Professional Documents
Culture Documents
Software Resilience
Insights Report
A platform for growth and innovation
Contents
Executive summary 3
A new mind-set 7
www.nccgroup.com | response@nccgroup.com 3
Software Runs the World
www.nccgroup.com | response@nccgroup.com 4
Technologies on the rise
www.nccgroup.com | response@nccgroup.com 5
How emerging technologies are being used:
Cloud Adoption & Business Transformation Machine to Machine (M2M)
The global pandemic has driven the need for collaborative, M2M devices using wireless communications are expected
flexible solutions, resulting in a huge rise in the adoption of to represent fundamental components of a future Internet,
cloud-hosted software. Companies are investing in cloud- where applications allow users to transparently interact with its
hosted software to enable remote working with Microsoft physical surroundings. However, M2M systems compromise
experiencing a 775% increase in the number of people using a complex chain of connected systems and devices, making
its Teams platform in Italy in just one month . Those without this
1
privacy, fraud and the exposure of mission-critical applications
infrastructure in place have fast-tracked initiatives with 82% of problematic when trying to protect the integrity of M2M.
IT leaders prioritising their use of the cloud as a direct response
to the pandemic2. Internet of Things (IoT)
IoT is enabling organisations to bring together disparate
systems to create one large, connected ecosystem made up of
Reliance on third-party software applications will different elements such as hardware, software, smart devices
continue and by 2022 it’s expected that up to and sensors. During uncertain economic times, IoT is enabling
60% of organisations will use an external service organisations to reduce costs, improve safety, increase
provider’s cloud-managed service offering3. responsiveness and, most crucially, re-design their operations
to future proof their business model.
1
www.accenture.com
2
www.computerweekly.com
3
www.gartner.com
4
www.vodafone.com
www.nccgroup.com | response@nccgroup.com 6
A new mind-set
During the peak of the global pandemic companies This was the case in March 2020 when Microsoft experienced
experienced a wide range of third-party incidents including cloud capacity issues due to a sudden surge in demand and
supply chain and logistics failures, as well as data breaches other COVID-19 related disruptions in their supply chain.
resulting in fines, all of which can have a significant impact on The experienced Cloud Service Provider was forced to make
customer service, regulatory compliance and reputation.5 adjustments to maintain performance and prevent a failure for
its millions of Office 365 users.7
Unexpected surges in demand for specific third-party
applications during the pandemic also increased the risk of Whilst there are many benefits to businesses utilising third-
third-party service unreliability or service failure, potentially party applications to power critical day-to-day operations,
impacting the business continuity for thousands of organisations. 6
reliance on these services introduces new and significant risks.
With companies experiencing double the amount of IT-related
incidents since the beginning of the pandemic, and in some
verticals 11x the number of incidents8, it’s evident that
service disruption is inevitable and businesses must manage
third-party risk.
5
www.deloitte.com
6
www.accenture.com
7
www.zdnet.com
8
www.pagerduty.com
www.nccgroup.com | response@nccgroup.com 7
In other words, outsourcing business-
critical technology can potentially put an
organisation’s business continuity, regulatory
compliance, brand reputation and financial
status at risk.
www.nccgroup.com | response@nccgroup.com 8
Which sectors have the
greatest need for resilience?
Any organisation that outsources business-critical IT services should consider if they have
processes and policies in place to guarantee the resilience and long term availability of
third-party software. Certain industries, such as those that are heavily regulated, and those
where adoption is essential to remain competitive – have an even greater need to ensure their
software is resilient.
9
www.deloitte.com
www.nccgroup.com | response@nccgroup.com 9
Professional Services Retail
Advancements such as accounting software and automation No matter their size or speciality, retailers are investing in new
are revolutionizing the way professional services firms serve applications such as inventory management and payment
their clients. However, with clients relying on their trusted processing software to meet ever-changing customer demands.
advisers to protect their confidential and personal data, firms
The global pandemic has shifted what consumers are buying,
must be confident about their own internal processes, as well
their methods of purchase, and how much they are spending:
as those of suppliers and partner organisations.
• In Canada, 21% of consumers expect to spend more on
The recent pandemic has caused a global economic
groceries, while 44% will spend less on apparel and footwear.11
slowdown, which is significantly impacting the growth of
professional services, with an expected compound annual • U.S retail e-commerce reached $211.5 billion in Q2 2020, up
growth rate (CAGR) of only 0.1% in 2020.10 31.8% from Q1, and 44.5% year-on-year.12
This highlights the necessity for firms to ensure challenges to Many retailers have had to respond to these shifts by adapting
their business-critical technologies – such as ERP systems, their strategies and adopting technologies that can fulfil rising
predictive analytics, Big Data processing and cloud platforms needs. Due to their very nature, downtime of these applications
– does not impact their ability to deliver services to their can mean large revenue losses and lasting damage to not only a
clients or impact security. single retail outlet, but an entire network or critical infrastructure.
Information Technology
Though digital transformation was already a priority for
businesses in many sectors, demand for emerging technologies
such as IoT, cloud computing, automation software and
more, has seen a huge increase in 2020. Remote working,
increased use of SaaS solutions and the need for flexibility
places increased pressure on IT providers.
10
www.businesswire.com
11
Voice of Canadians and impact to retailers, Deloitte
12
www.techcrunch.com
13
Understanding the sector impact of Covid-19, Technology sector, Deloitte
www.nccgroup.com | response@nccgroup.com 10
Is your business prepared
for service disruption?
14
www.gartner.com
15
IT Leaders’ Perception of Risk in Cloud Computing, NCC Group Report
www.nccgroup.com | response@nccgroup.com 11
Taking a proactive approach to software
resilience is the best way for you to ensure
you’re managing the risks associated
with IT outsourcing and can recover from
service disruption.
It also enables you to confidently innovate
and implement new technology, safe in the
knowledge that it is resilient and will always
be available – even if your supplier is no
longer around to support and maintain it.
www.nccgroup.com | response@nccgroup.com 12
The business opportunity of
Software Resilience
16
www.fsmatters.com
www.nccgroup.com | response@nccgroup.com 13
Enhanced customer trust and loyalty What business initiatives does
Software Resilience solutions ensure your business can Software Resilience support?
recover rapidly from service disruption, meaning the impact to
the end user is minimal, if at all. Meeting end user expectations Software Resilience supports a whole host of business
is vital in an increasingly competitive marketplace, as failure to initiatives and is therefore beneficial across several business
• Digital transformation
Software Resilience can also help enhance customer trust
and loyalty, as it enables you to out-perform competitors when • Cloud migration
responding to and recovering from unplanned events. • Business continuity assurance
• Regulatory compliance
Enhanced internal processes
• Supply chain and software risk management
Taking a proactive approach to compliance keeps internal
processes front of mind, allowing you to easily find ways to
improve and implement changes in line with the latest
requirements.
www.nccgroup.com | response@nccgroup.com 14
Starting the journey to
Software Resilience
Ensuring the resilience of business-critical services is an ongoing journey, as you may on-board
new software suppliers in the future or the criticality of an application may change over its lifetime.
www.nccgroup.com | response@nccgroup.com 15
Developing a Software
Resilience strategy
www.nccgroup.com | response@nccgroup.com 16
Best practice approach
to Software Resilience
• Bringing the issue of risk to board and strategic level in order to raise awareness of managing third-party software risk
internally.
• Using recommended risk assessment tools or methodologies from independent assurance specialists to review the current
software application landscape and assess the level of risk you could be exposed to.
• Developing an on-boarding process for the use of any new third-party software supplier with escrow agreements and an
entry-level of verification testing as a minimum.
• Establish a secure library with all tested and documented details of business-critical applications, ensuring that details of the
environments, resource and expertise requirements are recorded.
• Testing the rebuild or data extraction of any high dependency applications ensuring that they form part of any business
continuity plans.
• Implementing a consistent approach across the organisation with a documented process to assess the level of risk posed
and for the implementation of escrow and testing with a recommended provider.
www.nccgroup.com | response@nccgroup.com 17
Software Resilience solutions
NCC Group’s Software Escrow and Verification services enable your organisation to
strengthen its operational resilience and ensure the continuity of business-critical third-party
software applications. NCC Group’s team of in-house legal and technical experts can guide
you through a comprehensive risk assessment of your software portfolio to determine the
appropriate level of protection and ensure you are prepared for any eventuality.
The agreement details the material held in escrow and the terms For cloud-hosted systems, NCC Group’s EaaS solutions
of the release of the material in the event of predefined trigger ensure the continuity of services and enable organisations to
scenarios. Once released, the software customer can then employ effective risk mitigation procedures that protect the use
maintain the software, working from the original source code, of the system and access to individual data in an emergency
whether that be in-house or by engaging with another supplier. scenario. EaaS Agreements and Verification options are fast
becoming the standard for organisations looking to protect their
business-critical cloud applications.
www.nccgroup.com | response@nccgroup.com 18
Do I need Software Escrow
verification testing?
If your answers to the following questions suggest the application is tailored to your
business, requires frequent support or cannot be easily replaced, then you will need testing
as part of your escrow protection.
www.nccgroup.com | response@nccgroup.com 19
Businesses succeeding
with Software Resilience
We’ve already empowered businesses across a range of sectors to enhance their Software
Resilience. Here’s what they had to say:
“Being proactive and placing security and “With NCC Group’s assistance in reviewing
resilience at the start of any development our application, we have provided further
means that we can confidently explore ideas assurance to our customers that they are
and push boundaries, safe in the knowledge deploying a secure and robust application to
that we are managing any risk associated adhere to the day-to-day challenges faced
with our software supply chain responsibly” with fleet availability”.
“Our long-standing affiliation with NCC Group “Working with NCC Group was easy, the team
has helped shape our approach to business understood the importance of the Regional
continuity in addition to providing a smooth Nomination Platform to both the organisation
delivery of services to our customers. We and our strategic partners. NCC Group’s
look forward to partnering with NCC Group to Escrow as a Service solution fitted our needs,
assist us in driving growth and helping the unique application and our business
transform the way our customers work”. continuity plan”.
Andriy Begunov
Chief Information Officer, First Ukranian International Bank
“Having NCC Group protect and verify our software means we have an independent,
comprehensive audit and report of the software build process, providing us with a robust
business continuity plan should the need arise’. We look forward to a long and successful
working relationship with NCC Group”.
www.nccgroup.com | response@nccgroup.com 20
Why NCC Group?
With over 30 years’ experience in Software Our range of resilience-led risk mitigation solutions provide
Escrow alone, NCC Group is a leading organisations with a foundation for innovation, and our
partnerships with leading cloud providers AWS and Azure
independent technology assurance provider.
extend this opportunity to the cloud.
Our in-house legal and technical experts
are trusted by some of the world’s leading To provide our customers with the highest possible standard
of security, we have a sophisticated global network of state-
businesses to protect and provide resilience
of-the-art virtual vaults, which are used to safely store the data
for their critical software assets.
required to access or recreate business-critical applications.
www.nccgroup.com | response@nccgroup.com 21
For support in starting your journey to Software
Resilience, or for more information on how NCC
Group Software Resilience solutions can support
your business, get in touch with our team of in-
house legal and technical experts at:
response@nccgroup.com
www.nccgroup.com