Selecting a new “digitally focused” sourcing partner

Posted on : 18-07-2018 | By : john.vincent | In : Cloud, FinTech, Innovation, Uncategorized

Tags: , , , , , ,

0

It was interesting to see the recent figures this month from the ISG Index, showing that the traditional outsourcing market in EMEA has rebounded. Figures for the second quarter for commercial outsourcing contracts show a combined annual contract value (ACV) of €3.7Bn. This is significantly up 23% on 2017 and for the traditional sourcing market, reverses a downward trend which had persisted for the previous four quarters.

This is an interesting change of direction, particularly against a backdrop of economic uncertainty around Brexit and the much “over indulged”, GDPR preparation. It seems that despite this, rather than hunkering down with a tin hat and stockpiling rations, companies in EMEA have invested in their technology service provision to support an agile digital growth for the future. The global number also accelerated, up 31% to a record ACV of €9.9Bn.

Underpinning some of these figures has been a huge acceleration in the As-a-Service market. In the last 2 years the ACV attributed to SaaS and IaaS has almost doubled. This has been fairly consistent across all sectors.

So when selecting a sourcing partner, what should companies consider outside of the usual criteria including size, capability, cultural fit, industry experience, flexibility, cost and so on?

One aspect that is interesting from these figures is the influence that technologies such as cloud based services, automation (including AI) and robotic process automation (RPA) are having both now and in the years to come. Many organisations have used sourcing models to fix costs and benefit from labour arbitrage as a pass-through from suppliers. Indeed, this shift of labour ownership has fuelled incredible growth within some of the service providers. For example, Tata Consultancy Services (TCS) has grown from 45.7k employees in 2005 to 394k in March 2018.

However, having reached this heady number if staff, the technologies mentioned previously are threatening the model of some of these companies. As-a-Service providers such as Microsoft Azure and Amazon AWS have platforms now which are carving their way through technology service provision, which previously would have been managed by human beings.

In the infrastructure space commoditisation is well under way. Indeed, we predict that the within 3 years the build, configure and manage skills in areas such Windows and Linux platforms will be rarely in demand. DevOps models, and variants of, are moving at a rapid pace with tools to support spinning up platforms on demand to support application services now mainstream. Service providers often focus on their technology overlay “value add” in this space, with portals or orchestration products which can manage cloud services. However, the value of these is often questionable over direct access or through commercial 3rd party products.

Secondly, as we’ve discussed here before, technology advances in RPA, machine learning and AI are transforming service provision. This of course is not just in terms of business applications but also in terms of the underpinning services. This is translating itself into areas such as self-service Bots which can be queried by end users to provide solutions and guidance, or self-learning AI processes which can predict potential system failures before they occur and take preventative actions.

These advances present a challenge to the workforce focused outsource providers.

Given the factors above, and the market shift, it is important that companies take these into account when selecting a technology service provider. Questions to consider are;

  • What are their strategic relationships with cloud providers, and not just at the “corporate” level, but do they have in depth knowledge of the whole technology ecosystem at a low level?
  • Can they demonstrate skills in the orchestration and automation of platforms at an “infrastructure as a code” level?
  • Do they have capability to deliver process automation through techniques such as Bots, can they scale to enterprise and where are their RPA alliances?
  • Does the potential partner have domain expertise and open to partnership around new products and shared reward/JV models?

The traditional sourcing engagement models are evolving which has developed new opportunities on both sides. Expect new entrants, without the technical debt, organisational overheads and with a more technology solution focus to disrupt the market.

Insider Threat – Who is Taking Your Data Home?

Posted on : 25-06-2018 | By : richard.gale | In : Uncategorized

0

“Employee theft has always been a problem for organisations. Critical information is now more accessible and portable than ever before. So, what used to be an irritation has now become a threat to a company’s very existence.”

Stealing company secrets or having a grudge against a company is nothing new. However, today the rise of the digital age has made it easier to gain access to information from the inside and created a host of vulnerabilities ripe for exploitation.

Organisations can find it difficult to identify such insider threats, or by the time they have recognised them it may be too late, and the leak has already happened. This is made ever more difficult to monitor by the increasing complexity of an organisation’s network. The amount of data stored and number and types of devices connecting to it makes it harder than ever to monitor usage.

Companies have spent big money and devoted a lot of resource to protect themselves against external threats and have built strong defences with firewalls, anti-virus software, mail filters and numerous other filters used extensively to protect themselves.  But have they left themselves vulnerable from the inside?

Recently, two Corporate giants Coca-Cola and Tesla fell victim to malicious behaviour. In the case of Coca-Cola, a former employee stored 1000’s of employees’ personal data on an external hard drive.  Electric car giant Tesla was sabotaged by an aggrieved employee who was upset not to have been awarded a promotion. To demonstrate his feelings, he stole highly sensitive data from the manufacturing operating system and sold it on to third parties.

According to a recent survey by Egress Software Technologies,  almost a quarter of UK employees have purposely shared business information to people outside of their organisation. Clearswift research has found that employees are willing to sell company information for as little as £125, so it doesn’t take much to turn a disgruntled or bored employee into the criminal’s accomplice! Add to this the number of employees tricked by social engineering and spoof emails causing damage unintentionally, then organisations are faced with a potentially massive security problem inside their own organisation.

Guarding against the insider threat is difficult because technology alone cannot solve the issue. This type of threat is more about personality and behaviour, feelings and motivation. There are highly capable tools to track keyboard strokes and data, but these will not identify an individual that was passed up for a promotion or the individual going through a divorce or financial difficulties, technology alone cannot detect that.

So, what can companies do? There is a fine balance between monitoring employees and allowing them the freedom and responsibility to do their job.  Let’s face it, no one wants to work for an organisation where every move they make is monitored and they feel they are not trusted to behave in the appropriate way.

Where cybercrime is concerned, people can often be the weakest link in the security chain, but with education and training, they can be your greatest asset.

Ongoing training and education programs are essential in influencing employee behaviour, it only takes one person to click on a phishing email to expose an entire organisation. Companies also need to continue to invest in employee education about cybercrime and the detrimental effect a breach can have on brand, reputation and the bottom line. When assessing personnel, consider how much access they should have, what data they control and influence, and run background checks on new employees before granting physical or logical access to facilities, systems or data. Also, identify which people within the business have significant information system security roles, and ensure the process for documentation is comprehensive and regularly updated.

Once you have set policies and procedures in place, a layer of technology can be added to bring additional security. But, as we said before, technology alone will not address all the issues:

  • Use specialist security software to track files and malware entering/leaving the network. Many tools now have advanced tracking functionality to spot unusual behaviour on a network. Tools such as Darktrace, FireEye and Palo Alto can track unusual network behaviour as well as unexpected user behaviour.
  • Consider tools such as Dtex or Egress deployed on an individual’s PC to monitor behaviour. Capturing changes in user patterns (e.g. an employee getting ready to leave the organisations), High risk pattern behaviour or finding what information was lost on a laptop left on a train.
  • Other monitoring solutions such as Digital Shadows to track data that has left the internal boundary to calculate the amount of exposure you have outside the organisation. Even tracking data on social media and the “Dark web”. Controlled environment – Four Eyes checks of files leaving the network to ensure sensitive files are not being sent externally.

With better controls, procedures and policies in place together with technology that can identify unusual activity and misuse, it is possible to capture potential losses and remediate as quickly as possible thereby limiting any damage caused.

 

As always, it’s not just about technology but the people and processes too!

 

kerry.housley@broadgateconsultants.com

LET’S THINK INTELLIGENTLY ABOUT AI

Posted on : 30-04-2018 | By : kerry.housley | In : Uncategorized

0

Currently there is a daily avalanche of artificial intelligence (AI) related news clogging the internet. Almost every new product, service or feature has an AI, ‘Machine Learning’ or ‘Robo something’  angle to it. So what is so great about AI? What is different about it and how can it improve the way we live and work? We think there has been an over emphasis on ‘machine learning’ relying on crunching huge amounts of information via a set of algorithms. The actual ‘intelligence’ part has been overlooked, the unsupervised way humans learn through observation and modifying our behaviour based on changes to our actions is missing. Most ‘AI’ tools today work well but have a very narrow range of abilities and have no ability to really think creatively and as wide ranging as a human (or animal) brain.

Origins

Artificial Intelligence as a concept has been around for hundreds of years. That human thought, learning, reasoning and creativity could be replicated in some form of machine. AI as an academic practice really grew out of the early computing concepts of Alan Turing and the first AI research lab was created in Dartmouth college in 1956. The objective seemed simple, create a machine as intelligent as a human being. The original team quickly found they had grossly underestimated the complexity of the task and progress in AI moved gradually forward over the next 50 years.

Although there are a number of approaches to AI, all generally rely on learning, processing information about the environment, how it changes, the  frequency and type of inputs experienced. This can result in a huge amount of data to be absorbed. The combination of the availability of vast amounts of computing power & storage with massive amounts of information (from computer searches and interaction) has enabled AI, sometimes known as machine learning to gather pace. There are three main types of learning in AI;

  • Reinforcement learning — This is focused on the problem of how an AI tool ought to act in order to maximise the chance of solving a problem. In a particular situation, the machine picks an action or a sequence of actions, and progresses. This is frequently used when teaching machines to play and win chess games. One issue is that in its purest form, reinforcement learning requires an extremely large number of repetitions to achieve a level of success.
  • Supervised learning —  The programme is told what the correct answer is for a particular input: here is the image of a kettle the correct answer is “kettle.” It is called supervised learning because the process of an algorithm learning from the labelled training data-set is similar to showing a picture book to a young child. The adult knows the correct answer and the child makes predictions based on previous examples. This is the most common technique for training neural networks and other machine learning architectures. An example might be: Given the descriptions of a large number of houses in your town together with their prices, try to predict the selling price of your own home.
  • Unsupervised learning / predictive learning — Much of what humans and animals learn, they learn it in the first hours, days, months, and years of their lives in an unsupervised manner: we learn how the world works by observing it and seeing the result of our actions. No one is here to tell us the name and function of every object we perceive. We learn very basic concepts, like the fact that the world is three-dimensional, that objects don’t disappear spontaneously, that objects that are not supported fall. We do not know how to do this with machines at the moment, at least not at the level that humans and animals can. Our lack of AI technique for unsupervised or predictive learning is one of the factors that limits the progress of AI at the moment.

How useful is AI?

We are constantly interacting with AI. There are a multitude of programmes, working, helping and predicting  your next move (or at least trying to). Working out the best route is an obvious one where Google uses feedback from thousands of other live and historic journeys to route you the most efficient way to work. It then updates its algorithms based on the results from yours. Ad choices, ‘people also liked/went on to buy’ all assist in some ways to make our lives ‘easier’. The way you spend money is predictable so any unusual behaviour can result in a call from your bank to check a transaction. Weather forecasting uses machine learning (and an enormous amount of processing power combined with historic data) to provide improving short and medium term forecasts.

One of the limitations with current reinforcement and supervised models of learning is that, although we can build a highly intelligent device it has very limited focus. The chess computer ‘Deep Blue’ could beat Grand-master human chess players but, unlike them, it cannot drive a car, open a window or describe the beauty of a painting.

What’s next?

So could a machine ever duplicate or move beyond the capabilities of a human brain. The short answer is ‘of course’. Another short answer is ‘never’… Computers and programmes are getting more powerful, sophisticated and consistent each year. The amount of digital data is doubling on a yearly basis and the reach of devices is expanding at extreme pace. What does that mean for us? Who knows is the honest answer. AI and intelligent machines will become a part of all our daily life but the creativity of humans should ensure we partner and use them to enrich and improve our lives and environment.

Deep Learning‘ is the latest buzz term in AI. Some researchers explain this as ‘working just like the brain’ a better explanation from Jan LeCun (Head of AI at Facebook) is ‘machines that learn to represent the world’. So more general purpose machine learning tools rather than highly specialised single purpose ones. We see this as the next likely direction for AI in the same way, perhaps, that the general purpose Personal Computer (PC) transformed computing from dedicated single purpose to multi-purpose business tools.

Will Robotic Process Automation be responsible for the next generation of technical debt?

Posted on : 28-03-2018 | By : kerry.housley | In : FinTech, Innovation, Predictions, Uncategorized

Tags: , , , , , , , , , ,

0

All hail the great Bill Gates and his immortal words:

The first rule of any technology used in a business is that automation applied to an efficient operation will magnify the efficiency. The second is that automation applied to an inefficient operation will magnify the inefficiency.”

With the Robotic Process Automation (RPA) wave crashing down all about us and as we all scramble around trying to catch a ride on its efficiency, cost saving and performance optimising goodness, we should take a minute and take heed of Mr Gate’s wise words and remember that poorly designed processes done more efficiently will still be ineffectual. In theory, you’re just getting better at doing things poorly.

Now before we go any further, we should state that we have no doubt about the many benefits of RPA and in our opinion RPA should be taken advantage of and utilised where appropriate.

Now with that said…

RPA lends itself very well to quick fixes and fast savings, which are very tempting to any organisation. However, there are many organisations with years of technical debt built up already through adding quick fixes to fundamental issues in their IT systems. For these organisations, the introduction of RPA (although very fruitful in the short term) will actually add more technological dependencies to the mix. This will increase their technical debt if not maintained effectively. Eventually, this will become unsustainable and very costly to your organisation.

RPA will increase dependencies on other systems, adding subtle complex levels of interoperability, and like any interdependent ecosystem, when one thing alters there is an (often unforeseen) knock-on effect in other areas.

An upgrade that causes a subtle change to a user interface will cause the RPA process to stop working, or worse the process will keep working but do the wrong thing.

Consider this; what happens when an RPA process that has been running for a few years needs updating or changing? Will you still have the inherent expert understanding of this particular process at the human level or has that expertise now been lost?

How will we get around these problems?  Well, as with most IT issues, an overworked and understaffed IT department will create a quick workaround to solve the problem, and then move on to the myriad of other technical issues that need their attention. Hey presto… technical debt.

So, what is the answer? Of course, we need to stay competitive and take advantage of this new blend of technologies. It just needs to be a considered decision, you need to go in with your eyes open and understand the mid and long-term implications.

A big question surrounding RPA is who owns this new technology within organisations? Does it belong to the business side or the IT side and how involved should your CIO or CTO be?

It’s tempting to say that processes are designed by the business side and because RPA is simply going to replace the human element of an already existing process this can all be done by the business side, we don’t need to (or want to) involve the CIO in this decision. However, you wouldn’t hire a new employee into your organisation without HR being involved and the same is true of introducing new tech into your system. True, RPA is designed to sit outside/on top of your networks and systems in which case it shouldn’t interfere with your existing network, but at the very least the CIO and IT department should have an oversight of RPA being introduced into the organisation. They can then be aware of any issues that may occur as a result of any upgrades or changes to the existing system.

Our advice would be that organisations should initially only implement RPA measures that have been considered by both the CIO and the business side to be directly beneficial to the strategic goals of the company.

Following this, you can then perform a proper opportunity assessment to find the optimum portfolio of processes.  Generally, low or medium complexity processes or sub-processes will be the best initial options for RPA, if your assessment shows that the Full Time Equivalent (FTE) savings are worth it of course. Ultimately, you should be looking for the processes with the best return, and simplest delivery.

A final point on software tools and vendors. Like most niche markets of trending technology RPA is awash with companies offering various software tools. You may have heard of some of the bigger and more reputable names like UiPath and Blue Prism. It can be a minefield of offerings, so understanding your needs and selecting an appropriate vendor will be key to making the most of RPA. In order to combat the build-up of technical debt, tools provided by the vendor to enable some of the maintenance and management of the RPA processes is essential.

For advice on how to begin to introduce RPA into your organisation, vendor selection or help conducting a RPA opportunity assessment, or for help reducing your technical debt please email Richard.gale@broadgateconsultants.com.

 

Beware the GDPR Hackivist DDoS Threat

Posted on : 28-02-2018 | By : Tom Loxley | In : compliance, Cyber Security, Data, data security, GDPR, Uncategorized

Tags: , , , , , ,

0

Getting GDPReady is on most organisations agenda at the moment, however, what if, after all the effort, cost and times spent becoming compliant with GDPR I told you that you could have opened your organisation up to a serious distributed denial-of-service (DDoS) threat?

Whilst we all know that GDPR is a requirement for all businesses it is largely for the benefit of the public.

For instance, with GDPR individuals now have the right to have their personal data held by organisations revealed or deleted forgotten. Now imagine if masses of people in a focused effort decided to ask for their information at once overwhelming the target organisation. The result could be crippling and in the wrong hands be used as DDoS style attack

Before we go any further let’s just consider for one moment the amount of work, manpower, cost and time involved in processing a request to be forgotten or to produce all information currently held on a single individual. Even for organisations who have mapped their data and stored it efficiently and created a smooth process exactly for this purpose, there is still a lot of effort involved.

Hacktivism is the act of hacking or breaking into a computer system, for a politically or socially motivated purpose, so technically speaking your defences against other cyber attacks would normally protect you. But in this case, hacktivist groups could cause serious damage to an organisation without the need for any technical or cyber expertise and there is even uncertainty as to whether or not it would be illegal.

So, could GDPR requests for data deletion and anonymity be used as a legal method to disrupt organisations? I am not suggesting the occasional request would cause an issue but a coordinated mass of requests, which legally organisations will now be obliged to process, resulting in a DDoS style attack.

Organisations will be trapped by their compliance. What are the alternatives? Don’t comply with GDPR and there are fines of 4% of annual turnover or 20,000,000 euros (whichever is greater). The scary thing here is what is stopping the politically or morally motivated group who takes issue with your company from using this method? It’s easy and low risk for them and potentially crippling to some organisations so why not?

How will the ICO possibly select between the complaints of those organisations genuinely failing to comply with regulation and those which have been engineered for the purpose of a complaint?

With so many organisations still being reported as unprepared for GDPR and the ICO keen to prove GDPR will work and make some early examples of a those who don’t comply to show they mean business; my worry is that there will be a bit of a gold rush of litigation in the first few months after the May 2018 compliance deadline is issued in much the same way as PPI claims have affected the finical services lenders.

For many companies, the issue is that the prospect for preparing for GDPR seems complicated, daunting and the information on the ICO website is sometimes rather ambiguous which doesn’t help matters. The truth is that for some companies it will be far more difficult than for others and finding the help either internally or by outsourcing will be essential in their journey to prepare and implement effective GDPR compliant policy and processes.

Broadgate Consultants can advise and assist you to secure and manage your data, assess and mitigate your risks and implement the right measures and solutions to get your organisation secure and GDPReady.

For further information, please email thomas.loxley@broadgateconsultants.com.

 

Are you ready to take advantage of Robotic Process Automation?

Posted on : 28-02-2018 | By : richard.gale | In : Innovation, Uncategorized

Tags: , , , , , , ,

0

Robotic Process Automation or RPA is growing fast. We were initially sceptical as to how innovative it actually is but are always looking for ways to help our clients (and Broadgate!) work more efficiently.

RPA technology, sometimes called a software robot or ‘bot’, mimics a human worker, logging into applications, entering data, calculating and completing tasks, and logging out.

RPA software isn’t really part of an organisation’s IT infrastructure. It sits above, enabling a company to implement the technology quickly and efficiently without changing the existing infrastructure and systems.

RPA could be seen as a ‘tactical’ approach to solving a business problem. In the long term the ‘bots’ should be replaced by strategic solutions but the advantages of quickly being able to make a process more efficient and remove human error can make immediate efficiency gains. And we all know how long these tactical solutions can remain in place….

The evolution of RPA

Although the term “robotic process automation” can be traced to the early 2000s, it had been developing for a number of years previously. We worked on screen scraping applications in the early ’90s to help turn ‘green screens’ into newly fashionable GUI applications.

RPA evolved from three key technologies: screen scraping (mimicking user interaction), workflow automation and artificial intelligence.

Screen scraping is the process of collecting screen display data from a legacy application so that the data can be displayed by a more modern user interface. The advantages of workflow automation software, which eliminates the need for manual data entry and increases order fulfilment rates, include increased speed, efficiency and accuracy. Lastly, artificial intelligence involves the ability of computer systems to perform tasks that normally require human intervention and intelligence.

Benefits of RPA

Robotic process automation technology can help organisations on their digital transformation stories by:

  • Creating cost savings for manual and repetitive tasks
  • Enabling employees to be more productive
  • Enabling better customer service
  • Ensuring business operations and processes comply with regulations and standards
  • Allowing processes to be completed much more rapidly
  • Providing improved efficiency by digitising and auditing processes

Applications of RPA

Some of the applications of RPA include:

  • Financial services: Companies in the financial services industry can use RPA for foreign exchange payments, automating account openings and closings, managing audit requests and processing insurance claims.
  • Customer service: RPA can help companies offer better customer service by automating call centre tasks, including verifying e-signatures, uploading scanned documents and verifying information for automatic approvals or rejections.
  • Accounting: Organisations can use RPA for general accounting, operational accounting, transactional reporting and budgeting.
  • Supply Chain:  RPA can be used for procurement, automating order processing and payments, monitoring inventory levels and tracking shipments.
  • Healthcare: Medical organizations can use RPA for handling patient records, claims, customer support, account management, billing, reporting and analytics.
  • Human resources: RPA can automate HR tasks, including onboarding and offboarding, updating employee information and timesheet submission processes.

 

What’s so different from regular automation?

What distinguishes RPA from traditional IT automation is the ability of the RPA software to be aware and adapt to changing circumstances, exceptions and new situations.
Once RPA software has been trained to capture and interpret the actions of specific processes in existing software applications, it can then manipulate data, trigger responses, initiate new actions and communicate with other systems autonomously.
RPA software is particularly useful for organisations that have many different and complicated systems that need to interact together fluidly.
For instance, if an electronic form from a Compliance system (such as know your customer) is missing a postcode, traditional automation software would flag the form as having an exception and an employee would handle the exception by looking up the correct postcode and entering it on the form. Once the form is complete, the employee might send it on to Compliance so the information can be entered into the approved customer system.
With RPA technology, however, software that has the ability to adapt, self-learn and self-correct would handle the exception and interact with the payroll system without human assistance.

What to look for in RPA software

When enterprise leaders look for RPA technologies, they should consider a number of things, including:

  • Simplicity: Organisations should look for products that are simple enough that any employee in the business can build and use them to handle various kinds of work, including collecting data and turning content into information that enables leaders to make the best business decisions.
  • Speed: Enterprises should be able to design and test new robotic processes in a few hours or less, as well as optimise the bots to work quickly.
  • Reliability: As companies launch robots to automate hundreds or even thousands of tasks, they should look for tools with built-in monitoring and analytics that enable them to monitor the health of their systems.
  • Intelligence: The best RPA tools can support simple task-based activities, read and write to any data source, and take advantage of more advanced learning to further improve automation.
  • Scalability: Organisations shouldn’t select RPA software that requires them to deploy software robots to desktops or virtualised environments. They should look for RPA platforms that can be centrally managed and scale massively.
  • Enterprise-class: Companies should look for tools that are built from the ground up for enterprise-grade scalability, reliability and manageability.

Prerequisites for robotic process automation

  1. Are you able to describe the work? This doesn’t mean your documentation exists or is current. The task could be described by recording a user performing their work on a computer including how they handle exceptions.
  2. Is the work rules-based rather than subjective? Robots need to be prepared (aka, taught, trained, configured) to perform specific actions on your systems. Current technology is insufficient for a robot to determine on its own what to when faced with a new situation.
  3. Is the work performed electronically? It doesn’t matter how many different applications are required or whether they are in-house, cloud-based, Citrix, desktop or mainframe.
  4. Is the required data structured (or could it be structured)? If not, you may be able to utilise an OCR and/or cognitive application capable of structuring the file.  Alternatively, you could have people enter the data into a structured format.

Disqualifiers for robotic process automation use cases​​

  1. Process stability. If your organisation keeps changing the process (e.g., responding to competitive factors or new sources of information), then it may not be the right time to automate it. Despite investing resources to stabilise the current activity, you may end up with too much maintenance to keep your automation aligned to business needs.
  2. Target applications suitability. Some applications are harder for robots to use than others. It’s a fact that vendors don’t really like to highlight in the sales process. Starting with an especially challenging target application could delay the whole program, cause fatigue in leadership and put your credibility at risk. If you have to do it, make sure that you build in an accurate view of the time required.

Organisational impacts of RPA

Though automation software is expected to replace up to 120 million full-time employees worldwide by 2024, many high-quality jobs will be created for those who maintain and improve RPA software.

When software robots do replace people in the enterprise, managers need to be responsible for ensuring that business outcomes are achieved and new governance policies are met.

Robotic process automation technology also requires that the CIO take more of a leadership role and assume accountability for the business outcomes and the risks of deploying RPA tools.

Additionally, the COO, CIO and HR, as well as the relevant executive who owns the process being automated, should all work toward ensuring the availability of an enterprise-grade, secure platform for controlling and operating bots across systems.

Where the robotic process automation market is heading

One report expects the RPA market to reach $5 billion by 2024. The increased adoption of RPA technologies by organisations to enhance their capabilities and performance and boost cost savings will reportedly drive the growth of the robotic process automation market most during that time.

We are excited that the mix of technologies and domain business expertise will enable this growth and we are focusing on growing our skills in this area.

GDPR – The Countdown Conundrum

Posted on : 30-01-2018 | By : Tom Loxley | In : Cloud, compliance, Cyber Security, data security, Finance, GDPR, General News, Uncategorized

Tags: , , , , , , , , , , , , ,

0

Crunch time is just around the corner and yet businesses are not prepared, but why?

General Data Protection Regulation (GDPR) – a new set of rules set out from the European Union which aims to simplify data protection laws and provide citizens across all member states with more control over their personal data”

It is estimated that just under half of businesses are unaware of incoming data protection laws that they will be subject to in just four months’ time, or how the new legislation affects information security.

Following a government survey, the lack of awareness about the upcoming introduction of GDPR has led to the UK government to issue a warning to the public over businesses shortfall in preparation for the change. According to the Digital, Culture, Media and Sport secretary Matt Hancock:

“These figures show many organisations still need to act to make sure the personal data they hold is secure and they are prepared for our Data Protection Bill”

GDPR comes into force on 25 May 2018 and potentially huge fines face those who are found to misuse, exploit, lose or otherwise mishandle personal data. This can be as much as up to four percent of company turnover. Organisations could also face penalties if they’re hacked and attempt to hide what happened from customers.

There is also a very real and emerging risk of a huge loss of business. Specifically, 3rd-party compliance and assurance is common practice now and your clients will want to know that you are compliant with GDPR as part of doing business.

Yet regardless of the risks to reputation, potential loss of business and fines with being non-GDPR compliant, the government survey has found that many organisations aren’t prepared – or aren’t even aware – of the incoming legislation and how it will impact on their information and data security strategy.

Not surprisingly, considering the ever-changing landscape of regulatory requirements they have had to adapt to, finance and insurance sectors are said to have the highest awareness of the incoming security legislation. Conversely, only one in four businesses in the construction sector is said to be aware of GDPR, awareness in manufacturing also poor. According to the report, the overall figure comes in at just under half of businesses – including a third of charities – who have subsequently made changes to their cybersecurity policies as a result of GDPR.

If your organisation is one of those who are unsure of your GDPR compliance strategy, areas to consider may include;

  • Creating or improving new cybersecurity procedures
  • Hiring new staff (or creating new roles and responsibilities for your additional staff)
  • Making concentrated efforts to update security software
  • Mapping your current data state, what you hold, where it’s held and how it’s stored

In terms of getting help, this article is a great place to start: What is GDPR? Everything you need to know about the new general data protection regulations

However, if you’re worried your organisation is behind the curve there is still have time to ensure that you do everything to be GDPR compliant. The is an abundance of free guidance available from the National Cyber Security Centre and the on how to ensure your corporate cybersecurity policy is correct and up to date.

The ICO suggests that, rather than being fearful of GDPR, organisations should embrace GDPR as a chance to improve how they do business. The Information Commissioner Elizabeth Denham stated:

“The GDPR offers a real opportunity to present themselves on the basis of how they respect the privacy of individuals, and over time this can play more of a role in consumer choice. Enhanced customer trust and more competitive advantage are just two of the benefits of getting it right”

If you require pragmatic advice on the implementation of GDPR data security and management, please feel free to contact us for a chat. We have assessed and guided a number of our client through the maze of regulations including GDPR. Please contact Thomas.Loxley@broadgateconsultants.com in the first instance.

 

Battle of the Chiefs

Posted on : 25-01-2018 | By : Tom Loxley | In : Predictions, Uncategorized

Tags: , , , , , ,

0

2018 Prediction – Deep Dive

Chief Information Officer 1 – Chief Digital Officer 0

Digital transformation is undeniably the main driving force for change in businesses today. We have seen the financial sector being completely transformed by new technologies that offer the ability to engage customers in very different ways, driving more profits. Originating in the marketing department, digitally morphed into E-commerce where it gained more budget and more power. This led to the establishment of a new executive role of the Chief Digital Information Officer (CDiO). The more traditional role of the Chief Information Officer (CIO) faded in many organisations as CIO’s concentrated on their legacy systems, often accused of being slow to change in this new fast-paced environment. The CDiO rose as the star of the transformation show moving at lightening digital speed, propelling the competitive advantage and adding value to the business.  The two Chiefs have been working alongside each other uncomfortably over the past few years, neither understanding the boundaries between them. Not for much longer ….

We are starting to see some CDiOs come adrift as the main power point, with the promised world of digital failing to emerge. They too are being slowed down and unseated by the weight of legacy systems and legacy ideas in many organisations. Business leaders are getting impatient with the time to deliver ‘revolutionary’ change. Is it that these changes take time or is there a hint of the ‘Emperor’s new Code’ about this?

Broadgate believes that 2018 will see the resurgence of the CIO as the leading force. The digital buzzword is fading as digital is increasingly seen as a core part of any business strategy, intrinsic to the organisation. The development of the CDiO was a good short-term fix to turbo charge the digital roadmap, taking some of the weight off the CIO shoulders and enabling change. It could be said that the CDiO role developed as a result of an early division of labour between old and the new as digital models emerged. However, recently we have seen a considerable shift across all major sectors with four trends leading the charge for change: cloud, mobility, IoT and big data. It is this technological innovation that has enabled the role of the CIO rise once more.

This is the big moment for the CIO essentially becoming the hero of the digital age, not only embracing the new but also connecting the old with the new and really enabling organizations to move forward. That said, we must not underestimate the scale of the challenge CIO’s face, there is a level of complexity in this new age of digital transformation that isn’t going away. Compounding this issue, business processes are often overlooked when technology is being rapidly applied. In many cases the CIO needs to reach out to their business counterpart in the area where technology is going to be deployed to ensure not only that there is complete connection but also that, working together, they understand how the business will function in that new environment and how orchestrating business technology will produce and deliver a strong result. CIOs must now take ownership of both to ensure they are not locked out of future technology decisions. The CIO who can keep up with the pace of new technology adoption can stay ahead of potential CDiOs encroaching on their territory.

2017 – A great year for the hackers

Posted on : 29-12-2017 | By : Tom Loxley | In : Cloud, compliance, Cyber Security, Data, data security, FinTech, GDPR, Uncategorized

0

This year saw some of the biggest data breaches so far, we saw cover-ups exposed and ransoms reaching new highs.

Of course, it’s no secret that when it comes to cybersecurity this was a pretty bad year and I’m certain that there are many CIO’s, CISO’s and CTO’s and indeed CEO’s wondering what 2018 has to offer from the hackers.

That 2018 threat landscape is sure to be full of yet more sophisticated security attacks on the horizon. However, the big win for 2017 is that people have woken up to the threat, “not if, but when” has been finally been acknowledged and people are becoming as proactive and creative as the attackers to protect their companies. The old adage of “offence is the best form of defence” still rings true.

With that in mind we’re going to look back at some of what 2017 had to offer, the past may not predict the future, but it certainly gives you a good place to start your planning for it.

So let’s take a look at some of the most high profile data breaches of 2017.

Equifax (you guessed it) – No doubt you’ll have heard of this breach and because of its huge scale its very likely that if you weren’t directly affected yourself, you’ll know someone who was. This breach was and still is being highly published and for good reason. A plethora of litigation and investigations followed the breach in an effort to deal with the colossal scale of personal information stolen. This includes over 240 individual class-action lawsuits, an investigation opened by the Federal Trade Commission, and more than 60 government investigations from U.S. state attorneys general, federal agencies and the British and Canadian governments. More recently a rare 50-state class-action suit has been served on the company.

Here are some of the facts:

  • 145.5 million people (the figure recently revised by Equifax, now 2.5 million more than it initially reported) as its estimate for the number of people potentially affected.
  • U.K. consumers unknown. Equifax said it is still determining the extent of the breach for U.K. consumers.
  • 8,000 potential Canadian victims (recently revised down from 100,000).
  • High profile Snr leaders to leave since the breach. Former CEO Richard Smith retired (Smith is reported to have banked a $90 million retirement golden handshake), the chief information officer and chief security officer have also “left”.
  • There are an unknown number of internal investigations taking place against board members (including its chief financial officer and general counsel), for selling stock after the breach’s discovery, but before its public disclosure.
  • The breach lasted from mid-May through July.
  • The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers.
  • They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people

Uber – The big story here wasn’t so much the actual breach, but the attempt to cover it up. The breach itself actually happened 2016. The hackers stole the personal data of 57 million Uber customers, and the Uber paid them $100,000 to cover it up. However, the incident wasn’t revealed to the public until this November, when the breach was made known by the new Uber CEO Dara Khosrowshahi.

Uber has felt the impact of the backlash for the cover-up globally and on varying scales. From the big guns in the US where three senators in the US introduced a bill that could make executives face jail time for knowingly covering up data breaches. Right through to the city of York in the UK where the city voted against renewing Uber’s licence on December 23 due to concerns about the data breach.

Deloitte – According to a report from the Guardian in September earlier this year, a Deloitte global email server was breached, giving the attackers access to emails to and from the company’s staff, not to mention customer information on some of the company’s most high-profile public and private sector clients. Although the breach was discovered in March 2017, it is thought that the hackers had been in the company’s systems since October or November 2016. During in this period, the hackers could have had access to information such as usernames, passwords, IP addresses and architectural design diagrams. Deloitte confirmed the breach, saying that the hack had taken place through an admin account and that only a few clients were impacted by the attack

Now if I covered even half of the high profile cyber-attack cases in detail this article would look more like a novel. Plus, as much as I love to spend my time delighting you my dear readers it is Christmas, which means I have bad tv to watch, family arguments to take part in and copious amounts of calories (alcohol) to consume and feel guilty about for the next 3 months. So, with that in mind let’s do a short recap of some of the other massive exploits and data breaches this past year:

  1. Wonga, the payday loan firm suffered a data breach which may have affected up to 245,000 customers in the UK.
  2. WannaCry and Bad Rabbit, these massive ransomware attack affected millions of computers around the world including the NHS.
  3. The NSA was breached by a group called The Shadow Brokers. They stole and leaked around 100GB of confidential information and hacking tools.
  4. WikiLeaks Vault 7 leak, WikiLeaks exposed the CIA’s secret documentation and user guides for hacking tools which targeting the Mac and Linux operating systems.
  5. Due to a vulnerability, Cloudflare unwittingly leaked customer data from Uber, OKCupid and 1Password.
  6. Bell Canada was threatened by hackers with the leak of 9 million customer records. When the company refused to pay, some of the information was published online.
  7. Other hacks include Verizon, Yahoo, and Virgin America, Instagram…it goes on.

So, all in all not a great year but looking on the bright side if you weren’t on the wrong end of a cyber-attack this year or even if you were, there are plenty of lessons that can be learnt from the attacks that took place and some easy wins you can get by doing the basics right. We’ll be exploring some of these with our newsletter in 2018 and delving into the timelines of some of the more high-profile attacks that took place to help our readers understand and deal with the attack if they’re ever unfortunate enough to be in that situation. But if you can’t wait that long and want some advice now please feel free to get in touch anytime

 

The Internet of Things – An interconnected world

Posted on : 30-10-2017 | By : jo.rose | In : Innovation, IoT, Uncategorized

Tags: , , , ,

0

Soon every device you own, and nearly every object you can imagine, will be connected to the Internet. Gartner estimate that 8.4Bn connected “things” will be in use this year, with estimates from various sources citing some 20Bn-30Bn by 2020.

Indeed, one of the difficult things about predicting the future growth in the internet connected devices is the unknown factor in terms of attempting to anticipate demand for devices that have largely not yet even been invented, let along commercialised.

At this point, even the strictest definitions of IoT remain fuzzy because companies are still working on the technologies and business cases. The pace of change is staggering, and so in reality making estimates is somewhat futile.

That said, whether it’s through your phone, wearable tech devices or everyday household objects, we will become connected in ways we can’t even imagine yet.

Many of us have dreamed of our daily life becoming less exhaustive and where our appliances carry out our requests automatically. The alarm sounds and the kettle or coffee machine starts the moment you want to begin your day. Lights come on as you walk through the house. Some unseen computing device responds to your voice commands to read your schedule and messages to you while you get ready, then turns on the TV news.  It lets you know about traffic or rail delays for your journey to work. Your car drives you via the least congested route, helped by video sensor-embedded stoplights adjusting their red and green lights according to the time of day,  freeing you up to get on top of your emails or prep for your meetings that day.

We’ve read and seen such things in science fiction for decades, but they’re now either already possible or on the brink of becoming so. And all this new tech is forming the basis of what people are calling the Internet of Things.

Changes are starting to take root in our cities as well. Better management of energy, water, transportation and safety are bringing people in closer touch with their surroundings and capturing our imaginations for urban bliss – a fully integrated, smart, sustainable city.

There are numerous IoT developments that are making smart cities a reality now, including;

  • Smart Parking – tracking of parking spaces availability in the city.
  • Structural health – Monitoring of vibrations and material conditions in buildings, bridges and historical monuments
  • Noise Urban Maps – Sound measuring in bar areas and centric zones in real time.
  • Traffic Congestion – Monitoring of vehicles and pedestrian levels to optimize driving and walking routes.
  • Smart Lighting – Intelligent and weather adaptive lighting in street lights.
  • Waste Management – Detection of rubbish levels in containers to optimize the trash collection routes.

We are also seeing dramatic increases in activity and innovation on the factory front.

An example of this is in York, Pennsylvania at the Harley-Davidson plant, where sensors linked to manufacturing execution systems are able to collect data and point to any methods that are inefficient and waste time while other sensors can tell when conditions such as air flow and moisture are best for painting and change them if necessary. These technologies may be expensive to adopt, but factories have seen results. Harley-Davidson has been able to make 25 percent more bikes with 30 percent fewer workers.

IoT is also having an impact on the farming industry  – John Deere tractors and machinery are installing sensors that collect data on air and soil temperature, wind speed, humidity, solar radiation and rainfall while smart watering systems save water by detecting leaks and watering only the most needed places in the fields. Sensors are being used to detect pests capable of destroying crops, which reduces the frequency and use of pesticides.

As you can imagine, life in ten years will look materially different from how it looks now as the pace of technology change accelerates, thanks in large part to the coming boom of the Internet of Things.

While these connected technologies take a huge financial investment from companies and from consumers purchasing smart products, the benefits of the “interconnectedness” of devices are seemingly endless.

The Internet of things continues to rapidly evolve and our everyday lives are along for the ride.