FLUENT: Perspectives from Softcat
FLUENT’S MONTHLY ROUND UP OF TECH NEWS, INSIGHTS AND ANNOUNCEMENTS
Each month, Softcat’s OCTO team will be providing its unique perspectives on the news stories from the previous month, affecting private and public sector organisations through the lens of technology. Our aim is to cast a light on some of the biggest news stories in this space, and the small (but still important) stories that may have slipped under your radar.
In this month’s feature looking back at the headlines published in March 2022, we look at the challenge of getting a handle on Scope 3 carbon emissions, how misconfiguration has become the leading cause of cloud security incidents and why ‘flexible workers’ are working around their corporate security. Our OCTO contributors are:
ADAM LOUCA Chief Technologist for Security
ADAM HARDING Chief Technologist for Digital Workspace
ANDREW COCHRANE Chief Technologist for Datacentre
CARBON ACCOUNTING – GETTING TO GRIPS WITH SCOPE 3 EMISSIONS
With Adam Harding, Chief Technologist - Digital Workspace
Two major issues of our time are the pandemic and climate change. Both are about societal connection and rely on global co-operation to overcome. The global pursuit of net-zero carbon emissions is a huge undertaking that will only be possible with the help of businesses, as explained by the UK committee on climate change in 2019. But when it comes to becoming more sustainable, how do we measure progress in a standardised way?
Most organisations can use tracking tools to understand the impact of their Scope 1 (produced by company facilities or vehicles) and Scope 2 (purchased energy) emissions. However, according to an article published by Information Week, many lack an understanding of the complex indirect Scope 3 emissions generated by the upstream and downstream activities across their value chain, such as transportation and distribution, or end-of-life treatment of sold products.
This is concerning when we look forward at the deadline given by The International Energy Agency to lower emissions by 45 percent (relative to 2010 levels) by 2030 to be on track to achieve net zero. The commitment to these targets has been written into law by the UK Government, the window for action is finite, and public expectations are currently running way ahead of the action.
If companies and consumers do not voluntarily work towards low-carbon targets, regulation will force the issue. UN-backed Principles for Responsible Investment forecasts abrupt, forceful, and disorderly policy change to be introduced by 2025.
Whether organisations care for the right reasons, soon legislation will force them to do it anyway, yet the challenges are significant, numerous and widespread. And the practical solutions that exist today need to be industrialised and democratised to bring them within touching distance of the masses.
While there have been tools and platforms developed to track emissions using AI and machine learning that measure against goals and targets extending to Scope 3, even the most advanced organisations are still finding their feet.
It is extremely difficult to make well-judged and impactful decisions on long-term carbon reduction when you don't have visibility of your own impact, let alone that of your supply chain. Compounding that issue is the shortage of skill and expertise required to interpret the pockets of information you can gather while carbon accounting, plus the lack of mandate, ability, and responsibility to share that data with other businesses when you have it.
I feel confident that one day sustainability platforms that capture the impact of scopes 1, 2, and 3, will be essential. But technology is developing more quickly than the global legislation required to encourage the adoption of emerging standards, develop frameworks, and create the ecosystems we all need to move as one.
But we've proven how effective and overpowering global co-operation and coordination can be in the face of a crisis and a common cause. So, let's once again set some lofty goals and work it through together until it's done.
MISCONFIGURATION - THE LEADING CAUSE OF CLOUD-SECURITY INCIDENTS
With Adam Louca, Chief Technologist – Security
A global survey of 775 cyber security professionals, covered by Cloud Computing News, has shown organisations are struggling to manage the complexity of securing their cloud infrastructures across multiple cloud platforms, while also suffering a cyber-skills and knowledge shortage. And this comes as no surprise. One of the biggest challenges to cloud adoption is giving employees the freedom to be productive while protecting company data and applying best practice. Trust but verify should be the dominant model in any organisation, creating guard rails to protect against insecure configurations, while allowing users the freedom to move with speed and get the most value out of the cloud.
Security skills gaps aren’t going to close any time soon and are at their widest within the cloud security space. In response, we’re seeing more organisations leaning on specialist partners for the knowledge and tools they need to bridge the skills and resource gap, as well as gaining automatic visibility and greater control over their cloud estates. Cloud security is a new and emerging area for most organisations, and we can expect technology providers to change, consolidate and evolve over the coming few years. So, when choosing a partner, make sure you understand their prominence as a vendor in this market and exactly where you’re putting your money.
USER FRICTION IS CREATING GAPS IN ENTERPRISE SECURITY
In another survey, this time by Cisco and reported in Info Security Magazine, it’s been revealed that one in ten “flexible workers” actively try to bypass their organisation’s security measures.
What’s more, the underlying cause of this behaviour is user friction in existing security measures.
Businesses have been quick to pivot to a new work-from-anywhere reality, accelerated by the COVID-19 pandemic. But while this shift has many benefits for organisations and their employees, it poses security risks from remote users, access from unmanaged workstations, workload and application service accounts.
Tasked with managing on-premises and cloud-based identities across dozens, hundreds or even thousands of user locations in some instances, organisations have had little choice but to build layers of cybersecurity solutions to keep up.
But this approach has left many organisations with security ecosystems that are difficult to manage.
Security must be easy to be effective. When security exceeds usability, you will always get a poor outcome and the consequences can be serious.
Cisco’s study also shows one in five flexible workers use the same password for everything – a poor technology for proving who you are. More organisations need to move past passwords to a more modern framework for accessing platforms seamlessly while improving security.
We also need to accept that the blame cannot be passed to employees who are compromising their organisation’s frustrating security systems. After all, there’s a fundamental limit on workers’ security knowledge, and that’s not what they’re paid to do.
To overcome this issue, organisations must make their everyday working practices secure with limited friction. When you create too much friction, you increase the chances of recklessness which can snowball over time as employees find more workarounds until they leave you with severe vulnerabilities.
In response to these challenges, there’s a growing migration towards smarter zero friction security solutions, allowing enterprises to benefit from a single, easy-to-use software to secure identities on-premises and in the cloud for everyone.
MCKINSEY PREDICTS A FULLY DATA-DRIVEN ENTERPRISE BY 2025
Andrew Cochrane, Chief Technologist for Datacentre
According to a new insights report by McKinsey & Company, by 2025 nearly all employees will naturally and regularly leverage data to support their work.
Whether data it will be as pervasive in nearly every aspect of work by 2025, I believe is still a tall order. Being data-driven aligns well to retail and manufacturing, for example, but there are still many functions within an enterprise that will take longer than ~3 years to transform.
One of the largest challenges is adjusting people’s behaviour and ways of working - this will take time and be fraught with setbacks and failed projects along the way.
But by starting to align to the seven characteristics McKinsey illustrates, organisations will begin to move the needle and see even more of the enterprise become fully data driven. I won’t go into detail about each of the seven, but here are the most noteworthy pulled out:
- “Data Embedded in every decision, interaction, and process” is by far the biggest criteria to success of a truly data-driven enterprise, focusing on the people and process being used in the business. At a micro level, each role can be made more efficient and data-enriched and align with the wider macro strategy of the enterprise.
- The “Data operating model treats data like a product” where owners, teams, outcomes, and data sources are attributed before investing too much resource - whether that be time, people or money. This enables a very clear understanding of what is being achieved in an agile manner and enables products to be closed if they are not meeting their brief. This helps to avoid the large-scale projects of building a platform without the people, data or use cases for the technology. I certainly expect this approach to data to become the de-facto standard in the coming years.
- “The Chief Data Officer’s role is expanded to generate value” – and will become more important, not only in setting the data strategy but also working with the wider business on the value and risk this data holds. There are already signs of this - CDO’s moving into CIDO roles as they understand the risk element to the data being held and generated. Other CDO’s are moving into e-commerce, digital and CEO roles, this is when they can use their Data ecosystem to inform the decisions them, their teams and organisations make to advance in the marketplace. This trend will continue as we see newer CDO roles opening, having CDO’s moving into their 2nd, 3rd, 4th, and 5th positions, as well as using this as a platform to move into other leadership positions.