member of staff in order to comply with GDPR regulation.

There will be a requirement that businesses obtain consent for the processing of data in certain situations. When a business is relying on consent to lawfully use a person’s information, they will need to explain clearly that said consent is being given, and there will need to be a ‘positive’ opt-in.

Access to data

As well as placing new obligations on businesses collecting personal data, GDPR also gives individuals greater power to access information that is held about them. At present, a Subject Access Request (SAR) allows businesses and public bodies to charge £10 when releasing personal data requested by any individual. Under GDPR, this will be scrapped, and requests for personal information can be made free of charge. When someone makes a request for personal data held by a business, that business will be required by law to divulge this information within one month of said request. Everyone will have the right to obtain confirmation that a business holds personal information about them and to access this information. Additionally, GDPR gives a person rights around the automated processing of data. The ICO states that individuals ‘have the right not to be subject to a decision’ if it is automatic and it produces a significant effect on their person. There are exceptions to this, but generally, individuals must be provided with an explanation of a decision that has been taken about them.

The new regulation also gives individuals the power to have their personal data erased. This includes where it is no longer necessary for the purpose it was collected for, if consent is withdrawn, there is no legitimate interest or if it was unlawfully processed or collected in error.

What if we get it wrong?

One of the most topical elements of GDPR will be the Regulators ability to penalise businesses that fail to comply. If a business does not process an individual’s data correctly, this will result in a financial penalty. If it requires and does not employ a Data Protection Officer, it can again be subjected to a fine. The advent of a security breach may also present a costly issue to businesses.
These monetary penalties will be decided upon by the ICO; the legislation states that smaller offences could result in fines of up to €10 million, or two per cent of a firm’s global turnover (whichever is greater). Those with more serious consequences can have fines of up to €20 million, or four per cent, of a firm’s global turnover (whichever is greater). Obviously the potential fines are significant, and significantly higher than the existing penalties of £500,000 the ICO is capable of issuing at this point in time.

There is speculation that the ICO will look to make examples at an early stage of businesses which fail to comply with GDPR – Wanstor understands, however, that this may not be case. Standard procedure for dealing with data breaches will be employed by the ICO. In reality, this may mean a letter of warning followed by a small fine for the first offence (depending on the severity of the breach), with larger penalties reserved for cases where gross negligence is indicated.

So how should I prepare my business for GDPR?

When implemented, GDPR will have an impact on all UK businesses. At Wanstor, we suggest the following action now, if this has not already been implemented:

• Undertake a GDPR compliance audit or assessment with your IT partner

• Develop a GDPR compliance roadmap with activity milestones in place

• If your business has more than 250 employees, you will need to recruit a Data Protection Officer

• Identify where new procedures need to be introduced across different business functions

• Recruit a GDPR project team with representatives from IT, Finance, Legal, HR, Marketing, Sales and Operations

• Ensure that data authentication and encryption is up to date

• Schedule training with employees where new GDPR processes will affect job specifications

• Make sure that time is allocated to test new data management policies and processes

• Meet with suppliers and partners to ensure that they are GDPR compliant and do not present any threat in the form of a data breach

• Ensure that clear procedures are in place around the processing and deletion of data

• ‘Right to be forgotten’ requests must be administered within the new GDPR guidelines

Developing the right approach to the rules

In the coming months, businesses can expect an abundance of official guidance from national bodies such as the Information Commissioner’s Office. This will clarify and dictate the detail of what specific industry sectors must do to prepare for GDPR. This does not mean that businesses cannot take the initiative and begin preparing now.

At Wanstor we believe businesses need to evaluate the personal data they hold immediately. In order to do this, a data audit should be undertaken with an IT partner who has a deep understanding of data and information management. Once the this audit is complete, IT teams should categorise the data so that they are clear where sensitive personal data is stored, and where other, less important data resides within the business. We recommend that once the data audit and categorisation is complete, a Data Map is drawn up to help both IT teams along with business stakeholders understand the different sources, patterns and storage areas of data throughout the company – and, most importantly, who owns this data and is responsible for the management thereof.

Once the data understanding exercise is complete, the GDPR project team should then take time to schedule and undertake regular risk assessments, and to ensure that these are executed regularly. This will help with understanding the level of threat imposed on the company when processing data. At Wanstor, we believe that a proactive, risk-averse approach to GDPR is the way forward. This approach will ensure that senior management recognises the dangers associated with the loss, misuse, theft or compromise of customer data.

In summary, IT teams should lead the GDPR project for business. They should take responsibility for making sure that their business, suppliers and partners have effective technical and organisational measures in place so as to ensure the security of data processing.

Read More

KRACK Wi-Fi attack – What you need to know

20th October 2017

patch management

A devastating flaw in Wi-Fi’s WPA security protocol makes it possible for attackers to eavesdrop on data when devices or other endpoints connect to the Wi-Fi network. Dubbed KRACK (Key Reinstallation Attack), the issue affects the Wi-Fi protocol itself, and works against all modern protected Wi-Fi networks. This means that if any device uses Wi-Fi, KRACK is highly likely to impact it. Fortunately, over the course of this week major software and operating system companies have moved quickly to patch the issue. However, issues remain with many users not patching their devices or adhering to IT security best practices.

Read More
124-126 Borough High Street London, SE1 1LB
Phone: 0333 123 0360, 020 7592 7860
IT Support London from Wanstor IT Support London