Governance & Risk Management , IT Risk Management , Security Operations
Navigating a Digital Transformation ProjectMarcus Rameke on How Nikko Asset Management New Zealand Made the Journey
In digital transformation, the stakes are high and the pace is intense. A key characteristic of transformation is the magnitude of change in terms of both depth and breadth. It is a journey that is designed to achieve high impact at two levels – individual and organizational.
See Also: 2022 Unit 42 Ransomware Threat Report
As the head of information technology, I started the transformational journey at Nikko Asset Management to enable us to fulfill new business requirements using an agile approach that would make staff more mobile and able to achieve better productivity and revenue and improve client satisfaction with the support of the senior management and board of directors.
A digital transformation leader needs to be mindful of the end-user experience.
As a regional office within a global organisation, it is critical to not only meet the local business requirements, but also comply with global technology policies and approved technologies. Having identified the requirements, I was able to articulate a strategy to the senior management to ensure that the solution was aligned the current business needs and future strategy.
Getting the Basics Right with HCI
Nikko AM was running a traditional three-tier architecture data center that was no longer meeting today's requirements. The first major project was to transform that into hyperconverged infrastructure - or HCI - and introduce on-site high availability and an off-site disaster recovery solution.
The outcome was improved RTO from days to hours, RPO from hours to minutes and being able to meet the increasing demands of the new services with ease.
We also achieved great sustainability results with this project as the HCI provides huge electricity savings, due to several factors such as smart storage efficiency storage savings - New Zealand NZ Production Environment 98.3% and New Zealand Disaster Recovery Environment 99.3% - that equal fewer storage units required and with flash-based solid-state drives - or SSDs - that use less than 50% of the power consumption of traditional storage hard drives.
HCI collapses the stack by removing silos, and it uses less hardware to support the workloads. It uses 3 units instead of 16 units to achieve the same results, and because there is less hardware, less cooling is required, which also reduces power consumption.
Achieving this outcome included replacing all hardware to suit the business's needs and implementing a complete on-site redundancy system and off-site disaster recovery system, with built-in granular file and folder recovery. We improved reliability and performance and minimized the impact on the wide-area network - or WAN. We also simplified the IT infrastructure while adding vital features and switched to using a single vendor.
Solving Specific Challenges
A challenge with this project was keeping the design simple, intuitive and not over-complicating how it works. A digital transformation leader needs to be mindful of the end-user experience. You have to be very open and transparent and work on the feedback from the end-users, to implement systems based on their feedback and how the new systems can benefit them.
You have to bring everyone along on the transformational journey. It needs to include the individuals to achieve the organisational goals.
Another challenge was that the New Zealand disaster recovery site is located in Sydney, Australia. For the global readers, that is a different country over a submarine fiber-optic cable. To have a complete off-site disaster recovery system with very low RPO and RTO, we needed a good deduplication and replication solution with minimum impact on the WAN.
The solution also had to perform backup, recovery or cloning without affecting the input/output of the production server environment during business hours.
This project addressed the potential threat of malware/virus and how Nikko AM in New Zealand can recover from an infected server. Using replication is a great tool to recover a server from hardware failure from one host to another, for example, but if your server has been infected by malware/virus, the bad code would have been replicated to your recovery site. In this case, you need a solution that can take you back in time to be able to recover the server in a timely manner.
Nikko AM refers to global frameworks - ISO27001 for security governance and the NIST Cybersecurity Framework for information security and cybersecurity measures.
The HCI transformation project addressed the important aspect of recovery in the NIST framework to establish and maintain the capability to accurately operate and quickly respond and recover to “business as usual” after a cyberattack.
It's important to have a current business continuity plan that all in the organization know about and agree on. Periodically review and test this plan. Being able to fully operate in a disaster scenario and roll back after disaster recovery is critical.
Our business passes external independent IT security audits, and that provides confidence to our client that we have adequate and effective controls in place. I led the implementation of cyber risk mitigation by creating a framework that includes cybersecurity governance - the systems, people, policies and procedures that govern the framework, cybersecurity principles - the risk mitigation principles, and cybersecurity assurance - the testing and monitoring of the framework.
Nikko AM is highly dependent on technology infrastructure, so ensuring that the right systems are in place not only reduces risks but can have very tangible impacts on productivity.
CyberEdBoard is ISMG's premier members-only community of senior-most executives and thought leaders in the fields of security, risk, privacy and IT. CyberEdBoard provides executives with a powerful, peer-driven collaborative ecosystem, private meetings and a library of resources to address complex challenges shared by thousands of CISOs and senior security leaders located in 65 different countries worldwide.
Join the Community - CyberEdBoard.io.
Marcus Rameke was appointed to the role of New Zealand information technology manager at Nikko Asset Management Group at the end of November 2018, and in September 2019 he was promoted to head of information technology, vice president. He is part of the Global Technology Management Team. Rameke manages all aspects of IT for Nikko Asset Management and aims to transform the business from a traditional IT setup to a modern, secure, flexible, scalable environment, with a cloud-first approach that allows more mobility and meets global and local business and cybersecurity requirements. He has over 15 years of industry experience. He is originally from Sweden and has worked in England and for the last 11 years in New Zealand. Rameke recently was recognized as one of New Zealand’s Top 50 Technology Leaders and received the prestigious CIO 50 award 2021 from IDG.