FLUENT: Perspectives from Softcat
FLUENT’S MONTHLY ROUND UP OF TECH NEWS, INSIGHTS AND ANNOUNCEMENTS
Each month, Softcat’s OCTO team will be providing its unique perspectives on the news stories from the previous month, affecting private and public sector organisations through the lens of technology. Our aim is to cast a light on some of the biggest news stories in this space, and the small (but still important) stories that may have slipped under your radar.
In this month’s feature looking back at the headlines published in February 2022, we help you get to grips with Gartner's Cloud Shift research, look at the Russian cyber threat, debate the joint responsibility model in cyber insurance and consider whether we could see the legal ‘right to disconnect’ in the UK. Our OCTO contributors are:
DEAN GARDNER Field Chief Technology Officer
ADAM LOUCA Chief Technologist for Security
ADAM HARDING Chief Technologist for Digital Workspace
MORE IT SPENDING SET TO SHIFT TO THE CLOUD
With Dean Gardner, Field Chief Technology Officer
The trusted researchers at Gartner have predicted that by 2025 we can expect over half (51%) of IT spending on application software, infrastructure software, business process services and system infrastructure to shift away from traditional solutions to the public cloud. This is comparable to 41% of spending this year. The category where investment is expected to be highest is within application software (65.9% of spending). Three drivers for this shift have been identified which the pandemic has accelerated:
And just like buses, when you wait for one report, two come at once. The Flexera 2022 State of the Cloud Report also recently landed in our inboxes, reinforcing many of the predictions being made by Gartner about the future of cloud spending. It reveals that organisations expect their cloud spend to further increase by 29% in the next 12 months alone, but importantly, that many also say their public cloud spend is over budget by an average of 13%. So, as cloud costs continue to grow, and the amount of waste remains high, it’s critical organisations get a handle on forecasting and cost optimisation to fully realise the benefits cloud can deliver.
THE RUSSIAN CYBER THREAT AND THE ‘INFORMATION WAR’
With Adam Louca, Chief Technologist – Security
In February, as Russian troops built up on Ukraine’s border, Politico published an article looking at the risk of Russian-backed cyberattacks against NATO countries as part of its offensive against Ukraine and its Western allies. The European authorities warned about possible attacks from “at least five major threat actors attributed to Russia,” including hacking groups best known as Fancy Bear, Cozy Bear, Turla, Sandworm and Berserk Bear. At the time of publication, this seemed like a very plausible threat and one that organisations in the West should take seriously. But as we enter the second month of Russia’s invasion of Ukraine, it’s striking that we haven’t (or are yet to see) what security experts had predicted.
This raises the question, were we over-estimating the threat and Russia doesn’t have the capabilities we thought they had? Or are they directing all their cyber resources towards Ukraine? The Kremlin's army of digital hackers has repeatedly targeted Ukrainian infrastructure since the 2014 conflict over Crimea. Another factor at play could be that Russia doesn’t want to escalate the situation with NATO countries if it doesn’t have to. What’s clear is that there’s a fine balancing act between cyber and military warfare playing out. And it seems that the threat is very much against Russia now from Western-backed ‘hacktivist’ groups, namely Anonymous using DDoS attacks. We’ve already seen Russian websites being taken offline and the hacking of Russian-state media to broadcast unfiltered information about the invasion to influence public opinion. Watch this space.
A JOINT RESPONSIBILITY MODEL FOR CYBER INSURANCE
Gloucester City Council is still feeling the effects of a systems breach in December which affected many of its online services. There has also been speculation more recently that the council wasn’t covered by cybersecurity insurance, as reported by Insurance Business Magazine. But rather than getting into a debate over whether it did or didn’t have insurance, the article does raise an interesting point around the true value of cybersecurity insurance to organisations and why a joint-responsibility model is so important for the system to function well.
As the insurance market matures, providers are getting a better handle on what they’re insuring against. This means policies are getting more advanced – but also more expensive and complicated, with insurers citing a wider range of exemptions where they wouldn’t pay out. Organisations can no longer view having a cyber insurance policy as outsourcing risk. Both parties have a joint responsibility to protect themselves and each other. The more insurers are hit with large claims to deal with incidents, the more expensive policies will become, and more exemptions will be introduced.
Money alone doesn’t make surviving a cyber-attack easier. Just like if your home was destroyed, a pay-out wouldn’t replace your most valuable and treasured items. You could buy similar things, but they wouldn’t feel the same. The same principle applies when making a cyber insurance claim too. So, while financial compensation will help an organisation to rebuild quicker following an attack, operational resilience is just as important. This is especially true for companies whose future depends on the ability to operate and service its customers. After all, a council can’t go out of business.
THE RIGHT TO DISCONNECT – WILL THE UK FOLLOW SUIT?
With Adam Harding, Chief Technologist - Digital Workspace
The Scottish Government recently announced it is considering providing employees with the ‘right to disconnect’- a policy that enables workers the legal right to digitally switch off from their jobs outside of working hours. This has already been introduced in several European countries including Italy, France and most recently, Ireland. In an article published by People Management, it’s debated whether the UK could soon follow suit and implement its own approach to the ‘right to disconnect’ policy. However, this could be a long way off – if it were to happen at all. In the UK, we have very different labour laws to those in continental Europe, where workers have more rights and protections. For that reason, it’s unlikely that a law restricting employers from contacting their employees out of hours, for example, would pass in the UK. Although, some political parties are interested in exploring alternative options such as four-day working weeks so, perhaps a change of government could accelerate some of these discussions about work-life balance. One barrier to change could come from sectors such as finance, legal and professional services, where working hours and expectations don’t follow the regular 9-to-5 pattern. Their influence over the future direction of government policy in this area cannot be underestimated.
I can well imagine leaders would lobby strongly to ensure such strict laws do not come into effect because of the impact they would foresee on their ability to trade and meet customers’ demands. What is far more likely to happen is the next generation of workers either opting out of careers that mean they can’t disconnect or shunning employers who make this a regular practice – creating an unofficial employee-led right to disconnect. And workers are already starting to push back, with more and more email signatures containing a phrase along the lines of “whilst it suits me to email you at this time, I am not expecting a response outside of your own working hours”. Employees are already introducing their own right to disconnect and probably self-policing this. With employees already conscious of their right to disconnect, this could change the specifications of the average jobseeker. When it comes to employers hiring new talent or employees scouting for a new role, review websites like Glassdoor rule right now. If an employer was found to have never allowed their employees to disconnect, this will likely deter future talent from applying. Therefore, if the UK Government doesn’t introduce new policies in this area, the workforce is likely to decide for itself.
In this month’s feature looking at the headlines published in January 2022, we help you make sense of the new UK Government strategy for cybersecurity, discuss what work could be like in the metaverse, get the latest on the office vs hybrid debate and much more.