In a packed agenda, including a keynote presentation from Jonathan Bamford, Head of Strategic Liaison at the ICO, specialists from the FAST IT Security Group gathered at the nerve centre of Churchill’s War Cabinet to provide organisations with the most up to date information and guidance on:

• The threats to company data and the ramifications, both financial and reputational, of lax data security
• How to deal with threats that unregulated use of social networking sites could bring to your organisation
• The legal and regulatory risks from both internal and external threats and how to manage them.

After the morning session, delegates enjoyed the opportunity to visit the Churchill Museum and Cabinet war rooms.  The following presentations can be downloaded here:

• Jonathan Bamford, Head of Strategic Liaison, ICO “Data Protection, Stronger Enforcement, Greater Encouragement”
• Ian Kilpatrick, Chairman Wick Hill Ltd “DP, Are your Borders Safe from Internal and External Attack?”
• Ian Moyse, Director of Channel Sales, Webroot “Protecting the business against Internet Threats”
• Vinod Bange, Partner Speechly Bircham “Assessing legal risks, challenges and priorities”

FAST and Bird & Bird held their “Software as a Service – Delivering value from Cloud Computing” seminar on Tuesday 24th November 2009 at the Bird & Bird offices in London.

Consumers, start-ups and SMEs are increasingly achieving significant benefits from the adoption of Software as a Service and Cloud Computing. The current economic climate has provided the impetus for even large companies and public bodies to acknowledge that, despite the challenges, this is an evolution in IT that can no longer be ignored. Therefore the true debate is how to overcome those challenges in practical terms and manage the risks that moving to SaaS and Cloud Computing transfers back to your business.

Julian Heathcote Hobbins, General Counsel at FAST, welcomed a range of experts from IDC, Dell, Microsoft and Bird & Bird who provided their insights into the key aspects of this topic and engaged in a discussion with our audience about the questions and issues arising in practice for both customers and suppliers.

Please click the download button on the left to view the paper that was available at this seminar.

Following corporate restructuring and staff reductions, many organisations are finding that they have software licences which cost thousands, if not hundreds of thousands of pounds, which are no longer required. Equally, companies that have collapsed may have enterprise wide licences for software that cost millions of pounds to purchase. The seminar addressed the following:

• Are such software licences assets that could be realised by the companies or their liquidators or do they have zero value?
• Is it ever safe for a corporate entity to buy "second-hand" software?

The SIRB held the first national conference on Software Management and Licensing at Thames Valley Park on 12th May 2009. The event was very well attended and in a packed agenda over 120 people heard from industry leaders including Microsoft and Oracle as well as champions from end user organisations.

In a lively keynote session, Rupert Goodwin, Editor of ZDnet recognised the importance of managing software effectively by reminding the audience that a tenth of all IT spend globally is on software “even in these straitened times, that’s a quarter of a trillion dollars” and concluded that both users and vendors have a joint responsibility to address the issues and nurture best practice adoption.

Andy Burton, Chair of the SIRB, shared details of the 2008-9 Research programme conducted by IDC, providing a benchmark to help business understand some of the attitudes, practices and perceptions around Software Asset Management, and highlighting the risks and challenges to it’s effective adoption.

Martin Beare, Director of Worldwide SAM at Microsoft Inc, USA shared the latest insights from Microsoft’s SAM strategy and approach and contributed, with other speakers, to a Q&A session taking questions from the audience at the end of a busy day. It wasn’t all about theory, and in two popular sessions, speakers from the NHS and United Utilities shared insights from their experiences on the difficulties, challenges and rewards of real life SAM programmes and how they gained control of their software estates. A focused exhibition provided delegates with the opportunity to access specialist tool vendors and service providers with the expertise to help them implement SAM initiatives.

Delegate feedback from the day was positive including the following comments “Valuable information well presented providing a good overview of software asset management” and “It confirmed we are going in the right direction and that was very positive” Another delegate who had travelled from outside the EU commented “It was an excellent opportunity for me to get in contact with colleagues in UK/EU and gave me few excellent ideas on what to pay attention to in advancing SAM services and evangelisation”. There were also a number of constructive suggestions such as “Please include even more on the enterprise commercial software realities of SAP, Oracle and others above and beyond the Microsoft world” and other ideas included future workshops on specific issues such as virtualisation.

For those who attended, details of the presentations are available for download from the FAST IiS website – if you missed the conference but would be interested in finding out about future events, check out our events schedule.

This event, hosted by FLAG member DMH Stallard, looked at the law that permits individuals to bring private prosecutions for criminal offences. In certain circumstances infringing copyright constitutes a criminal offence and the law treats the infringement as theft. Anyone who knowingly infringes copyright commits the criminal offences not just a “pirate”. The maximum prison sentence for copyright theft is now ten years in prison and an unlimited fine can be imposed. The costs of the prosecution are borne by the state not by the parties. Private prosecutions are extremely effective in deterring infringement and as a tool to send a compliance message to would be infringers.

Thursday 12 Marchi 2009, The Catalyst Group Room, Intellect Conference Suite. WC1
FAST IiS in association with Intellect and Grid Computing Now! pulled together an exciting list of speakers from the industry and their leading edge customers to shed light on this innovation through holding the conference.

What was talked about?
The widespread adoption of virtualisation, the development of commercial service oriented infrastructures and the incredible diversity of web services being published have changed the IT landscape. We are finally capable of breaking the mould of in-house, self-maintained, IT systems towards a future of business capabilities and dynamic capacity made available on demand to users and paid for by the swipe of a credit card.
This conference was aimed at bringing this new delivery model for IT services into the harsh light of reality. Attendees had the opportunity to have their questions answered about the real benefits Software as a Service can deliver. The event especially targeted software publishers faced with the major changes taking place within the industry and the new demands from its customers. Members of FAST IiS Legal Advisory Group provided insight into the legal risks that need to be assessed whilst publishers who have made the move provided real life scenarios of the challenges overcome and the benefits of this business model.

Who spoke?

Who attended?
Software developers, users and resellers.

What did I miss?
This event answered the questions that delegates had about the reality of Software as a Service. It also provided an excellent networking opportunity. If you would like to know about future events contact Breda O’Shea on 01628 640062 or via info@fastiis.org

Those who braved the snow, ice and travel chaos were rewarded by an absorbing and enlightening series of presentations at the latest event to be held by FAST IiS’s Information Technology Security Group (ITSG).

The prevention of data loss is an ever present challenge to all organisations as the loss of data may not only result in sanctions and fines from the Information Commissioner’s Office (ICO) but it may also bring claims for damages, unwanted publicity and a loss of reputation. High profile losses from TJ Maxx, Monster and government departments etc. have all raised awareness of the dangers. The speakers at this seminar explained what the law says you need to do, how you can go about it, and what to do in the event of a data security breach.

• Tatiana Kruse, Partner and Head of IT Law at London law firm Salans, gave the legal view and explained the ‘key terms’ within the Data Protection Act 1998 and ‘The 8 Data Protection Principles’ dealing in detail with the Seventh Principle explaining how to comply with it in practice.
• Having the technology in place to prevent data loss is one essential step. Ian Kilpatrick, Chairman of Wick Hill Group plc suggested that one of the major problems is the disconnect between rules, IT, compliance and responsibility. Penetration testing to highlight areas of weakness, setting up an Incident Team so that procedures are in place before an incident occurs and a variety of technological solutions were all covered in his presentation.
• Sometimes things go wrong and a security data breach occurs. For these occasions Robert Bond, Partner and Head of IP, Technology & Commercial at London law firm Speechly Bircham was able to offer guidance on how to institute a Breach Management Plan and assess the risks revealing that insurers are now requiring companies to have an Incident Response Team in place. Who should be notified and when, what you need to tell the ICO, how to evaluate the breach and the response you should make to it were all covered in his presentation.

The Federation’s Asset Management Group held the latest in their series of events for Corporate Members at Silverstone Race Circuit on the 21st May 2008. Despite the roar of the Ferraris in the background Martin Callinan of Centennial held everyone’s attention in his keynote presentation which outlined the relationship between Software Asset Management (SAM) and Compliance. Martin’s presentation explained the differences between the two and highlighted the areas of overlap which led neatly into the four interactive workshop sessions which were focused around:

• Desktop Licensing
• SAM and ITIL
• Server Licensing
• SAM and PC Lifecycle Management

with each delegate being able to elect to attend two of the four sessions.

Each session was facilitated by 2-3 members of the Asset Management Group and delegates were invited to raise questions or reveal their own experiences for the benefit of the discussions.

Workshop facilitators were Hugh Skingley of Liken Limited and Martin Callinan of Centennial Software Limited for the Desktop sessions and Graham Dawe of RMS Services Limited, Constant Fischer of FrontRange Systems Limited and Christophe Marcelin of Dell/ASAP.

The Asset Management Group and IT Security Group’s latest joint event got off to a lively and intriguing start with a keynote speech by Lord Erroll, a Cross Bench Peer and champion of IT in the House of Lords.

Presentations followed from four Federation members covering all aspects of data leakage from assessing how to balance the need for access against the prevention of intrusion, assessing risk and how to use a combination of processes, people and technology to develop best practice and what to do if a data leakage incident occurs.

Pinewood Studios, 17th October 2007

The Asset Management Group and the Information Technology Security Group put on their first joint event at Pinewood Studios. Taking advantage of the fact that Pinewood is the home of James Bond, the Groups produced a film which followed an IT Manager (Basil Bond (!)) on his first day at a new company. Meetings with his own deputy, the MD, Sales & Marketing Director and FD were shown, and after each meeting the issues raised were examined by the presenters.

How to try and eliminate risk in your enterprise and what to do when disaster strikes and your frontline is breached.

On a rainy Tuesday morning in May, delegates had the gloom lifted by experts from the Information Technology Security Group (ITSG). In a half day seminar they showed how to mitigate risk and what to do if the worst should happen and your company’s security is breached. Three sessions covered Policy Management, Removable Media and Mobile Working, and Incident Investigation.

Robin Saunders of Nexus Technology Ltd emphasised that organisations not only needed to have robust Policies & Procedures (P&Ps) and realising all the areas of risk is the first step to putting P&Ps together. Only once you know the risks can you start to plan to mitigate those risks. Robin’s presentation slides on the Risk Management Cycle show how to get it under control.

Andy King from Centennial Software discussed the vexed question of Removable Media and Mobile working. This can be an absolute minefield for companies but it doesn’t have to be that way. Andy had some amazing examples of security breaches which you can see on his slides, together with essential actions that organisations must take and guidance on how to create an effective security policy.

Crime is always of interest, even more so if someone else is the victim. Even in the best of regulated companies bad things do happen. Simon Janes of Computer Forensic Alliance, quoted a statistic from the National High-Tec Crime Unit’s Crime Report of 2005 in which it stated that ‘68% of all incidents relating to the theft of information or data were committed by internal employees’. Simon went on to a case study where he was able to show how an originating company’s documents had been changed for the benefit of a competitor.