THE LATEST OPINIONS
FROM OUR EXPERTS

Hybrid cloud is all the talk about how it is the way forward for modern IT - but that doesn’t mean enterprises are getting it right. While blending on-prem and cloud environments promises flexibility, cost efficiency and agility, many organisations still fall into the same traps: spiralling costs, unmanaged legacy systems, complex operations, and limited visibility over where workloads actually run.In this article by Maxwell Cooter, Matt Johnson, CEO of Rayo (a sister company of UBDS Digital), contributes and shares practical insights into why hybrid cloud strategies often falter and what leaders can do to correct course. He highlights the operational complexity of managing workloads across environments, the unpredictability of cloud pricing, and the challenge of integrating legacy infrastructure - along with clear guidance on adopting “cost-conscious design,” setting sensible scaling limits, and building frameworks that give teams real control.For organisations already on the hybrid journey - or struggling to make sense of it - Johnson’s contribution underlines a simple truth: success depends not on switching everything to the cloud, but on building a strategy that balances governance, cost visibility, and technical realism from day one.

With an ever-growing web of domestic and international regulations, compliance has shifted from a periodic checkbox activity to a constant operational demand. For many organisations—especially SMBs - keeping up with frameworks like GDPR, NIS2, DORA, HIPAA, PCI and emerging data privacy laws is stretching internal teams beyond capacity. As compliance requirements scale, so too does interest in Compliance-as-a-Service (CaaS) as a scalable, cost-effective solution.In this article from News in the Channel, Tracey Hannan-Jones, Consulting Director for Information Security at UBDS Digital, contributed in explaining why compliance has become so complex and why outsourcing is increasingly the pragmatic choice for businesses navigating multiple frameworks. She highlights that internal compliance teams are often small and cannot keep pace with fast-moving regulatory expectations - especially as organisations shift to SaaS and cloud-first environments where compliance must be “responsive and scalable” to match operational agility.Hannan-Jones also emphasises the growing need for risk assessments, internal audits, and unified policy management, where a single well-designed policy can satisfy numerous frameworks at once. Outsourcing, she notes, allows organisations to reduce internal overheads while ensuring they meet SLAs, contractual obligations, and legal requirements with expert support.For SMBs in particular, she warns that compliance gaps are no longer minor operational issues - they are barriers to commercial opportunity.“For SMBs that need certifications to bid for work, it’s no longer enough for ‘someone’ to do their best,” she explains. “Compliance becomes a blocker to trade up.”As data breaches and regulatory scrutiny intensify, CaaS providers offer vital support through specialised tooling, monitoring, vulnerability management, and continuous oversight—helping organisations stay ahead of new laws rather than constantly catching up.

While big tech firms continue to pour billions into developing advanced models like ChatGPT and Gemini Ultra, some experts argue that the core functionality of large language models (LLMs) is already showing signs of commoditisation. At Appian’s user conference, CTO Mike Beckley noted that the key LLMs offer only minimal differences in performance, with costs of use falling dramatically.For organisations, however, the real challenge is not just which model to choose, but how to apply them safely and effectively. As Silvia Lehnis, Consulting Director for AI and Data at UBDS Digital, explains:“It’s much easier for developers but also for managers to choose something that’s well known. Not least as it’s more defensible to the board if something goes wrong.”Lehnis also highlights that mainstream models often disappoint businesses in practice, particularly when used for specialised tasks. One solution, she says, is building industry- or company-specific models:“If you’re taking a generic model… you’re still getting a lot of the generic content coming through and paying for the cost of the compute of that generic model, which doesn’t really answer that very specialised question.”This raises critical questions for enterprises about trust, defensibility, and the strategic use of AI—issues that go well beyond the hype of the latest chatbot.

The promise of multi-cloud - running workloads across multiple cloud providers to reduce lock-in and increase resilience - is increasingly being questioned. As Matt Johnson, CEO of Rayo (a part of the UBDS Group), explains in his recent guest blog for techUK, the operational reality of multi-cloud often means duplication of effort, higher costs and increased complexity.Johnson argues that many organisations may actually benefit more from a “single-vendor multi-cloud” strategy—leveraging multiple isolated partitions or regions from one cloud provider to gain resilience without having to master multiple cloud ecosystems. He highlights how this approach allows reuse of existing tooling, skills and processes while still reducing exposure to global outages.For businesses navigating cloud transformation, Johnson’s insight offers a pragmatic path: evaluate whether full multi-provider complexity is necessary, and consider whether a well-architected single-vendor model might achieve your resilience goals more efficiently.

As organisations race to adopt AI, the pressure on leaders to balance innovation with security has never been greater. In this piece, Silvia Lehnis, Consulting Director for Data and AI at UBDS Group, explains why AI isn’t plug-and-play, why ownership can’t sit in one team, and how security needs to be baked in from the start. From managing training data and privacy risks, to countering deepfakes and inference attacks, she outlines the practical steps leaders must take to avoid AI creating more risk than value.

With Q-Day - the moment quantum computers can break current encryption - expected within five years, businesses are under growing pressure to prepare. While investment and research in quantum technology are accelerating, many organisations still lack a clear strategy for defending against quantum-based attacks.In this article, Dr David Howie, Strategic Advisor at UBDS Digital, contributes to article by Kate O'Flaherty, and shares how forward-thinking companies are already taking action. He explains that some organisations have begun moving to hybrid deployments that combine post-quantum cryptography with standard RSA, a vital first step in building experience for a full migration. As Howie notes, becoming quantum-secure is no longer a distant goal but an urgent item on every CIO and CTO’s to-do list.

As digital infrastructure becomes the backbone of modern economies, cybersecurity has evolved from a technical safeguard into a strategic enabler of resilience, trade, and national security. In this techUK article, Nour Louhichi, Senior Consultant at UBDS Digital, explores how proactive governance, shared accountability, and stronger supplier assurance are essential to securing the UK’s critical national infrastructure.Louhichi also highlights how UBDS Digital and 3B Data Security are helping organisations turn cyber risk into resilience - with NCSC-assured capabilities spanning Cyber Incident Exercising, Response, and PCI Forensics.

After nearly four years on the market, Windows 11 has officially surpassed Windows 10 as Microsoft’s most widely used operating system. According to Statcounter data, it now powers over half of all Windows PCs worldwide, marking a significant milestone in Microsoft’s push toward modernisation.Adoption has been a slow burn. When Windows 11 launched in 2021, uptake was sluggish, and as recently as 2023, fewer than a third of Windows devices were running the new OS. Many businesses have delayed migration due to hardware compatibility issues, device refresh cycles, and concerns over the potential disruption of large-scale rollouts.However, momentum is building ahead of a critical deadline. On 14 October 2025, Windows 10 will reach its official end of life, meaning it will no longer receive regular security updates. Although Microsoft plans to offer paid Extended Security Updates (ESUs), this option has sparked debate among enterprises weighing cost versus risk.Steve Prescott-Jones, Managed Services Director at UBDS Digital, warns that delaying migration could expose organisations to heightened vulnerabilities.“Without these updates, businesses may also face operational inefficiencies and compliance challenges that could disrupt day-to-day activities,” he explains.With ransomware, malware, and supply-chain attacks on the rise, remaining on unsupported systems presents a growing threat to both cybersecurity and compliance. For many organisations, the transition to Windows 11 is no longer just a technology upgrade—it’s a strategic move to ensure operational resilience and long-term security.