{"@attributes":{"version":"2.0"},"channel":{"copyright":"Copyright TechTarget - All rights reserved","description":"ComputerWeekly\u2019s best articles of the day","docs":"https:\/\/cyber.law.harvard.edu\/rss\/rss.html","generator":"Techtarget Feed Generator","language":"en","lastBuildDate":"Mon, 08 Jun 2026 01:11:02 GMT","link":"https:\/\/www.computerweekly.com","managingEditor":"editor@computerweekly.com","item":[{"body":"<p><a href=\"https:\/\/www.carnivalcorp.com\/\" target=\"_blank\" rel=\"noopener\">Carnival Corporation<\/a>, the world\u2019s largest cruise ship operator, has confirmed an extensive data breach in the wake of an April 2026 system compromise claimed by <a href=\"https:\/\/www.computerweekly.com\/news\/366639851\/Salesforce-tracks-possible-ShinyHunters-campaign-targeting-its-users\" target=\"_blank\" rel=\"noopener\">the now-infamous ShinyHunters cyber gang<\/a>.<\/p> \n<p>As is typical of incidents attributed to ShinyHunters, the attack appears to have stemmed from inside Carnival\u2019s <a href=\"https:\/\/www.techtarget.com\/searchsecurity\/definition\/supply-chain-attack\" target=\"_blank\" rel=\"noopener\">supply chain<\/a>, involving a successful phishing attempt against a third-party account with access to the victims\u2019 systems.<\/p> \n<p><a href=\"https:\/\/haveibeenpwned.com\/breach\/Carnival\" target=\"_blank\" rel=\"noopener\">According to HaveIBeenPwned<\/a>, this enabled the hackers to steal almost millions of data records linked to holidaymakers who had voyaged with Carnival\u2019s Holland America brand, including names, dates of birth, gender and loyalty programme status. Carnival has now added contact details and driving licence and passport data to this list. Almost six million individuals are <a href=\"https:\/\/www.maine.gov\/agviewer\/content\/ag\/985235c7-cb95-4be2-8792-a1252b4f8318\/d6729ef2-7bb3-42d3-abdd-99a1dd8f2415.html\" target=\"_blank\" rel=\"noopener\">thought to be affected<\/a>.<\/p> \n<p><a href=\"https:\/\/www.carnivalcorp.com\/wp-content\/uploads\/2026\/05\/Website-Notice-Substitute-Notice-05.27.26.pdf\" target=\"_blank\" rel=\"noopener\">In a disclosure notice<\/a>, the company claimed: \u201cCarnival Corporation values the trust you place in us, and we take the privacy and security of your information very seriously \u2026 We deeply regret this incident and any concern it may cause, and have sent notification letters to individuals whose data was impacted.\u201d<\/p> \n<p>Serial cyber attack victim Carnival suffered three incidents \u2013 a data breach and two distinct ransomware attacks \u2013 <a href=\"https:\/\/www.computerweekly.com\/news\/252487779\/Carnival-cruise-lines-hit-by-ransomware-customer-data-stolen\" target=\"_blank\" rel=\"noopener\">in quick succession in 2020<\/a>, followed by <a href=\"https:\/\/www.computerweekly.com\/news\/252502659\/Carnival-Cruises-hit-by-fourth-cyber-incident-in-a-year\" target=\"_blank\" rel=\"noopener\">a fourth cyber breach in early 2021<\/a>.<\/p> \n<p>\u201cIn addition to the comprehensive security measures our company had in place prior to the incident, we have taken steps to further safeguard our systems, including enhancing our security and monitoring controls,\u201d said Carnival, which has also committed to offering affected US residents two years of free credit monitoring services.<\/p> \n<p>\u201cOur company will continue to advance our IT security and data privacy controls to stay ahead of an ever-evolving threat landscape,\u201d the firm added.<\/p> \n<div class=\"extra-info\">\n <div class=\"extra-info-inner\">\n  <h3 class=\"splash-heading\">Read more about ShinyHunters<\/h3> \n  <ul class=\"default-list\"> \n   <li>The notorious ShinyHunters hacking collective menaces video game publisher Rockstar and says it will leak data <a href=\"https:\/\/www.computerweekly.com\/news\/366641486\/Grand-Theft-Auto-publisher-Rockstar-hit-by-hackers-again\" target=\"_blank\" rel=\"noopener\">on 14 April<\/a>.<\/li> \n   <li>The ShinyHunters hacking collective that caused chaos in 2025 is ramping up a new voice phishing campaign, with several potential victims <a href=\"https:\/\/www.computerweekly.com\/news\/366637762\/Wave-of-ShinyHunters-vishing-attacks-spreading-fast\" target=\"_blank\" rel=\"noopener\">already identified<\/a>.<\/li> \n   <li>ReliaQuest researchers present new evidence that firms up a potential link, or outright partnership, between the ShinyHunters <a href=\"https:\/\/www.computerweekly.com\/news\/366629157\/Researchers-firm-up-ShinyHunters-Scattered-Spider-link\" target=\"_blank\" rel=\"noopener\">and Scattered Spider cyber gangs<\/a>.<\/li> \n  <\/ul>\n <\/div>\n<\/div> \n<p>Muhammad Yahya Patel, virtual chief cyber security officer (vCISO) and cyber security advisor for EMEA at&nbsp;<a href=\"https:\/\/www.huntress.com\/\" target=\"_blank\" rel=\"noopener\">Huntress<\/a>, said the pattern of a ShinyHunters breach should feel uncomfortably familiar by now.<\/p> \n<p>\u201cNearly six million people; one social engineering technique,\u201d he said. \u201cThat\u2019s the Carnival breach in its simplest form \u2026 ShinyHunters didn\u2019t need a zero-day or a sophisticated exploit to breach the world\u2019s largest cruise operator. Their playbook is well-documented: voice phishing to extract single sign on (SSO) credentials and multi-factor authentication (MFA) codes from employees by impersonating IT staff, followed by systematic access to connected SaaS [software as a service] environments to exfiltrate data at scale. The same technique. The same result. A different logo on the breach notification letter.\u201d<\/p> \n<p>The hospitality and travel industry is acutely vulnerable to cyber attacks thanks to high levels of staff turnover, geographically dispersed operations, heavy reliance on customer-facing systems, and a need to move fast to get things done. Add to this the vast amount of valuable customer data \u2013 a \u201cready-made targeting kit\u201d, noted Patel \u2013 that organisations like Carnival hold, and it is easy to see how such breaches occur.<\/p> \n<p><a href=\"https:\/\/redflags.io\/\" target=\"_blank\" rel=\"noopener\">Redflags<\/a> CEO and co-founder Tim Ward said the latest Carnival incident showed that many companies are not yet considering the need to address supply chain threats from the inside out.<\/p> \n<p>\u201cOrganisations need to start thinking seriously about \u2026 how to meet people where they actually are: inside their workflows, at the point of risk, with guidance and support that helps them make the right call in real time,\u201d he said.<\/p> \n<p>\u201cSecurity needs to be something that works with people, not something done to them once a quarter in a tick-box exercise. Until we shift from compliance-driven awareness to genuinely embedding security into the moments that matter, social engineering will keep being the easiest door into even the largest organisations in the world.\u201d<\/p> \n<section class=\"section main-article-chapter\" data-menu-title=\"Next steps\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>Next steps<\/h2>\n <p>Huntress\u2019 Patel laid out the next steps for security leaders. \u201cFirst, your help desk verification process is a primary attack surface right now,\u201d he said. \u201cIf employees can be persuaded to hand over MFA codes by a confident caller, your entire identity security investment is undermined at the human layer.<\/p>\n <p>\u201cSecond, ShinyHunters uses SSO access as a gateway to every connected SaaS application behind it,\u201d said Patel. \u201cAudit your OAuth tokens, review third-party SaaS access, and monitor for unusual activity in connected platforms.<\/p>\n <p>\u201cThird, the question is no longer whether you\u2019ll be targeted using these techniques,\u201d he added. \u201cIt\u2019s about whether your people would recognise the call, whether your processes make compliance hard, and whether your detection catches what follows.&nbsp;<\/p>\n <p>\u201cIf any of those answers are uncertain, then you need to address them now,\u201d said Patel.<\/p>\n<\/section>","description":"Travel company Carnival Corporation confirms the extent of an April 2026 supply chain breach that was claimed by ShinyHunters","image":"https:\/\/cdn.ttgtmedia.com\/visuals\/German\/article\/cruise-ship-ocean-liner-adobe.jpg","link":"https:\/\/www.computerweekly.com\/news\/366643559\/Carnival-cruise-line-confirmed-as-latest-ShinyHunters-victim","pubDate":"Thu, 28 May 2026 11:45:00 GMT","title":"Carnival cruise line confirmed as latest ShinyHunters victim"},{"body":"<p>Sustainability and strategy don\u2019t always seem like natural bedfellows in a profit-driven world, but Simon Ninan, global head of strategy at <a href=\"https:\/\/www.computerweekly.com\/feature\/Hitachi-Vantara-VSP-One-leads-revamped-storage-portfolio\">Hitachi Vantara<\/a>, wants to make it a reality, finding fresh approaches that deliver for customers, products, profit and the planet together.&nbsp;<\/p> \n<p>He says that if you want to see something better tomorrow, you have to start today. And for Ninan, it\u2019s about finding a way through conflicting requirements. His core strategy team aims to combine knowledge, experience and ideas so that \u201cone plus one equals five\u201d and solves sustainability and <a href=\"https:\/\/www.computerweekly.com\/ezine\/Computer-Weekly\/Viewing-business-through-a-sustainability-lens\">business<\/a> challenges together.<\/p> \n<p>\u201cI grew up in Bangalore, India,\u201d he says. \u201cBangalore has changed a lot. It used to be known as green \u2013 now there\u2019s so much traffic, a lot of the greenness is gone. It\u2019s a shame.\u201d<\/p> \n<p>In India, there\u2019s still \u201cincredibly intense\u201d competition for resources as the country races to catch up, but in a \u201cfair\u201d way. Ideas around balancing those issues are often inculcated as you grow up, says Ninan.<\/p> \n<p>Similarly, it seemed to him that the longevity of companies and the \u201chardiness or value\u201d embedded in their vision can be deeply connected.<\/p> \n<p>Comparisons with the US, where he arrived after studying computer science and engineering, were stark. Growth delivered clear benefits to the population, but at the same time, he saw \u201ca land of excess\u201d, where resources were often wasted.<\/p> \n<p>\u201cI have continued consistently to think about how a little can potentially go a long way. How can we drive better decisions, and avoid innovation for innovation\u2019s sake, technology for technology\u2019s sake?\u201d he says. \u201cIt\u2019s about fusing business and technology. And there\u2019s opportunity in that.\u201d<\/p> \n<section class=\"section main-article-chapter\" data-menu-title=\"Long-term vision shapes sustainability strategy\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>Long-term vision shapes sustainability strategy<\/h2>\n <p>Ninan joined Hitachi Vantara in 2019, following seven years as an executive at Japan-headquartered parent Hitachi, and before that at Monitor Deloitte.&nbsp;<\/p>\n <p>At the board and corporate levels, Hitachi has a culture of going beyond short-term strategic planning.<\/p>\n <blockquote> \n  <div class=\"imagecaption alignLeft\">\n   <img src=\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/Simon-Ninan-Hitachi-Vantara-140x180px.jpg\" alt=\"Photo of Simon Ninan, global head of strategy at Hitachi Vantara\">\n  <\/div> \n  <p><span style=\"font-size: 14pt;\"><strong><span style=\"color: #34495e;\">\u201cI have continued to think about how a little can potentially go a long way. How can we drive better decisions, and avoid innovation for innovation\u2019s sake, technology for technology\u2019s sake? It\u2019s about fusing business and technology. And there\u2019s opportunity in that\u201d<\/span><\/strong><\/span><\/p> \n  <p><em><span style=\"color: #34495e;\">Simon Ninan, Hitachi Vantara<\/span><\/em><\/p> \n <\/blockquote>\n <p>That begins by asking how the world might look 30, 50 or even 70 years from today, and planning for \u201cmega-trends\u201d, such as in terms of productivity and artificial intelligence (AI), socio-politics and climate change. The strategic time frame is the next two generations at minimum, including innovating around products and solutions that benefit society at large.<\/p>\n <p>That long-term focus is \u201cvery interesting and unique\u201d, says Ninan.<\/p>\n <p>\u201cWe also talk about ageing demographics, or changing demographics. Emerging markets, availability of resources, productivity, the digital divide,\u201d Ninan says. \u201cBig hurdles that society will face. Then, working backward as it were, Hitachi asks what we can do today.\u201d<\/p>\n<\/section>       \n<section class=\"section main-article-chapter\" data-menu-title=\"Japanese principles guide collaborative approach\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>Japanese principles guide collaborative approach<\/h2>\n <p>Hitachi founder Namahei Odaira originally tied the company philosophy to the Japanese principles of \u201cwa\u201d, \u201cmakoto\u201d and \u201ckaitakusha-seishin\u201d.<\/p>\n <p>At Hitachi, the harmony-related concept of \u201cwa\u201d encourages respect for others\u2019 opinions and promotes open, fair and impartial discussion. In sustainability, this translates into a highly collaborative, cross-functional approach that connects efforts across the full lifecycle of products and operations, and to ensure impacts are understood holistically, says Ninan.<\/p>\n <p>\u201cMakoto\u201d is about sincerity \u2013 approaching issues with openness, honesty and respect, \u201cin the spirit of true teamwork\u201d.<\/p>\n <p>\u201cIn <a href=\"https:\/\/www.computerweekly.com\/opinion\/IT-Sustainability-Think-Tank-How-IT-sustainability-entered-the-mandate-era-during-2025\">sustainability<\/a>, this is reflected in transparency, proactive data collection and reporting, and a commitment to go beyond simply meeting requirements to delivering on the spirit of our goals,\u201d says Ninan.<\/p>\n <p>\u201cKaitakusha-seishin\u201d may be best translated as \u201cpioneering spirit\u201d. Ninan says that at Hitachi, this emphasises a striving for leadership through pursuing new challenges and higher goals, but building on a commitment to innovation that goes beyond mere compliance, to driving positive impacts for society and the planet. That mission is now being extended to other parts of the world where Hitachi operates.<\/p>\n <p>\u201cI find that really powerful, because it says you can make trade-offs in your bottom line for a bigger goal,\u201d he adds.&nbsp;\u201cIt\u2019s very ambitious. We have a double bottom line. Every company tries to make sure it delivers profit, but the double bottom line means it\u2019s not just about the shareholders; it\u2019s about the stakeholders and the value you\u2019re delivering \u2013 your customers, your partners, your employees.\u201d<\/p>\n<\/section>       \n<section class=\"section main-article-chapter\" data-menu-title=\"Tackling Scope 3 emissions in datacentres\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>Tackling Scope 3 emissions in datacentres<\/h2>\n <p>Today\u2019s sustainability challenges for the team include weighing up the challenges and potential benefits of <a href=\"https:\/\/www.computerweekly.com\/feature\/AI-drives-storage-array-makers-to-embrace-data-management\">AI<\/a> enablement, for example. Also, there\u2019s a need to rethink the value of hybrid cloud data solutions versus the return on investment in data, says Ninan.<\/p>\n <p>The most recent \u201cmajor strategy refresh\u201d with a medium- to long-term perspective at Hitachi Vantara was three years ago. It involved \u201cextensive embedding\u201d of Hitachi\u2019s sustainability reporting into Hitachi Vantara, with Ninan as one of the executives presiding.&nbsp;<\/p>\n <p>That challenge had become \u201ca huge proposition\u201d with related opportunities around green IT and sustainability. Ninan had noticed that while Scope 1 and Scope 2 emissions were handled quite well, Scope 3 emissions accounting still needed work.<\/p>\n <p>\u201cIt didn\u2019t do a really good job of Scope 3. Yet <a href=\"https:\/\/www.computerweekly.com\/feature\/Interview-CyrusOne-on-the-sustainable-innovation-that-drives-datacentre-business-outcomes\">datacentres are a most impactful industry for global sustainability<\/a>,\u201d he says.<\/p>\n <p>Sustainability is also important because so many datacentre projects are being cancelled. Ninan says that trend will increase, not least because <a href=\"https:\/\/www.computerweekly.com\/feature\/Datacentre-developers-tout-benefits-to-local-communities-but-do-they-deliver\">people often don\u2019t want datacentres in their backyard<\/a>, whether for environmental reasons or otherwise.<\/p>\n <p>\u201cThey\u2019re now leery about the effects of AI. They\u2019ve also seen bills go up, and they worry about water resources,\u201d he adds.<\/p>\n<\/section>       \n<section class=\"section main-article-chapter\" data-menu-title=\"Cross-functional teams drive sustainability goals\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>Cross-functional teams drive sustainability goals<\/h2>\n <p>Ninan\u2019s team includes one other person, plus four entirely focused on product sustainability, helped by another <a href=\"https:\/\/www.computerweekly.com\/news\/366638707\/Interview-Sarwar-Khan-on-shaping-BTs-green-future-and-delivering-sustainability-at-scale\">sustainability<\/a> director and the sustainability lead analyst at Hitachi Digital, which is a centre of excellence shared across multiple Hitachi divisions.<\/p>\n <p>Also, Ninan\u2019s team works bi-weekly with people who have a 20% or so commitment to sustainability in addition to their day jobs in finance, HR, logistics, operations and the like. Formal executive committee governance meetings happen quarterly.&nbsp;<\/p>\n <p>Hitatch Vantara has reported multiple <a href=\"https:\/\/www.hitachivantara.com\/content\/dam\/hvac\/pdfs\/analyst-content\/helping-make-the-world-a-better-place-2024-sustainability-report.pdf\">sustainability awards for its tech<\/a>, including around AI, and high ratings from the likes of EnergyStar and EcoVadis. It launched a sustainability service level agreement (SLA) last year.&nbsp;<\/p>\n <p>Hitachi Vantara\u2019s <a href=\"https:\/\/www.computerweekly.com\/feature\/An-action-plan-for-net-zero-compatible-with-budget-contraints\">net-zero<\/a> target is 2040, following the Science-based Targets Initiative (SBTi) \u2013 a \u201cmore aggressive\u201d target than its parent\u2019s 2050.<\/p>\n <p>\u201cAnd we have our state-of-the-art distribution centres, particularly one in the Netherlands, that have launched a whole bunch of new initiatives around logistics, distribution, biodiversity and so on,\u201d he says.&nbsp;<\/p>\n <p>Ninan points out that customers today are more often \u201cbuying outcomes\u201d, rather than being 100% focused on product. And he suggests that if more tech companies don\u2019t wake up, poor sustainability can and will hit profits \u2013 if it hasn\u2019t already.<\/p>\n <p>IT companies will lose customers and their credibility. In his view, <a href=\"https:\/\/www.computerweekly.com\/feature\/Pure-AVK-self-powered-Dublin-datacentre-dodges-grid-constraints\">datacentre<\/a> operators could \u201cmake or break\u201d sustainability goals, and it\u2019s crucial for those in the industry to lead the way.&nbsp;<\/p>\n <p>Which is also an opportunity, not just for marketing narratives or even benchmarking, but to drive innovation, he says.<\/p>\n <p>So that\u2019s what Ninan and his cross-functional team does \u2013 sponsoring and overseeing strategy and building sustainability together. Not least because it often takes people a long time to appreciate the importance of sustainability.<\/p>\n <p>\u201cI make a lot of noise about that,\u201d he says. \u201cI\u2019ve had to become a real champion for sustainability.\u201d<\/p>\n<\/section>           \n<section class=\"section main-article-chapter\" data-menu-title=\"Bridging US and European sustainability narratives\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>Bridging US and European sustainability narratives<\/h2>\n <p>In the US, especially, narratives on sustainability can differ from those in many other regions and markets. In Europe, sustainability is seen as crucial simply because the planet depends on it.<\/p>\n <blockquote class=\"main-article-pullquote\">\n  <div class=\"main-article-pullquote-inner\">\n   <figure>\n    I\u2019ve had to become a real champion for sustainability\n   <\/figure>\n   <figcaption>\n    <strong>Simon Ninan, Hitachi Vantara<\/strong>\n   <\/figcaption>\n   <i class=\"icon\" data-icon=\"z\"><\/i>\n  <\/div>\n <\/blockquote>\n <p>However, US arguments typically must be formulated in dollars and cents. In the US, if you can\u2019t make the economics work, if you can\u2019t show how profits will be realised, it\u2019s much more difficult to reach a consensus.<\/p>\n <p>Europe sometimes creates burdensome regulations and reporting requirements in an effort to get everyone on board, but that\u2019s seen as a necessary evil.<\/p>\n <p>\u201cYou can\u2019t have that \u2018necessary evil\u2019 conversation in the US. They say, \u2018Tell me how it\u2019s going to improve my revenue, and profits, and maybe then I\u2019ll pay attention to it\u2019,\u201d says Ninan.<\/p>\n <p>\u201cThen, of course, you have changing political administrations \u2013 and you hear they want to deregulate, as a matter of national competitiveness and innovation, with greenness potentially coming in at some future date or time.\u201d<\/p>\n<\/section>       \n<section class=\"section main-article-chapter\" data-menu-title=\"Making the business case for green technology\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>Making the business case for green technology<\/h2>\n <p>The challenge \u2013 and partly the fun \u2013 for Ninan and his team is to keep figuring out how to straddle the different <a href=\"https:\/\/www.techtarget.com\/sustainability\/feature\/How-to-lead-on-sustainability-in-the-rise-of-greenhushing\">narratives<\/a>, to explain how sustainability is good for businesses that are governed quarter to quarter by the markets. That includes via outreach, with public relations activities such as podcasts or thought leadership articles also a really interesting part of his job.<\/p>\n <p>\u201cThat\u2019s where I talk about Hitachi Vantara products a bit, and that datacentres are about 3% of greenhouse gas emissions globally, of power consumed, and how that\u2019s multiplying with the AI and internet of things revolutions,\u201d says Ninan.<\/p>\n <p>Then his strategy might include pointing out projections for datacentre growth. If datacentre footprints triple in the next five years, as some estimates suggest, that will create problems for businesses.<\/p>\n <p>Power grids can\u2019t handle it. They\u2019re not ready, and resources such as energy and water are lacking. Economies can\u2019t currently sustain that sort of datacentre demand; investment is required to meet the \u201creal value\u201d proposition, which typically boils down to cost savings, he says.<\/p>\n <p>\u201cSo, we explain that if you deploy our <a href=\"https:\/\/www.techtarget.com\/searchstorage\/opinion\/Hitachi-Vantara-expands-in-hybrid-and-multi-cloud-storage\">storage<\/a> and data solutions in datacentres, because of the proprietary technology, we can optimise how data is moved, stored and processed. We can reduce power consumption in datacentres by 30% to 60% compared to the average,\u201d he says.&nbsp;\u201cForget the cost of buying the bits. Sure, we\u2019ll do a great job for you there, but we\u2019ll save you longer-term costs.\u201d<\/p>\n <div class=\"extra-info\">\n  <div class=\"extra-info-inner\">\n   <h3 class=\"splash-heading\">Read more IT sustainability interviews<\/h3> \n   <ul class=\"default-list\"> \n    <li><a href=\"https:\/\/www.computerweekly.com\/news\/366638707\/Interview-Sarwar-Khan-on-shaping-BTs-green-future-and-delivering-sustainability-at-scale\">Sarwar Khan on shaping BT\u2019s green future and delivering sustainability at scale<\/a>: How the sustainability practice enables BT to move on \u2018tough topic\u2019 targets that increase innovation, efficiency and success across its product portfolio.<\/li> \n    <li><a href=\"https:\/\/www.computerweekly.com\/feature\/Interview-CyrusOne-on-the-sustainable-innovation-that-drives-datacentre-business-outcomes\">CyrusOne on the sustainable innovation that drives datacentre business outcomes<\/a>: Sustainability initiatives continue to drive competitive advantage in addition to cutting costs, reveals Kyle Myers of colocation giant CyrusOne.<\/li> \n   <\/ul>\n  <\/div>\n <\/div>\n<\/section>","description":"We talk to Hitachi Vantara\u2019s Simon Ninan about how the company looks to the far horizon when trying to match business needs with those of society","image":"https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/HeroImages\/IT-sustainability-interviews-hero.jpg","link":"https:\/\/www.computerweekly.com\/news\/366642586\/Interview-Hitachi-Vantara-takes-long-view-on-business-and-sustainability","pubDate":"Tue, 12 May 2026 09:40:00 GMT","title":"Interview: Hitachi Vantara takes long view on business and sustainability"},{"body":"<p>Service provider Blackbox Hosting has consolidated storage from two full racks down to just 8U of rack space following migration to Everpure FlashArray hardware. The move has allowed the provider to deliver <a href=\"https:\/\/www.computerweekly.com\/feature\/This-rise-of-the-splinternet-Data-sovereignty-risks-and-responses\">\u201csovereign\u201d cloud services<\/a> with a 10:1 data reduction ratio and an 85% reduction in power utilisation.<\/p> \n<p>Blackbox Hosting evolved over 14 years from a single rack to supporting more than 1,500 virtual machines (VMs), and has datacentre capacity at Canary Wharf with a secondary site in Slough.<\/p> \n<p>The company operates a fully managed, sovereign (see box) model for major software suppliers including Iris Software Group, which supports payroll and financial management for approximately 60% of UK academies.<\/p> \n<p>Blackbox previously relied on HPE 3PAR 8400 <a href=\"https:\/\/www.computerweekly.com\/resources\/Flash-storage-and-solid-state-drives-SSDs\">all-flash arrays<\/a>. However, as the hardware approached end-of-life, the company faced mounting challenges.&nbsp;<\/p> \n<p>\u201cSupport renewal costs were significant, and we had issues with HPE support,\u201d said Matthew Burden, CEO at Blackbox Hosting. \u201cWe had a power supply failure in a&nbsp;<a href=\"https:\/\/www.computerweekly.com\/feature\/Disaster-recovery-As-a-service-vs-on-premise\">DR site<\/a>, and despite a four-hour SLA [service-level agreement], it took nearly two weeks to replace. They also began charging for firmware updates that were previously included.\u201d<\/p> \n<p>The 3PAR environment was cumbersome, said Burden, and required two full racks of hardware to manage the company\u2019s near-petabyte scale.<\/p> \n<p>When it looked for a more performant and dense alternative, Blackbox turned to Pure Storage, which recently rebranded as Everpure.<\/p> \n<section class=\"section main-article-chapter\" data-menu-title=\"High density; \u2018one-second\u2019 RPO\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>High density; \u2018one-second\u2019 RPO<\/h2>\n <p>Blackbox has deployed a range of Pure Storage FlashArray models across its two datacentres to support its active-passive high-availability design.<\/p>\n <p>The deployment includes two FlashArray\/\/X50 R3s, two X50 R4s, and two FlashArray\/\/C20 units for file clusters.<\/p>\n <p>The hardware supports predominantly Hyper-V and VMware VMs, running 90% Windows-based workloads, primarily SQL Server, plus Linux servers.<\/p>\n <div class=\"extra-info\">\n  <div class=\"extra-info-inner\">\n   <h3 class=\"splash-heading\">Read more about data storage<\/h3> \n   <ul class=\"default-list\"> \n    <li><a href=\"https:\/\/www.computerweekly.com\/feature\/Storage-explained-Consumption-models-of-storage-procurement\">Storage explained: Consumption models of storage procurement<\/a>. We look at consumption models of storage purchasing and how cloud operating models have made them mainstream and supplanted the traditional three-year lift-and-shift datacentre refresh.<\/li> \n    <li><a href=\"https:\/\/www.computerweekly.com\/feature\/Auditing-classifying-and-building-a-data-sovereignty-strategy\">Auditing, classifying and building a data sovereignty strategy<\/a>. We look at data sovereignty \u2013 what it is and how to build a data sovereignty strategy around data auditing.<\/li> \n   <\/ul>\n  <\/div>\n <\/div>\n <p>The transition from 3PAR to Pure has seen a dramatic consolidation of physical space. \u201cWe went from two entire racks filled with disks to two 4U boxes,\u201d said Burden. \u201cOur total provisioned storage is 998TB and we get a total reduction of 10:1. 3PAR had deduplication, but not compression on SSDs.\u201d<\/p>\n <p>Beyond space savings, the disaster recovery (DR) capabilities have seen a massive upgrade. Previously, the company\u2019s <a href=\"https:\/\/www.computerweekly.com\/feature\/Define-RPO-and-RTO-tiers-for-storage-and-data-protection-strategy\">recovery point objective<\/a> (RPO) was limited to 15 minutes. \u201cWith Pure Storage, it is one second,\u201d said Durden. \u201cWe replicate all 1,500 VMs to our backup datacentre. For a customer with 1,000 VMs, we can spin those up for quarterly testing and they are only one second out from live data.\u201d<\/p>\n<\/section>       \n<section class=\"section main-article-chapter\" data-menu-title=\"Performance and sustainability\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>Performance and sustainability<\/h2>\n <p>The shift to non-volatile memory express-based flash has also provided a significant boost to the provider\u2019s green credentials. Sustainability reports generated via Pure\u2019s Evergreen dashboard show an 85% saving in power utilisation compared with the legacy HPE environment.<\/p>\n <p>For the end users \u2013 which include major corporate energy, finance and transport organisations \u2013 the benefit is felt in application speed. \u201cWe\u2019ve had clients with huge databases that were always slow with previous providers,\u201d said Justin Field, commercial director at Blackbox. \u201cThey can pull data significantly faster now, which is a big play for us when competing against hyperscalers.\u201d<\/p>\n <p>Burden also highlighted the \u201czero-touch\u201d operational simplicity of the new arrays. \u201cThe older arrays were very cumbersome; you had to know exactly what you were doing,\u201d he said. \u201cThe Pure web interface is very simple, which makes the operational side much easier. Plus, with Evergreen, we don\u2019t have to pull arrays out for upgrades. We can just put in new controllers as scale increases.\u201d<\/p>\n <div class=\"extra-info\">\n  <div class=\"extra-info-inner\">\n   <h3 class=\"splash-heading\">Sovereign cloud: A selling point<\/h3> \n   <p>While hyperscalers like Amazon Web Services and Azure dominate the global market, Blackbox Hosting is attempting to carve out a niche as a UK-based sovereign cloud provider. For Blackbox, data sovereignty is defined by 100% UK ownership, UK-based staff, and physical data residency within UK borders (Telehouse South and Virtus Slough).<\/p> \n   <p>\u201cPeople are scratching their heads over the US Cloud Act and how it affects them and their customers,\u201d said commercial director Justin Field. \u201cIt\u2019s leading to a lot more kind of engagement with people that probably always just opted for that public cloud.<\/p> \n   <p>\u201cWe\u2019re not a worldwide provider, but we offer sovereignty to businesses within the UK,\u201d he added.<\/p> \n   <p>But in theory, if any data in transit is handled by any of the US companies, then it\u2019s not sovereign. Does this affect Blackbox? For example, where Everpure has access to storage performance data via its Evergreen-as-a-service dashboard or its Pure1 telemetry?&nbsp;<\/p> \n   <p>\u201cOur storage and all of our hardware is 100% owned,\u201d said Field. \u201cAll of our infrastructure is owned and managed by us. We don\u2019t rely on outside support for our services. It\u2019s all 100% UK staff. Everpure doesn\u2019t process any data.\u201d<\/p> \n   <p>This \u201csovereign\u201d status is increasingly seen as vital for Blackbox\u2019s clients in the UK legal, financial and educational sectors.<\/p>\n  <\/div>\n <\/div>\n<\/section>","description":"UK-based IaaS \u2018sovereign\u2019 provider, with multiple public sector-facing clients, replaced end-of-life 3PAR arrays with FlashArray storage that saw it reduce power consumption by 85%","image":"https:\/\/cdn.ttgtmedia.com\/visuals\/German\/article\/light-bulb-energy-powercut-idea-adobe.jpg","link":"https:\/\/www.computerweekly.com\/news\/366641940\/Blackbox-replaces-two-racks-of-HPE-storage-with-8U-of-Everpure","pubDate":"Wed, 22 Apr 2026 04:00:00 GMT","title":"Blackbox replaces two racks of HPE storage with 8U of Everpure"},{"body":"<p>Cloud backup has made it possible for organizations of any size to improve their data protection. At the same time, traditional local backup still has its place in the storage world. The decision to use one or the other -- or, in some instances, both -- comes down to an organization's specific needs.<\/p> \n<p>In the cloud backup vs. local backup debate, both options have their advantages and disadvantages.<\/p> \n<p>Cloud-based workloads have seen a huge surge in popularity. Not only are established vendors adding more cloud capabilities, but new cloud storage and backup vendors are appearing. The simplicity and scale of cloud computing can provide a backup solution for organizations that need protection.<\/p> \n<p>However, local backup providers are not sitting still. Disk speeds continue to get faster, and tape storage capacities are growing. In addition, if an organization has used local backup for a long time, it can be a burden to move to the cloud. IT and executives should ask several questions about such a move, including whether the move makes sense operationally and financially, and whether they should consider a partial migration and keep some local backup.<\/p> \n<p>Many organizations, especially enterprises, have a&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchdatabackup\/tip\/Hybrid-backups-reap-benefits-of-cloud-and-local-backup\">mix of cloud and local backup<\/a>. Both have pros and cons. For example, local file backup can be quicker for recovery purposes, but the cloud provides that off-site location in the event of a primary data center disaster. Local backup typically requires more in-house management and staff time.<\/p> \n<p>To decide which method is best for your organization, weigh the pros and cons of cloud and local backups and how they match with your existing infrastructure.<\/p> \n<section class=\"section main-article-chapter\" data-menu-title=\"Cloud backup basics\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>Cloud backup basics<\/h2>\n <p><a href=\"https:\/\/www.techtarget.com\/searchdatabackup\/definition\/cloud-backup\">Cloud backup<\/a>&nbsp;involves copying data over a network to an off-site storage server, typically hosted by a service provider. The cloud backup vendor charges the customer based on elements such as capacity, bandwidth, number of users and data egress.<\/p>\n <p>Cloud data backup options include&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchdatabackup\/answer\/What-are-some-public-cloud-backup-options-for-better-data-protection\">backing up directly to a public cloud<\/a>&nbsp;such as AWS, Google or Microsoft Azure, or backing up to a service provider's private cloud.&nbsp;The newer&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchdatabackup\/definition\/cloud-to-cloud-backup\">cloud-to-cloud backup<\/a>&nbsp;involves backing up data that originates in the cloud -- in SaaS applications, such as Salesforce and Microsoft 365 -- to another cloud.<\/p>\n <div class=\"youtube-iframe-container\">\n  <iframe id=\"ytplayer-0\" src=\"https:\/\/www.youtube.com\/embed\/Lc-hY-uHgUU?autoplay=0&amp;modestbranding=1&amp;rel=0&amp;widget_referrer=null&amp;enablejsapi=1&amp;origin=https:\/\/www.computerweekly.com\" type=\"text\/html\" height=\"360\" width=\"640\" frameborder=\"0\"><\/iframe>\n <\/div>\n<\/section>    \n<section class=\"section main-article-chapter\" data-menu-title=\"Understanding local backup\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>Understanding local backup<\/h2>\n <p>Local backups are a longstanding form of&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchdatabackup\/tip\/The-pros-and-cons-of-on-site-backup\">backing up data at an organization's primary site<\/a>. Organizations typically use disk-based hardware for this backup. Backup software manages the copying of data to the hardware. Sometimes that software is integrated with the hardware, or it runs separately. Data reduction features, such as deduplication, decrease the amount of data backed up on the disk.<\/p>\n <p>Tape was the more common traditional backup medium before disk took over in the early 2000s. In the&nbsp;tape backup process, an organization moves data to a tape cartridge that resides in a library. Organizations <a href=\"https:\/\/www.techtarget.com\/searchdatabackup\/tip\/Storage-media-showdown-The-benefits-of-tape-vs-disk-backup\">still use tape<\/a> today, typically for immutable offline protection against ransomware and other cyber attacks, or for long-term archiving. LTO-10, the latest version of the Linear Tape-Open format, offers 75 TB of compressed capacity per cartridge.<\/p>\n <p>A new twist to the cloud backup vs. local backup story involves backing up SaaS data to a local device. In this case, data originating in the cloud -- such as Microsoft 365 emails -- is backed up to local storage.<\/p>\n <figure class=\"main-article-image full-col\" data-img-fullsize=\"https:\/\/www.computerweekly.com\/rms\/onlineimages\/cloud_backup-cloud_vs_local_comparison.png\">\n  <img data-src=\"https:\/\/www.computerweekly.com\/rms\/onlineimages\/cloud_backup-cloud_vs_local_comparison_mobile.png\" class=\"lazy\" data-srcset=\"https:\/\/www.computerweekly.com\/rms\/onlineimages\/cloud_backup-cloud_vs_local_comparison_mobile.png 960w,https:\/\/www.computerweekly.com\/rms\/onlineimages\/cloud_backup-cloud_vs_local_comparison.png 1280w\" alt=\"Chart of cloud backup and local backup considerations\" height=\"532\" width=\"560\">\n  <figcaption>\n   <i class=\"icon pictures\" data-icon=\"z\"><\/i>It's important to consider the many elements of cloud backup vs. local backup for your organization's data protection.\n  <\/figcaption>\n  <div class=\"main-article-image-enlarge\">\n   <i class=\"icon\" data-icon=\"w\"><\/i>\n  <\/div>\n <\/figure>\n<\/section>     \n<section class=\"section main-article-chapter\" data-menu-title=\"Advantages and disadvantages of cloud backup\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>Advantages and disadvantages of cloud backup<\/h2>\n <p>Overall, cloud backup provides an additional layer of protection with minimal burden on staff. Although cloud backup is a popular mode of data protection with many advantages, pay attention to the disadvantages to make sure your organization is covered. Some areas of advantage can be considered disadvantageous in different situations.<\/p>\n <p>The&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchdatabackup\/tip\/The-pros-and-cons-of-cloud-backup-technologies\">advantages of cloud backup<\/a>&nbsp;include the following:<\/p>\n <ul type=\"disc\" class=\"default-list\"> \n  <li><b>Low entry costs.<\/b>&nbsp;Backing up to the cloud, especially in the beginning, is a cheap form of data protection. Although local backup storage devices could run in the thousands of dollars, the cost in money and time to set up a cloud backup account is minimal. Cloud backup is especially attractive to an organization that doesn't have the funds or resources for a separate disaster recovery site.<\/li> \n  <li><b>Wide-ranging accessibility.<\/b>&nbsp;A cloud backup is accessible from any internet-connected device, which is especially handy when an organization's primary site is down. Accessing a small amount of data is a quick process.<\/li> \n  <li><b>An array of security features.<\/b>&nbsp;Cloud backup products offer a range of features to keep data safe.<\/li> \n  <li><b>Easy scalability.<\/b>&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchstorage\/tip\/Cloud-storage-advantages-Solving-five-common-IT-problems\">Cloud storage is essentially unlimited<\/a>. Organizations can add cloud backup capacity with just a couple of clicks. In contrast, local backup requires acquiring and setting up another physical piece of hardware.<\/li> \n  <li><b>Easy management.<\/b>&nbsp;Cloud backup management generally takes less time and effort than local data backup, depending on the organization's needs and requests. Organizations just need to make sure they are OK with leaving management of the storage hardware in the hands of a service provider.<\/li> \n  <li><b>Simple disaster recovery.<\/b>&nbsp;If there's a failure or data loss event at a primary site, organizations can easily fail over to cloud-based disaster recovery as a service (<a href=\"https:\/\/www.techtarget.com\/searchdisasterrecovery\/definition\/disaster-recovery-as-a-service-DRaaS\">DRaaS<\/a>). This option provides disaster recovery to businesses that couldn't previously afford it.<\/li> \n <\/ul>\n <p>The following are some&nbsp;potential downsides&nbsp;of cloud backup:<\/p>\n <ul type=\"disc\" class=\"default-list\"> \n  <li><b>Cost accumulations.<\/b>&nbsp;Although a small amount of data is cheap, a lot of data stored over a long period of time steadily increases costs. A company must pay for its data backup storage every month. It's critical to keep a close eye on cloud backup expenses.<\/li> \n  <li><b>Latency.<\/b>&nbsp;The cloud can cause latency, especially if many users are trying to access the same data or cloud, or if an organization is trying to get a large volume of data out of the cloud.<\/li> \n  <li><b>Security issues.<\/b>&nbsp;Some organizations are still worried about the&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchdatabackup\/answer\/Whats-the-best-method-for-protecting-data-in-the-cloud\">safety of keeping data in the cloud<\/a>. Confirm that a cloud backup product has the necessary security elements, such as end-to-end encryption. In addition, just because a backup is in the cloud, that doesn't mean it's safe from cyber attacks, so be wary of a false sense of security.<\/li> \n  <li><b>Slow, costly restores.<\/b>&nbsp;Although DRaaS is fast and efficient, actually restoring data from the cloud can be a time-consuming and costly process, especially when it involves large volumes. Data egress fees can quickly make restorations expensive.<\/li> \n <\/ul>\n<\/section>      \n<section class=\"section main-article-chapter\" data-menu-title=\"Advantages and disadvantages of local backup\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>Advantages and disadvantages of local backup<\/h2>\n <p>Organizations must consider their data protection needs when comparing cloud and local backup options. While the cloud is a popular option and offers benefits, local backups might be a better choice for some organizations. The benefits of local backup include the following:<\/p>\n <ul type=\"disc\" class=\"default-list\"> \n  <li><b>On-site accessibility.<\/b>&nbsp;It doesn't get much more accessible than having the backup data at your primary site. Disk-based backups in particular are typically continuous throughout the day, so a user can go back to a specific point in time.<\/li> \n  <li><b>Speed.<\/b>&nbsp;On-site disk is fast for backup and recovery operations.<\/li> \n  <li><b>Security control.<\/b>&nbsp;An organization has more control over local backup than data that's in the hands of a cloud provider.<\/li> \n <\/ul>\n <p>The following are some drawbacks of local backup:<\/p>\n <ul type=\"disc\" class=\"default-list\"> \n  <li><b>High initial cost.<\/b>&nbsp;In comparing cloud backup vs. local backup, the expense of on-site hardware is generally far more than preparing for a cloud-based platform. Disks are expensive, so adding them can make a significant&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchdatabackup\/tip\/How-to-craft-a-strong-and-cost-effective-data-backup-budget\">dent in the budget<\/a>. In addition, the lifespan and durability of disk&nbsp;<a target=\"_blank\" href=\"https:\/\/www.enterprisestorageforum.com\/hardware\/life-expectancy-of-a-drive\/\" rel=\"noopener\">requires replacement from time to time<\/a>&nbsp;as well as routine maintenance.<\/li> \n  <li><b>Scalability difficulties.<\/b>&nbsp;With local backup, the process of adding space is more labor-intensive because the organization needs to acquire the additional storage and install it. Physically storing more data backups is more of a burden than just adding storage space in the cloud.<\/li> \n  <li><b>High maintenance.<\/b>&nbsp;Local backup requires dedicated staff to maintain and manage it. When an organization uses cloud computing, IT staff is freed up to focus on other important tasks besides backup maintenance.<\/li> \n  <li><b>Cybersecurity issues.<\/b>&nbsp;If a cyber attack hits the primary data center, an organization should&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchdatabackup\/feature\/How-does-off-site-backup-stack-up-against-cloud-backup\">use an off-site backup<\/a>&nbsp;-- whether it be on tape or in the cloud -- to make sure the restore is clean.<\/li> \n  <li><b>Disaster recovery issues.<\/b>&nbsp;If there's a disaster at the primary site, a local backup will not be helpful. However, if your organization has moved tapes off-site, those backups are valuable for disaster recovery.<\/li> \n <\/ul>\n<\/section>     \n<section class=\"section main-article-chapter\" data-menu-title=\"Bottom line: Which should you choose?\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>Bottom line: Which should you choose?<\/h2>\n <p>When your organization analyzes cloud backup vs. local backup, consider all these positives and negatives and address the specific needs of the business.<\/p>\n <p>Cloud backup clearly continues to gain traction in the market, and there are many options for businesses of any size. There are numerous reported cases of businesses ditching their legacy data backup platforms for a cloud-based product. However, the opposite is also true: Some organizations are choosing to <a href=\"https:\/\/www.techtarget.com\/searchdatabackup\/tip\/Is-cloud-backup-repatriation-right-for-your-organization\">repatriate cloud backups<\/a> back on-site.<\/p>\n <p>Though not to the extent of&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchdatabackup\/feature\/Top-20-cloud-backup-services-for-2019\">cloud backup products<\/a>, local backup options are evolving as well. If you need a certain size of hardware for your data center, you can probably find it.<\/p>\n <p>In many cases, and if the budget and resources are adequate, a hybrid backup approach is appropriate. This combination of cloud and local backup provides strong data protection. &nbsp;<\/p>\n <p>Make sure you carefully assess your organization's backup and recovery needs, research potential products and make a careful, informed decision about your backup platform. This includes consideration of data retention and recovery needs. The survival of your business could depend on it.<\/p>\n <p><i>Paul Crocetti is editorial director of Informa TechTarget's Infrastructure sites, which include SearchStorage, SearchDataCenter and SearchITOperations. Since starting at then-TechTarget in 2015, he has also served as editor on the SearchStorage, SearchDataBackup and SearchDisasterRecovery sites.<\/i><\/p>\n <p><i>Stephen J. Bigelow, senior technology editor at TechTarget, has more than 30 years of technical writing experience in the PC and technology industry.<\/i><\/p>\n<\/section>","description":"Cloud vs. local backup is an important discussion for IT leaders today. The cloud backup market is soaring, but traditional local backups also have much to offer.","image":"https:\/\/cdn.ttgtmedia.com\/visuals\/searchVMware\/cloud\/vmware_article_004.jpg","link":"https:\/\/www.techtarget.com\/searchdatabackup\/feature\/Cloud-backup-vs-local-traditional-backup-advantages-disadvantages","pubDate":"Thu, 09 Apr 2026 00:00:00 GMT","title":"Cloud vs. local backup: Which is right for your organization?"},{"body":"<p>Executive leaders should treat compliance as an integral part of organizational strategic planning rather than the cost of doing business.<\/p> \n<p>Organizations can face major penalties if they don't comply with laws and regulations that protect customer data, like GDPR and HIPAA. Additionally, customers can lose confidence in an organization if their personal information is not protected properly.<\/p> \n<p>A significant number of <a href=\"https:\/\/www.techtarget.com\/searchcustomerexperience\/tip\/How-to-improve-the-contact-center-experience-for-customers\">customer interactions occur in the contact center<\/a>. Therefore, contact center leaders need to comply&nbsp;with regulatory requirements and smart business practices to protect customers' rights. A combination of following legislative rules and thoughtful internal practices -- such as call monitoring -- can protect sensitive customer data while improving the customer experience.<\/p> \n<p>Establishing and following a contact center compliance checklist provides a strong foundation of good practices that lead to successful compliance.<\/p> \n<section class=\"section main-article-chapter\" data-menu-title=\"What is contact center compliance and why is it important?\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>What is contact center compliance and why is it important?<\/h2>\n <p>Contact center compliance is critical. A failure, such as a data breach, can have significant negative effects on a customer's life and devastate an organization's brand image and reputation. Customers don't want to buy services from organizations that can't&nbsp;protect their personal information from bad actors. And, if there's a security incident, organizations don't want to pay fines and penalties to regulatory agencies.<\/p>\n <p>Compliance requires participation from every individual in an organization. Contact center managers shouldn't assume that documented processes always work or that agents always follow proper procedures. <a href=\"https:\/\/www.techtarget.com\/searchcustomerexperience\/tip\/Best-practices-for-call-center-monitoring\">Ongoing monitoring and reporting must be in place<\/a> to ensure things are working properly. Additionally, all employees must keep their eyes and ears open. Controls must be in place, and if something does not seem right, they must raise the issue with the appropriate individual.<\/p>\n <p>Before the COVID-19 pandemic, most contact centers were on-premises, which, in many ways, made compliance easier to implement and monitor. For example, employees had to swipe their key cards to enter the contact center. Compliance became more of a challenge when contact centers began to operate remotely, so checklists can help contact center managers follow proper guidelines.<\/p>\n<\/section>    \n<section class=\"section main-article-chapter\" data-menu-title=\"Contact center compliance checklist\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>Contact center compliance checklist<\/h2>\n <p>Organizations can't achieve compliance with a single tool or process. Compliance requires a multifaceted approach that integrates technology, processes and procedures.<\/p>\n <p>The following contact center compliance checklist can serve as a starting point for contact center managers as they seek to comply with internal and external requirements.<\/p>\n <h3>1. Secure the network<\/h3>\n <p>Organizations should use network&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchsecurity\/definition\/access-control\">access control<\/a>&nbsp;to limit who can physically and logically access system hardware and software. Physical security protects the physical components of a network, such as devices, modems or routers, from physical harm. Logical security uses passwords and system permissions to protect a network's software and data from unauthorized individuals.<\/p>\n <h3>2. Lock down workstations<\/h3>\n <p>For remote workers, organizations must ensure workstation equipment adheres to pre-defined specifications or that the organization provides the proper tools.<\/p>\n <p>Physical workstation audits enable an organization to inspect both on-site and remote employees' work environments and ensure they support basic controls and meet compliance requirements. As physical visits to employees' remote workstations aren't always feasible, supervisors can use video conferencing to perform high-level audits. Beware: A video conferencing audit is limited in its scope and timing.<\/p>\n <h3>3. Authenticate customers<\/h3>\n <p>Customer authentication is a process where individuals prove they are who they claim to be. In some cases, single-factor authentication, where customers provide a single piece of information to confirm their identity, can suffice. However, many organizations have adopted&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchsecurity\/definition\/multifactor-authentication-MFA\">multifactor authentication<\/a>, which asks customers to provide distinct pieces of information -- such as a password and a code sent to a mobile device -- to confirm their identity. Additionally, some companies are using voice and&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchenterpriseai\/definition\/facial-recognition\">facial recognition<\/a>&nbsp;technologies to authenticate customers.<\/p>\n <h3>4. Record customer conversations<\/h3>\n <p>Call recording lets organizations&nbsp;review telephone conversations&nbsp;between customers and agents. Managers can review recordings through a QA program and AI tools to determine if agents fulfilled external requirements, such as appropriate disclosures and authentication processes. Managers can also review recordings to determine if an agent fulfilled internal requirements, such as providing a customer with accurate information or following the correct internal procedures.<\/p>\n <h3>5. Provide mandatory disclosures<\/h3>\n <p>Contact center agents must provide mandatory disclosures, which are legal statements to explain specific processes, rules and options to callers. For example, if a contact center in the U.S. wants to record a customer call, it must be disclosed to the caller, and consent must be provided, which is passive consent in most cases. Regulations require mandatory disclosures when agents record customer calls, perform collection functions or make financial transactions.<\/p>\n <figure class=\"main-article-image full-col\" data-img-fullsize=\"https:\/\/www.computerweekly.com\/rms\/onlineimages\/call_center_compliance_checklist-f.png\">\n  <img data-src=\"https:\/\/www.computerweekly.com\/rms\/onlineimages\/call_center_compliance_checklist-f_mobile.png\" class=\"lazy\" data-srcset=\"https:\/\/www.computerweekly.com\/rms\/onlineimages\/call_center_compliance_checklist-f_mobile.png 960w,https:\/\/www.computerweekly.com\/rms\/onlineimages\/call_center_compliance_checklist-f.png 1280w\" alt=\"Contact center compliance checklist image\" height=\"266\" width=\"560\">\n  <figcaption>\n   <i class=\"icon pictures\" data-icon=\"z\"><\/i>This compliance checklist can help contact centers adhere to important standards and regulations.\n  <\/figcaption>\n  <div class=\"main-article-image-enlarge\">\n   <i class=\"icon\" data-icon=\"w\"><\/i>\n  <\/div>\n <\/figure>\n <h3>6. Adhere to local privacy legislation<\/h3>\n <p>Organizations must adhere to various global and local legislation on customer privacy, depending on the geographic reach of the business. Due to legislation, organizations can't manage all customer information in the same way.&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchsecurity\/tip\/State-of-data-privacy-laws\">Data privacy laws vary by country and region<\/a>, so organizations must know where each customer resides before they transmit, process and store customer information.<\/p>\n <p>Examples of location-based privacy legislation include the following:<\/p>\n <ul type=\"disc\" class=\"default-list\"> \n  <li><b>General Data Protection Regulation.<\/b>&nbsp;GDPR provides guidance on how organizations can collect and process personally identifiable information (PII) for individuals who live in the European Union.<\/li> \n  <li><b>California Consumer Privacy Act.&nbsp;<\/b>CCPA provides guidance on how organizations can collect and process personal and household information for individuals who live in California.<\/li> \n <\/ul>\n <p>Because privacy legislation is always evolving, organizations must be proactive to ensure they're up to date on laws affecting their contact center operations.<\/p>\n <h3>7. Adhere to the Telephone Consumer Protection Act<\/h3>\n <p>Organizations in the U.S. must adhere to the Telephone Consumer Protection Act, which sets rules for how an organization can use outbound calls for solicitation.&nbsp;<a target=\"_blank\" href=\"https:\/\/www.fcc.gov\/sites\/default\/files\/tcpa-rules.pdf\" rel=\"noopener\">TCPA<\/a>&nbsp;regulations state that telemarketing contact centers cannot use predictive dialers to contact a wireless phone without prior consent from the customer. It also ensures telemarketers adhere to the National Do Not Call Registry and special regulations, which may include restricted calling hours in a particular geographic location after a natural disaster event.<\/p>\n <h3>8. Manage sensitive information<\/h3>\n <p>To comply with standards, such as the&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchsecurity\/definition\/PCI-DSS-Payment-Card-Industry-Data-Security-Standard\">Payment Card Industry Data Security Standard<\/a>&nbsp;and HIPAA, organizations must&nbsp;protect sensitive customer data&nbsp;at rest and in motion. Sensitive information can include PII, credit card numbers or protected health information. To protect sensitive information, organizations should encrypt all data, minimize the amount of stored data and use automation, such as&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchcustomerexperience\/definition\/Interactive-Voice-Response-IVR\">interactive voice response<\/a>, to perform sensitive transactions.<\/p>\n <h3>9. Provide ongoing training<\/h3>\n <p><a href=\"https:\/\/www.techtarget.com\/searchcustomerexperience\/tip\/Best-practices-for-call-center-agent-training-programs\">Organizations should provide annual training<\/a>&nbsp;on proper compliance procedures and guidelines to all employees. All employees should be up to date on specific compliance rules and understand how they can protect their organization and its customers.<\/p>\n <h3>10. Promote self-service<\/h3>\n <p>Organizations should maximize <a href=\"https:\/\/www.techtarget.com\/whatis\/definition\/customer-self-service-CSS\">customer self-service<\/a> procedures through secured portals to limit the sharing of information with other individuals and reduce security risks.<\/p>\n <h3>11. Test, monitor and act on a continuous basis<\/h3>\n <p>Organizations can and should implement all the items on this checklist. However, business leaders shouldn't assume everything is working properly or that bad actors have not found ways to bypass established controls. Organizations should continually test and monitor the various compliance controls, whether through automated processes, such as reporting unauthorized attempts to access customer data, or human processes, like placing test calls.<\/p>\n <p>When something doesn't seem right, organizations should analyze the issue and take action to ensure the controls in place are performing as expected.<\/p>\n <p>A contact center compliance checklist can help organizations&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchcio\/feature\/9-common-risk-management-failures-and-how-to-avoid-them\">avoid compliance failures<\/a>. Contact center managers can use this checklist to evaluate their organization's current compliance protocols and ensure their teams follow proper guidelines.<\/p>\n<\/section>                                \n<section class=\"section main-article-chapter\" data-menu-title=\"Common contact center compliance issues and malpractices\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>Common contact center compliance issues and malpractices<\/h2>\n <p>If strong compliance controls and practices are not in place, the following negative events can occur:<\/p>\n <ul type=\"disc\" class=\"default-list\"> \n  <li>Calling customers who requested not to be called, which violates&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchcustomerexperience\/definition\/outbound-call\">outbound calling<\/a>&nbsp;restrictions.<\/li> \n  <li>Allowing PII to be stolen due to incorrectly accessing customer information.<\/li> \n  <li>Improperly recording customer conversations by not adhering to call recording and consent rules.<\/li> \n  <li>Providing incomplete information to customers by not adhering to scripting requirements.<\/li> \n <\/ul>\n <p>If these events occur, an organization can be liable for financial penalties, along with other legal consequences. Just as important is the potential for negative customer perception, which can lead to degraded customer loyalty and customer defections.<\/p>\n <p>Leadership in all areas of an organization must keep in mind that a compliance checklist only provides a template of best practices. It must be more than a written document. The organization must translate the document into reality and embed it into the corporate culture by focusing on the following actions:<\/p>\n <ul class=\"default-list\"> \n  <li>Invest in technology to support key items on the checklist.<\/li> \n  <li>Promote accountability.<\/li> \n  <li>Reward adherence to policies and address any gaps that arise.<\/li> \n <\/ul>\n <p>A contact center compliance checklist might not stop all unauthorized activities, but it's a solid start to implementing a strategy that adheres to legal, organizational and customer requirements.<\/p>\n <p><i>Scott Sachs is president and founder of SJS Solutions, a consultancy that specializes in contact center strategy assessments and technology selection.<\/i><\/p>\n<\/section>","description":"A contact center compliance checklist can serve as a starting point for contact center managers as they seek to comply with internal and external regulations.","image":"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/check_g1268128622.jpg","link":"https:\/\/www.techtarget.com\/searchcustomerexperience\/tip\/Call-center-compliance-checklist-for-hybrid-workforces","pubDate":"Thu, 02 Apr 2026 09:00:00 GMT","title":"Contact center compliance checklist for modern workforces"},{"body":"<p>After Google moved up its <a href=\"https:\/\/www.computerweekly.com\/news\/366640650\/Google-targets-2029-for-post-quantum-cyber-readiness\" target=\"_blank\" rel=\"noopener\">quantum readiness timeline<\/a> and revealed it was working on building <a href=\"https:\/\/www.techtarget.com\/searchsecurity\/video\/An-explanation-of-post-quantum-cryptography\" target=\"_blank\" rel=\"noopener\">post-quantum cryptography<\/a> (PQC) features into the next version of its Android mobile operating system, cyber experts have welcomed indications that the pace of travel towards effective, security-preserving PQC is speeding up, but also highlighted that the data security risks posed by quantum computers must be addressed today, not whenever the so-called Q-Day occurs.<\/p> \n<p>Google\u2019s target of migrating to PQC in 2029, three years from now, blasts past the migration schedules of others, including the US Commercial National Security Algorithms (CNSA) 2.0 <a href=\"https:\/\/media.defense.gov\/2022\/Sep\/07\/2003071836\/-1\/-1\/0\/CSI_CNSA_2.0_FAQ_.PDF\" target=\"_blank\" rel=\"noopener\">migration schedule<\/a>. <a href=\"https:\/\/www.pingidentity.com\/en.html\" target=\"_blank\" rel=\"noopener\">Ping Identity<\/a> head of privileged access management&nbsp;engineering Suman Sharma said: \u201cGoogle accelerating its timeline to 2029 underscores a growing realisation across the industry that the window to prepare for a post-quantum world is smaller than many anticipated.&nbsp;<\/p> \n<p>\u201cWe\u2019re already in the midst of the largest overhaul of the internet\u2019s encryption backbone in decades, with hybrid quantum-resistant standards rolling out across browsers and core infrastructure,\u201d he said.<\/p> \n<p>\u201cHigh-security sectors are moving quickly toward fully quantum-safe deployments, yet much of the broader ecosystem is still operating in a transitional, hybrid state,\u201d said Sharma. \u201cThis latest move reinforces that leading technology providers no longer see post-quantum security as a distant concern. It\u2019s now an immediate priority, and the pace of adoption will only continue to accelerate.\u201d<\/p> \n<p>According to Mark Pecen, chair of the Technical Committee on Quantum Technologies at the <a href=\"https:\/\/www.etsi.org\/\">European Telecommunications Standards Institute<\/a> (ETSI), Google\u2019s accelerated deadline reflects a shift from trying to predict Q-Day to preventative management of present-day risks.<\/p> \n<p>\u201cThe real concern isn\u2019t when quantum computers arrive, it\u2019s that adversaries are already collecting encrypted data today to decrypt later,\u201d said Pecen. \u201cThe existing public key cryptographic systems that protect our internet and wireless transactions, Rivest-Shamir-Adelman (RSA) and Elliptic Curve Cryptography (ECC) are aging cryptosystems, developed in the 1970s and 1980s respectively.<\/p> \n<p>\u201cThese algorithms become weaker for every year that technology advances, so post-quantum cryptography is also being viewed as the next generation of data security.\u201d<\/p> \n<div class=\"extra-info\">\n <div class=\"extra-info-inner\">\n  <h3 class=\"splash-heading\">Read more about quantum computing<\/h3> \n  <ul style=\"list-style-type: square;\" class=\"default-list\"> \n   <li>We speak to Lucy Robson, a quantum algorithm scientist at Universal Quantum, about her work in helping to develop&nbsp;<a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.computerweekly.com\/podcast\/Understanding-quantum-A-Computer-Weekly-Downtime-Upload-podcast\">simulations for drug discovery<\/a>.<\/li> \n   <li>Japan and Singapore will work together to bridge the gap between quantum research and real-world commercialisation, marking Singapore\u2019s first government-to-government pact&nbsp;<a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.computerweekly.com\/news\/366637028\/Singapore-and-Japan-team-up-on-quantum-computing\">dedicated to the technology<\/a>.<\/li> \n   <li>Claims that quantum computing will destroy Bitcoin may be exaggerated,&nbsp;<a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.computerweekly.com\/opinion\/Will-Quantum-Computing-Kill-Bitcoin\">but Bitcoin will need to adapt<\/a>.<\/li> \n  <\/ul>\n <\/div>\n<\/div> \n<p>Additionally, newer and faster quantum decryption algorithms are already being developed, such as&nbsp;Jesse-Victor-Gharabaghi (JVG) \u2013 <a href=\"https:\/\/www.securityweek.com\/quantum-decryption-of-rsa-is-much-closer-than-expected\/\" target=\"_blank\" rel=\"noopener\">which caused a stir in March 2026<\/a> \u2013 as it appears to need vastly less quantum computational power (qubits) to break legacy algorithms.<\/p> \n<p>Its creators say that given the right hardware, when Q-Day comes, JVG could break RSA in 11 hours.<\/p> \n<p>\u201cBy moving earlier than government timelines, Google is effectively forcing the industry to treat post-quantum migration as an immediate operational priority rather than a future compliance exercise,\u201d said Pecen.<\/p> \n<section class=\"section main-article-chapter\" data-menu-title=\"Harvest now, decrypt later\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>Harvest now, decrypt later<\/h2>\n <p>At present, <a href=\"https:\/\/globalriskinstitute.org\/publication\/quantum-threat-timeline-report-2025b\/\" target=\"_blank\" rel=\"noopener\">much of the concern<\/a> stems from the demonstrable growth in so-called <a href=\"https:\/\/www.techtarget.com\/searchsecurity\/feature\/Cybersecurity-trends-to-watch\" target=\"_blank\" rel=\"noopener\">harvest now, decrypt later<\/a> (HNDL) cyber attacks in which threat actors exfiltrate encrypted data now and keep it in readiness for the moment present-day algorithms fail, and Simon Pamplin, chief technology officer at <a href=\"https:\/\/certes.ai\/\" target=\"_blank\" rel=\"noopener\">Certes<\/a> \u2013 a PQC specialist \u2013 said that for many organisations, the most dangerous moment in time is not the day quantum computers arrive, but rather right now.<\/p>\n <p>\u201cAdversaries are already running HNDL campaigns: exfiltrating encrypted data today with the intention of unlocking it once a cryptographically relevant quantum computer [CRQC] exists,\u201d he said.<\/p>\n <p>\u201cIf your organisation is still relying on RSA, TLS or standard PKI to protect sensitive data in transit, that data is already at risk, regardless of whether Q-Day lands in 2029 or 2035,\u201d added Certes.<\/p>\n <p>\u201cWith data flowing across legacy systems, multi-cloud environments, AI and the edge, the potential risk organisations face today is very real, and extremely serious if left unchecked.\u201d<\/p>\n<\/section>     \n<section class=\"section main-article-chapter\" data-menu-title=\"Next steps\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>Next steps<\/h2>\n <p>Matt Campagna, who chairs ETSI\u2019s Quantum-Safe Cryptography working group, said Google\u2019s prioritisation of quantum-resistant digital signatures demonstrated important industry leadership in the field, and hailed significant progress in a field for which ETSI has been advocating for 13 years.<\/p>\n <p>\u201cOrganisations operating information technology systems should take note,\u201d he said. \u201cUnderstanding local PQC migration timelines, as set by customers and regulators, is now essential. Businesses must develop their own PQC migration strategies and actively engage with vendors and suppliers to ensure alignment.\u201d<\/p>\n <p>Certes\u2019 Pamplin echoed this sentiment. \u201cPost-quantum migration is a multi-year project for most organisations, and with Gartner predicting a CRQC could arrive by 2029, the gap between where most businesses are and where they need to be is closing fast \u2013 and action should be taken today,\u201d he said.<\/p>\n <p>Some of the looming challenges that business tech leaders will soon need to face include legacy systems that may prove impossible to natively upgrade to PQC, multi-cloud environments causing issues due to inconsistent security models and data privacy policies, and gaps around the user and network edge.<\/p>\n <p>Pamplin said: \u201cFirms need to look at end-to-end PQC solutions that are able to protect data across any app, any infrastructure, anywhere. Specifically, solutions that enforce sovereign, crypto-agile PQC protection, where only the data owner controls the key, from server to edge, and ones where protection persists with the data, not infrastructure.<\/p>\n <p>\u201cQuantum readiness isn\u2019t about predicting a date,\u201d he said. \u201cIt\u2019s about eliminating a long-term exposure before that date becomes irrelevant.\u201d<\/p>\n<\/section>","description":"Google\u2019s decision to move up its timeline for migration to post-quantum cryptography highlights that some of the cyber security risks posed by quantum computing are already reality","image":"https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/HeroImages\/risk-Omid-studio-adobe.jpg","link":"https:\/\/www.computerweekly.com\/news\/366640684\/Shrinking-PQC-timeline-highlights-immediate-risk-to-data-security","pubDate":"Tue, 31 Mar 2026 05:30:00 GMT","title":"Shrinking PQC timeline highlights immediate risk to data security"},{"body":"<p>Work to translate the <a href=\"https:\/\/cfit.org.uk\/\" target=\"_blank\" rel=\"noopener\">Centre for Finance, Innovation and Technology\u2019s<\/a> (CFIT\u2019s) Digital Company ID blueprint into practical, real-world deployments of reusable digital identities for UK businesses is bearing fruit as the project reaches its latest milestone.<\/p> \n<p>The CFIT this week unveiled the outcomes of its <a href=\"https:\/\/www.computerweekly.com\/news\/366620195\/CFIT-publishes-blueprint-for-digital-company-business-IDs\" target=\"_blank\" rel=\"noopener\">Digital Company ID Coalition<\/a> at a showcase event at which three industry-led working groups, led by UK Finance, Smart Data and Technology Alliance, Select ID, A&amp;O Shearman and Skadden \u2013 supported by the likes of&nbsp;Yoti, OneID, Dun &amp; Bradstreet, Alloy, Monzo, Lloyds Banking Group and Differential AI<i> \u2013 <\/i>shared their work so far.<\/p> \n<p>Almost <a href=\"https:\/\/www.computerweekly.com\/news\/366616523\/UK-economy-could-see-600m-boost-through-digital-IDs-for-businesses\" target=\"_blank\" rel=\"noopener\">18 months on from the project's inception<\/a>, the groups have now collectively delivered a series of priority use cases \u2013 focusing on financial services onboarding, supplier verification, marketplace identity and government identity; built a trust and governance framework allowing scalable adoption across sectors; conducted extensive analysis of the commercial models and market opportunity needed to support long-term implementation; and finally, and finally, reported back with a pathway to a live, interoperable prototype&nbsp;demonstrating that Digital Company ID is indeed a feasible concept.<\/p> \n<p>\u201cDigital Company ID is a systemic challenge that no single organisation can solve alone. Through this coalition, CFIT has brought together deep technical expertise from across industry, government and technology to move from concept to practical delivery,\u201d said CFIT CEO Anna Wallace.<\/p> \n<p>\u201cThe foundations are now in place, and the focus rightly shifts to implementation - turning this collaborative work into real-world infrastructure that strengthens trust and reduces friction for businesses across the UK economy. I\u2019m deeply proud of the progress we have made alongside our partners to make this happen,\u201d she said.<\/p> \n<p>CFIT said its coalition had proven that Digital Company ID has the potential to remake how UK organisations prove their identities online, reducing fraud, simplifying onboarding and enabling faster, more secure digital transactions.<\/p> \n<p>Currently, businesses face \u201cpersistent inefficiencies\u201d when it comes to proving their identity to access financial and other professional services, said CFIT. One of the biggest challenges they face is the requirement to repeatedly provide the same verification information to different institutions, which creates burdensome and unnecessary administrative work, slows access to services, and increases the cost of compliance. A unified digital ID standard may help alleviate this.<\/p> \n<p>Industry and policymakers are already strongly aligned on the need for a trusted digital identity infrastructure for British businesses, the organisation added.<\/p> \n<p>CFIT\u2019s own data says that over 80% of SMEs in the country would actually be willing to pay for a Digital Company ID to support a wide range of applications, which includes fraud prevention, financial services onboarding, marketplace verification, and government reporting.<\/p> \n<section class=\"section main-article-chapter\" data-menu-title=\"Next steps\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>Next steps<\/h2>\n <p>In the coming weeks, the project will move to the next phase in its development, with the <a href=\"https:\/\/www.cityoflondon.gov.uk\/about-us\/about-the-city-of-london-corporation\" target=\"_blank\" rel=\"noopener\">City of London Corporation<\/a> taking responsibility for coordinating implementation that is expected to eventually lead to a market-led orchestration model \u2013 CFIT will maintain strategic oversight and offer advisory support in this process.<\/p>\n <p>City<b><i> <\/i><\/b>of London Corporation policy chairman Chris Hayward said: \u201cFraud is a global challenge and remains a principal threat to the integrity of financial markets. As a founder of CFIT, and through participation in these working groups, City of London Corporation supports CFIT's conclusion that verified, reusable company identity confronts this challenge directly.<\/p>\n <p>\u201cIt improves security, while removing friction for legitimate businesses that create jobs and generate growth. City of London is committed to ensuring our financial centre remains the safest, most transparent, and most competitive in the world,\u201d he said.<\/p>\n <div class=\"extra-info\">\n  <div class=\"extra-info-inner\">\n   <h3 class=\"splash-heading\">Read more about digital ID<\/h3> \n   <ul class=\"default-list\"> \n    <li>Westminster's eight-week consultation aims to get the public\u2019s view on how the proposed digital ID system would work, and contemplates introducing a universal unique identifier <a href=\"https:\/\/www.computerweekly.com\/news\/366639956\/Whitehall-launches-digital-ID-consultation\" target=\"_blank\" rel=\"noopener\">linked to the ID<\/a>.<\/li> \n    <li>The UK government\u2019s recently announced digital ID scheme aims to curb the prospect of work for undocumented migrants, along with claiming benefits for UK citizens and legal residents. <a href=\"https:\/\/www.computerweekly.com\/feature\/Is-Digital-ID-worth-the-risk\" target=\"_blank\" rel=\"noopener\">However, are the threats to our personal data worth the risk?<\/a><\/li> \n    <li>The proposed national digital identity app will no longer be compulsory for conducting right-to-work checks, removing the most contentious <a href=\"https:\/\/www.computerweekly.com\/news\/366637189\/UK-government-backtracks-on-plans-for-mandatory-digital-ID\" target=\"_blank\" rel=\"noopener\">and widely criticised element of the scheme<\/a>.<\/li> \n   <\/ul>\n  <\/div>\n <\/div>\n<\/section>","description":"Industries and policymakers are strongly aligned on the need for digital company IDs for UK businesses, as progress is made towards the implementation of a practical standard","image":"https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero%20Images\/bank-online-banking-adobe.jpeg","link":"https:\/\/www.computerweekly.com\/news\/366640405\/Digital-IDs-edge-closer-to-practical-reality-for-UK-businesses","pubDate":"Tue, 17 Mar 2026 15:36:00 GMT","title":"Digital IDs edge closer to practical reality for UK businesses"},{"body":"<p>NetApp has refreshed <a href=\"https:\/\/www.computerweekly.com\/news\/366611834\/NetApp-E-series-Not-part-of-the-big-message-but-here-to-stay-says-CEO\">its E-Series line<\/a> with two <a href=\"https:\/\/www.computerweekly.com\/resources\/Flash-storage-and-solid-state-drives-SSDs\">all-flash<\/a> models \u2013 the EF50 and EF80 \u2013 aimed at artificial intelligence (AI) training, inferencing and high-performance computing (HPC) workloads.<\/p> \n<p>The launch comes with a claimed performance boost of 2.5x for these E-Series arrays. E-Series has long been the speedy option in <a href=\"https:\/\/www.computerweekly.com\/feature\/NetApp-Not-just-NAS-filers-and-a-comprehensive-cloud-strategy\">NetApp\u2019s portfolio<\/a> for applications that require dedicated bandwidth rather than the advanced storage functionality of the Ontap-based FAS and AFF lines.<\/p> \n<p>The new arrays are built to tackle the \u201cdata-starving\u201d problem seen in GPU-heavy environments where storage I\/O does not keep GPU utilisation at optimum levels. According to NetApp, the EF80 delivers more than 100GBps read throughput and 57GBps write throughput, and targets checkpoint writes during generative AI (GenAI) training, for example.<\/p> \n<p>The 2.5x performance improvement over the previous generation is a significant jump from the existing EF models. In terms of density, NetApp packs 1.5 petabytes of storage into a 2U chassis, a move designed to curb the ever-growing power and cooling footprint in modern datacentres.<\/p> \n<section class=\"section main-article-chapter\" data-menu-title=\"Targeting neoclouds\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>Targeting neoclouds<\/h2>\n <p>Sandeep Singh, senior vice-president and general manager for storage with NetApp, said: \u201cWe are delivering proven and affordable high-performance, extreme performance, for the most performance-intensive and demanding workloads.<\/p>\n <p>\u201cThat includes <a href=\"https:\/\/www.computerweekly.com\/news\/366611617\/NetApp-maintains-push-to-data-management-for-AI\">AI use cases<\/a> inclusive of AI training, AI inferencing, HPC workloads and transactional database workloads, not only for the enterprises, but also for neoclouds, sovereign AI clouds and AI-powered manufacturing use cases.\u201d<\/p>\n <p>Singh said EF-Series is intended to serve as the high-speed \u201cscratch space\u201d in a tiered architecture, often paired with parallel file systems such as Lustre or BeeGFS. This allows the E-Series to act as a high-performance engine at the front end, while larger, more persistent data stores sit behind it.<\/p>\n<\/section>    \n<section class=\"section main-article-chapter\" data-menu-title=\"E-Series heritage\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>E-Series heritage<\/h2>\n <p>The E-Series has occupied a unique space within NetApp. Its DNA doesn\u2019t come from the company's famous WAFL-based filers, but from the 2011 acquisition of Engenio (from LSI). This gave NetApp a much-needed block-storage play and for workloads where the bells and whistles of Ontap were actually a hindrance.<\/p>\n <p>E-Series has been a quiet workhorse, often found working with offerings from IBM, Dell, and Teradata. While NetApp\u2019s primary AFF\/FAS lines focus on unified storage with heavy data reduction, the E-Series has remained the go-to for dedicated, high-duty-cycle applications. Its SANtricity operating system favours raw performance and simplicity.<\/p>\n<\/section>   \n<section class=\"section main-article-chapter\" data-menu-title=\"Powering the rack\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>Powering the rack<\/h2>\n <p>As the focus in the datacentre shifts from mere capacity to power draw, E-Series density is a primary defence. Singh noted that storage draw is a \u201csmall fraction\u201d of what a rack of GPUs pulls. By feeding GPUs more efficiently and reducing idle time, the net effect is a more streamlined, if still power-hungry, AI infrastructure.<\/p>\n <p>Singh said: \u201cWhen you put it in the context of GPUs, these arrays enable the GPUs to not be sitting idle and starving. And to that part of it, if you can optimise it, you\u2019re reducing wasted power and boosting utilisation of those GPUs. That also goes into the equation for customers.\u201d<\/p>\n <p>This release puts NetApp into tighter competition with the likes of Pure Storage and its FlashArray\/\/XL, as well as Dell\u2019s Project Lightning. While Pure focuses on a unified architecture, NetApp\u2019s strategy remains \u201chorses for courses\u201d, using E-Series for raw throughput while keeping ONTAP for general-purpose enterprise data management.&nbsp;<\/p>\n <div class=\"extra-info\">\n  <div class=\"extra-info-inner\">\n   <h3 class=\"splash-heading\">Read more about NetApp storage<\/h3> \n   <ul class=\"default-list\"> \n    <li><a href=\"https:\/\/www.computerweekly.com\/feature\/NetApp-Not-just-NAS-filers-and-a-comprehensive-cloud-strategy\">NetApp: Not just NAS filers, and a comprehensive cloud strategy<\/a>. NetApp market share has slipped, but it has built out storage across file, block and object, plus capex purchasing, Kubernetes storage management and hybrid cloud.<\/li> \n    <li><a href=\"https:\/\/www.computerweekly.com\/news\/366611834\/NetApp-E-series-Not-part-of-the-big-message-but-here-to-stay-says-CEO\">NetApp E-series: Not part of the big message, but here to stay, says CEO<\/a>. We asked NetApp about its high-performance computing-focused E-series block storage arrays and found inconsistent messaging but ultimately a commitment from CEO George Kurian to retain it.&nbsp;<\/li> \n   <\/ul>\n  <\/div>\n <\/div>\n<\/section>","description":"High-performance non-ONTAP workhorse targets AI use cases and aims to ensure GPUs get fed optimally, with claimed 2.5x boost in performance over previous models","image":"https:\/\/cdn.ttgtmedia.com\/visuals\/German\/article\/GPU-datacentre-2-adobe.jpg","link":"https:\/\/www.computerweekly.com\/news\/366640454\/NetApp-targets-E-Series-at-AI-era-with-EF50-and-EF80","pubDate":"Tue, 17 Mar 2026 09:00:00 GMT","title":"NetApp targets E-Series at AI and neoclouds with EF50 and EF80"},{"body":"<p>Everpure has announced Evergreen One for AI, a performance-backed consumption model for artificial intelligence (AI) that extends to use of its <a href=\"https:\/\/www.computerweekly.com\/news\/366620538\/Pure-aims-at-AI-beyond-the-enterprise-with-FlashBlade-Exa\">FlashBlade\/\/Exa<\/a> <a href=\"https:\/\/www.computerweekly.com\/resources\/Flash-storage-and-solid-state-drives-SSDs\">high-performance storage<\/a>. Meanwhile, the company \u2013 <a href=\"https:\/\/www.computerweekly.com\/news\/366639189\/Pure-Storage-rebrands-to-Everpure-as-storage-makers-business-expands-focus-to-data-management\">known as Pure Storage until recently<\/a> \u2013 has announced the beta release of its Datastream automated AI pipeline appliance.&nbsp;<\/p> \n<p>Evergreen One for AI differs from existing flexible capacity offers in the Everpure range by providing use of FlashBlade\/\/Exa and service-level agreements (SLA) based on graphics processing unit (GPU) count. The aim here is to ensure that the storage environment provides the throughput to keep GPU resources fully utilised.<\/p> \n<p>FlashBlade\/\/Exa, Everpure\u2019s highest-performance platform, was previously excluded from the <a href=\"https:\/\/www.computerweekly.com\/feature\/Pures-storage-as-a-service-We-can-offer-what-others-cant\">Evergreen One consumption model<\/a>.&nbsp;<\/p> \n<p>Exa aims at AI and high-performance computing (HPC) workloads that demand extremely high throughput, likely in customers between large enterprise users of AI and the hyperscalers.<\/p> \n<p>At its launch, FlashBlade\/\/Exa introduced an architecture to the Pure product line in which metadata and bulk storage are disaggregated with different hardware and protocols in use.<\/p> \n<p>Kaycee Lai, vice-president for AI with Everpure, said Evergreen One for AI shifted the financial and operational risk away from the customer. \u201cSpecifically, we have an offering which we call Evergreen One for AI,\u201d he said. \u201cThe big difference for AI is that we set the performance level of the offering based on the number of GPUs that you have \u2026 it is an SLA-backed performance guarantee.\u201d<\/p> \n<p>Evergreen One and Flex are Pure Storage\u2019s pay-as-you-go procurement models, while Forever involves upfront purchase with built-in upgrades.<\/p> \n<section class=\"section main-article-chapter\" data-menu-title=\"Automating the RAG pipeline\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>Automating the RAG pipeline<\/h2>\n <p>Everpure also announced the beta availability of Datastream. First previewed in late 2024, Datastream is a \u201csingle SKU\u201d appliance that integrates Nvidia GPUs with Everpure storage. It is designed to tackle the \u201cdata readiness\u201d challenge, said Lai. This refers to the oft-cited statistic that data teams spend 80% of their time preparing unstructured data for use.<\/p>\n <p>The appliance automates the <a href=\"https:\/\/www.computerweekly.com\/feature\/RAG-AI-Do-it-yourself-says-NYC-data-scientist\">retrieval-augmented generation<\/a> (RAG) pipeline, which includes ingest, curation and vectorisation of data. By providing an integrated hardware and software stack, Everpure aims to provide an \u201ceasy button\u201d for enterprises building chatbots or autonomous agents, he said.<\/p>\n <p>The software capability behind Datastream was built in-house, though it can connect to third-party data sources including Dell, HP and NetApp environments, as well as cloud-resident data. This flexibility allows the appliance to act as a central hub for AI readiness regardless of where the data lives.<\/p>\n <p>\u201cToday, people run RAG pipelines \u2026 they do the chunking, the embedding, the indexing to make sure that the data is going to be accurate and relevant so that chatbot agents can consume them in a specific format,\u201d said Lai. \u201cThat takes up about 80% of most data teams\u2019 time because there\u2019s no standard tool.\u201d<\/p>\n<\/section>     \n<section class=\"section main-article-chapter\" data-menu-title=\"Underpinning performance\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>Underpinning performance<\/h2>\n <p>To support these launches, Everpure revealed new benchmarks intended to validate its hardware under AI stress. In MLPerf 2.0 testing, the company claimed the top spot for checkpointing \u2013 a critical function for saving the state of a model during long training runs \u2013 reporting results up to two times better than competitors such as Huawei and Vast.<\/p>\n <p>The company also cited Spec Storage AI image benchmarks, where it outperformed NetApp\u2019s AFX platform by approximately 20%, he said.<\/p>\n <div class=\"extra-info\">\n  <div class=\"extra-info-inner\">\n   <h3 class=\"splash-heading\">Read more about storage and AI<\/h3> \n   <ul class=\"default-list\"> \n    <li><a href=\"https:\/\/www.computerweekly.com\/feature\/Storage-technology-explained-AI-and-the-data-storage-it-needs\">Storage technology explained: AI and data storage<\/a>: In this guide, we examine the data storage needs of artificial intelligence, the demands it places on data storage, the suitability of cloud and object storage for AI, and key AI storage products.<\/li> \n    <li><a href=\"https:\/\/www.computerweekly.com\/feature\/Storage-technology-explained-Vector-databases-at-the-core-of-AI\">Storage technology explained: Vector databases at the core of AI<\/a>: We look at the use of vector data in AI and how vector databases work, plus vector embedding, the challenges for storage of vector data and the key suppliers of vector database products.<\/li> \n   <\/ul>\n  <\/div>\n <\/div>\n<\/section>","description":"Nvidia GTC is the occasion for beta launch of its Datastream appliance that marries software to ingest and manage AI data pipelines with Everpure storage and GPU resources","image":"https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero%20Images\/Cambridge-1-GPU-CREDIT-NVIDIA-hero.jpg","link":"https:\/\/www.computerweekly.com\/news\/366640415\/Everpures-Evergreen-One-for-AI-brings-Exa-flash-and-GPU-based-service-level-agreements","pubDate":"Mon, 16 Mar 2026 16:30:00 GMT","title":"Everpure\u2019s Evergreen One for AI brings Exa flash and GPU-based service-level agreements"},{"body":"<p><a href=\"https:\/\/www.gov.uk\/government\/organisations\/companies-house\" target=\"_blank\" rel=\"noopener\">Companies House<\/a>, the UK\u2019s business registrar, has successfully rebooted its online WebFiling service after it emerged that a previously unknown cyber security issue exposed various data on companies and people associated with them to other logged-in users.<\/p> \n<p>The flaw \u2013 which appears to have arisen during a WebFiling update last year \u2013 was never accessible to the general public and only logged-in users in possession of an authorised code could have exploited it. Companies House pulled WebFiling offline at lunchtime on Friday 13 March to investigate and remediate.<\/p> \n<p>Companies House found the data exposed included dates of birth, residential addresses and company addresses. It also discovered that it may have been possible for people to make unauthorised actions \u2013 such as changing directors or even filing accounts.<\/p> \n<p>It stressed that no credentials or data used for identity verification such as passport information, and neither could any existing filed documents have been altered.<\/p> \n<p>Companies House chief executive Andy King said: \u201cWe are asking all companies to check their registered details and filing history to make sure everything appears correct. If a company has a concern, please&nbsp;<a href=\"https:\/\/www.gov.uk\/government\/organisations\/companies-house\/about\/complaints-procedure\" target=\"_blank\" rel=\"noopener\">raise a complaint<\/a> and include evidence to describe the concern.&nbsp;I recognise that this incident will have caused concern and inconvenience to many of the companies and individuals who rely on our services. I am sorry for that.<\/p> \n<p>\u201cCompanies House takes its responsibility to protect the data entrusted to us extremely seriously. We have taken swift action to secure and restore our service, and are committed to doing everything in our power to support those affected and to making sure that our services continue to merit the trust placed in them,\u201d said King.<\/p> \n<p>The incident has been reported to both the Information Commissioner\u2019s Office (ICO) and the National Cyber Security Centre (NCSC). King said that the registrar was still actively analysing its data to try to identify any anomalies, adding: \u201cIf we find evidence that anyone has used this issue to access or change another company\u2019s details without authorisation, we will take firm action.\u201d<\/p> \n<section class=\"section main-article-chapter\" data-menu-title=\"Simple vulnerability\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>Simple vulnerability<\/h2>\n <p>The issue was first reported to Companies House by Dan Neidle, of non-profit thinktank <a href=\"https:\/\/taxpolicy.org.uk\/\" target=\"_blank\" rel=\"noopener\">Tax Policy Associates<\/a>, on behalf of John Hewitt, operations director at <a href=\"https:\/\/ghostmail.co.uk\/\" target=\"_blank\" rel=\"noopener\">Ghost Mail<\/a>, a provider of mailing address services.<\/p>\n <p>Writing online, Neidle said the vulnerability was \u201cincredibly simple\u201d to exploit. All a logged-in user needed to do was click through the \u201cfile for another company\u201d option \u2013 which would usually prompt for an authentication code to stop unauthorised access. However, if the logged-in user hit their backspace key a few times they would be sent back not to their own dashboard, but to the \u201ctarget\u201d company\u2019s.<\/p>\n <p>Neidle said that the two men were able to use the vulnerability to view the private dashboard of another individual \u2013 with permission from them \u2013 and to successfully modify his own registered address at Companies House. \u201cI was incredulous at what John showed me,\u201d he said.<\/p>\n<\/section>    \n<section class=\"section main-article-chapter\" data-menu-title=\"Was the bug exploited?\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>Was the bug exploited?<\/h2>\n <p>It is unclear if the bug was ever exploited, but in Companies House\u2019s view it was also highly unlikely that any systematic access to company records or large-scale data exfiltration took place because any access that did occur would have been limited to individual company records, viewed one at a time, by a registered user.<\/p>\n <p>Neidle noted that the flaw had been live and exploitable since October 2025, which meant there is a distinct policy that it was discovered by a threat actor. He said that if this had been the case, it was likely used \u201ccarefully, selectively and for profit\u201d because broad exploitation would have been swiftly discovered.<\/p>\n <p>William Wright, CEO of <a href=\"https:\/\/www.cdsec.co.uk\/\" target=\"_blank\" rel=\"noopener\">Closed Door Security<\/a>, said the ability to access and edit company details presented a huge amount of leeway for both explicit and subtle fraud, and had caused serious uncertainty around a system used by the vast majority of UK companies.<\/p>\n <p>\u201cCompany directors and C-suite are already lucrative targets for phishing and fraudsters; these individuals typically have privileged access in company systems and are privy to sensitive and valuable information,\u201d said Wright.<\/p>\n <p>\u201cBeing able to acquire details like home addresses, etc. makes targeted attacks like spear phishing against these individuals far more viable and increases the potential for many other kinds of fraud and targeted harassment. This is to mention nothing of the GDPR implications were information to be exposed.<\/p>\n <p>\u201cThat companies\u2019 registration details could also be modified presents obvious problems. Companies can be penalised in various ways for providing inaccurate information when filing, and this can lead in some instances to serious accusations of fraud. The fact details could be modified by anyone without authorisation could raise serious problems for future investigations, especially if there\u2019s any suspicion of tampering.\u201d<\/p>\n <p>Wright added that the length of time for which the flaw went undetected also raises more serious questions for Companies House as it suggests the body tasked with providing the public with an single, transparent source of accurate information on British businesses, lacked appropriate auditing, logging or testing procedures that might have spotted it sooner, and without outside help.<\/p>\n <p>\u201cIf the government and Companies House's current security testing processes were fit for purpose, flaws like this should not have occurred,\u201d said Wright. \u201cGiven that many companies are required by law to use these services, basic testing and data protection are absolutely critical, especially if the government wants to retain its credibility with the business community.\u201d<\/p>\n <div class=\"extra-info\">\n  <div class=\"extra-info-inner\">\n   <h3 class=\"splash-heading\">Read more about data breaches<\/h3> \n   <ul class=\"default-list\"> \n    <li>Details of over 70 million customers of US sportswear giant Under Armour were leaked following a supposed ransomware attack <a href=\"https:\/\/www.computerweekly.com\/news\/366637595\/Sportswear-firm-Under-Armour-falls-victim-to-data-breach\" target=\"_blank\" rel=\"noopener\">by the Everest gang<\/a>.<\/li> \n    <li>Synnovis, the pathology lab services provider hit by a Qilin ransomware attack in 2024, is notifying its NHS partners that their patient data was compromised, <a href=\"https:\/\/www.computerweekly.com\/news\/366634454\/Synnovis-to-notify-NHS-of-data-breach-after-nearly-18-months\" target=\"_blank\" rel=\"noopener\">following a lengthy investigation<\/a>.<\/li> \n    <li>Many more data breaches at the MoD's Arap programme to relocate at-risk Afghan citizens to Britain have emerged <a href=\"https:\/\/www.computerweekly.com\/news\/366629784\/Scale-of-MoD-Afghan-data-breaches-widens-dramatically\" target=\"_blank\" rel=\"noopener\">following an FoI request by BBC journalists.<\/a><\/li> \n   <\/ul>\n  <\/div>\n <\/div>\n<\/section>","description":"Companies House was forced to pull its WebFiling service offline at the weekend after it emerged that a flawed update was putting data at risk of exposure","image":"https:\/\/cdn.ttgtmedia.com\/visuals\/German\/article\/Data-breach-hacker-adobe.jpg","link":"https:\/\/www.computerweekly.com\/news\/366640295\/Companies-House-restarts-online-services-following-cyber-breach","pubDate":"Mon, 16 Mar 2026 14:35:00 GMT","title":"Companies House restarts online services following cyber breach"},{"body":"<p>When US president Trump implemented sanctions against the <a href=\"https:\/\/www.computerweekly.com\/opinion\/Microsofts-ICC-email-block-reignites-European-data-sovereignty-concerns\">International Criminal Court (ICC)<\/a> in February 2025, it wasn\u2019t long before ICC chief prosecutor Karim Khan found himself locked out of his Microsoft 365 email account.<\/p> \n<p>This sent digital sovereignty-shaped shock waves across Europe and raised fears that US <a href=\"https:\/\/www.computerweekly.com\/resources\/Cloud-computing-services\">cloud hyperscalers<\/a> could wield a \u201ckill switch\u201d against customers that fall foul of US political imperatives. Many saw it as another example of the US\u2019s \u201cAmerica First\u201d policies hitting home, this time in the digital domain and against an organisation\u2019s vital information infrastructure.<\/p> \n<p>For the ICC, it pushed the organisation to migrate to German supplier ZenDiS\u2019s openDesk, which provides office productivity tools based on open source, <a href=\"https:\/\/www.computerweekly.com\/news\/366626126\/UK-data-reforms-become-law\">GDPR-compliant<\/a> technology.<\/p> \n<p>For many others in the UK and Europe, it pushed the question of digital sovereignty to the fore. In response to the ICC-Microsoft affair, for example, Dutch lawmakers petitioned their government to move to 30% Dutch or European cloud services by 2029.&nbsp;<\/p> \n<p>In this article, we look at data sovereignty in terms of the risks \u2013 political, legal and economic \u2013 with special reference to the massive <a href=\"https:\/\/www.computerweekly.com\/feature\/Go-big-or-go-home-Should-UK-IT-buyers-favour-US-clouds-or-homegrown-providers\">penetration of US hyperscalers in the UK<\/a> and European markets. We also hear from voices concerned about US hyperscaler penetration into the public sector, vital services and the cloud economy, and reveal massive penetration of the UK public sector by the hyperscalers.&nbsp;<\/p> \n<p>This is the first article in a series, with the next looking more deeply at campaigner concerns and state-level responses around data sovereignty.<\/p> \n<section class=\"section main-article-chapter\" data-menu-title=\"What is data\/digital sovereignty?\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>What is data\/digital sovereignty?<\/h2>\n <p>To discuss <a href=\"https:\/\/www.computerweekly.com\/news\/366637125\/Campaigners-urge-UK-to-develop-digital-sovereignty-strategy\">data sovereignty<\/a> at all, we need to arrive at a working definition or a set of definitions. The idea of data sovereignty comes from the wider political notion of sovereignty as applied to states, where it means the solely held power to govern a country.<\/p>\n <p>When it comes to data, we can extend that idea to mean complete control over data and applications to give us a concept of data sovereignty or digital sovereignty. That could apply to enterprises and their need to retain data in specific jurisdictions to meet legal and regulatory requirements.<\/p>\n<\/section>   \n<section class=\"section main-article-chapter\" data-menu-title=\"What are the risks to nation states around data sovereignty?\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>What are the risks to nation states around data sovereignty?<\/h2>\n <p>The risks to nation states around data sovereignty fall under three main categories:<\/p>\n <ul class=\"default-list\"> \n  <li>Risks of political interference from foreign states;<\/li> \n  <li>Legal interference when the laws of one state affect data held in another;<\/li> \n  <li>Issues of economic sovereignty, where the degree of foreign company control over data in an economy is considered a risk.<\/li> \n <\/ul>\n<\/section>   \n<section class=\"section main-article-chapter\" data-menu-title=\"The political risk and the hyperscaler \u2018kill switch\u2019\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>The political risk and the hyperscaler \u2018kill switch\u2019<\/h2>\n <p>The ICC-Microsoft affair shows that data sovereignty isn\u2019t just theoretical. It\u2019s a live risk, says Liberal Democrat spokesperson for science, innovation and technology, Tim Clement-Jones.<\/p>\n <p>\u201cIf you see that kind of risk, where a hyperscaler like Microsoft can be pressured to withdraw a service, you have to look at the fact that we are so heavily embedded \u2013 we\u2019ve got Microsoft, AWS and Google all over government,\u201d he says. \u201cWhere are the alternative UK suppliers?\u201d<\/p>\n <p>US president Trump and his unpredictable and\/or targeted decision-making have been a major driver around data sovereignty, not least because so much cloud capability deployed across the globe is US-owned, in particular by the three main hyperscalers \u2013 AWS, Microsoft and Google Cloud.<\/p>\n<\/section>    \n<section class=\"section main-article-chapter\" data-menu-title=\"The legal risk and \u2018jurisdictional overreach\u2019\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>The legal risk and \u2018jurisdictional overreach\u2019<\/h2>\n <p>Then there are concerns around legal interference. This is where the laws of one country apply to data held in systems that may also be subject to the laws of another. This is referred to as \u201cjurisdictional overreach\u201d.<\/p>\n <p>Risks of that type around data sovereignty are exemplified by the US Cloud Act and Chinese National Intelligence Law (NIL), which both create situations where the laws of one country directly conflict with the laws of another, where the data is protected.&nbsp;<\/p>\n <p>The US Clarifying Lawful Overseas Use of Data (Cloud) Act was passed in 2018, and empowers US law enforcement agencies to compel US-based technology companies to provide data to them, wherever that data is stored, inside or outside the US.&nbsp; That requirement directly affects privacy laws elsewhere, such as the EU\u2019s GDPR, which prohibits transfer of data to a third country.&nbsp;<\/p>\n <p>Meanwhile, the Chinese NIL mandates assistance and cooperation with Chinese state intelligence work and can apply to Chinese companies and citizens wherever they are. Like the US Cloud Act, GDPR makes it impossible to comply with this in Europe because the NIL might require a company to hand over data on customers in Europe, again contravening transfer of data overseas.&nbsp;<\/p>\n<\/section>     \n<section class=\"section main-article-chapter\" data-menu-title=\"The economic risk: becoming a \u2018digital colony\u2019\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>The economic risk: becoming a \u2018digital colony\u2019<\/h2>\n <p>There\u2019s a point where worries about foreign political interference and data sovereignty become entwined with issues of economic sovereignty.&nbsp; The concern is that UK and European states don\u2019t have the homegrown capacity to offer cloud and software services as the US giants do, and that is a risk to the economic wellbeing of those countries.<\/p>\n <p>Axel Voss, German Christian Democrat MEP in the European Parliament, is a keen advocate of building increased European economic sovereignty in the digital realm, saying that he believes Europe risks becoming a digital colony of the US or China.&nbsp;<\/p>\n <p>\u201cIt shows up when Europe\u2019s daily digital life and increasingly our critical infrastructure runs on non-European hardware, software, cloud services and platforms,\u201d says Voss. \u201cThat means the next technological wave can be shaped by actors who don\u2019t share our values or standards. That creates systemic risks for prosperity, privacy and security, and it can leave Europeans feeling that democratic institutions have \u2018lost control\u2019 over the digital environment.<\/p>\n <p>\u201cThe biggest risks are strategic lock-in and unilateral dependencies. If core collaboration tools, identity, storage, cloud and AI are controlled elsewhere, Europe\u2019s administrations and companies lose real freedom of choice and bargaining power.\u201d<\/p>\n <p>That dependency can sometimes come to light in shocking ways. Last year, it was revealed that Scottish police forces that use Microsoft 365 have no idea what country their data may be kept in \u2013 <a href=\"https:\/\/www.computerweekly.com\/news\/366629871\/Microsoft-refuses-to-divulge-data-flows-to-Police-Scotland\">and Microsoft wouldn\u2019t tell them<\/a>.<\/p>\n <p>Clement-Jones says: \u201cTheir data can be held all over the world in any datacentre run by Microsoft. The first thing that comes into my mind is really, that\u2019s crazy. How can they do that? How do they justify that? Surely an organisation like the police force is going to demand physical sovereignty.\u201d<\/p>\n<\/section>       \n<section class=\"section main-article-chapter\" data-menu-title=\"The scale of hyperscaler penetration: the UK public sector\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>The scale of hyperscaler penetration: the UK public sector&nbsp;<\/h2>\n <p>US hyperscale cloud providers have near-universal penetration across the UK public sector and account for the majority of technology spending. In the financial year 2023\/2024, 95% of central and local public sector organisations in the UK spent budget on hyperscale cloud services. When software services that run on hyperscale cloud \u2013 such as software as a service (SaaS) \u2013 are included, that share rises to 99%.&nbsp;<\/p>\n <p>This is the case for more than 1,100 public sector bodies, including government departments, councils, police forces and NHS organisations, according to data that comes from <a href=\"https:\/\/www.computerweekly.com\/news\/366626559\/Public-sector-spends-166bn-directly-with-tech-suppliers-every-year\">analyst Tussell<\/a>. The public sector procurement specialist publishes its Tech Titans list every year of the top 150 tech suppliers by spend received from the UK public sector, and breaks that down by department. In the financial year 2023\/24, these companies were paid around \u00a317.7bn of public sector budget, which was 84% of total spend.<\/p>\n <p>In the data, it is possible to identify an actual hyperscaler in only one case \u2013 AWS is present under its own name. That's because for the most part, cloud provision comes via resellers of the three key US-owned public clouds, AWS, Microsoft Azure and Google Cloud, with Oracle and IBM also counted as hyperscalers for this analysis. Prominent cloud resellers to the UK public sector are Bytes, Capgemini and Softcat, but the list extends to around 30 such suppliers.&nbsp;<\/p>\n <p>We can verify suppliers as resellers of hyperscaler cloud provision because they publish information about their accreditations, such as AWS Premier Tier Services Partner, Azure Expert Managed Service Provider, or Google Cloud Premier Partner. That is not to say that they are solely providers of cloud connectivity, as they often provide consultancy too.&nbsp;<\/p>\n <p>Out of the \u00a317.7bn total Tech Titans spend, more than half \u2013 55% or \u00a39.9bn \u2013 was spent directly with hyperscale cloud providers or via cloud resellers of hyperscaler cloud in financial year (FY) 2023\/2024. Beyond direct or reseller provision of hyperscale cloud connectivity, suppliers that offer services that use hyperscale cloud \u2013 e.g. SaaS \u2013 can also be identified, or at least ruled out as suppliers of cloud connectivity. Adding these to direct hyperscale and cloud resellers, they accounted for 86% of total Tech Titans spend, with \u00a315.3bn going their way.<\/p>\n <p>Out of 22 government departments in the data, 21 spent budget on hyperscale cloud in some form in that year, with 13 of them spending 50% or more of their tech budget on hyperscale cloud directly or via cloud resellers.<\/p>\n <p>The top five public sector spenders on hyperscale cloud were: Ministry of Defence (\u00a31.09bn), HM Revenue &amp; Customs (\u00a31.01bn), the Home Office (\u00a3775m), Department for Work and Pensions (\u00a3622m), and NHS England (\u00a3442m).<\/p>\n <p>Out of 64 police forces and other police agencies in the data, 55 spent budget on hyperscale cloud, which rose to 59 if services that use hyperscale cloud were included. The Metropolitan Police spent \u00a3354m on hyperscale cloud.&nbsp;<\/p>\n <p>Out of 271 NHS organisations in the data, 270 spent budget on hyperscale cloud in 2023\/24.<\/p>\n<\/section>          \n<section class=\"section main-article-chapter\" data-menu-title=\"Conclusion: UK digital infrastructure dependent on foreign tech\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>Conclusion: UK digital infrastructure dependent on foreign tech<\/h2>\n <p>The Tussell\/Computer Weekly data highlights how deeply embedded US cloud infrastructure has become across the UK public sector \u2013 a reality that complicates efforts by European policymakers to promote \u201csovereign cloud\u201d alternatives.&nbsp;<\/p>\n <p>When nearly every government department and myriad local and other agencies relies on a handful of offshore entities, the line between supplied services and national sovereignty blurs. As some of the campaigners we spoke to warn, the risk is no longer just about where data sits, but whether a nation state has complete control \u2013 sovereignty \u2013 over its own critical functions.&nbsp;<\/p>\n <p>To correct this situation potentially requires a radical shift in strategy. In the next feature in this series, we look at how governments and campaigners in the UK and Europe have responded.&nbsp;<\/p>\n <div class=\"extra-info\">\n  <div class=\"extra-info-inner\">\n   <h3 class=\"splash-heading\">Read more about data sovereignty<\/h3> \n   <ul class=\"default-list\"> \n    <li><a href=\"https:\/\/www.computerweekly.com\/feature\/Auditing-classifying-and-building-a-data-sovereignty-strategy\">Auditing, classifying and building a data sovereignty strategy<\/a>: We look at data sovereignty \u2013 what it is and how to build a data sovereignty strategy around data auditing.<\/li> \n    <li><a href=\"https:\/\/www.computerweekly.com\/feature\/Public-cloud-Data-sovereignty-and-data-security-in-the-UK\">Public cloud: Data sovereignty and data security in the UK<\/a>: We assess the impact of new regulations and government policy on the ability to use public cloud services.<\/li> \n   <\/ul>\n  <\/div>\n <\/div>\n<\/section>","description":"We look at the political, legal and economic risks around data sovereignty, the fears for digital dependency and massive hyperscaler penetration in the UK public sector","image":"https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero%20Images\/passport-visa-fotolia.jpg","link":"https:\/\/www.computerweekly.com\/feature\/This-rise-of-the-splinternet-Data-sovereignty-risks-and-responses","pubDate":"Thu, 12 Mar 2026 08:17:00 GMT","title":"The rise of the splinternet? Data sovereignty risks and responses"},{"body":"<p>Planning permission has been approved for what is reported to be one of the UK\u2019s largest artificial intelligence (AI) datacentres, <a href=\"https:\/\/www.computerweekly.com\/news\/366625062\/Planning-permission-sought-for-UKs-largest-AI-datacentre-campus\">a 1GW project in north Lincolnshire<\/a>, one of the government\u2019s <a href=\"https:\/\/www.computerweekly.com\/news\/366628066\/The-UK-governments-AI-Growth-Zones-strategy-Everything-you-need-to-know\">AI growth zones<\/a>.<\/p> \n<p>But campaigners have slammed its approval and pointed out what they believe are flawed calculations in its carbon footprint projections.&nbsp;<\/p> \n<p>The planned development will be Elsham Tech Park. It will extend to approximately 1.5 million square metres and be one of the largest in the UK. Its planned 15 data halls will draw 1GW of electricity, with around 50mW generated on-site. It is proposed that <a href=\"https:\/\/www.computerweekly.com\/news\/366639658\/Huge-grid-and-heat-challenges-ahead-as-Nvidia-set-for-1MW-rack\">heat<\/a> from the site will be piped to greenhouses growing tomatoes.<\/p> \n<p>The site lies just east of the Elsham Wolds Industrial Estate, on 435 acres (176 hectares) of currently agricultural land.<\/p> \n<p>At a planned 1GW, that equals 2.2% of the current total UK electricity demand in February this year, according to <a href=\"https:\/\/www.ofgem.gov.uk\/sites\/default\/files\/2026-02\/2026-02-12-Demand-Connections-Call-for-Input.pdf\">figures from Ofgem<\/a>.<\/p> \n<p>The site is in one of the government\u2019s AI growth zones that will receive support to accelerate the development of AI-related infrastructure.&nbsp;<\/p> \n<p>According to the <a href=\"https:\/\/apps.northlincs.gov.uk\/application\/pa-2025-643\">carbon footprint statement<\/a> in the planning application, the region is well-suited to such a development because of its proximity to electricity generation centres, much of which is regarded as clean.<\/p> \n<p>It said: \u201cThe Humber accounts for approximately 20% of the UK\u2019s total electricity generation and 33% of the nation\u2019s offshore wind capacity.\u201d<\/p> \n<p>The document said that placing datacentre developments close to centres of electricity generation is beneficial because it would alleviate congestion on the grid, reduce transmission losses and align new demand to generation capacity.<\/p> \n<p>But environmental campaign group Foxglove claimed the calculations used to work out the likely carbon footprint for Elsham are faulty.&nbsp;<\/p> \n<p>It gave evidence to the planning committee that pointed out the carbon footprint statement compares the projected annual emissions of Elsham \u2013 around one million tonnes of CO<sub>2<\/sub> \u2013 with the UK\u2019s carbon budget to get a figure of 0.1% of the total carbon budget.<\/p> \n<p>In fact, the UK carbon budget figures cited in the statement are a five-year projection, and if the percentages are recalculated, that makes Elsham\u2019s contribution to the UK carbon budget more like 0.5%.<\/p> \n<blockquote class=\"main-article-pullquote\">\n <div class=\"main-article-pullquote-inner\">\n  <figure>\n   It is incredibly disappointing to see Big Tech\u2019s dubious claims of economic growth spurred by AI datacentres be put ahead of the ongoing climate crisis\n  <\/figure>\n  <figcaption>\n   <strong>Tim Squirrell, Foxglove<\/strong>\n  <\/figcaption>\n  <i class=\"icon\" data-icon=\"z\"><\/i>\n <\/div>\n<\/blockquote> \n<p>The figure, which is almost equivalent to the total climate pollution caused by all of the UK\u2019s domestic flights (1.2 million tonnes of CO<sub>2<\/sub>), is described in a council report as \u201cnot significant\u201d.<\/p> \n<p>Tim Squirrell, head of strategy at Foxglove, said: \u201cIn approving this monstrous datacentre, the council failed to properly weigh the enormous harms to the environment of the sheer quantities of electricity this development will use.<\/p> \n<p>\u201cThey ignored their own policy, which states 20% of energy must be generated through on-site renewables, and they credulously accepted the developer\u2019s incorrect figures, which underestimated the impact of this datacentre on the UK\u2019s carbon budget by a factor of five.<\/p> \n<p>\u201cIt is incredibly disappointing to see Big Tech\u2019s dubious claims of economic growth spurred by AI datacentres be put ahead of the ongoing climate crisis.\u201d<\/p> \n<p>Elsham Tech Park was incorporated last May, with directors shared with Humber Tech Park, a 386MW datacentre campus planned at South Killingholme, also in North Lincolnshire. Humber Tech Park has links to datacentre developer <a href=\"https:\/\/www.computerweekly.com\/news\/366637361\/UK-government-blindly-accepted-Iver-datacentre-environmental-assurances-it-is-claimed\">Greystoke Land<\/a>.<\/p> \n<div class=\"extra-info\">\n <div class=\"extra-info-inner\">\n  <h3 class=\"splash-heading\">Read more about datacentre developments<\/h3> \n  <ul class=\"default-list\"> \n   <li><a href=\"https:\/\/www.computerweekly.com\/feature\/DC01UK-Everything-you-need-to-know-about-the-UK-government-backed-Hertfordshire-mega-datacentre\">A proposal to build one of the biggest datacentres in Europe<\/a> has been submitted to Hertsmere Borough Council, and already has the support of the technology secretary and local councillors.<\/li> \n   <li><a href=\"https:\/\/www.computerweekly.com\/news\/366617926\/Developing-AI-datacentres-Has-the-UK-government-got-what-it-takes\">The UK government has unveiled a 50-point AI action plan<\/a>, which commits to building sovereign artificial intelligence capabilities and accelerating AI datacentre developments \u2013 but questions remain about the viability of the plans.<\/li> \n  <\/ul>\n <\/div>\n<\/div>","description":"North Lincolnshire Council approves 1GW datacentre with nearby electricity generation, but environmental campaigners say the developers did their sums wrong","image":"https:\/\/cdn.ttgtmedia.com\/visuals\/German\/article\/spark-blue-fotolia.jpg","link":"https:\/\/www.computerweekly.com\/news\/366639995\/Enormous-AI-growth-zone-datacentre-gets-planning-approval","pubDate":"Thu, 12 Mar 2026 05:31:00 GMT","title":"Enormous AI growth zone datacentre gets planning approval"},{"body":"<p>Storage infrastructure typically covers all storage devices, servers and network elements that intersect with the rest of the overall IT infrastructure and its associated technology. IT leaders must ensure that their storage administrators <a href=\"https:\/\/www.techtarget.com\/searchstorage\/tip\/5-signs-its-time-for-a-NAS-or-SAN-upgrade\">keep storage infrastructure<\/a>&nbsp;under control using proactive management techniques.<\/p> \n<p>The storage infrastructure includes the physical space, physical security, power and HVAC systems that the storage equipment uses. In addition to a primary on-premises data center, storage infrastructure can include secondary data centers, equipment rooms in buildings and storage equipment closets.<\/p> \n<p>Management of this infrastructure ensures the safe, secure and&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchstorage\/feature\/How-to-manage-storage-resiliency\">uninterrupted operation of storage services<\/a>, workload processing and related assets.<\/p> \n<p>Common storage infrastructure management techniques can include regular capacity planning; frequent backups for disaster recovery; protecting data confidentiality, integrity and availability; monitoring of storage systems and networks, building a scalable storage architecture; and establishing an enterprise storage management strategy.&nbsp;<\/p> \n<section class=\"section main-article-chapter\" data-menu-title=\"The role of artificial intelligence\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>The role of artificial intelligence<\/h2>\n <p>Before examining several key aspects of data storage management, it is important to emphasize the impact of artificial intelligence (AI) on all aspects of storage infrastructure lifecycle management. Each of the following sections can use AI to improve performance, automate key functions and improve overall storage management.&nbsp;<\/p>\n <p>For example, many tools include AI storage management capabilities, such as the following:<\/p>\n <ul type=\"disc\" class=\"default-list\"> \n  <li>Storing data <a href=\"https:\/\/www.techtarget.com\/searchstorage\/news\/366640872\/Komprise-storage-tiering-service-pledges-flash-savings\">in appropriate tiers<\/a> based on specific metrics.<\/li> \n  <li>Data based on predictive analytics that&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchstorage\/tip\/Top-10-data-storage-issues-and-how-to-overcome-them%20\">identifies potential storage issues<\/a>.<\/li> \n  <li>Faster identification and triage of&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchstorage\/tip\/Prevent-the-storage-and-data-security-risks-of-remote-work\">potential security risks<\/a>.<\/li> \n  <li>Enhancing HVAC system performance by evaluating data from various sensors.<\/li> \n <\/ul>\n <p>Using analytics to identify when storage assets may need to be upgraded or replaced.<\/p>\n<\/section>     \n<section class=\"section main-article-chapter\" data-menu-title=\"Data storage physical infrastructure\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>Data storage physical infrastructure<\/h2>\n <p>Within a data center or other storage facility, admins must manage and maintain several key components to achieve&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchstorage\/tip\/How-to-effectively-compare-storage-system-performance\">optimum storage system performance<\/a>.<\/p>\n <p>They must secure the physical data center and control access to the area. The data center could include the following security features:<\/p>\n <ul type=\"disc\" class=\"default-list\"> \n  <li>Closed-circuit television for intruder identification.<\/li> \n  <li>Doorways to the data center with at least one means of authentication, such as a proximity card or a fingerprint scanner.<\/li> \n  <li>Primary power supplies from the local utility, plus power distribution units to route power to each device.<\/li> \n  <li>Backup power systems to minimize system downtime.<\/li> \n  <li>HVAC systems to keep the temperature and humidity at prescribed levels.<\/li> \n  <li>Underfloor water detection equipment if a raised floor is used.<\/li> \n  <li>Emergency lighting.<\/li> \n  <li>Fire detection and suppression systems.<\/li> \n <\/ul>\n <p>Have at least two access\/egress points in the facility, each protected by security systems.<\/p>\n <p>In addition, to help ensure&nbsp;an <a href=\"https:\/\/www.techtarget.com\/searchstorage\/tip\/Tips-to-reduce-the-environmental-impact-of-data-storage\">environmentally friendly and sustainable infrastructure<\/a>, use energy-efficient equipment and comply with existing&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchdatacenter\/tip\/Use-ISO-500012018-as-a-guide-for-green-data-centers\">standards and regulations for green data centers<\/a>.&nbsp;<\/p>\n <figure class=\"main-article-image full-col\" data-img-fullsize=\"https:\/\/www.computerweekly.com\/rms\/onlineimages\/storage_infrastructure_management_components-f.png\">\n  <img data-src=\"https:\/\/www.computerweekly.com\/rms\/onlineimages\/storage_infrastructure_management_components-f_mobile.png\" class=\"lazy\" data-srcset=\"https:\/\/www.computerweekly.com\/rms\/onlineimages\/storage_infrastructure_management_components-f_mobile.png 960w,https:\/\/www.computerweekly.com\/rms\/onlineimages\/storage_infrastructure_management_components-f.png 1280w\" alt=\"Chart of storage infrastructure management components\" height=\"504\" width=\"560\">\n  <figcaption>\n   <i class=\"icon pictures\" data-icon=\"z\"><\/i>Storage infrastructure management components include servers, security and networking.\n  <\/figcaption>\n  <div class=\"main-article-image-enlarge\">\n   <i class=\"icon\" data-icon=\"w\"><\/i>\n  <\/div>\n <\/figure>\n<\/section>       \n<section class=\"section main-article-chapter\" data-menu-title=\"Data storage technology infrastructure\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>Data storage technology infrastructure<\/h2>\n <p>Storage servers connect storage devices to users and help plan, organize and manage resources. Storage can be on fixed&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchstorage\/feature\/Hybrid-drive-vs-SSD-Whats-best-for-your-organization\">HDDs, SSDs<\/a>, RAID arrays, NAS and remote cloud-based storage.<\/p>\n <p><a href=\"https:\/\/www.techtarget.com\/searchitoperations\/tutorial\/Guide-to-Windows-storage-management-using-Storage-Spaces\">Storage infrastructure management tools<\/a>&nbsp;must ensure high-performance storage resources are available to users and are secure with sufficient capacity and data speed.<\/p>\n <p>Strong connectivity within a storage infrastructure is essential to ensure admins can securely transport data, once created, to where they can safely store, archive and retrieve it. SANs and internal networks, such as those using Ethernet, are key assets for storage connectivity.<\/p>\n <p>As the&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchstorage\/feature\/The-future-of-data-storage-must-handle-heavy-volume\">amount of data increases<\/a>, scalable storage resources are necessary to accommodate these changes. This can involve scaling up or scaling out physical storage devices or using NAS to establish a hybrid arrangement of on-site and cloud storage.<\/p>\n<\/section>     \n<section class=\"section main-article-chapter\" data-menu-title=\"Capacity management\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>Capacity management<\/h2>\n <p><a href=\"https:\/\/www.techtarget.com\/searchcloudcomputing\/feature\/The-importance-of-cloud-capacity-management-and-how-to-do-it\">Storage capacity planning<\/a> and capacity management ensure that the storage infrastructure has ample capacity for applications, files, databases, utilities and other resources.<\/p>\n <p>Capacity management applications, especially those using AI, monitor a variety of storage parameters -- such as active and static storage, numbers of storage transactions and changes in storage activity -- to provide data that administrators use to scale resources up or down. That data identifies when an organization needs additional storage, so administrators can order and install equipment in time for production use.<\/p>\n<\/section>   \n<section class=\"section main-article-chapter\" data-menu-title=\"Data management\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>Data management<\/h2>\n <p>Data management policies and standards directly affect storage infrastructures. Data protection and privacy are increasingly important based on several&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchstorage\/tip\/6-data-storage-compliance-strategies-for-the-enterprise\">standards and regulations<\/a>, especially GDPR. Storage infrastructures must protect data, ensure its accessibility and privacy as well as minimize the likelihood of data loss, data corruption and data theft.<\/p>\n<\/section>  \n<section class=\"section main-article-chapter\" data-menu-title=\"Performance management\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>Performance management<\/h2>\n <p>If users must wait excessive periods of time to access or back up files, it could compromise storage performance. Storage performance management activities examine processes associated with moving data between users and storage devices. They present various metrics that identify when performance does not meet expectations.<\/p>\n <p>AI can&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchstorage\/tip\/How-to-use-AI-in-storage-management\">enhance storage performance<\/a>&nbsp;by analyzing data from various sensors and data collection tools. The systems then recommend steps to enhance performance and identify potential issues before they occur.<\/p>\n <p>It might be necessary to examine the internal networks that employees use to connect to the IT environment. Also, examine the SANs that connect storage devices with servers and other storage infrastructure devices. Storage administrators can adjust various devices to provide greater bandwidth. They also attempt to identify and remove roadblocks to storage performance, such as problems with storage devices and&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchstorage\/tip\/Data-storage-security-best-practices-for-avoiding-cyberattacks\">cyberattacks that sabotage resources<\/a>.<\/p>\n<\/section>    \n<section class=\"section main-article-chapter\" data-menu-title=\"Storage availability management\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>Storage availability management<\/h2>\n <p>It can spell disaster for an organization if storage resources suddenly become unavailable or insufficient. Storage administrators must prepare for such events by ensuring backup plans are in place to address unplanned storage changes and by proactively communicating with key users to stay abreast of their short- and long-term requirements. By taking a&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchstorage\/tip\/How-to-develop-and-implement-a-data-storage-plan\">proactive approach to storage<\/a>, administrators can prepare for unplanned requirements. AI technology is an important resource for proactive storage infrastructure security management.<\/p>\n <p>Be on top of changes to the business -- perhaps a merger or acquisition, for instance -- that could alter storage requirements. From that point, it is a matter of analyzing the likely storage capacity requirements and arranging with the primary storage supplier to have resources readily available. When cloud storage is part of the mix, especially in hybrid cloud environments, administrators must also stay in regular touch with associated cloud vendors to ensure that single- and hybrid-cloud storage management resources are available quickly.<\/p>\n<\/section>   \n<section class=\"section main-article-chapter\" data-menu-title=\"Storage access management\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>Storage access management<\/h2>\n <p>Storage access management ensures that employees who need storage resources can access them on demand. This is often part of the overall access security approach taken by the organization. It can include the use of multifactor authentication for access verification, among other resources.<\/p>\n <p>A user's profile can specify the storage resources available to that particular user. Regularly monitor user access activity for storage capacity planning and to identify possible security breaches.<\/p>\n<\/section>   \n<section class=\"section main-article-chapter\" data-menu-title=\"Operations management\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>Operations management<\/h2>\n <p>Storage operations management today is far more automated than in previous decades, which makes storage administrators' jobs easier but no less important. The advent of AI helps administrators&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchstorage\/feature\/How-AI-is-changing-the-storage-consumption-landscape\">better anticipate storage capacity changes<\/a>&nbsp;based on an analysis of historical trends and current intelligence. And with so many storage options available -- both on-site and cloud-based -- automated storage capacity management has become an essential tool for storage administrators.<\/p>\n <p>Software-defined storage management tools provide centralized visibility and control across storage infrastructure, enabling administrators to manage resources through a unified software layer. And considering that storage today is typically added as an automated service, admins can parcel out storage resources to where they are needed most. If service-level agreements are part of storage infrastructure management, <a href=\"https:\/\/www.forbes.com\/councils\/forbescommunicationscouncil\/2025\/05\/15\/the-zen-of-enterprise-storage\/\">automation makes it easier<\/a> to meet the&nbsp;performance requirements. AI is also increasingly used to automate storage operations.<\/p>\n <p>A key part of operations management is storage resource management, which tracks all assets used within a storage infrastructure. AI-based storage resource management tools track all devices used for storage operations, and use predictive storage analytics to optimize resource deployment, identify when devices may need to be updated or replaced and to identify potential failures.<\/p>\n<\/section>    \n<section class=\"section main-article-chapter\" data-menu-title=\"Storage management for disaster recovery\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>Storage management for disaster recovery<\/h2>\n <p>Storage disaster recovery (DR) planning and management are key attributes of a strong&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchdisasterrecovery\/tip\/12-key-points-a-disaster-recovery-plan-checklist-must-include\">DR program<\/a>. Storage administrators can designate specific storage arrays for DR activities, in addition to devices for general data backup.<\/p>\n <p>Availability of cloud-based storage has become an important tool for disaster recovery, as it can serve as primary and backup storage for critical systems, files, databases and other mission-critical assets. Software-based storage capacity management tools typically include disaster recovery components so that administrators and the technology DR team can make emergency storage available if the primary resources are suddenly unavailable.<\/p>\n <p><i>Paul Kirvan, FBCI, CISA, is an independent consultant and technical writer with more than 35 years of experience in business continuity, disaster recovery, resilience, cybersecurity, GRC, telecom and technical writing.<\/i><\/p>\n<\/section>","description":"Emerging technology, such as AI and software-based storage management systems, have simplified how IT manages its infrastructure. Explore the many components of modern management.","image":"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/storage_g95769788.jpg","link":"https:\/\/www.techtarget.com\/searchstorage\/tip\/Understand-your-storage-infrastructure-management","pubDate":"Thu, 12 Mar 2026 00:00:00 GMT","title":"Key issues to address in storage infrastructure management"},{"body":"<p>The Met Office has celebrated one year of <a href=\"https:\/\/www.computerweekly.com\/resources\/Infrastructure-as-a-Service-IaaS\">\u201csupercomputing as a service\u201d<\/a> from Microsoft.&nbsp;<\/p> \n<p>The occasion presented an opportunity for the weather forecasting and climate prediction organisation to offer its view on why artificial intelligence (AI) is peripheral to its scientific modelling core activities and why cloud is suited to the delivery of supercomputing services.<\/p> \n<p>The <a href=\"https:\/\/www.computerweekly.com\/ezine\/Computer-Weekly\/Innovating-with-weather-data-at-the-Met-Office\">Met Office<\/a>\u2019s Microsoft cloud supercomputing capability was <a href=\"https:\/\/www.metoffice.gov.uk\/blog\/2025\/better-forecasts-ahead-as-met-office-transitions-to-a-supercomputer-in-azure-cloud\">launched a year ago<\/a>, and provides around 1.8 million processing cores, with peak performance of around 60 quadrillion calculations per second.<\/p> \n<p>Reported availability for the system in the past year has been 100% for critical workloads, with 99.77% for the supercomputing element.&nbsp;<\/p> \n<p>Microsoft delivers supercomputing-like performance remotely via the cloud. But what makes the cloud suited to delivering such services, when latency might be an issue compared with on-site hardware?<\/p> \n<p>According to the <a href=\"https:\/\/www.computerweekly.com\/news\/366614749\/Interview-Niall-Robinson-head-of-product-innovation-Met-Office\">Met Office<\/a> and Microsoft, cloud latency is comparable to what it was between the Met Office headquarters and where its previous supercomputers were located.&nbsp;<\/p> \n<p>In addition, it pointed out that latency is only one factor taken into account when deciding whether to go to the cloud. Others include cost, reliability, flexibility and the ability to take advantage of innovation, which might have been limited with a multi-tonne, multimillion-pound supercomputer lodged in a Met Office facility.&nbsp;<\/p> \n<p>The Met Office\u2019s work is still largely physics-driven numerical weather prediction and modelling. AI is therefore not the lens through which things are viewed, said Met Office CIO Charles Ewen, but one tool among many.<\/p> \n<p>\u201cPeople are struggling because they\u2019re looking through the narrow lens of AI at the moment,\u201d said Ewen. \u201cAnd before that, it was cloud. AI is certainly happening faster and quicker. And not to diminish AI and its importance, but we have to think more of AI as a catalyst and an accelerant for broader innovation.\u201d<\/p> \n<p>So, what makes it a supercomputer if it is merely computing delivered via the cloud? Ewens defined supercomputing as typically used to do things like the kind of scientific simulation that is intrinsic to the production of weather forecasts and climate predictions.<\/p> \n<p>\u201cThe services we\u2019re consuming today are really enterprise-scale cloud computing for scientific supercomputing. It is certainly in the top five of CPU [central processing unit] clusters in the world. In my assessment, at least, the only truly cloud-integrated scientific supercomputer.\u201d&nbsp;<\/p> \n<p>While AI is currently peripheral to scientific modelling, Microsoft Copilot and generative AI are in use in the Met Office organisation more widely, and are being looked at for scientific work, said Ewens.<\/p> \n<p>\u201cAI methods are coming along, and one of the benefits of the work we\u2019re doing is we are already well into planning how AI methods, data-driven methods, sit alongside physics-driven methods or the more traditional numerical weather prediction methods in the best blend to deliver the very best of both.\u201d<\/p> \n<p>On data sovereignty, it is understood that all Met Office operational datacentres are in the UK, and that Microsoft can supply sovereign cloud capability that ranges from fully connected to the cloud to fully disconnected.&nbsp;<\/p> \n<p>The Microsoft-powered cloud capability is the Met Office\u2019s 14th iteration of its supercomputing capability. Numerical weather prediction began in the early 1950s, when the first experimental forecasts used the EDSAC computer at Cambridge.&nbsp;<\/p> \n<p>By 1959, the Met Office took delivery of its Ferranti Mercury computer at its Dunstable site. The Met Office produced its first operational computer forecast in 1965, following the arrival of an English Electric KDF9 computer at Bracknell.&nbsp;<\/p> \n<p>In the past decade or so, the Met Office went from <a href=\"https:\/\/www.computerweekly.com\/news\/2240233514\/Met-Office-supercomputer-to-increase-weather-forecast-accuracy\">buying a 140-tonne Cray XC40 system in 2014<\/a> \u2013 its fourth supercomputer at the time \u2013 to opting for cloud-delivered supercomputing in 2024, with the current Microsoft-operated, fully managed \u201csupercomputing-as-a-service\u201d model.&nbsp;<\/p> \n<div class=\"extra-info\">\n <div class=\"extra-info-inner\">\n  <h3 class=\"splash-heading\">Read more about tech at the Met Office<\/h3> \n  <ul class=\"default-list\"> \n   <li><a href=\"https:\/\/www.computerweekly.com\/news\/366614749\/Interview-Niall-Robinson-head-of-product-innovation-Met-Office\">Interview: Niall Robinson, head of product innovation, Met Office<\/a>: Weather and climate data are hugely valuable to government and businesses, and the Met Office is finding ways to innovate with data to deliver improved products and services.&nbsp;<\/li> \n   <li><a href=\"https:\/\/www.computerweekly.com\/news\/366544037\/Met-Office-bids-to-make-climate-data-more-accessible-with-Esri\">Met Office bids to make climate data more accessible with Esri<\/a>: The Met Office is offering a new data portal, built on Esri\u2019s geographic information systems technology, to enable users to understand local and national impacts of climate change.&nbsp;<\/li> \n  <\/ul>\n <\/div>\n<\/div>","description":"Artificial intelligence is not key to the weather picture, as the forecasting and climate prediction agency lauds the benefits of moving from on-site supercomputers to cloud computing for scientific modelling","image":"https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/HeroImages\/Met-Office-operations-centre-PR-hero.jpg","link":"https:\/\/www.computerweekly.com\/news\/366639900\/Met-Office-supercomputing-as-a-service-one-year-old","pubDate":"Wed, 11 Mar 2026 20:01:00 GMT","title":"Met Office \u2018supercomputing as a service\u2019 one year old"},{"body":"<p>RWS Global is working with Box to modernise how it processes volumes of unstructured content \u2013 from production assets and operational documentation to compliance and safety material. The company, which runs and manages live events for its clients, has been working with Box to build a unified content platform that improves efficiency, strengthens governance, and ensures consistent quality across venues, productions and regions.<\/p> \n<p>The company has been using new <a href=\"https:\/\/www.techtarget.com\/whatis\/definition\/intelligent-workflow\">artificial intelligence<\/a> (AI) features built into Box to automate and accelerate mission-critical workflows. The AI functionality is being used to streamline end-to-end, content-centric business processes directly on Box using intelligent, no-code apps, forms, document generation and workflow automation.<\/p> \n<p>At the core of this transformation is Box Enterprise Advanced, which allows RWS Global to utilise intelligent content workflows, ensure secure document management, and leverage the full power of AI across creative, production and operational teams.&nbsp;<\/p> \n<p>Jake McCoy, chief operating officer at RWS Global, said the company started a new project with the RWS Global legal team to streamline a manual, cumbersome process which used to take days to complete and involved numerous handovers. Thanks to the AI features available in Box Enterprise Advanced, he said the processes can be strung together, creating a sleek and efficient workflow.<\/p> \n<div class=\"youtube-iframe-container\">\n <iframe id=\"ytplayer-0\" src=\"https:\/\/www.youtube.com\/embed\/g9nSWMXJXbc?autoplay=0&amp;modestbranding=1&amp;rel=0&amp;widget_referrer=null&amp;enablejsapi=1&amp;origin=https:\/\/www.computerweekly.com\" type=\"text\/html\" height=\"360\" width=\"640\" frameborder=\"0\"><\/iframe>\n<\/div> \n<p>\u201cThe end user types in the information that needs to go into a <a href=\"https:\/\/www.techtarget.com\/searchcontentmanagement\/news\/366615532\/Box-expands-AI-capabilities-with-apps-app-builder\">contract via Box Doc Gen<\/a>, which is then sent over to Legal for approval,\u201d he said.<\/p> \n<p>Once approved, the contract is sent out automatically and signed using Box Sign. The signed contract is then uploaded to the cloud. Given that RWS Global has contracts with thousands of performers, he said the automation of the contract approval workflow saves many hours in terms of manual processing.<\/p> \n<p>The end-to-end workflow has meant that RWS Global\u2019s contract processing time has been reduced from 20 minutes to under two minutes per contract, reducing what once took more than 8.5 workdays for 200 hires to just five hours.<\/p> \n<div class=\"extra-info\">\n <div class=\"extra-info-inner\">\n  <h3 class=\"splash-heading\">Read more stories about Box<\/h3> \n  <ul class=\"default-list\"> \n   <li><a href=\"https:\/\/www.techtarget.com\/searchcontentmanagement\/news\/366637320\/Box-releases-Box-Extract-its-AI-metadata-agent\">Box releases Box Extract,<\/a> its AI metadata agent: Line-of-business Box users can now tag contracts, reports and other commonly used docs with plain-language instructions, which an agent processes.<\/li> \n   <li>Box upgrades <a href=\"https:\/\/www.techtarget.com\/searchcontentmanagement\/news\/366630632\/Box-upgrades-AI-document-extraction-and-security-services\">AI document extraction<\/a> and security services: Box dives into agentic AI for enhanced security and intelligent document processing.<\/li> \n  <\/ul>\n <\/div>\n<\/div> \n<p>Matt Terrell, director of product management \u2013 AI agents, at Box, said an enterprise AI strategy is built on a foundation that needs metadata to describe what the data actually means.<\/p> \n<p>\u201cAt Box, our job and our role in the industry is to transform your content into context that later gets used by different AI tools,\u201d he said. \u201cMetadata is one of the fundamental building blocks to do that.\u201d<\/p> \n<p>Looking at the contract process at RWS Global, Terrell said: \u201cI can imagine you\u2019ll want to search all of the contracts that are above a certain value. If you have contract size as a metadata element, all of a sudden, you have a fundamental building block to query those types of things using natural language.\u201d<\/p> \n<p>For Terrell, this is an example of why metadata will become increasingly important in AI.<\/p> \n<p>Box AI provides configurable AI agents, automated <a href=\"https:\/\/www.techtarget.com\/whatis\/definition\/metadata\">metadata extraction<\/a> and the ability to choose or bring preferred AI models to extract insights and reduce manual work.<\/p> \n<p>McCoy added: \u201cPartnering with Box allows us to turn unstructured content into governed, AI-ready assets that help our teams make faster, more informed decisions. As our ambitions grow, this platform evolves with us, enabling us to deliver unforgettable experiences to audiences worldwide.\u201d<\/p>","description":"Box Enterprise Advanced is being used to cut contract processing time from 20 minutes down to two","image":"https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero%20Images\/AI-hands-hero-AdobeStock_361756018.jpg","link":"https:\/\/www.computerweekly.com\/news\/366639242\/RWS-Global-deploys-Boxs-AI-tools-to-streamline-contract-workflow","pubDate":"Wed, 25 Feb 2026 04:00:00 GMT","title":"RWS Global deploys Box\u2019s AI tools to streamline contract workflow"},{"body":"<p>Pure Storage has rebranded to Everpure. The one-time flash storage hardware supplier characterised the move as an \u201cexpansion of the brand\u201d based on the <a href=\"https:\/\/www.computerweekly.com\/resources\/Data-management\">growing importance of data management<\/a>. It will coincide with the addition of functionality to increase visibility \u201cinside\u201d data and enhance customer control over datasets.&nbsp;<\/p> \n<p>Pure founder and chief technology officer (CTO) John \u201cCoz\u201d Colgrove summed up the company\u2019s evolution from a provider of storage hardware to an ever-greater involvement in managing data.<\/p> \n<p>\u201cEverybody\u2019s very focused on how to use their data more effectively, especially for AI [artificial intelligence]. They need to understand what data they have, <a href=\"https:\/\/www.computerweekly.com\/feature\/Auditing-classifying-and-building-a-data-sovereignty-strategy\">where it is<\/a>, what\u2019s in the data, what the provenance of the data is,\u201d he said.<\/p> \n<p>\u201cWe\u2019ve been around 16 years and started out completely focused on data storage,\u201d added Colgrove. \u201cAs we started doing more with <a href=\"https:\/\/www.computerweekly.com\/news\/366626102\/Pure-Enterprise-Data-Cloud-bundles-its-IP-for-business-outcomes\">[Pure\u2019s] Enterprise Data Cloud<\/a> and Pure 1, we\u2019ve moved up the stack to where we\u2019re doing more around governance of the data, tracking the data, understanding the data, managing the data, rather than just storing it.\u201d<\/p> \n<p>Colgrove emphasised that Pure will \u201cleave nothing behind\u201d. It will still sell data storage products, but recognised that for the C-level executives in enterprises, the conversation goes beyond that.<\/p> \n<p>\u201cConversation with customers is moving up to a higher level,\u201d he said. \u201cIf you\u2019re a senior executive, you don\u2019t care about how many gigabytes a second we get out of this, whether it\u2019s connected by Fibre Channel or Ethernet, is it NVMe, or RDMA enabled.\u201d<\/p> \n<p>\u201cWhat you care about is, where\u2019s my data? Who has access to it? How is it protected? What\u2019s stored in each piece of data? What am I letting my AI use? What am I training my AI on? We\u2019re focusing on these conversations around the data, how it flows through different systems, where it originated, what is actually in it, where it\u2019s allowed to be stored physically in the world.\u201d&nbsp;<\/p> \n<p>Pure already has some functionality in these areas. At its Accelerate event in June 2025, it launched Enterprise Data Cloud (EDC).<\/p> \n<p>EDC effectively bundles existing Pure Storage architectural elements, which include its Purity storage operating system (OS), common to all the company\u2019s arrays; Fusion, which allows discovery and management of storage resources; Pure1, which allows for fleet management in terms of performance and detailed management of resources; and Evergreen, which is the company\u2019s consumption purchasing offering that allows for <a href=\"https:\/\/www.computerweekly.com\/feature\/Storage-explained-Consumption-models-of-storage-procurement\">as-a-service procurement<\/a>.<\/p> \n<p>Now, with the rebrand to Everpure, the company promises more functionality to help customers understand their data, which will be released starting this year.<\/p> \n<p>\u201cNew capabilities that we will come out with will look inside the data to understand what is actually in the data, so that then becomes data management and governance,\u201d said Colgrove.<\/p> \n<p>\u201cWe will add new capabilities and improve this for several years. We\u2019ve shipped some of the basic capabilities already this past year in EDC. We will have a number of features coming out that support this direction in Pure1, and we're putting more engineers on it than we have before.\u201d<\/p> \n<p>Pure Storage will begin trading as Everpure on the New York Stock Exchange on 5 March 2026.<\/p> \n<div class=\"extra-info\">\n <div class=\"extra-info-inner\">\n  <h3 class=\"splash-heading\">Read more about storage and data management<\/h3> \n  <ul class=\"default-list\"> \n   <li><a href=\"https:\/\/www.computerweekly.com\/feature\/AI-drives-storage-array-makers-to-embrace-data-management\">AI drives storage array makers to embrace data management<\/a>: We look at the efforts of storage suppliers to move to data management, often driven by AI \u2013 but analysts highlight the contradiction between supplier and customer needs.<\/li> \n   <li><a href=\"https:\/\/www.computerweekly.com\/news\/366638906\/Interview-Pure-Storages-Niki-Armstrong-on-achieving-more-with-less-in-sustainability\">Achieving more with less in sustainability:<\/a> We talk to Pure Storage\u2019s legal and corporate sustainability leader, Niki Armstrong, about the need to think of sustainability as a product in itself.<\/li> \n   <li><a href=\"https:\/\/www.computerweekly.com\/podcast\/Podcast-Data-management-and-storage-strategy-in-the-AI-era\">Data management and storage strategy in the AI era<\/a>: We talk to Pure Storage EMEA field chief technology officer Patrick Smith about the challenges of data management in an era of AI and data proliferation, and how storage functionality can help.<\/li> \n  <\/ul>\n <\/div>\n<\/div>","description":"Everpure rebrand aims to put the focus on managing data throughout its lifecycle for optimum use, storage, security and sovereignty, with new functionality planned this year","image":"https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/HeroImages\/charts-graphs-data-2-Kittiphat-adobe.jpg","link":"https:\/\/www.computerweekly.com\/news\/366639189\/Pure-Storage-rebrands-to-Everpure-as-storage-makers-business-expands-focus-to-data-management","pubDate":"Mon, 23 Feb 2026 08:00:00 GMT","title":"Pure Storage rebrands to Everpure as storage maker\u2019s business expands focus to data management"},{"body":"<p>The Court of Appeal (CoA) has ruled in favour of the <a href=\"https:\/\/ico.org.uk\/\" target=\"_blank\" rel=\"noopener\">Information Commissioner\u2019s Office (ICO)<\/a> in an appeal against a previous decision regarding the data protection responsibilities of businesses that arose after a 2018 cyber attack on DSG Retail \u2013 which now operates as <a href=\"https:\/\/www.currysplc.com\/\" target=\"_blank\" rel=\"noopener\">Currys Group Ltd<\/a> \u2013 the parent organisation of former UK electronics retail brands including Carphone Warehouse, Dixons and PC World.<\/p> \n<p>DSG fell victim to a major cyber attack <a href=\"https:\/\/www.computerweekly.com\/news\/252442996\/Dixons-Carphone-admits-falling-short-on-data-protection\" target=\"_blank\" rel=\"noopener\">during a nine-month period in 2017 and 2018<\/a>. The incident saw cyber criminals install malware on the firm\u2019s point-of-sale (POS) devices and use it to steal personal data, including the credit and debit card details of millions of customers and, in a small number of cases, their names, postcodes and contact details.<\/p> \n<p>In January 2020, <a href=\"https:\/\/www.computerweekly.com\/news\/252476523\/Retail-group-Dixons-Carphone-fined-500000-over-data-breach\" target=\"_blank\" rel=\"noopener\">the ICO levied a \u00a3500,000 fine on DSG<\/a> under the <a href=\"https:\/\/www.legislation.gov.uk\/ukpga\/1998\/29\/contents\" target=\"_blank\" rel=\"noopener\">Data Protection Act (DPA) 1998<\/a> after its investigation found the retailer had failed to patch software systems, install firewalls, segregate its networks, conduct routine security testing, or protect personal data. The fine was lower than that mandated under the <a href=\"https:\/\/www.legislation.gov.uk\/eur\/2016\/679\/contents\" target=\"_blank\" rel=\"noopener\">General Data Protection Regulation<\/a> (GDPR) because the breach took place before the legislation came into effect.<\/p> \n<p>In previous appeals to the First Tier Tribunal (FTT) and Upper Tribunal (UT), DSG argued that the seventh data protection principle (DPP7) of the DPA under which it was fined did not apply to the incident.<\/p> \n<p>It said that while the attackers did obtain full 16-digit card numbers, expiry dates and cardholder names in a limited number of cases, in most cases the cards were protected by electromagnetic verification (EMV) \u2013 Chip and PIN \u2013 so the attackers could only obtain the 16-digit card numbers and expiry dates, and no names.<\/p> \n<p>As such, it said it did not need to take \u201cappropriate technical and organisational measures\u201d (Atoms) to secure the EMV data because it was not \u201cpersonal data\u201d in the hands of a third party. It argued that the question over the applicability of DPP7 to said data needed to be considered from the point of view of the third party \u2013 that is to say, the hackers.<\/p> \n<p>The First Tier Tribunal initially dismissed this argument, but the Upper Tribunal supported it, prompting the ICO to seek permission to appeal last year. At the time, information commissioner John Edwards said the DPA was clear that organisations must put Atoms in place to protect personal data regardless of whether it was pseudonymised.<\/p> \n<blockquote class=\"main-article-pullquote\">\n <div class=\"main-article-pullquote-inner\">\n  <figure>\n   With the rising threat of cyber crime, this decision strengthens our ability to take robust action in the future and sends a clear message to all organisations: you have a protective duty to safeguard the personal data you hold\n  <\/figure>\n  <figcaption>\n   <strong>Binnie Goh, ICO<\/strong>\n  <\/figcaption>\n  <i class=\"icon\" data-icon=\"z\"><\/i>\n <\/div>\n<\/blockquote> \n<p>\u201cWe have seen many cases where people have been affected when malicious actors have accessed, deleted or encrypted pseudonymised personal data \u2013 for example, when medical or financial data is compromised,\u201d he said.<\/p> \n<p><a href=\"https:\/\/www.judiciary.uk\/wp-content\/uploads\/2026\/02\/ICO-v-DSG.Summary.FINAL_.260219-002.pdf\" target=\"_blank\" rel=\"noopener\">Today\u2019s decision<\/a>, handed down by Lord Justice Warby, supports Edwards\u2019 view, concluding that when an individual to whom data relates is identifiable to a data controller, the data controller must safeguard that data against unauthorised or unlawful processing, whether or not the person processing it can use it to identify the individual.<\/p> \n<p>The ICO welcomed the Court of Appeal ruling, saying it clarified an important point of data protection law in reinstating a clear interpretation of the legal responsibilities of organisations to keep personal data safe.<\/p> \n<p>\u201cI have concluded that the UT\u2019s reasons for adopting a narrow interpretation of the statutory wording, though careful and thorough, are not in the end compelling,\u201d <a href=\"https:\/\/www.judiciary.uk\/wp-content\/uploads\/2026\/02\/ICO-v-DSG-2026-EWCA-Civ-140-FINAL-for-hand-down.pdf\" target=\"_blank\" rel=\"noopener\">wrote Warby in his judgment.<\/a><\/p> \n<p>\u201cThey lead to some surprising conclusions. In my judgment, a broader construction is more consistent with the language of the statute and its parent directive, the identifiable purposes of the data protection legislation, and with the few decided cases that have any significant bearing on this issue. I would therefore allow the appeal.\u201d<\/p> \n<p>ICO general counsel Binnie Goh added: \u201cToday\u2019s judgment is a significant victory, bringing much-needed clarity for people affected by cyber attacks as well as industry.<\/p> \n<p>\u201cWe welcome the CoA\u2019s confirmation that organisations must protect all personal data they process, regardless of how it might be used or exploited by hackers. This recognises that even if hackers can\u2019t identify people individually from stolen datasets, cyber attacks can and do still cause real harm.<\/p> \n<p>\u201cWith the rising threat of cyber crime, this decision strengthens our ability to take robust action in the future and sends a clear message to all organisations: you have a protective duty to safeguard the personal data you hold,\u201d said Goh.<\/p> \n<p>Computer Weekly has contacted Currys Group Ltd for a response, and this article will be updated should one be received.<\/p> \n<p>The case will return to the FTT at a later date to reapply the Court of Appeal\u2019s new interpretation to the facts of the DSG incident.<\/p> \n<div class=\"extra-info\">\n <div class=\"extra-info-inner\">\n  <h3 class=\"splash-heading\">Read more about the ICO\u2019s work<\/h3> \n  <ul class=\"default-list\"> \n   <li>The Information Commissioner\u2019s Office considered fining the Post Office \u00a31m for a 2024 data breach <a href=\"https:\/\/www.computerweekly.com\/news\/366635582\/Post-Office-avoids-1m-fine-over-botched-website-upgrade-data-breach\" target=\"_blank\" rel=\"noopener\">that let subpostmasters down again<\/a>.<\/li> \n   <li>Outsourcing giant Capita has been hit with a \u00a314m fine over a 2023 cyber attack, but costs could rise <a href=\"https:\/\/www.computerweekly.com\/news\/366632591\/ICO-fines-Capita-14m-after-ransomware-caused-major-data-breach\" target=\"_blank\" rel=\"noopener\">as legal actions continue<\/a>.<\/li> \n   <li>The UK data regulator has released a summary of its facial recognition audit of <a href=\"https:\/\/www.computerweekly.com\/news\/366630181\/ICO-publishes-summary-of-police-facial-recognition-audit\" target=\"_blank\" rel=\"noopener\">two police forces<\/a>.<\/li> \n  <\/ul>\n <\/div>\n<\/div>","description":"The UK Information Commissioner\u2019s Office has won an important appeal relating to data protection obligations arising from a 2017-18 cyber attack at electronics retailer Currys PC World","image":"https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero%20Images\/digital-banking-credit-keyboard-adobe.jpeg","link":"https:\/\/www.computerweekly.com\/news\/366639299\/ICO-wins-appeal-over-data-protection-obligations-in-Currys-cyber-attack","pubDate":"Thu, 19 Feb 2026 15:42:00 GMT","title":"ICO wins appeal over data protection obligations in Currys cyber attack"},{"body":"<p>In the industry of IT disaster recovery, preparedness is the key to protection. As much as a business might prepare, it cannot predict the future and protect against every threat. Could new developments in AI change this? IT disasters are unpredictable events that can severely affect businesses, causing loss of data, productivity and revenue. They can originate from myriad causes, including natural catastrophes, hardware failures, cyberattacks and human errors.<\/p> \n<p>While traditional IT disaster recovery methods emphasize preparation by examining risk, business leaders are &nbsp;<a href=\"https:\/\/www.techtarget.com\/searchdisasterrecovery\/feature\/AI-orchestration-modernizes-approaches-to-disaster-recovery\">incorporating AI into operations to improve DR processes<\/a>. Today, AI can assist disaster recovery teams in six key areas: predictive insights, service recovery, automated response, cybersecurity, resource allocation and disaster recovery planning.<\/p> \n<p>The integration of AI into IT disaster recovery is not just a trendy addition; it's a significant enhancement that can lead to <a href=\"https:\/\/www.techtarget.com\/searchdatabackup\/opinion\/How-AI-might-change-the-data-protection-space\">quicker response times<\/a>, reduced downtime and stronger business continuity. Embracing any new tech comes with risks, especially when it comes to preventing outages and data loss. However, emerging AI tools can identify risks, optimize resources and continuously learn from past incidents. These capabilities provide organizations with a forward-thinking approach to disaster recovery that could mean the difference between a minor IT hiccup and a significant business disruption.<\/p> \n<section class=\"section main-article-chapter\" data-menu-title=\"1. Predictive insights\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>1. Predictive insights<\/h2>\n <p>AI, combined with machine learning algorithms, can predict potential IT failures by <a href=\"https:\/\/www.techtarget.com\/searchdisasterrecovery\/tip\/Disaster-recovery-planning-tools-Predictive-analytics-for-DR\">analyzing patterns in historical data<\/a>. By looking through vast amounts of internal files such as logs, documentation and outputs from processes, it can pick up on anomalies that IT teams might have missed in isolation. In this situation, anomalies might include unusual patterns in server temperatures or sudden drops in processing power.<\/p>\n <p>AI can put this information into a context that could indicate potential future failures because it has more insight into how these issues might present. AI can also often provide remediation suggestions for IT admins to perform.<\/p>\n <p>Simply put, AI-enabled predictive capabilities can significantly reduce downtime by alerting IT departments to issues before they become critical, enabling them to address problems proactively.<\/p>\n<\/section>    \n<section class=\"section main-article-chapter\" data-menu-title=\"2. Service recovery\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>2. Service recovery<\/h2>\n <p>Data is the lifeblood of most businesses. AI can expedite data and service restoration processes by identifying critical systems to restore first, such as databases, communication tools and payment systems. This helps ensure business continuity and enable an organization to get key systems up and running quickly.<\/p>\n <p>This is especially crucial for companies operating in sectors where real time data access is pivotal. What makes AI very useful in this kind of scenario is that it removes human emotion and questionable decision-making from the loop. Human error is a <a href=\"https:\/\/www.infoexchangeja.com\/blog\/it-resilience-disaster-recovery\/how-to-recover-fast-from-human-error\/\" target=\"_blank\" rel=\"noopener\">frequent cause<\/a> of IT disruptions, so removing some of the human element in high-stakes, time-sensitive work could be beneficial in a crisis. While various teams might be demanding that their application is restored first, an AI system will have worked out in advance what is needed to provide the best path to restoration with the least cost and disruption. AI also excels at finding potentially unforeseen dependencies ahead of time.<\/p>\n <p>Customer service is another area of service recovery where AI can play a role. <a href=\"https:\/\/www.techtarget.com\/searchenterpriseai\/tip\/The-best-AI-chatbots-Compare-features-and-costs\">Chatbots<\/a> can be used to effectively field and communicate service issues at a large scale with rapid response.<\/p>\n <div class=\"youtube-iframe-container\">\n  <iframe id=\"ytplayer-0\" src=\"https:\/\/www.youtube.com\/embed\/btVime3wCzA?autoplay=0&amp;modestbranding=1&amp;rel=0&amp;widget_referrer=null&amp;enablejsapi=1&amp;origin=https:\/\/www.computerweekly.com\" type=\"text\/html\" height=\"360\" width=\"640\" frameborder=\"0\"><\/iframe>\n <\/div>\n<\/section>     \n<section class=\"section main-article-chapter\" data-menu-title=\"3. Automated response\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>3. Automated response<\/h2>\n <p>AI-driven systems can automatically trigger a predefined sequence of recovery actions when an anomaly is detected, with appropriate safeguards in place. This can reduce the need for manual intervention from IT personnel, potentially speeding up the recovery process. The response might include backing up data to alternative locations, rerouting network traffic or even initiating failover procedures.<\/p>\n <p><a href=\"https:\/\/www.techtarget.com\/searchdisasterrecovery\/news\/252478166\/Disaster-recovery-automation-tools-gaining-traction\">Automated response<\/a> is a highly complex field and is not cheap, but when paired with a well-designed, resilient infrastructure, it can help reduce the impact of disasters in terms of cost and data availability.<\/p>\n<\/section>   \n<section class=\"section main-article-chapter\" data-menu-title=\"4. Cybersecurity\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>4. Cybersecurity<\/h2>\n <p>A significant portion of IT disasters are due to cyberthreats. AI and machine learning can help mitigate these issues by continuously monitoring network traffic, identifying potential threats and taking immediate action to mitigate risks. Most new cybersecurity businesses are using AI to learn about emerging threats. They also use AI to look at system anomalies and block questionable activity.<\/p>\n <p>By doing so, AI not only <a href=\"https:\/\/www.techtarget.com\/searchdatabackup\/tip\/Backup-and-AI-work-together-to-enhance-protection\">protects against data breaches<\/a>, but can also help ensure business continuity. This is a <a href=\"https:\/\/www.techtarget.com\/searchsecurity\/tip\/How-AI-could-change-threat-detection\">massive space now<\/a> and will only continue to grow.<\/p>\n <blockquote class=\"main-article-pullquote\">\n  <div class=\"main-article-pullquote-inner\">\n   <figure>\n    AI not only protects against data breaches, but can also help ensure business continuity.\n   <\/figure>\n   <i class=\"icon\" data-icon=\"z\"><\/i>\n  <\/div>\n <\/blockquote>\n<\/section>    \n<section class=\"section main-article-chapter\" data-menu-title=\"5. Resource allocation\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>5. Resource allocation<\/h2>\n <p>In the event of a disaster, resources such as bandwidth, storage and compute power can become <a target=\"_blank\" href=\"https:\/\/medium.com\/@rickspair\/the-benefits-of-ai-in-project-management-a-comprehensive-guide-472f5bb5686c\" rel=\"noopener\">constrained<\/a>. AI can optimize the use of available resources, ensuring that critical functions receive the necessary resources first. This optimization can greatly increase the efficiency of the recovery process and help organizations working with limited resources.<\/p>\n<\/section>  \n<section class=\"section main-article-chapter\" data-menu-title=\"6. DR planning and updates\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>6. DR planning and updates<\/h2>\n <p><a href=\"https:\/\/www.techtarget.com\/searchdisasterrecovery\/tip\/After-action-report-template-and-guide-for-DR-planning\">Postdisaster reviews<\/a> are crucial for refining recovery processes. AI can automatically analyze the effectiveness of the implemented recovery strategy and suggest improvements.<\/p>\n <p>Since AI is capable of continuous learning and adaptation, systems become better equipped to handle and recover from disasters over time. This can help strengthen DR efforts in the long term.<\/p>\n <p><i>Stuart Burns is a virtualization expert at a Fortune 500 company. He specializes in VMware and system integration with additional expertise in disaster recovery and systems management. Burns received vExpert status in 2015.<\/i><\/p>\n<\/section>","description":"AI is everywhere these days, and disaster recovery is no different. IT teams can use AI to mitigate, prevent and recover from disruptions faster than traditional methods.","image":"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/disaster_recovery_a379640336.jpg","link":"https:\/\/www.techtarget.com\/searchdisasterrecovery\/tip\/Ways-to-use-AI-in-IT-disaster-recovery","pubDate":"Thu, 19 Feb 2026 10:00:00 GMT","title":"6 ways to use AI in IT disaster recovery"},{"body":"<p>A data retention policy, or records retention policy, is an organization's established protocol for retaining information for operational or&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchcio\/definition\/regulatory-compliance\">regulatory compliance<\/a>&nbsp;needs. A comprehensive data retention policy outlines the business reasons for retaining specific data and what to do with it when targeted for disposal.<\/p> \n<p>In business settings, data retention is a concept that encompasses all processes for storing and preserving data, as well as the specific time periods and policies businesses enforce that determine how and for how long data should be retained.<\/p> \n<p>When writing a data retention policy, organizations must determine how to classify and organize information so it can be searched and accessed later and dispose of information that's no longer needed.<\/p> \n<p>Some organizations find it helpful to use a data retention policy template that provides a framework to follow when crafting the policy.<\/p> \n<section class=\"section main-article-chapter\" data-menu-title=\"What are the goals of data retention?\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>What are the goals of data retention?<\/h2>\n <p>The goal of data retention for these businesses is to allocate enough time to extract needed value from data while keeping&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchcio\/definition\/data-privacy-information-privacy\">data privacy<\/a>&nbsp;and security considerations in mind. Other reasons a business would prioritize data retention could include the need for future<b>&nbsp;<\/b><a href=\"https:\/\/www.techtarget.com\/searchdatamanagement\/definition\/data-analytics\">data analyses<\/a>.<\/p>\n <p>Whatever the reason, it's imperative that businesses properly manage their data for their own benefit and for&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchdatamanagement\/definition\/compliance\">compliance<\/a>&nbsp;requirements or for adhering to government regulations. Since businesses operate on many kinds of data, and the usefulness of certain data can wane over time, management and retention of such data can get complicated. While businesses can draft their own requirements for data retention, there are also legal considerations that depend on&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchsecurity\/tip\/State-of-data-privacy-laws\">factors such as geography<\/a>, for example. That is why data retention policies are necessary for handling all of this.<\/p>\n<\/section>   \n<section class=\"section main-article-chapter\" data-menu-title=\"Why is a data retention policy important?\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>Why is a data retention policy important?<\/h2>\n <p>A data retention policy is part of an organization's overall&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchdatamanagement\/definition\/data-management\">data management<\/a>&nbsp;strategy. A policy is important because data can pile up dramatically, so it's crucial to define how long an organization must hold on to specific data.<\/p>\n <p>An organization should only retain data for as long as it's needed, whether that's six months or six years. Retaining data longer than necessary takes up unnecessary storage space and costs more than needed.<\/p>\n <div class=\"youtube-iframe-container\">\n  <iframe id=\"ytplayer-0\" src=\"https:\/\/www.youtube.com\/embed\/6r7ZwTwGqtc?autoplay=0&amp;modestbranding=1&amp;rel=0&amp;widget_referrer=null&amp;enablejsapi=1&amp;origin=https:\/\/www.computerweekly.com\" type=\"text\/html\" height=\"360\" width=\"640\" frameborder=\"0\"><\/iframe>\n <\/div>\n<\/section>    \n<section class=\"section main-article-chapter\" data-menu-title=\"What are the benefits of a data retention policy?\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>What are the benefits of a data retention policy?<\/h2>\n <p>There are numerous benefits to establishing a solid data retention policy:<\/p>\n <ul type=\"disc\" class=\"default-list\"> \n  <li><b>Automated compliance.<\/b>&nbsp;With an established policy, organizations can ensure they comply with regulatory requirements mandating the retention of various types of data.<\/li> \n  <li><b>Reduced likelihood of compliance-related fines.<\/b>&nbsp;Even if an organization retains all the data that's legally required, the organization must produce that data if it's requested by auditors. Retaining only the minimally required volume of data makes it easier and less time-consuming to locate this data, thereby reducing the chances that an organization is fined for its inability to produce data that's required to be retained.<\/li> \n  <li><b>Reduced storage costs.<\/b>&nbsp;There's a direct&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchstorage\/tip\/How-to-handle-Google-Cloud-Storage-costs\">cost associated with data storage<\/a>&nbsp;and reducing the volume of data that is being stored also reduces storage costs.<\/li> \n  <li><b>Increased relevancy of existing data.<\/b>&nbsp;Data becomes less relevant as it ages, and a data retention policy removes irrelevant data that's no longer needed.<\/li> \n  <li><b>Reduced legal exposure.<\/b>&nbsp;Once data is no longer needed, it's removed, eliminating the possibility that the data can be surfaced during legal discovery and used against the organization.<\/li> \n  <li><b>Reduced risk.<\/b> A data retention policy ensures that older, potentially sensitive data that is no longer needed is disposed of properly. This can reduce an organization's attack surface while also reducing the severity of a data breach's affect.<\/li> \n <\/ul>\n<\/section>   \n<section class=\"section main-article-chapter\" data-menu-title=\"What are data retention policy best practices?\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>What are data retention policy best practices?<\/h2>\n <p>When it comes to creating a data retention policy, every organization's needs are different. Even so, there are several best practices that organizations should adhere to when establishing a data retention policy:<\/p>\n <ul type=\"disc\" class=\"default-list\"> \n  <li><b>Identifying legal requirements.<\/b>&nbsp;Organizations must determine the laws and regulations that govern their data retention requirements so those requirements can be incorporated into the data retention policy.<\/li> \n  <li><b>Identifying business requirements.<\/b>&nbsp;Creating an effective data retention policy involves more than just complying with applicable regulations. The retention policy must also take the organization's business requirements into account. It could be that there are operational requirements that mandate retaining data for longer than what's legally required.<\/li> \n  <li><b>Considering data types when crafting a data retention policy.<\/b>&nbsp;In any organization, some data is more valuable than other data. An organization should avoid creating a blanket data retention policy that applies to all types of data. Instead, the policy should specifically define the type of data that must be retained and establish retention requirements for each type.<\/li> \n  <li><b>Adopting a good data archiving system.<\/b>&nbsp;If regulatory requirements require certain types of data to be retained for longer than the data is needed by the business, then consider adopting a&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchdatabackup\/definition\/data-archiving\">data archiving<\/a>&nbsp;system. A data archival system can help reduce the cost of storing archival data, while automating data lifecycle management (<a href=\"https:\/\/www.techtarget.com\/searchstorage\/definition\/data-life-cycle-management\">DLM<\/a>) and providing the tools to locate archived data.<\/li> \n  <li><b>Having a plan for legal hold.<\/b>&nbsp;If the organization is involved in litigation, then it will likely need to pause the DLM process so the data that was subpoenaed won't be automatically deleted once it reaches the end of its retention period.<\/li> \n  <li><b>Creating two versions of your data retention policy.<\/b>&nbsp;If an organization is subject to regulatory compliance, it will likely have to document its data retention requirements to satisfy regulatory mandates. This is a formally written document that can be filled with legal jargon. As a best practice, consider drafting a simpler version of the document that can be used internally as a way of helping stakeholders in the organization better understand retention requirements.<\/li> \n <\/ul>\n <p><iframe title=\"Traditional Data Lifecycle\" aria-label=\"Table\" id=\"datawrapper-chart-vjzkP\" src=\"https:\/\/datawrapper.dwcdn.net\/vjzkP\/1\/\" scrolling=\"no\" frameborder=\"0\" style=\"width: 0; min-width: 100% !important; border: none;\" height=\"381\" data-external=\"1\"><\/iframe><\/p>\n <p> <script type=\"text\/javascript\">window.addEventListener(\"message\",function(a){if(void 0!==a.data[\"datawrapper-height\"]){var e=document.querySelectorAll(\"iframe\");for(var t in a.data[\"datawrapper-height\"])for(var r,i=0;r=e[i];i++)if(r.contentWindow===a.source){var d=a.data[\"datawrapper-height\"][t]+\"px\";r.style.height=d}}});<\/script> <\/p>\n<\/section>     \n<section class=\"section main-article-chapter\" data-menu-title=\"How do you create a data retention policy?\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>How do you create a data retention policy?<\/h2>\n <p>Creating a data retention policy is rarely a simple process, and some organizations might find it better to&nbsp;outsource&nbsp;the policy creation and implementation process rather than doing it internally. For organizations creating their own data retention policies, there are 10 basic steps:<\/p>\n <ol class=\"default-list\"> \n  <li>Decide who'll be responsible for creating the policy. This task won't usually be handled by a single person in the organization because it requires expertise in various areas. Typically, the data retention policy creation process is a team effort with members of the IT staff, the organization's legal department and other key stakeholders.<\/li> \n  <li>Determine the organization's legal requirements. The policy must meet or exceed the requirements outlined in any regulations that apply to the organization. Identify the legal requirements upfront, as they'll be the foundation of the policy.<\/li> \n  <li>Define the organization's business requirements. This means identifying various types of data and figuring out how long each data type should be retained. Typically, data is active for a period, then moved to archival storage and eventually purged from the archive as a part of the organization's DLM process.<\/li> \n  <li>Determine who'll be responsible for ensuring that data retention is being performed according to the policy.<\/li> \n  <li>Determine how to&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchdatabackup\/tip\/Best-practices-for-backup-audit-preparation\">perform internal audits<\/a>&nbsp;to ensure compliance.<\/li> \n  <li>Decide the frequency with which the data retention policy should be reviewed and revised.<\/li> \n  <li>Work with the organization's HR or legal departments to establish a means of enforcing the policy.<\/li> \n  <li>Determine how the data retention requirements are implemented and enforced at a software level.<\/li> \n  <li>Write the official data retention policy.<\/li> \n  <li>Once the policy has been drafted, present the policy to key stakeholders for approval.<\/li> \n <\/ol>\n<\/section>   \n<section class=\"section main-article-chapter\" data-menu-title=\"Proper implementation of a data retention policy\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>Proper implementation of a data retention policy<\/h2>\n <p>When implementing a data retention policy, organizations should consider the following policy factors:<\/p>\n <h3>Data backup<\/h3>\n <p>The operational reason for implementing a data retention policy involves proper data&nbsp;backup. An organization's backup data helps it recover in the event of&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchdatabackup\/definition\/Data-loss\">data loss<\/a>. A policy is important to make sure the organization has the right data and the right amount of data backed up. Too little data backed up means the recovery won't be as comprehensive as needed, while too much causes confusion.<\/p>\n <h3>Archival vs backup<\/h3>\n <p>A data retention policy should treat archived data differently from backup data. Archived data is no longer actively used by the organization but is still needed for long-term retention. An organization might need data shifted to archives for future reference or for compliance. Archives are stored on cheaper storage media, so they reduce costs and the volume of primary data storage. A user should be able to search archives easily.<\/p>\n <figure class=\"main-article-image full-col\" data-img-fullsize=\"https:\/\/www.techtarget.com\/rms\/onlineimages\/data_backup-archive_v_backup-f.png \">\n  <img data-src=\"https:\/\/www.techtarget.com\/rms\/onlineimages\/data_backup-archive_v_backup-f_mobile.png \" class=\"lazy\" data-srcset=\"https:\/\/www.techtarget.com\/rms\/onlineimages\/data_backup-archive_v_backup-f_mobile.png  960w,https:\/\/www.techtarget.com\/rms\/onlineimages\/data_backup-archive_v_backup-f.png  1280w\" alt=\"Backup vs archive. \" height=\"292\" width=\"559\">\n  <figcaption>\n   <i class=\"icon pictures\" data-icon=\"z\"><\/i>Understand the three main differences between backup and archive.\n  <\/figcaption>\n  <div class=\"main-article-image-enlarge\">\n   <i class=\"icon\" data-icon=\"w\"><\/i>\n  <\/div>\n <\/figure>\n <h3>IT and legal teams<\/h3>\n <p>For proper creation and implementation of a data retention policy, especially regarding compliance, the IT team should work with the legal team. The legal team will have a better idea of how long data must be retained by law, while IT is responsible for implementing the policy.<\/p>\n <h3>Be careful with the data retention policy<\/h3>\n <p>Just because a file was created decades ago doesn't mean it should be&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchdatabackup\/tip\/Increase-backup-efficiency-with-a-data-destruction-policy\">automatically deleted after a certain time<\/a>. That old file could be an important contract the organization must retain, or it could contain other valuable information.<\/p>\n <h3>Automated data retention and deletion<\/h3>\n <p>A storage system can retain or remove data based on rules set up by IT. The use of&nbsp;<a href=\"https:\/\/www.techtarget.com\/whatis\/definition\/metadata\">metadata<\/a>&nbsp;is one way to figure out when a data object is scheduled for deletion or designated to a given storage location. Automated software moves old data to archives, which is especially helpful for organizations with large data volumes. Some software can automatically delete data based on age, outlined in a retention schedule. But administrators must be certain that deleted data serves no further purpose.<\/p>\n <figure class=\"main-article-image full-col\" data-img-fullsize=\"https:\/\/www.techtarget.com\/rms\/onlineimages\/whatis-metadata_use_cases-h.png\">\n  <img data-src=\"https:\/\/www.techtarget.com\/rms\/onlineimages\/whatis-metadata_use_cases-h_mobile.png\" class=\"lazy\" data-srcset=\"https:\/\/www.techtarget.com\/rms\/onlineimages\/whatis-metadata_use_cases-h_mobile.png 960w,https:\/\/www.techtarget.com\/rms\/onlineimages\/whatis-metadata_use_cases-h.png 1280w\" alt=\"Metadata use cases. \">\n  <figcaption>\n   <i class=\"icon pictures\" data-icon=\"z\"><\/i>Using metadata can be helpful as part of data retention policy.\n  <\/figcaption>\n  <div class=\"main-article-image-enlarge\">\n   <i class=\"icon\" data-icon=\"w\"><\/i>\n  <\/div>\n <\/figure>\n<\/section>              \n<section class=\"section main-article-chapter\" data-menu-title=\"Regulatory compliance and data retention\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>Regulatory compliance and data retention<\/h2>\n <p>A data retention policy must consider the value of data over time and the data retention laws an organization might be subject to. In 2006, the U.S. Supreme Court recognized that it isn't financially possible to retain all information indefinitely. However, organizations must demonstrate that they only delete data that isn't subject to specific regulatory requirements, as well as use a repeatable and predictable process to do so. This means various types of information are held for different lengths of time. For example, a hospital's retention period for employee email would be different from that of its patient records.<\/p>\n <p>Although it's common for an organization to establish its own data retention requirements, certain data retention laws must be adhered to. This is especially true for organizations operating in regulated industries. For example, publicly traded companies in the U.S. must establish a data retention policy that is compliant with the Sarbanes-Oxley Act (<a href=\"https:\/\/www.techtarget.com\/searchcio\/definition\/Sarbanes-Oxley-Act\">SOX<\/a>) of 2002. This legislation was passed to restore public confidence in the financial sector after financial reporting scandals, such as that involving Enron Corporation, and to prevent fraud. SOX is comprehensive and has many implications, but one important implication to remember is that it mandates that businesses must retain financial reports for at least seven years, then dispose of them once they are no longer needed.<\/p>\n <p>Similarly, healthcare organizations are subject to Health Insurance Portability and Accountability Act (<a href=\"https:\/\/www.techtarget.com\/searchhealthit\/definition\/HIPAA\">HIPAA<\/a>) data retention requirements, and organizations that accept credit cards must adhere to a&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchsecurity\/definition\/PCI-DSS-Payment-Card-Industry-Data-Security-Standard\">Payment Card Industry Data Security Standard<\/a>&nbsp;data retention and disposal policy. For example, healthcare providers are required by HIPAA to retain patient data for at least six years on file, and certain companies might keep patient data for even longer.<\/p>\n <figure class=\"main-article-image full-col\" data-img-fullsize=\"https:\/\/www.techtarget.com\/rms\/onlineimages\/compliance-sox_data_retention.png\">\n  <img data-src=\"https:\/\/www.techtarget.com\/rms\/onlineimages\/compliance-sox_data_retention_mobile.png\" class=\"lazy\" data-srcset=\"https:\/\/www.techtarget.com\/rms\/onlineimages\/compliance-sox_data_retention_mobile.png 960w,https:\/\/www.techtarget.com\/rms\/onlineimages\/compliance-sox_data_retention.png 1280w\" alt=\"SOX data retention mandates. \">\n  <figcaption>\n   <i class=\"icon pictures\" data-icon=\"z\"><\/i>Meet SOX data compliance mandates in four steps. \n  <\/figcaption>\n  <div class=\"main-article-image-enlarge\">\n   <i class=\"icon\" data-icon=\"w\"><\/i>\n  <\/div>\n <\/figure>\n <p>Simply retaining data isn't enough. Federal laws commonly require organizations in regulated industries to create a documented data retention policy.<\/p>\n <p>An organization must also consider the General Data Protection Regulation (<a href=\"https:\/\/www.techtarget.com\/whatis\/definition\/General-Data-Protection-Regulation-GDPR\">GDPR<\/a>), which went into effect in May 2018 and updated data protection laws across the European Union (EU). Mandates apply to personal data produced by EU citizens, whether the company collecting the data is in the EU, as well as any people and organizations whose data is stored in the EU. It's critical to have a data retention policy that explains which data is being held, why and where it's being held and for how long, as it relates to GDPR directives. Especially with a sweeping compliance regulation such as GDPR, only keep the personal information that's needed.<\/p>\n <div class=\"youtube-iframe-container\">\n  <iframe id=\"ytplayer-1\" src=\"https:\/\/www.youtube.com\/embed\/ilLEdbfzw-I?autoplay=0&amp;modestbranding=1&amp;rel=0&amp;widget_referrer=null&amp;enablejsapi=1&amp;origin=https:\/\/www.computerweekly.com\" type=\"text\/html\" height=\"360\" width=\"640\" frameborder=\"0\"><\/iframe>\n <\/div>\n <p>The most comprehensive framework encompassing data retention policies in the U.S. is the&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchcio\/definition\/California-Consumer-Privacy-Act-CCPA\">California Consumer Privacy Act<\/a>. The legislation was signed into law in 2018 and went into effect beginning in 2020. It was followed by a subsequent amendment to the law, named the California Privacy Rights Act, effective in 2023, which states that businesses must not retain data for longer than needed to complete certain objectives. There is currently no fixed maximum retention period for how long businesses can retain data once it is no longer needed, but the legislation is meant to encourage ethical data use and storage.<\/p>\n<\/section>         \n<section class=\"section main-article-chapter\" data-menu-title=\"Data retention policy examples\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>Data retention policy examples<\/h2>\n <p>Length of time in a data retention policy ranges from minutes to years. Use a policy engine that involves multiple fields, such as user, department, folder and file type.<\/p>\n <p>A data retention policy should include email messages. Emails pile up quickly, and some take up a lot of space, so set a reasonable timetable for retention. As with the data retention policy, the IT team should work with legal on email retention schedule details.<\/p>\n <p>Regarding targets,&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchstorage\/definition\/object-storage\">object storage<\/a>&nbsp;is a popular choice in a data retention policy, as it provides solid data protection at a moderate cost.<\/p>\n <p><a href=\"https:\/\/www.techtarget.com\/searchstorage\/definition\/public-cloud-storage\">Public cloud storage<\/a>&nbsp;is another common location for data that requires long-term retention. It's typically cheaper than on-premises storage, especially in infrequent access tiers. Cloud service providers offer off-site data protection, which is important in the event of a disruption to the organization's main data center. Speed of restore depends on the tier and size of the data set.<\/p>\n <p>In addition, tape continues to play a key role in long-term data retention. Infrequently accessed&nbsp;<a href=\"https:\/\/www.techtarget.com\/whatis\/definition\/historical-data\">historical data<\/a>&nbsp;finds a good home on tape, where it takes longer to restore than other formats. Storing data on tape for years is typically cheaper than storing it in the cloud and uses less energy than disk storage. Like the public cloud, tape also provides off-site storage.<\/p>\n<\/section>      \n<section class=\"section main-article-chapter\" data-menu-title=\"What are some common data retention policy issues?\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>What are some common data retention policy issues?<\/h2>\n <p>Data continues to increase dramatically, not only in&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchstorage\/definition\/primary-storage\">primary storage<\/a>&nbsp;but in backup data and archives as well. Backup takes a particularly burdensome toll when the same data gets backed up. A data retention policy is one way to reduce volume and eventually automate the process of retaining data sets.<\/p>\n <p>However, creating a data retention policy is complex. Setting a data retention schedule isn't cut-and-dry. Certain data sets require retention of different lengths of time for legal and operational reasons. Organizations will ultimately&nbsp;<a href=\"https:\/\/www.techtarget.com\/searchdatabackup\/tip\/Compare-SaaS-data-retention-policies-from-4-major-providers\">develop their own retention policies<\/a>&nbsp;to fit their needs. But they must be careful when doing so, especially when instituting an automated form of data retention.<\/p>\n <p>Storage can be a burden as well. That's why a good data retention policy is clear about the type of storage where retained data goes to optimize budget and space.<\/p>\n<\/section>    \n<section class=\"section main-article-chapter\" data-menu-title=\"Proper data disposal\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>Proper data disposal<\/h2>\n <p>When a protected record's age exceeds that of the applicable data retention policy, the record&nbsp;must be disposed of&nbsp;properly. It's often in an organization's best interest to dispose of old data, <a href=\"https:\/\/www.forbes.com\/councils\/forbestechcouncil\/2026\/01\/14\/why-retaining-data-beyond-compliance-limits-increases-risk\/\">even if it doesn't have to by law<\/a>.<\/p>\n <p>Many organizations use an automated system, typically a dedicated archive software product, to securely delete data that no longer falls within the required data retention period. Automation ensures data is disposed of in the proper time frame without manual intervention. Some organizations might use their backup software's archiving functionality to automate data disposal.<\/p>\n <p><i>Data retention is a crucial aspect of data governance. While data retention can be beneficial and often mandatory, businesses should also be aware of the&nbsp;<\/i><a href=\"https:\/\/www.techtarget.com\/searchdatamanagement\/tip\/5-benefits-of-building-a-strong-data-governance-strategy\"><i>top benefits<\/i><\/a><i>&nbsp;of enacting a comprehensive data governance strategy.<\/i><\/p>\n<\/section>","description":"In business settings, data retention is a concept that encompasses all processes for storing and preserving data, as well as the specific time periods and policies businesses enforce that determine how and for how long data should be retained.","image":"https:\/\/cdn.ttgtmedia.com\/visuals\/digdeeper\/1.jpg","link":"https:\/\/www.techtarget.com\/searchdatabackup\/definition\/data-retention-policy","pubDate":"Tue, 17 Feb 2026 00:00:00 GMT","title":"What is a data retention policy?"},{"body":"<p>Data backups are among an organization's most valuable resources, and where they are stored is critical. Business leaders must have a strong understanding of their organization's backup data when choosing a long-term storage option to ensure that data is secure, organized and accessible when needed.&nbsp;&nbsp;<\/p> \n<p>Not all backup data is suited to long-term storage. For organizations engaged in <a href=\"https:\/\/www.techtarget.com\/searchdatabackup\/news\/252504683\/When-long-term-data-archiving-means-forever\">historical archiving<\/a>, such as libraries, low-cost long-term backups are critical. In regulated industries such as healthcare, where <a href=\"https:\/\/www.techtarget.com\/searchdatabackup\/answer\/What-are-some-data-retention-policy-best-practices\">data retention<\/a> is subject to strict compliance regulations, reliable long-term backups are paramount in the event of a disaster.<\/p> \n<p>Security is a key factor for all storage, but organizations working with long-term data backups should also pay close attention to access, cost and capacity. Since long-term data isn't accessed as often as mission-critical files, performance and retrieval times for these backups can be lower than for high-priority data.<\/p> \n<p>This can vary if the organization is subject to service-level agreements (SLAs) that <a href=\"https:\/\/www.techtarget.com\/searchdisasterrecovery\/answer\/What-DR-requirements-belong-in-a-cloud-computing-SLA\">require rapid recovery times<\/a>.<\/p> \n<p>Organizations that store backups of long-term data must <a href=\"https:\/\/www.computerweekly.com\/feature\/Indefinite-storage-What-it-is-and-why-you-might-need-it\">retain many files indefinitely<\/a>, so high capacity and low cost are vital elements of the chosen storage method. If a company has a larger budget, it might be able to prioritize access over cost. However, with long-term data backups, lower prices are often chosen over high-speed performance.<\/p> \n<blockquote class=\"main-article-pullquote\">\n <div class=\"main-article-pullquote-inner\">\n  <figure>\n   Security is a key factor for all storage, but organizations working with long-term data backups should also pay particular attention to access, cost and capacity.\n  <\/figure>\n  <i class=\"icon\" data-icon=\"z\"><\/i>\n <\/div>\n<\/blockquote> \n<p>Below are four options to consider when selecting a long-term data backup method.<\/p> \n<section class=\"section main-article-chapter\" data-menu-title=\"1. Tape\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>1. Tape<\/h2>\n <p>Tape storage has long been a staple for backup data. While newer technologies have come along, <a href=\"https:\/\/www.techtarget.com\/searchstorage\/tip\/Whats-driving-the-resurgence-in-tape-storage-use\">many organizations still use tape<\/a> for long-term backup and data archiving.<\/p>\n <p>The biggest advantage of tape is the price. Tape offers the <a href=\"https:\/\/blog.archiware.com\/blog\/comparison-of-lto-and-cloud-storage-costs-for-media-archive\/\" target=\"_blank\" rel=\"noopener\">lowest<\/a> storage cost per gigabyte. This makes it <a href=\"https:\/\/www.techtarget.com\/searchdatabackup\/answer\/How-can-you-use-magnetic-tape-storage-in-this-big-data-age\">well-suited for large capacities<\/a> with long retention periods, as in long-term data backup.<\/p>\n <p>Another key attribute for tape is its ability to <a href=\"https:\/\/www.techtarget.com\/searchdatabackup\/tip\/Air-gap-backups-provide-another-layer-of-protection\">create a physical air gap<\/a>, which has become a crucial security element for protecting against ransomware and other network attacks. If an organization is particularly concerned about cyber threats, the offline nature of tape makes it a strong choice for long-term backups.<\/p>\n <p>The clear downside of tape is slow data access. If a business must restore backup data quickly and often, tape might not be the correct choice. This is particularly an issue for organizations that must meet compliance regulations or SLAs that require a fast restore.<\/p>\n<\/section>     \n<section class=\"section main-article-chapter\" data-menu-title=\"2. Disk\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>2. Disk<\/h2>\n <p>Disk storage has become a popular option as a backup method due to its <a href=\"https:\/\/www.techtarget.com\/searchdatabackup\/tip\/Storage-media-showdown-The-benefits-of-tape-vs-disk-backup\">improved performance over tape<\/a>, while still offering attractive economics. Disk provides much faster access than tape, with a lower price tag than higher-performance flash devices. This makes disk well-suited for backup environments by providing low-cost storage for large capacities of long-term backup data, along with sufficient performance when a restoration is necessary.<\/p>\n <div class=\"youtube-iframe-container\">\n  <iframe id=\"ytplayer-0\" src=\"https:\/\/www.youtube.com\/embed\/kGq82NVOQ6I?autoplay=0&amp;modestbranding=1&amp;rel=0&amp;widget_referrer=null&amp;enablejsapi=1&amp;origin=https:\/\/www.computerweekly.com\" type=\"text\/html\" height=\"360\" width=\"640\" frameborder=\"0\"><\/iframe>\n <\/div>\n<\/section>   \n<section class=\"section main-article-chapter\" data-menu-title=\"3. Flash\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>3. Flash<\/h2>\n <p>Flash storage is a strong choice for high-performance workloads, and organizations typically use flash for primary workloads rather than backups. High-performance SSDs might be needed in <a href=\"https:\/\/www.techtarget.com\/searchdatabackup\/answer\/Flash-backups-What-are-the-best-use-cases-and-why\">certain backup environments<\/a> that require rapid restore times, but this is rare for long-term backup.<\/p>\n <p>In recent years, the economics of flash devices have changed, and SSDs might become a more practical choice even for long-term applications. <a href=\"https:\/\/www.techtarget.com\/searchstorage\/opinion\/Why-QLC-flash-adoption-now-benefits-the-enterprise\">Quad-level cell devices<\/a> offer denser, lower-cost storage comparable to disk. Along with a performance advantage, flash might be able to edge out disk for long-term backup due to its <a href=\"https:\/\/www.techtarget.com\/searchstorage\/tip\/The-pros-and-cons-of-flash-memory-revealed\">lower energy consumption<\/a>, high reliability and long lifespan.<\/p>\n<\/section>   \n<section class=\"section main-article-chapter\" data-menu-title=\"4. Public cloud\">\n <h2 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>4. Public cloud<\/h2>\n <p><a href=\"https:\/\/www.techtarget.com\/searchstorage\/definition\/public-cloud-storage\">Public cloud<\/a> is another option for long-term data backup, with some caveats. The performance and economic benefits of cloud depend not only on the selected service provider but also on the chosen storage tier. For long-term data, the most appropriate choice might be a cool or cold tier, such as S3 Infrequent Access or Glacier from AWS, or Azure's cool storage tier and <a href=\"https:\/\/www.techtarget.com\/searchstorage\/tip\/Choose-the-best-Azure-Blob-Storage-tier\">offline Blob Storage<\/a>.<\/p>\n <p>These options offer low-cost storage with the advantage of moving the infrastructure and management responsibilities off premises. However, restores from these storage tiers can incur large costs. Colder storage tiers might have a long recovery time, even more so than on-premises tape. Quicker retrieval times may be available from some providers, but likely at a higher price point. With this in mind, organizations that require frequent access to backups should consider a warmer cloud tier or an alternative on-premises option.<\/p>\n <p><i>Mitch Lewis is a research associate at Evaluator Group. He provides insight into the IT landscape for enterprises, IT pros and technology enthusiasts alike.<\/i><\/p>\n<\/section>","description":"Data backups ensure copies of critical data are available in the event of a crisis or failure. When backing up long-term data, cost and capacity are vital considerations.","image":"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/storage_g488979113.jpg","link":"https:\/\/www.techtarget.com\/searchdatabackup\/tip\/Long-term-data-backup-options","pubDate":"Tue, 10 Feb 2026 12:00:00 GMT","title":"4 long-term backup options for enterprise data"}],"title":"ComputerWeekly.com","ttl":"60","webMaster":"editor@computerweekly.com"}}