Node4 Ltd - Experts & Thought Leaders

Stratas is a UK-based specialist in document automation, finance automation, and intelligent document processing (IDP). Its solutions help organisations automate processes underpinned by documents and improve control across finance and operations.   Stratas needed a new, secure, and scalable data storage solution after notification that its remote storage provider planned to discontinue services. Richard Webb, the company’s Professional Services Technical Consultant, explains: “We weren’t confident that the physical servers were being properly maintained. Our provider was using older machines and running Windows Server 2012, which presented us with reliability and security challenges. If we had continued with our arrangement, things would have had to change.”    Solution   After considering several options, Richard and his team selected Node4’s Virtual Data Centre (VDC) offering – the company’s managed, hosted Infrastructure as a Service platform. As the first step in deployment, Node4 set up a bespoke landing zone to assist Richard with data migration from his organisation’s legacy servers. Node4 also configured VDC access via a secure, high-speed VPN. Public cloud solution “We told Node4 from the outset that we wanted a managed, hosted environment. We’re a lean business with no physical premises and didn’t want the overheads and complications of managing physical servers,” Richard comments. “On paper, a public cloud solution might have seemed logical. But we run several niche applications with specialised workflow and process requirements. Node4’s VDC was a better fit – we got the scalability and flexibility of public cloud without the complexity and administration headaches. But we also benefit from Node4’s support and expertise. It’s the best of both worlds.” Node4’s data centre  “We also wanted our data to remain in the UK on servers owned by a UK company,” he acknowledges. “That’s important for GDPR compliance and data sovereignty." "It was also a bonus that Node4’s data centre is just down the road from us, so we’re hyperlocal, I guess. It all adds to the feeling that we’re not dealing with some faceless conglomerate – that there are real people on hand with a genuine interest in helping our business to thrive.”     Results   Stress-free migration   With the landing zone operational and VPN connectivity established, Richard and his team began migrating applications and clients to their new Virtual Data Centre. “Clients using our invoicing and accounting service can’t be offline for a long time – especially around month-end. So, although it was slower for us, we migrated one customer at a time at a rate of about five per week,” he explains. “Node4’s landing zone also allowed us to test migrations to ensure everything worked as expected before going live. This kept downtime to an absolute minimum and reduced many of the risks associated with migration to hosted environments.”    Enhanced backup, recovery and resiliency    Richard and his team immediately benefited from switching to Node4’s virtual data centre. “Our previous provider offered only basic backups, and their infrastructure lacked resiliency,” he recalls. “We could start work on a Monday and, without any prior warning, find half our servers were down. Switching to Node4’s virtual data centre with modern, resilient servers – alongside built-in comprehensive backup and disaster recovery – improved our day-to-day operations and customer experience right from the outset.”   Richard admits that the connectivity and reliability improvements far exceeded anything he’d hoped for. “It’s amazing! Even basics like logging in are easier. On our old system, it would take several attempts, and there was always a chance you’d get kicked out after a couple of hours. Getting online first time probably saves each of us around ten minutes a day. That may not sound much, but it quickly adds up as the weeks and months go by.”    Advanced, integrated security    Richard also notes that the VDC offers a range of security benefits, including firewall defences, DDoS protection and secured instances. “We’re planning to introduce multi-factor authentication to access our VPN. It’s a vital identity management tool for all businesses,” he comments. “But especially ones like ours with a 100% remote workforce.”   Consumption-based model: Pay for used compute, network and storage    Richard is also keen to highlight the advantages of a consumption-based model. “The VDC is fully self-service. We can adjust compute, network, storage, and services on demand with just a few clicks – giving us complete control over our environment and costs." "This is important right now and also helps us plan ahead; for example, we can now see a pathway to rolling out AI and advanced automation in the coming years.”    Transparent pricing    “I like the fact that VDC pricing is transparent,” Richard admits. “We did our due diligence and looked at a few other companies. Their project and operational costs seemed lower. But there were lots of gotchas – like fixed data charges and data limits – hidden in the small print. So, when we weighed it all up, Node4, with its consumption-based pricing, was far better value and a much better organisational fit.”    He concludes: “What does that mean on a day-to-day basis? Currently, we’ve scaled requirements as we’re carrying out some server consolidation work. But all that extra capacity is still there for us. And while we’re waiting, we’re not being charged for it. That’s a huge benefit. It helps us remain competitive and responsive to changing market and economic conditions.”

Node4, a cloud-led digital transformation Managed Services Provider (MSP), has announced the appointment of Richard Moseley as Chief Executive Officer (CEO), with Founder and previous CEO, Andy Gilbert becoming President and Board Member. Growth strategy The announcement is part of a strategy to strengthen Node4’s executive team as the company embarks on the next phase of its growth journey. Moseley will work closely with Gilbert to complete an in-depth induction and handover, after which he will formally assume the role of CEO, which is expected to take place in early 2025.  Richard Moseley Moseley brings 30 years of technology experience, having built multiple high-growth software and managed services Moseley brings 30 years of technology experience, having built multiple high-growth software and managed services companies, scaling them globally, both organically and through M&A. As GM of Rapid7 International, he architected 10 years of consistent material expansion from the early stage to becoming a publicly listed global organisation.  Before that, Moseley served as GM for Quest Software for more than a decade, developing the company into a global organisation via expansion in Europe and Asia.  Andy Gilbert As Node4’s founder and driving force over the past two decades, Gilbert will remain fully involved in the organisation with a particular focus on supporting the Board and Moseley with strategy, technology, and product roadmap while also helping optimise client development. Their combined expertise and leadership will enable Node4 to continue its growth journey and reach its potential. In his new role, Gilbert will also dedicate more time to strategy in an increasingly complex environment as the company focuses on enhancing its capabilities and client offerings.  Richard's comment “Joining the Node4 team feels like an incredible opportunity,” said Richard Moseley, CEO of Node4. Richard Moseley adds, “Over the past 20 years, Andy and our talented team have developed an unrivalled reputation for helping organisations bridge the gap between technology and strategic goals, and I look forward to working closely with my new colleagues, customers, and partners as we continue to push boundaries and build towards our next stage of growth.”  Andy's comment “Richard is a hugely respected leader and innovator whose experience and drive align exactly with our ambitious growth strategy for the years ahead,” commented Andy Gilbert, Founder and President of Node4. Andy Gilbert adds, “Under his leadership, the business is ideally positioned to deliver on our growth plans, working closely with customers and partners to meet their needs and implement solutions that help them to thrive in today’s competitive markets.” 

Node4,  a cloud-led digital transformation Managed Services Provider (MSP), has announced a strategic partnership with cybersecurity company Elastio. This collaboration is set to provide Node4 customers with enhanced protection against ransomware by ensuring the integrity of Veeam recovery points, minimising post-attack data loss and downtime. Backups are crucial for protecting against ransomware, but modern threats can infiltrate and hide within data without being detected. This can lead businesses to inadvertently back up compromised data, which leaves them vulnerable when they need to recover from an attack. Prepared for disaster recovery Node4 and Elastio’s partnership addresses this issue by allowing Node4 clients to continuously check the integrity of their Veeam backups. This ensures any breaches are detected early and guarantees that recovery can occur from clean, uncompromised data. "Ransomware is a scourge that is not going away any time soon, and we're seeing increasingly sophisticated threat actors use tactics to compromise backups. The new standard has to be for businesses to not only be prepared for disaster recovery, but for cyber recovery. That means ensuring that your backups are clean and recoverable,” said Najaf Husain, CEO of Elastio. “We are excited to be working with Node4 to bring our anti-ransomware for backups technology to their clients so that they can be ransomware ready." Streamlining business continuity Elastio’s RansomwareIQ AI/ML engine performs deep file-level inspections on Veeam backups Elastio’s RansomwareIQ AI/ML engine performs deep file-level inspections on Veeam backups, detecting ransomware encryption that bypasses other solutions with 99.99% accuracy. In the event of an attack, it automatically directs users to a clean recovery point to streamline business continuity.  Mark Skelton, Chief Technology & Strategy Officer at Node4, emphasised the importance of robust cybersecurity measures, stating, “In today’s digital age, effective and reliable backups are crucial for business continuity. Our partnership with Elastio ensures that our clients not only have state-of-the-art backup solutions but also the assurance that these backups are uncompromised by ransomware. We are committed to empowering our clients to be resilient and ready in the face of evolving cyber threats.” Cloud-based infrastructures Node4’s collaboration with Elastio also complements its N4Backup Veeam Cloud Connect solution, enhancing its offerings to businesses utilising Veeam Backup and Recovery software. This strategic initiative is part of Node4’s ongoing commitment to providing comprehensive, end-to-end services that support UK businesses in their transition to secure, cloud-based infrastructures. By integrating Elastio’s cutting-edge anti-ransomware technology, Node4 not only fortifies its defence mechanisms but also ensures its clients are equipped with the necessary tools for both disaster recovery and cyber recovery.

Every day, millions of people worldwide use their personal credentials to prove their identity and access a range of services, from databases in their workplace to the banking app on their smartphone. But while this ensures only authorised people have access to certain systems, the use of this personal data opens users up to cyber risks, primarily in the form of identity theft. On Identity Management Day, Source Security spoke to seven IT and cybersecurity experts to discuss their experiences and advice on identity management, including James Brodhurst, Principal Consultant at Resistant AI, who reinforces that: “Securing identities is more important than ever, as fraud and identity theft has impacts for businesses as much as for individuals.” Effective identity management He recommends that businesses and other organisations that use consumer identities as an integral part of operations must address the significant challenges of managing identities and recognise that there is no single solution to all possible cyber threats. Effective identity management is only achieved through a broad range of technologies and data. Businesses have a critical role to play in mitigating cyber threats, as does society as a whole" This is an important first step for organisations to know who they are interacting with, and subsequently distinguish between genuine or illicit actions. “Businesses have a critical role to play in mitigating cyber threats, as does society as a whole. Initiatives such as Identity Management Day serve to increase our collective awareness of the issues and threats we’re facing, and also safeguard sensitive data.” External cyber defences “Why is identity theft so common?” ponders Andy Swift, Technical Director of Offensive Security at Six Degrees. “Well, the simple answer is stealing account credentials is big business. There is a massive industry out there of people stealing and selling credentials on the dark web. I don't suggest you venture to the marketplaces through which stolen credentials are sold on the dark web, but if you did you'd find lists of credentials with different attributes – whether they've been tested, whether they have access to financial data – that dictate price.” “Most stolen credentials are sold to people looking to launch phishing and onward phishing attacks, giving them access to compromised mailboxes to send emails from. Secondly, there are hackers who want to launch attacks – ransomware, more than likely – from within a network without having to navigate its external cyber defences while also evading the long wait for brute force attacks, phishing attacks and other noisy activities to pay off.” Access sensitive data Credential stuffing is one of the most common forms of attack and corporate credentials are usually the target" “And thirdly, there are people who want to simply target external administration interfaces they have identified (RDP for example) which they can in turn use to pivot through to internal networks, or even just target the external host directly.” Gregg Mearing, Chief Technology Officer at Node4, adds: “Credential stuffing is one of the most common forms of attack and corporate credentials are usually the target. In 2020 alone there were 193 billion credential stuffing attacks globally. Attacks commonly start with a database of stolen credentials, usually with usernames, emails and passwords – although phishing emails and suspicious websites are also used to steal corporate credentials. Once they have gained entry into the organisation's system, the attacker can move laterally, completely unnoticed, to access sensitive data, remove files or plant malware.” Most common threats “Despite the ubiquity of this style of attack and a wide understanding of the importance of password hygiene, 65% of people still reuse passwords across multiple accounts. There can be no doubt that employees are the first line of defence for an organisation against a cyber attack. If trained properly, they can act as a human firewall. However, poor cyber hygiene, a lack of best practice when it comes to managing credentials, and a limited understanding of the most common threats can make an organisation’s employees its greatest weakness.” Despite the ubiquity of this style of attack and a wide understanding of the importance of password hygiene" Alongside credential stuffing and phishing, Liad Bokovsky, Senior Director of Solutions Engineering at Axway, explains how API attacks are yet another way criminals are executing identity theft: “In fact, last year API attacks increased 348%, and companies affected included some of the largest corporations – Facebook, Instagram, and Microsoft.” Protecting customers’ data “Companies need to do a better job at protecting their customers’ data. In a recent survey, 82% of UK consumers confirmed they would stop doing business with a company if it suffered a data breach that exposed their personal information.” “Thriving and surviving in today’s hyper-connected economy increasingly depends on having sufficient API maturity in place to ensure that anything connecting to an organisation’s servers – devices, apps, customers – is managed appropriately to keep APIs, customer data and the company’s reputation safe. This means having technology and processes in place to make sure that API design, implementation, and management are done properly.” Owning smart devices This needs to change and with the UK no longer required to adhere to EU-GDPR legislation" Michael Queenan, CEO, and Co-Founder of Nephos Technologies, explains how the huge volumes of personal data being created every day are putting consumers at risk: “Whether shopping online, setting up a social media account or simply reading a news article, we are regularly being asked for our identifiable information. With 10% of UK homes now owning smart devices – e.g. an Alexa or a Ring doorbell – our data is constantly being collected, even within our own homes. Should it fall into the wrong hands, it could be used for identity theft or fraud.” “This needs to change and with the UK no longer required to adhere to EU-GDPR legislation, it presents an opportunity to rectify how personal data can be shared. Ultimately, I believe individuals should be responsible for their own data and how it is used.” Ensure data privacy “A possible way of achieving this is through identity-centric blockchain, whereby everyone has a national email address associated with their blockchain identity that permits access to their personal data. This would ensure that only you get to decide who has access – your data, your choice!” This would ensure that only you get to decide who has access – your data, your choice" Steve Young, UKI Sales Engineering Director at Commvault also comments on how identity management is vital for meeting data regulations, thereby supporting data management throughout the business: “In the world of data management, you’d be forgiven for thinking that the focus is all on backups and recovery. But while these are absolutely crucial elements, another key aspect of data management is identity management – only through understanding it will businesses be able to drive their data management to the next level. Identity management is necessary to ensure data privacy.” Latest data regulations “Many people will be most familiar with its function as a way to restrict access of employees to certain files and resources that may hold sensitive or classified information. But what is becoming more important today is how identity management also helps prevent cybercriminals entirely outside an organisation from gaining unauthorised access to a system and initiating a ransomware attack, for example. Because of this, identity management helps businesses be compliant with the latest data regulations, as it ensures that any customer data collected and stored is kept secure.” So, what solutions should IT leaders be prioritising to strengthen their identity management measures? Six Degrees’ Andy Swift recommends multi-factor authentication (MFA): “MFA provides great defence against identify theft, but it's also a reactive technology: for it to be effective, an attacker must already have obtained stolen credentials.” Cyber security training Credential-driven attacks are largely exacerbated by a ‘set it and forget it’ approach to identity management" “That's why comprehensive cyber security training and education on best practices is quite possibly more important than any technology could ever be alone. There's no silver bullet when it comes to achieving strong identity management, but the importance of threat awareness and training cannot be overstated.” “We advocate for the best practices that ensure cyber hygiene and protect personal and professional identities and credentials to prevent credential-based attacks from continuing,” concludes Tyler Farrar, CISO at Exabeam. “Credential-driven attacks are largely exacerbated by a ‘set it and forget it’ approach to identity management, but organisations must build a security stack that is consistently monitoring for potential compromise." "Organisations across industries can invest in data-driven behavioural analytics solutions to help detect malicious activity. These analytics tools can immediately flag when a legitimate user account is exhibiting anomalous behaviour indicative of credential theft, providing greater insights to SOC analysts about both the compromised and the malicious user, which results in a faster response time.”