55 minute read
UPGRADING LANS THE SMART WAY
UPGRADING LANS THE SMART WAY
ARAFAT YOUSEF, MANAGING DIRECTOR – MIDDLE EAST & AFRICA, NEXANS DATA NETWORK SOLUTIONS, ON HOW TO ENSURE YOUR LAN IS FUTURE READY WHILE RETAINING FLEXIBILITY
Advertisement
Previously separate systems and platforms are increasingly converging, and at the same time bandwidth requirements are growing fast, driven by cloud applications, IoT, Wi-Fi 6 and more. This calls for future-ready LANs, capable of supporting several generations of technology. However, upgrading a
LAN can be challenging for a variety of reasons. The network impacts a wide range of users and the overall company
IT infrastructure, while supporting many different functions - from VOIP and Cloud applications to wireless access and security. Scope for downtime is limited.
What do you need to bear in mind when (re-) designing or expanding an enterprise or facility network? How might FTTO help solve some of the issues?
Providing power, bandwidth and flexibility while, reducing cost
There are several technology-related challenges to take into account, related to fast-growing bandwidth required for new applications, powering large numbers of distributed devices, and network flexibility, largely driven by convergence of previously disparate systems. Furthermore, upgrading office IT infrastructure also brings quite a few physical and logistical challenges - architectural limitations, for example in listed buildings, or the changing functions of departments or entire buildings.
As WiFi6 makes more advanced applications possible, the LAN needs to provide ubiquitous capacity, with plenty of bandwidth reserves, to the Wireless Access Point. After all, as more devices share wireless bandwidth it becomes increasingly diluted, possibly even to the point of becoming unusable. With the fast increase of connected LED lighting, sensor technology, and IP-equipped devices, Power over Ethernet is becoming a necessity. Providing current over Ethernet cabling allows devices to be installed and moved around without having to worry whether there’s an electrical outlet close by. Power delivered through new generations of PoE is more than six times the level of the initial PoE standard. Without the right cable design, this may significantly increase heat buildup inside cable bundles. Often, a building will impose limitations to where cable can run. Older buildings may have protected status, and often spaces are simply too confined, or have cramped conduits and cable racks twisting at sharp angles. With fibre cables, the required bending can present significant problems.
As the functions of spaces in a building change over the years, it is vital that extensive rebuilding isn’t required each time, and data transmission and power capacity can simply be re-routed. The number of people in a building may increase or decrease and new applications may be introduced over time. From a technical perspective, that means you’ll need to ensure you can deliver enough bandwidth for even the most demanding requirements, as well as a growing number of mobile devices. Labour costs can also add up, especially when cabling has to be spliced on site, additional power outlets need to be introduced, or technical rooms have to be created.
Consider Fibre To The Office
A Fibre To The Office (FTTO) solution can help with the challenges described, avoiding the need to provide power outlets for individual devices, while ensuring vast bandwidth reserves as well as flexibility and providing the ability to scale up easily and cost-effectively. Fibre is laid up from the central switch to a connection point in the office or workplace. Here, a dedicated Ethernet switch ensures intelligent media conversion from copper to fibre. Gigabit speeds can be realised while at the same time PoE is supported. Copper cables supporting PoE over standard RJ45 interfaces allow a single network cable to be used to provide data connection as well as electric power. Whenever building layout changes, devices can simply be re-patched or added. They are immediately powered up and connected to the network.
No floor distributor is required, which saves a considerable amount of space per floor. Thick cable bundles are avoided, thanks to the use of pre-terminated fibre, optimised for fast and easy installation. Heat buildup and flammability are also avoided in this way, as well as by smart cable design.
Of course, as networks increase in size, or configurations change, keeping track of network configuration becomes increasingly difficult and every new connection is a potential point of failure. Cost and time investments are also reduced by automated monitoring, control and asset management and high bandwidth reserves and redundancy. Total Cost of Ownership can be optimised, while growth and energy consumption are balanced.
There’s no one-size-fits all solution, as the challenges and potential benefits in each location are different, but our experts are always happy to discuss your specific situation and any requirements you may have!
A NEW THINKING
LENOVO HAS RECENTLY UNVEILED A NEW STUDY, WHICH FOUND THAT ORGANISATIONS ARE PLACING BUSINESS AND SHAREHOLDER GOALS ABOVE EMPLOYEE NEEDS WHEN ADOPTING NEW TECHNOLOGIES. THE RESEARCH, CONDUCTED AMONG 1,000 IT MANAGERS ACROSS EMEA, FOUND THAT JUST 6% OF IT MANAGERS CONSIDER USERS AS THEIR TOP PRIORITY WHEN MAKING TECHNOLOGY INVESTMENTS. THIS APPROACH TO IT ADOPTION IS ULTIMATELY LEADING TO PRODUCTIVITY BEING STIFLED.
When businesses implement new technologies without considering the human impact, many employees become overwhelmed due to the complexity and pace of change, with 47% of IT managers reporting that users struggle to embrace new software. With all industries having to adapt to the ‘next normal’ and take stock of their responsibility – to employees, to the environment and to the wider world – Lenovo encourages businesses to place the needs of their people at the heart of IT decisions.
Dr Chris Cooper – General Manager Middle East and Africa at
Lenovo Data Centre Group, talks about why businesses should consider the human impact when implementing new technologies
Why do CIOs and their leadership teams need more than just a passing understanding of human-centric approach to tech implementations?
The cost of businesses not thinking human is that technology that should be empowering, is instead inhibiting progress. This often results in many employees being overwhelmed by the volume, pace of change and complexity of new technologies, stifling productivity both of employees, and the tech itself. The potential of emerging technologies such as AI, IoT and Blockchain is huge, promising greater innovation and improved productivity. But without considering how their adoption impacts employees, this potential will remain unfulfilled. It is not just CIO’s who need to start thinking human. The whole IT industry has a part to play in helping technology reach its true potential through improved interoperability, greater use
of standards, and more user analysis and automation, so that the balance we see today between both inhibitive and enabling technology, swings towards more human-centric technology in the future.
How can you use tech for employeecentric strategy?
By first asking the right people the right questions, before adopting new technologies. Rather than “how much does this cost?”, the focus should be on “does this tech have the right features, functions and benefits for the user?”
But it is also about ensuring that the training, supply chain, change and communication management, leadership KPIs, organisational strategy and policy, and the post analysis of a technology rollout are all aligned with a people-first ethos. It is not just about how easy it is to use, but whether it will solve challenges, rather than create them, and can be universally adopted in an intuitive and inclusive way for both employees and customers.
Which new technologies will drive up the value of employee technologies like digital workspaces?
It is important to recognise that the digital workplace/space is a constant, continuing effort, rather than a final state. Many of today’s tech, will help
to shape virtual work including edge, AI, IoT etc. because each has its own benefit and value. The key, however, will be the interconnectedness of all these technologies. That is why Lenovo’s mission is to be a leader and enabler of intelligent transformation in order to deliver this type of ‘Smarter Technology For All.
In your opinion, which technologies will shape the new normal?
Those that are ‘Smarter’. This means that they are always connected, seamless, agile, flexible, easy to collaborate, adaptive to your needs, reliable and with quality performance and with enhanced security and privacy.
Are you seeing any change in the CIO priorities now?
The pressures on every C-level Execs in all industries is changing – it’s one of enhanced flexibility and the ability to respond in ways that they possibly never considered before. This means they are being forced to look at new ways of accomplishing their goals and adapting to change. Digital Transformation investments have become key initiatives in this journey of adaption. The need to have more flexible ways of managing the needs of infrastructures and applications has driven in increase in the reliance on Cloud offerings and proven a healthy opportunity for the hyperscalers already invested in the countries. Increasingly more focus is now placed on the promise of Edge and IoT offerings as the markets recognise the shift in data generation and processing outside the traditional datacentres. The vast growth in newly connected devices is having a major play here.
WHY COMPLEXITY IS THE WORST ENEMY OF CYBERSECURITY
MULTI-VENDOR SECURITY ENVIRONMENTS AND AN UNMANAGEABLE NUMBER OF SECURITY ALERTS ARE CAUSING CYBERSECURITY FATIGUE IN IT SECURITY SPECIALISTS, AND HARMING ORGANIZATION’S ABILITY TO PROTECT THEMSELVES, WRITES FADY YOUNES, CYBERSECURITY DIRECTOR, MIDDLE EAST & AFRICA, CISCO
Keeping up with cybersecurity is one of the biggest challenges facing CIOs today. Managing cybersecurity, and your organisation is safe from the latest threats requires investment in skilled resources and time.
Managing cybersecurity is made more difficult by the need to support a complex environment of multiple security products from multiple vendors. Today’s businesses need to protect many different aspects of their operations, and getting the best protection for each can require deploying best-of-breed solutions from different vendors. Typically, businesses have addressed new threats by adding another solution to their network, whether that solution can integrate with the existing IT environment or not. Managing multiple security solutions, with multiple sets of alerts, and ensuring there are no gaps in coverage, is a major challenge for CISOs.
In Cisco’s sixth annual CISO Benchmark Report, released in February this year, most organisations reported that they found managing a multi-vendor environment to be challenging, with 28% saying it was “very challenging”. Just 17% of respondents said it is easy to manage a multi-vendor environment down from 26% in 2017.
The report found that while the majority of organisations (86%) are using between 1 and 20 different security technologies, 13% said they are using over 20, and 4% of companies report using a staggering 50 or more different security solutions.
Managing so many different vendors is not just a burden on time and resources for the IT department, but can also become a factor in reducing the effectiveness of cybersecurity protection as well. Dealing with integration issues and a high volume of security alerts can distract security engineers from tackling other challenges they face, such as public cloud issues, mobile device management and dealing with patching and update cycles in a timely fashion.
Failure to integrate multiple security solutions can also leave gaps in coverage, or create a situation where the IT team doesn’t properly understand what protection a particular solution is providing or how it works, impacting visibility and awareness into the true security state of the network.
An overly-complex IT environment has also been identified as a factor in ‘cybersecurity fatigue’. Forty-two percent of respondents to the CISO Benchmark report said they are suffering from cybersecurity fatigue, defined as virtually giving up on proactively defending against malicious actor. Ninety-six percent of those who reported suffering cybersecurity fatigue cited managing a multi-vendor environment as being a cause of their burnout.
It is easy to see how complex environments can easily overwhelm the IT team. From 2017 to 2020, the percentage of respondents reporting that they receive over 100,000 security alerts per day rose from 11% to 17%. Only around one-third (36%) say they get less than 5,000 alerts per day. High volume of alerts is clearly a factor in cybersecurity fatigue, with 93% of sufferers saying they get over 5,000 alerts per day.
Addressing these overly-complex security environments is essential for
IT departments that want to take back control of their security environments. One of the key trends highlighted by the CISO benchmark is vendor consolidation – since 2017, the number of CISOs saying they are using 20 or less vendors has increased by 7%, and there has been a 6% decrease in those saying they use 21-50 solutions. Reducing the number of vendors can bring clarity to the security environment and help ease the burden on the IT team.
Another strategy for gaining more control over your security landscape is automation. CISOs are looking to automate security processes such as asset discovery, vulnerability remediation, detecting anomalous activity, and especially managing the volume of alerts and updates. Human intervention is still required to set up and monitor automated processes, but it clearly offers a solution – 77% of respondents to our CISO Benchmark study said that they are planning to increase automation to simplify and speed up response times in their security ecosystems.
To really manage the complexity of IT environments with multiple vendors, CISOs are looking for solutions that can integrate, automate and consolidate their entire estate into one manageable whole. Cisco’s SecureX platform is one such solution, an open, scalable, cloudbased platform, that integrates security solutions from multiple vendors, and enables organisations to add in best-inclass functionalities direct from Cisco to meet new threats and requirements.
A single platform with integrated threat and security management gives the security team full visibility into their IT environment across network, endpoint, cloud and applications, and allows them to work smarter by automating and prioritising security alerts, to reduce the impact of cyber fatigue.
By integrating all of its security solutions under one platform, including solutions from multiple vendors, a business can preserve IT investment, at the same time as gaining a better understanding of any duplication or unused capabilities, allowing them to eliminate redundancies and optimise usage of existing solutions and further streamline the environment.
Security challenges are not going to get any less complex, but with the right strategic approach, security environments do not have to become more complex. Removing the burden of complicated multi-vendor security environments can reduce cyber fatigue, and give the CISO the time to work smarter, streamline defense and focus on prevention as well as detection and remediation.
GETTING SMART ABOUT DATA
WHAT IS DRIVING THE USE OF DATA SCIENCE IN BUSINESS, AND WHY IT MATTERS.
Data science is rapidly becoming one of the hottest fields in IT today. Using data – both structured and unstructured – to make decisions and improve business outcomes makes data science a compelling value proposition for IT decisionmakers. The data science platform market is expected to grow to $140.9 billion by 2024. IDC predicts the global revenues for Big Data and business analytics solutions – just one share of the larger data science and analytics market – will reach 274.3 billion in 2022.
Organisations, regardless of size, can reap rich dividends from wellmanaged data science initiatives.
Data science business value has been proven across industries and lines of business in terms of boosting revenue, reducing operational inefficiencies, and minimising organisations’ risk exposure.
Data science has demonstrated quick return on investments in areas such as customer experience, risk and compliance, and operational efficiency, says Tamer Elsawy,
Director, IBM Cloud & Cognitive
Software. “Data science can help sales and marketing teams to optimise their interactions with customers by offering an omnichannel and more personalised experience at every customer lifecycle. This can help the business to acquire more customers, maximise revenue from existing customers through up/cross-selling
and to maximise customer lifetime by predicting churn and proposing optimal retention strategies. The business benefits include maximising campaign response rates and increase the share of wallet,” he says.
Data science can also help reduce organisation exposure to different types of risk, including operational, financial, strategic and compliance risk. Industries such as financial services have been addressing this typically using rule-based systems, according to Elsawy.
Dr Abrar Ulla, Director of Postgraduate Studies, School of Mathematical and Computer Sciences, Heriot-Watt University Dubai, can see why data science would continue to be a top investment priority in the coming years. “Data has become fuel for businesses. Companies require data to function, grow and improve their businesses. With the emergence of new technologies, there has been continuous growth in data creation relating to different business activities and interactions. This led to the emergence of new concepts, including Big Data, data analytics and data visualisation. Businesses are focused on optimising data science for competitive advantage. Data helps you better understand your business and customers to optimise the business process and profitability. It leads to informed and data-driven decision making to improve business function,” he says.
Ramprakash Ramamoorthy, Product Manager, ManageEngine Labs, points out business models are built around data in the consumer world, and
Dr Abrar Ulla
now the enterprise world is catching up to build revenue models around data. “There has been a strong push for digitisation over the last decade, and enterprises have been collecting essential data. It’s natural that they would want to use the collected data to their competitive advantage, and that is why there’s so much buzz around data science.”
Difference between data science and analytics
Though used interchangeably very often, data science and data analytics are unique fields.
“While there is some overlap between data science and data analytics, they fundamentally address two different problems. Data science looks at a problem space and identifies the questions that need to be asked; this may be done using many sources of data and techniques, which may include data analytics. Having identified the question, data analytics focuses on providing the answer using the statistical analysis of data sets. As such, despite their similarities, the two disciplines are fundamentally very different but with a common dependency on vast amounts of data,” says Patrick Smith, EMEA Field CTO at Pure Storage.
Elsawy further demystifies the difference between the two disciplines: “On the one hand, data analytics help business analyst to
Ramprakash Ramamoorthy
answer questions on what happened in the past and why it happened. It’s commonly known as descriptive and diagnostic analytics. The techniques include reporting, dashboarding, business intelligence tools and OLAP analysis.
“On the other hand, data science helps business users to answer questions on what will happen in the future and what we should do about it. We’re talking here about predictive and prescriptive analytics.”
Like any other field in IT, there are some common mistakes to avoid in data science operations. Along with the quality and volume, you have to make sure that you are collecting the right data. The common expression of garbage in, garbage out in computer science applies to data science as well.
Ramamoorthy from ManageEngine says a lot of times, the data you used to train your algorithm can be inherently biased and can potentially be very selective on gender, race, religion, and more. It is important for your data scientist to debias your data by removing inappropriate markers that can bias the outcome, such as a loan eligibility detection algorithm that rejects a loan application due to an insignificant factor while other important markers, based on bank’s policy guidelines, are good, he says.
Ulla from Heriot-Watt says data privacy has been an ongoing issue
Patrick Smith
with many applications, including data science. It is important to understand and comply with data privacy requirements. Compromise of data privacy could lead to penalties and sometimes closure of business.
He warns against picking the wrong tools to visualise. “Many data science experts focus on learning the technical aspects of the analysis, instead of using different visualisation techniques which can help them derive the key insights quicker.”
The other common mistake is that organisations tend to underestimate the challenges related to data governance, according to Elsawy from IBM. “As a matter of fact, there’s no AI without IA (Information Architecture). In order to rely on the data science outputs, businesses need to understand their data and to trust their data. A critical phase in every data science project is data assessment and data quality scoring to identify problems such as missing values, inconsistencies, duplications, noisy data, etc. and have the right tools to resolve and curate these data issues. This phase typically constitutes 80% of a data science project time; however, having the right platform for data governance, data cleansing, data refinery, etc. is seen as a wise investment helping to reduce significantly this time and gain productivity and model quality,” he sums up.
CULTIVATING SECURITY CULTURE
ESTEBAN HERNANDEZ, SPECIALIST SOLUTIONS ARCHITECT, SECURITY, AMAZON WEB SERVICES (AWS), ON HOW TO BUILD A RESILIENT CULTURE OF SECURITY.
Security has evolved from the sole responsibility of one team to that of the entire organisation. It must become a part of an organisation’s culture with every employee embracing security and using it as a positive framework for behaviour, building technology, and decisionmaking. After all, an optimistic, proactive, approach is vital to build an organisation where security enables the whole business to move faster and stay safe.
Creating a culture of security is the future, but what does it look like in practice and how can organisations ensure they are following effective guiding principles to keep them on track? What can you do today to promote a positive security culture?
What does a culture of security look like?
A positive security culture is one where the security team works collaboratively with the rest of the business. If we assume that people want to do the right thing then we should make the secure option the easiest option. This goes beyond looking at the technology, to looking
at the people who use it, and the organisation’s culture. Traditionally organisations treated security as a gate to pass or something that was bolted on at the end of a project. It was the responsibility of people with security in their job title. By contrast, successful businesses think of security and resilience positively, as fundamental to a company’s culture, and as a concern for all enterprise executives, managers, and employees. This approach ensures security is central to all daily business processes, increasing resilience and improving the organisation’s ability to respond if there is an issue.
Guiding principles
To create a culture of security, businesses must follow ten key principles, five of which we will outline in this blog:
1Education: This means keeping your workforce skilled up on the available technology, seeking advice from security specialists, and working to understand security policies and rules. Doing so maximizes every employees’ ability to be the first line of defence in their company’s security programme, cutting down the chance of simple errors that could result in a security issue. It also includes setting the expectations for the whole business, be it security configuration that should be implemented by application developers or the patching responsibilities of product owners.
2Hygiene: good security hygiene is vital to preventing basic mistakes turning into security threats. As such, employees must understand the dangers of poor security practices, such as sharing user accounts and passwords. Meanwhile, businesses need to ensure the access systems they have in place facilitate secure practices. For instance, AWS services offer temporary credentials that can last minutes or hours, after which they will no longer allow system access. This tightens control over service access, reducing the likelihood of unintended access to business data.
3Learning from issues in a no-blame way: there will always be issues with humans and the software they build. The important thing to do is learn from the issues and take action. Creating a culture where root cause analysis is done objectively and without blame helps create the ability for an organisation to learn. Don’t ask whether the person made a mistake, but instead ask what could be done to ensure that the right choice is made next time. You also want to have a culture where people are comfortable raising security issues because they know they will be supported by the security team.
4Meet your people where they are: working with your developers will help you understand the processes they go through to build and release software. This will help security to understand where they can enable developers to make good security choices, or inherit capability so they can focus on business logic. For example integrating your cloud platform with your corporate identity provider
and making sure that developers can create permissions within understood guardrails helps remove security as a gate. Providing automated checks that run in pipelines can give early feedback to developers to help them build to the desired security posture.
5Metrics and monitoring: being able to measure your security posture and give people access to data is good way of communicating and understanding where the high performing parts of your organisation are. If you can identify teams doing well or building innovative solutions you can expand their use across the business. Telling people what they are being measured against and giving them tracking tools promotes a culture of ownership which reinforces the positive security approach.
A culture of security will significantly improve an organisation’s’ security posture by becoming the framework through which all employees behave, build technology, and make decisions. However, for it to be a success, companies need to take a structured approach to introducing the framework. A culture of security is based on education, hygiene, threat modelling, and all employees working together as a unified team. Do this and your organisation will improve its security posture, set you above the competition, and keep your data safe. Look out for more tips on building a culture of security to come.
THE EVOLVING ROLE OF THE CIO IN 2020 SAAD CHAUDHRY, EXECUTIVE PARTNER, GARTNER, AND MANDIP DULAY, FOUNDER OF THE COO NETWORK, SHARE INSIGHTS ON THE EVOLUTION OF THE CIO AND HOW THE NOTION OF BUSINESS AS USUAL IN IT OPERATIONS IS A THING OF THE PAST
The boardroom composition will continue to shift in order to embrace the emerging business trends, with Chief Technology and Innovation Officers (CTO) taking the lead on driving digital-enabled growth, whilst considering other agile elements which increase organisational revenue. Such roles were previously under the remit of the COO; and will now drive additional challenge for the COO to continue remaining the second-in-command.
That said, the role of the CIO is also challenged. Your CIO is dead. The transactional CIO, whom you once knew, is a thing of the past and COVID-19 fired the last shot. Transactional CIOs were forged when all that was required of them was to oversee system implementations and upgrades. Today matters are different. More and more CEO’s want to focus on digitally fueled growth and revenues, versus expanding their physical corporate structures, and this changes the game for CIOs and COOs alike.
According to a recent survey conducted by Gartner, 67% of executive board level respondents consider digital disruption to be among their top business priorities. However, it’s not just the leadership expectations that are growing; the tech that CIOs were used to dealing with has changed as well. Technologies such as blockchain,
IoT, AI, advanced analytics, edge computing, immersive experiences, autonomous services, digital twinning, have taken center stage. Where we were once gradually seeing a drive towards digital transformation from a business perspective, now, in the time of the Pandemic, it has become a necessity.
Before the Pandemic, we had been noticing both the COOs and the CIOs evolving towards their digital futures on two separate paths. The typical “Business Service Provider” COO was evolving towards a “Productiser” COO of the future, while the transactional “Systems Provider” CIO of the past was moving towards a “Moderniser” CIO of the future. This metamorphosis, however, was interrupted by the Pandemic. The Pandemic forced both the CIO and COO roles to ramp up their digital evolution, converging their focuses rapidly on using technology for business and revenue growth. And so the new digital leader does not only need to have a solid grasp of the tech landscape, but also the business operations.
So, how do you get here? How does an organisation begin thinking about leadership talent for this brave new world? Well, an organisation’s approach or profile for digital leadership talent depends on two key influencing factors:
Factor 1: Understanding the degree to which technology investments and products are tying directly into your business growth and revenue.
When criticality of Information & Technology to your business model is low, I&T acts as an enabler to the business capabilities being delivered by the enterprise. Therefore, Investment in emerging technologies ends up being low. In such a case, I&T is not a core part of the way the company operates or derives revenue, nor is it embedded in its products or services. It is, however, core to delivering efficiency.
On the other hand, when the pervasiveness of I&T within the business model is high, it is embedded in the customer experience, products and services, and is used for enterprise operations. In this case, I&T is central to revenue generation for the enterprise, its industry, and the ecosystem. Businesses on this end of the spectrum tend to invest significantly more in emerging technologies.
Factor 2: The approach to talent (future leaders) at the organisation in general.
“Talent Approach” is the way an organisation seeks to hire and grow their leaders. On one end of the spectrum is the traditional approach; where a company seeks to hire employees early in their career and grow and develop them internally to meet the ongoing needs of the business as it changes. A “cradle to grave” hiring approach including the use of high potential candidate lists and clear promotion paths, among others. In this case, I&T leadership is often contained within the IT department which reports into the CIO or head of IT. Enterprises commonly upskill and train workers to address talent gaps, using university partnerships and source locally to fill positions.
On the other end of the spectrum, the nontraditional approach is when a company uses a broad range of technologies and approaches to acquire, augment or replace human talent. For example, taking advantage of the “gig economy” or replacing workforce with robotics or artificial intelligence to deliver repeatable business capabilities. This approach is often coupled with a leadership team that has technology embedded in the DNA of all executives, and a CIO deeply involved in corporate strategy, often reporting directly to the CEO.
By understanding these two factors and their scales, you can map out the profile that your organisation would have, in terms of their digital leadership over the course of the next several years.
Lastly, while we have plenty of research and data to understand where the path leads, there is an important element to consider for the future digital leader: their leadership personality. Here, the COOs have a leg-up, for they have been sharpening their corporate and political skill sets over the ages, while the
CIOs have just recently begun to think of themselves as true corporate executives. The skill sets in this arena involve the ability to balance the use of power, manipulation, and conflict.
There is certainly an opportunity for both the CIOs and COOs to evolve to be the digital leaders their organisations will need. And both these roles have strengths and weaknesses attached to them historically, based on their past cycles of evolution, that they can draw on. That being said, the metamorphosis will now accelerate, due to the pandemic-induced haste, and the executives that emerge as the future digital leaders will undoubtedly be those that are able to strike a balance across the board in all the aforementioned factors.
THE macOS SECURITY GUIDE KARL LANKFORD, DIRECTOR – SOLUTIONS ENGINEERING, BEYONDTRUST, ON THE BEST PRACTICES FOR SECURING MACOS IN THE ENTERPRISE
Right from its inception in 1974 in Ajman, UAE, Speed House Group has been serving the construction industry across the Middle East and North Africa. The company provides turnkey solutions and services in civil, infrastructure and contracting, modular buildings, container conversion, interior fit-outs and furniture, kitchen and bathroom pods, GRP/GRC, and lubricant trading. Commencing with just 50 employees, the company has grown its workforce to over 1200 today and boasts more than 500 customers across five continents distributed over 27 countries.
Mac endpoints are no longer ‘niche’ in the enterprise. The likelihood of receiving a silver, unibody laptop on your first day at work is higher today than ever before. In fact, a recently published Parallels survey reported that 55.7% of small to medium-sized enterprises (SMEs) now use or permit the use of Macs. Consequently, the attention of IT organisations, long enjoyed by Windows, is now being cast towards macOS.
macOS Security Becomes a Priority
The increased enterprise deployment of macOS is being equally enjoyed by malware authors and threat actors looking to exploit Mac security oversights across the enterprise. While organizations tend to invest ample human and financial resources in securing their Wintel environments, this same diligence is often not applied equally across macOS environments. Often, large security gaps are inadvertently created in the interest of
deploying Mac devices quickly, especially to VIP users who may overrule concerns regarding security. The uptick in macOS security-related tools, features, and high-profile macOS endpoint security incidents over the last few years has reflected this.
Apple has continued to focus more on security. This is evidenced by their development or enhancement of native OS tools, such as System Integrity Protection (SIP), Gatekeeper, read-only system volumes, and their effort to kick developers out of the kernel (the “Endpoint Security System Extension”) in recent years. Many macOS sysadmins are painfully aware of security and privacy changes made in Catalina. Apple’s macOS Catalina enforced granular permission sets on third-party software for things like file system access, screen sharing, etc., which often require administrative privileges to approve.
Challenges and Shortfalls of macOS Privilege Management
One of the most basic security tenets now being applied is in the approach businesses must take to macOS privileged access management. While there are architecture-specific nuances to any attack chain, the basics remain the same. Unless an attacker can exploit a privilege escalation vulnerability, malware looks to gain persistence. This ideally accomplished through access to a privileged user or a vulnerability in a privileged application plugin or framework.
Ultimately, the same attack surface born by uncontrolled privileged access
in the Windows space applies to macOS. The importance of managing privileged access on a macOS device is also gaining parity with that of Windows devices in compliance frameworks. To address the wave of macOS devices entering the enterprise, many organisations have built adhoc privileged access “solutions”. However, these in-house solutions are almost never architected to the robustness needed for the macOS privileged security problem. macOS populations are no longer isolated islands within any given organisation. Today, Mac endpoints require the same level of security scrutiny as Windows endpoints. In many cases, macOS devices are just as interconnected to internal resources, infrastructure, and cloudbased resources as their Windows counterparts. Thus, Mac endpoints demand enterprise-class protection.
Today, few organisations are addressing these security problems with comprehensive, defense-in-depth strategies that include privileged account management in any meaningful way. On the other hand, risky security practices that invite malware infections, hacker assaults, and insider threats proliferate. Here’s a short list of prevalent macOS security malpractices: • Creating a single admin password across all devices (risky, but surprisingly common) • Allowing users to request ‘temporary’ administrator rights • Tools such as MakeMeAnAdmin can be made available for users to selfservice their own privilege elevation, potentially for hours or days at a time.
The Service Desk may or may not be involved; in many cases users are able to access these tools themselves! • Giving users access to a secondary privileged account, or elevating their primary identity to an administrator
As we strive to implement scalable solutions to these macOS privileged access challenges, it’s critical to evaluate any potential solution with the following criteria: Supports true least privilege for all user types, including highly technical users and even remote users User-friendly and frictionless to the workflow to ensure adoption is high Easy for the Service Desk to manage, and does not introduce the same burden it is meant to alleviate Out-of-the-box functionality with minimal ongoing management means even ultra-lean macOS IT teams can deploy it rapidly Provides detailed audit records and reporting, and can zero in on the who, what, when, and where of sessions
Holistically Addressing Privileged Access Security for macOS Environments
Many of the challenges faced by homegrown privilege management solutions are that they require users to be on an internal network to support exceptions. Enterprise-class privileged access management (PAM) solutions give users the flexibility to request one-off access from the service desk, even while disconnected from the internal network, or be granted auto-approved, but audited, access to better support technical or executive-type users and their needs.
Organisations that want to effectively tackle their macOS privileged access problems should look to implement the following: 1. A comprehensive password management solution that randomizes
‘break-glass’ administrator passwords 2.An endpoint-based solution that allows for granular access to macOS privileges from the safety of a standard user account.
Secure credential management of privileged accounts is crucial to minimizing your endpoint attack surface and providing a ‘backup’ admin account in case all else fails. However, endpoint privilege management (EPM) is what empowers your users to perform approved, privileged tasks without requiring administrator rights in the first place. Each of these solutions are also components of the industry-leading privileged access management platforms.
For developers, the PAM tool must be comprehensive enough to accommodate their complex software needs, while minimising any resource utilisation that would degrade performance. This includes granular control and auditing of sudo commands, Homebrew usage, installation and uninstallation of software, privileged functions within compilers such as Xcode, and the myriad of other privileged functions that exist within macOS. Ideally, an effective endpoint privilege management solution should minimize the need for an actual administrator account to ever exist.
Most importantly, these solutions should empower your macOS IT staff to support rapid, successful deployments using out-of-the-box configurations. A sysadmin has more than enough on their plate. They do not want to dedicate their days managing a single solution; these tools must start simple and stay simple.
Mac endpoint privileged access risks will continue to endure as hard problems to solve for any organization given the limited native tools provided by their chosen operating system. This is compounded by the common misconception that native tool sets provide adequate privileged access controls. Products running on macOS are no different. However, through thoughtful planning and the investment in enterprise-class Privileged Access Management solutions early in the adoption of a macOS environment, drastically mitigating the risk of privileged access and meeting an expanding list of compliance requirements is well within reach.
My strong recommendation is to address privileged access security concerns early, as some users may be resistant to any change, no matter how slight. Do this right to get ahead of the curve—not just in terms of risk reduction, but in achieving compliance, in keeping your users happy and productive, in reducing costs associated with servicing macOS devices, and in making sure that macOS in the enterprise has a sustainable future.
7 STEPS TO REALISING THE VALUE OF MODERN APPS AN APPLICATION’S TIME TO VALUE IS IMMEASURABLE UNTIL IT’S IN THE HANDS OF THE USER, SAYS HASSAN HAMADE, LEAD SOLUTION ARCHITECT, EMEA SDDC ARCHITECTURE, VMWARE
Massive disruption might have upended life as we know it, but some things remain constant. The business defines objectives and strategy, and IT delivers this, ultimately creating the applications and services and experiences customers demand and employees need.
Being able to modernise applications means being able to deliver them at speed, with reliability and security, whether they’re cloud native or updated legacy, whether they’re in the data center or in a multi cloud environment.
Businesses understand that without these services, meeting customer needs is going to be a struggle – a new
VMware survey has found that 80% of
EMEA application developers and tech leaders believe that, without successfully modernising applications, organisations will not be able to deliver a best-in-class customer experience.
In fact, not only do modernised applications support companies to deliver better results, but those enterprises that are high performing are more likely to be the ones developing and delivering new applications and services into the hands of users, at speed. The study reported that two thirds (66%) of new applications make it through to production in highperforming companies, compared to 41% within underperforming organisations, while 70% of application efforts make it to production in the planned timeframe in high-performing organisations, compared with just 41% in underperforming.
But being able to support and modernise legacy apps while adopting new cloud native application practices has forced IT to rethink how it delivers them all, and does so securely, in a multi-cloud world. To accelerate the pace of innovation, IT departments need to simplify operations and management.
Where do they even start? The beginning point is always about what you need the application to deliver to the business, but that leads to more questions, all of which must be answered in order for IT to know where and how to ‘run all the things’ and the businesses to realise the value of modern applications.
1What are the priorities and focus of the digital business?
In the analogue era, IT used to talk about the business as the internal customer. But that was a misnomer. Customers have choice, they can move to other providers if they’re not happy with the service. Businesses didn’t have that flexibility; they were stuck with what IT gave them – hostages almost, rather than willing customers.
Then technology went mainstream, and business units realised that they had as much access to the latest tech as IT, and sometimes more. So, if IT didn’t deliver, a head of department could go find the resources they needed elsewhere, with all the risks that entails.
Now IT has to serve the business like a real customer – understanding their needs, their challenges and their objectives, and demonstrating how IT can support those ambitions. It’s a two-way conversation, whereby business units and infrastructure teams speak a common language and help each other to understand what they’re both trying to achieve.
2What applications need to run?
Leading on from that understanding is being clear on what applications are needed, and how that’s going to be supported. It’s a conversation for business units and, indeed, any relevant individual within the organisation – and the resulting decision needs to as much a commercial one as it is technical.
Once that is established, IT teams need to be clear on how they’re going to deliver. Do they have the right team in place? There’s a common misunderstanding from the broader business that a developer can simply ‘develop’ any application – whereas the reality of course is that individuals are trained in specific programming languages and platforms. The challenge is that there’s every likelihood that IT teams are not just going to be focusing on one application, but many, all with different requirements and varying stakeholders.
So, ultimately, the applications that need to be prioritised should always meet the needs of the business, while working within the skillsets and parameters of the available development environments.
3What platform does the application need to run on?
With organisations running a multitude of environments to meet the demands of their applications, each with unique technological requirements, finding the platform isn’t the only challenge. What’s hard is that the development and management is more complex than ever before, with IT and developers navigating traditional apps, cloud- native, SaaS, services and on-prem, for example.
Here’s where you need a common ground between IT teams, Lines of Business and developers – where having a single digital platform is critical – to remove the potential for silos springing up, enable the better deployment of resources, and provide a consistent approach to managing applications, infrastructure and business needs together.
It’s about creating one, common platform to ‘run all the things’. One, software-defined digital foundation that provides the platform - and choice of where to run IT - to drive business value, create the best environment for developers and help IT effectively manage existing and new technology via any cloud for any application on any device with intrinsic security. One platform that can deliver all apps, enabling developers to use the latest development methodologies and container technologies for faster time to production. All with consistent management and operations.
This is ultimately about enabling businesses to deliver better software faster; to automate the modern app lifecycle, remove barriers to the likes of Kubernetes and container adoption, and even run Kubernetes across clouds. In doing so, the business can position itself to support a new wave of modern apps: democratising Kubernetes to deliver the apps that are transforming business competitiveness.
4Where do I want to run them?
Businesses have multiple environments for a number of reasons – one of them can be the need to meet regulatory, compliance or customer demands for the geographical storage of data. There might also be a technology reason to keep data and applications as close to the end user as possible – if maximum latency is a nonnegotiable, for instance.
Then there’s the issue of data sovereignty, which varies from country to country, and has to be considered when making decisions on application deployment.
The question of ‘where’ often breaks down to commercial and technical elements. The answer lies in bringing these considerations together, to move forward with both boxes comprehensively ticked.
5How will I deliver them to users?
Once the foundations are in place, it’s time to consider how the applications will actually get to the user. This is often overlooked, and yet it’s the whole point of deploying modernised applications – to have users engaging with them and receiving the experience they’ve been looking for. It doesn’t matter whether they’re customers, employees or any other stakeholder – the application’s time to value cannot be realised, or even considered, until it is in the hands of the user.
That goes for keeping them updated as well – an employee could have some of the world’s most powerful applications in the palm of their hand, but by having to manually update each one, their true value won’t be achieved until that’s taken place.
6How do I secure them?
All of the above is taxing enough; but threats lurk at every stage. Applications, data, infrastructure – it all has to be completely secure. The sophisticated nature of today’s cyber-attacks demands sophisticated responses, which is why building end-to-end security that covers applications, workloads, end points and infrastructure is so critical. It cannot be an afterthought, brought in just before shipping. Only through intrinsically integrating security can IT ensure that everything is secure across any application, any cloud, and any device.
7How do I manage all of this?
Finally comes the management. Already touched upon in step three, IT teams need to have a way of being able to control all these different elements, at a time when talent and resource are under strain – something that needs to be addressed when one considers that 93% of our research respondents agreed that involving people with varied technical skill sets is an essential part of digital transformation efforts being successful.
It needs to be a simplified infrastructure, with consistent operations and a model to build and operate modern applications across multiple environments, whether on-premise or cloud based.
It’s quite simple – businesses need to be in the driving seat of being able to build, run, manage, secure and deliver any application – at speed - if they’re to meet the needs of their customers both in today’s turbulent times but also, and critically, as a way of future-readying their business. This puts immense pressure on stretched IT teams, but it is work that has to be undertaken. Those organisations that deploy a single digital foundation, that create an infrastructure that allows for the fast development and deployment of modern applications, will be the ones able to realise the immense value of these new services and offerings, positioning themselves to succeed.
CAN DATA SCIENCE IDENTIFY INSIDER THREATS? AMMAR ENAYA, REGIONAL DIRECTOR – MIDDLE EAST, TURKEY & NORTH AFRICA (METNA) AT VECTRA, HOW DATA SCIENCE AND CYBERSECURITY CAN WORK TOGETHER.
According to a survey by Forrester Research in 2019, 52% of global enterprise network security decision-makers reported that their firms experienced at least one breach of sensitive data during the past 12 months.
And nearly half the breaches of sensitive data came at the hands of insiders.
Although insider threats represent only a small portion of employees, incidents that involve the theft of intellectual property and customer contact lists add significant costs to business organisations.
Security teams typically respond to insider threats by monitoring and logging access. The aim is to at least be able to do forensic analysis when a threat occurs and causes damage, with investigative support from the legal department.
Obviously, this approach won’t prevent a threat in any way. Recent updates to monitoring solutions and research programs by the U.S. government are taking a proactive approach to detect
a threat while it’s happening and even before it occurs.
The pathology of the insider is very complex. An insider typically takes precautions to evade detection, so how could a software solution reliably identify what is a threat and what is not?
The problem of detecting an insider threat before it happens is as difficult and complex to solve as the prediction of human behavior itself.
But recent technological advances have shown significant improvements in predicting what was previously considered impossible – human behaviour. Systems like Alexa, Siri and Cortana can predict users’ needs before they even know them.
Lots and lots of data
This is due in part to the vast amounts of behavioral data that are collected and indexed. Computational resources for analysis have also reached critical mass for large-scale AI applications such as voice recognition, image analysis and machine learning. The term for the predictive analysis of large amounts of behavioural data is data science.
Today data science is applied to various problems and areas and could similarly be applied to the insider threat problem. An insider’s behavior is by definition authorised to be on an organisation’s network.
But there’s not enough information available to derive an insider’s intention or psychology in real-time. However, as the amount of collected behavioral data increases, more clues are revealed.
An initial data science approach involves learning commonly known indicators of insider threat behaviors. These might be authorised behaviours that for some reason have veered off course.
An example is exfiltration behaviors, such as uploading data to a Dropbox account, extensive use of USB sticks or high volumes of downloads from internal servers. These known indicators are specific enough to catch an ongoing attack, but only a limited set of attack types can be detected.
To catch future – and unknown – attacks, a second approach focuses on anomalies in observed behavior. An anomaly deviates from what is standard, normal or expected.
Data science analyses behavioral information and learns what is normal – that is, normalcy with regard to all observed behavior variations, an individual’s behavior over time or even social behaviors. Once a baseline of normalcy is established, outliers can be identified.
Knowing that insider threats are paired with behavioral changes in an individual, anomaly detection will reveal these unusual variations, even in the early stages of a threat.
But this improved detection comes with a price: A higher number of false positives. Benign changes in behavior – such as changes in job function or teams or returning to work after a vacation – will trigger high-volumes of detections can be overwhelming.
A third and more advanced data science approach generates narratives from the output of the first and second approaches: Combine indicators and anomalies to generate an understandable interpretation of the behaviors inside an organisation.
The latter is a tough challenge because it involves creating a truly artificial intelligence. But we are getting there.
HOW TO KEEP HACKERS AT BAY
AS ENDPOINTS BECOME OUR NEW PERIMETER, SO MUST MULTI-VECTOR EDR BECOME OUR NEW DEFENCE, SAYS HADI JAAFARAWI, MANAGING DIRECTOR – MIDDLE EAST, QUALYS
The threat landscape is nothing if not adaptable. Its everchanging nature crops up early in every conversation between today’s security professionals, across the Middle East. First it was, “Oh, it’s not just about anti-virus anymore.” And then we had, “Nowadays, it’s not a matter of ‘if’ but ‘when’.” And then on to the differences between cloud security and on-premises security. And everything in between.
Every one of these conversations shows the industry waking up to a new norm (because attackers have found ways around defences to the previous norm). The current norm is one of ecosystems. Our corporate networks have evolved to the point that their endpoint devices are now their perimeters. So that is the next buzz phrase for conversation: “the endpoint is the new perimeter”.
Our work and personal lives are played out against a digital backdrop. Much of what we do has a digital component — we are woken by our smartphone, check news on a smart device, consult our calendar via another endpoint, consume content, order food, shop, chat, and on, and on, and on. And after you pause for a moment to consider how much more this is true of the COVID-19 age, ask yourself this: how happy must attackers be to see this burgeoning activity on devices that connect to monetisable information inside corporate networks?
The rise of the multi-vector attack
Endpoint detection and response will now have to evolve, because this expanded attack surface allows bad actors to mount multi-vector campaigns. That means they have a menu of options — or paths — they can take to achieve a breach. They might take advantage of naïve users through social engineering. They might exploit a software vulnerability. Or they may opt for brute-force attacks. In the multi-vector world, they will adopt a mixture of these options to increase the probability of a successful incursion. And every endpoint is a risk to the whole environment.
In multi-vector endpoint detection and response (EDR), we branch out from monitoring and protecting the devices themselves because the endpoint is now just a small part of the risk profile for a network. Monitoring activity at just those surface nodes, in isolation of other readily available data, will lead to false positives (and negatives) and cause alert fatigue, suboptimal prioritisation of threats, and wasteful allocation of resources.
Without this new multi-vector approach, it will be much more difficult to automate detection and response functions and free up network admins and security professionals to perform more innovative tasks. And without the ability to scale up security postures to cope with more complex environments, those moving to hybrid working environments across the region — as is happening right now because of the pandemic crisis — will face thornier challenges than are strictly necessary.
The importance of visibility
So we need to be looking at a range of data points to gain a bird’s-eye view of the activity surrounding a suspect process, so we can properly assess its level of risk. Detecting malware is all very well and good, but a comprehensive inventory of endpoints and their activity on the network, along with status information on application upgrades, authentication and authorised processes, can go further in assessing the level of risk posed by a given activity and assigning (or not) resources to address it.
Clear visibility is vital. Those entrusted with protecting digital estates must be able to see misconfigurations of security processes, antivirus validation, exploitable vulnerabilities, and missing upgrades. They need to be armed with the information and tools that allow them to become threat hunters, sifting out mere pests and zeroing in on sinister predators.
Multi-vector EDR gives a global view of the network, leveraging the cloud to unify context vectors such as asset discovery, normalised software inventory, endof-life visibility, vulnerabilities, exploits, misconfigurations, in-depth endpoint telemetry and network reachability. Lightweight “edge” agents commune with powerful cloud-based engines to deliver potent assessment, detection, and response capabilities. Information processing and correlation happen in real time, meaning defence teams are never on the back foot. They are taking proactive measures ahead of possible breaches, rather than performing the lamentable task of cleaning up after data exfiltration has already occurred.
Information banquets feed shrewder action
The unparalleled visibility within multivector EDR platforms allows teams to go after the most advanced attacks before they do damage, leveraging threat intelligence to automatically flag suspicious activity for investigation. Not only do security professionals get to hunt big game — unquestionably the optimal use of their skills — but they are no longer plagued by “minnow” alerts, because the same information flow that has identified the genuine threat has accurately weeded out lesser ones.
The importance of seeing beyond the now-trivial endpoint to a wider vision should now be obvious. Multi-vector EDR allows organisations to build real-time information banquets that feed shrewder actions and resourcing. This, undeniably, is the future, and should be part of all our conversations from now on.
HOW TO CREATE A SUCCESSFUL REMOTE WORK STRATEGY ARA ARAKELIAN, HR MANAGER FOR MIDDLE EAST, TURKEY AND AFRICA AT KASPERSKY ON STRENGTHENING TEAMS AND BRINGING PEOPLE TOGETHER DURING A GLOBAL PANDEMIC
The coronavirus pandemic is changing every aspect of our lives. We are having to adapt to the new norms of selfisolation, remote working, and staying as productive as we were before the pandemic began. However, it is important to understand that the situation we are all in is part of the VUCA environment (volatility, uncertainty, complexity and ambiguity) we have been working at for a long time – is a crisis situation and we have to adapt quickly and make innovative and strategic decisions that will significantly influence our lives and businesses.
Implementing remote working is one of the most challenging processes that organisations face today, from both a technical and human standpoint. But with the right strategy in place, the process can be made less painful and more effective.
Getting tech-ready
With every company moving its employees to remote working as fast as possible, it might feel like we are all participating in some kind of global experiment to test how well prepared we are for such a situation. If it really was an experiment, no one would have ever agreed, but as this is not a test we have to adapt fast. For some companies, like IT ones, the process might be easier, but despite this we are all facing some form of technical issues that have only come to light due to the magnitude and mass nature of the challenge. For example, does everyone has a laptop? Are all security settings for remote work in place on these laptops? Do we need to change our information security policies to enable everyone to work efficiently from home?
Another important thing to consider is the adaptation of employees to remote working, with some people needing additional help and support in using some apps to carry out their roles and communicate with others. No matter what your specific challenges are, to make everything work and ensure a smooth and comfortable transition, a united team and approach is needed.
Leading teams during a crisis
Working from home can present a big change in the working day, as many employees are not alone but with their whole family. In addition to doing their job, they have to take care of their kids, parents or other elderly relatives.
In these circumstances, psychological and emotional stress is the biggest challenge for people, especially the company’s management team. In addition to the stress of re-organising our lives, we’re constantly bombarded
with information about COVID-19 but no one can say when everything will get back to normal. This makes people even more worried about their families, jobs and financial stability, which in turn can lead to burnout and additional stress.
We help our employees manage information overload and the feeling of being overwhelmed at this uncertain time. Information from trusted sources is hugely valuable so to ensure that our employees can make sense of the sheer amount of media articles and different kinds of information about COVID-19, we keep them informed of the facts and current situation by organising podcasts with doctors and useful webinars on how to stay safe and healthy at home.
This situation demands more flexibility from the company’s leadership team, as it needs to provide the right support for people, to help them combat their fears and mobilise them for action. Emotional intelligence is becoming a key skill in managing organisations and teams in the face of remote working, and the success of companies will depend on the quality of communication with employees.
As well as senior management support, we work with team leaders across the company to guide them on how to support their teams and organise work. Indeed, working in teams is one of the key principles of our company and it is critical for us to stay connected and productive no matter what. For some team leaders, the fact that they cannot see their team and are trying to manage it remotely can become a serious issue. In this situation our main recommendation is to communicate more with your team, put trust in your people, and be a results-driven manager. We all need to go through a transition period and the ability to support and motivate a team, united in their efforts to reach a common goal will be a defining point for an authentic leaders today.
However, we also recognise that different teams need different levels of support: our R&D, Anti-Malware
Research, Global Research and WORKING FROM HOME CAN PRESENT A BIG CHANGE IN THE WORKING DAY, AS MANY EMPLOYEES ARE NOT ALONE BUT WITH THEIR WHOLE FAMILY. IN ADDITION TO DOING THEIR JOB, THEY HAVE TO TAKE CARE OF THEIR KIDS, PARENTS OR OTHER ELDERLY RELATIVES.
Analysis teams, for example, are used to communicating online, so today we mostly support them from a practical point of view, helping them to better organise their workspace at home. We are also seeing a different dynamic in teams including sales, marketing, communications and even HR, because people working in these departments are used to meeting people and building key relationships as part of their role, so face to face communication is crucial. We understand that the adaptation process for them can be more difficult, and in order to specifically support this group of employees we’re organising webinars on how to stay productive and efficient, and how to keep the team atmosphere and culture thriving via various online communications channels.
Of course, we’re encouraging everyone to be physically active as well, as it is scientifically proven to lower stress levels and help people concentrate better. To do this, we’re working on organising online fitness classes and launching some fitness challenges across our Middle East, Turkey and Africa offices. We also believe in healthy living and we’re planning to send employees a fruit basket to encourage healthier eating.
The future of work
Although there have been many discussions about remote working in the industry over recent years, the percentage of people working from home is still low. For example, in the US only 5.2% of employees work completely remotely today. However, after the coronavirus pandemic is over we will see a big change in peoples’ mindset regarding working from home – they will understand that it can be as effective as working from the office and brings more benefits in terms of work-life balance. As a result, companies all over the world will have to adjust their policies to include flexible work arrangements as a key benefit to help them stay competitive within the market. It’s important to note that we won’t see a total shift towards remote working as it will still be important for people to come into the office and meet with other team members and clients.
The current situation should also positively change the dynamics in teams, as employees will be trusted more on how they organise their working day. There will also be a change in how managers set tasks and manage their staff, as the focus shifts to more human communication and addressing an employee’s needs, which brings us back to the critical importance of supporting emotional needs during this time of crisis and beyond.
