Monthly Archives

May 2019

CCL-Revera appoints executive leadership team

By | General News

CEO Andrew Allan appoints leadership team to extend company’s cloud and IT services leadership.

Seven executives from the ranks of Revera and CCL pre-merger have been appointed to the executive leadership team of the now merged entity, called CCL.

Joining CEO Andrew Allan at the top table is:

  • COO – Sri Gazula, who held the same position at Revera
  • CFO – Chris Fairfield, previously Revera CFO
  • Troy Myer – Technical Director (formerly Revera General Manager Business Development)
  • Cherie Roache – Director Southern Region (formerly CCL General Manager, Southern Region)
  • Guy Inglis – Director Northern Region (formerly CCL General Manager, Northern Region)
  • Rik Rogers – Director Client Delivery (formerly CCL General Manager Managed Services)
  • Richard Hansen – Director Enterprise Sourcing (formerly CCL General Manager Strategy).

The company is currently recruiting for an executive to fill the role of Director Central Region.

“The formation of this team is a significant milestone in what is a new beginning for two established businesses,” said CEO Andrew Allan. “Now we can leverage our collective strengths to accelerate our success in cloud and IT services.”

Allan oversees more than 700 employees, in offices across Auckland, Wellington, Christchurch and Nelson, in additional to Blenheim, Dunedin, Invercargill and Queenstown.

“The merger was conceived to create a single organisation providing end-to-end IT management and cloud technology services unrivalled in New Zealand,” he said. “Work continues apace as we streamline processes, culture, and customer experience – the results of which will bubble to the surface without too much fanfare.”

Since announcing the merger late February, the company has maintained a head of steam, winning significant transformation project work for New Zealand’s primary workplace health and safety regulator WorkSafe and Children’s charity Barnados, as well was adding muscle in the public cloud arena with new accreditations from Microsoft and Amazon Web Services (AWS).

Allan said the Spark-owned entity had full license to write its own rules for success  but was remodelling aspects of its services portfolio to support Spark Group’s strategy in the cloud.

Jolie Hodson, Customer Director at Spark, said the new CCL was the best form to leverage the company’s investment in the two businesses – a move that effectively created Spark Group’s IT managed services and cloud delivery engine.

“We want to extend our position as arguably the leader of IT management and cloud technology services in the country,” she said at the time of the announcement. “Combining these two businesses delivers the seamless end-to-end services and expertise more clients demand, and ensures we put a panoptic lens to their businesses.”

Intel MDS Vulnerabilities

By | Security News

On 15 May 2019, NZ time, Intel announced a new group of vulnerabilities collectively known as “Microarchitectural Data Sampling”, which are a subset of previously disclosed speculative execution side channel vulnerabilities.

The vulnerabilities have been assigned the following four CVE’s:

•             CVE-2018-12126 – Microarchitectural Store Buffer Data Sampling (CVSSv3 = 6.5)

•             CVE-2018-12130 – Microarchitectural Fill Buffer Data Sampling (CVSSv3 = 6.5)

•             CVE-2018-12127 – Microarchitectural Load Port Data Sampling (CVSSv3 = 6.5)

•             CVE-2019-11091 – Microarchitectural Data Sampling Uncacheable Memory (CVSSv3 = 3.8)

Like the previous Intel chip vulnerabilities, these utilise side channel attacks against speculative performance optimisation techniques to infer data in chip components that are meant to be protected. Attacks against these vulnerabilities could allow attackers to leak private data from internal CPU buffers and Load Ports.

Successful exploitation requires malicious code to be run on a targeted system. Intel is reporting that real-world exploits, outside of controlled conditions is complex, but there are currently demonstration videos and proof of concept code published on the Internet for at least one of the vulnerabilities.

Mitigation will typically involve updates at multiple layers, including microcode, virtualisation and operating system. In some cases, full mitigation may also require additional steps, including disabling Hyper-Threading. Refer to vendor guidance to understand cases where such decisions need to be considered.


CCL Polaris IaaS Platform

CCL is programmatically addressing the identified vulnerabilities at the hardware, hypervisor and management software layers. Clients are responsible for patching non-CCL managed operating systems residing on the platform. Additional information will be provided through our standard change control notifications or directly from your Customer Relationship Manager.

Public Cloud Platforms

All major public cloud providers are indicating that they have taken steps to mitigate the vulnerabilities in their environments:

All major public cloud providers are indicating that they have taken steps to mitigate the vulnerabilities in their environments:

Client Dedicated Virtual Platforms, On-premise Private Cloud and On-premise Infrastructure:

For dedicated virtualisation platforms, patching may be required at the hardware microcode and operating system level in addition to the Hypervisor. Please refer to applicable vendor guidance for detailed mitigation requirements. Links for some major vendors are included below.


CCL recommends that all clients assess their risk and appropriately patch systems. Standard update procedures should be appropriate for most systems. Shared environments that run untrusted code may warrant more urgent, out-of-band update procedures.

Please note that some vendors are indicating system reboots will be required for updates to be applied. Always perform thorough testing to avoid unexpected outages or performance impacts. Vendors have indicated that some performance impact should be expected.

Please contact or 0800 225 737, if you would like more information.


Note – please hover over and validate hyperlinks prior to clicking

NZ Cert Security Warnings

By | Security News

NZ Cert has released two security advisories this week regarding security vulnerabilities that present a high risk to systems connected to the Internet.

  • The first advisory warns of known active attacks against a previously patched SharePoint vulnerability to compromise corporate websites.
  • The second details a newly patched vulnerability in Microsoft Remote Desktop Services on older operating systems (Windows 7/Server 2008 R2 and earlier). It is expected that exploits will be developed and used against this vulnerability in the near future. Microsoft has also released patches for unsupported software, including Windows XP and Server 2003.


CCL recommends that clients remain diligent about implementing and maintaining strong security controls and practices for all public facing systems. This includes ensuring that the entire software stack, from the OS to third party applications, is kept fully patched against known vulnerabilities.

Specifically, we recommend that security patches for the SharePoint and RDS vulnerabilities are tested and implemented as soon as possible, with priority placed on systems connected to the Internet.

If you have any concerns about potential risks to existing systems or would like to discuss ways CCL can help provide visibility to any exposed systems, please reach out to your Customer Relationship Manager or Service Delivery Manager.


CCL-Revera-AWS combo ticks boxes for global fund manager’s new retail offering

By | Case Studies

Nikko Asset Management (AM) banks on local experts to design and manage AWS infrastructure behind new online investment platform GoalsGetter

“Doing things right in the cloud is harder than it looks. We don’t pretend to have the expertise. Using local experts means you get specialist knowledge and expertise to get everything right and stay on top of new AWS functions and services.” – James Rogers, Chief Operating Officer, Nikko Asset Management NZ

Read the full case study here >>

WorkSafe gears up for cloud transformation

By | General News

WorkSafe New Zealand has kicked off a transformation programme to deliver workplace systems from Microsoft Office 365, SharePoint, Azure, and Windows 10, supporting 500-plus staff with a single cloud platform to work and communicate.

WorkSafe, New Zealand’s primary workplace health and safety regulator, is working with CCL-Revera to deliver the project, slated for completion later this year.

WorkSafe’s move to a public cloud platform lays the foundation to deliver against the government’s vision for health and safety at work over the next 10 years.

Mike Foley, chief digital and information officer at WorkSafe, said the transition is consistent with government’s cloud first policy to improve services and deliver substantial cost savings.

“Smart cloud platforms provide the enterprise agility we need to become a world-class regulator,” said Foley. “The less time we spend on administration and bending legacy systems to new forms of work, the more focus we bring to improving health and safety performance.”

VMware’s Workspace One Digital workplace platform will provide secure multi-device access to WorkSafe applications.

Foley said CCL-Revera ticked all the boxes, including migration planning, platform setup, staged transition, user support, and ongoing management.

Andrew Allan, CEO of CCL-Revera, said his company won the competitive tender in a joint bid with Revera late last year. “The tender process confirmed the complementary nature of our businesses and the value clients place on a broad mix of services and capabilities delivered from a single engagement and support engine.”

Announcing the merger last month, Allan said the move was motivated by a market shift that saw more clients seeking out a single supplier to cover all their bases.