Capgemini on cybersecurity: why entire organisations must be educated
Company and customer data is more important than ever before. According to IDC, 85 percent of consumers in Western European will defect from a business within the next 18 months because their personally identifiable information is impacted in a security breach. Additionally, the General Data Protection Regulation (GDPR) will come into effect in 2018, mandating that all organizations holding data on European citizens, regardless of where the company is based, must keep their systems secure or risk incurring an extensive fine of up to four percent of global turnover – a huge penalty for a business of any size.
For businesses, the incentive to stay secure is vast. So too are the sums poured into technology that is designed to keep data safe and secure. Yet the regularity with which we read of successful cyber-attacks reveals the scale of the challenge. Hackers are changing their tactics faster than most businesses can update their defenses. Connected infrastructure in industries as diverse as automotive, financial services and retail means an unprecedented number of potentially vulnerable points of attack. Cyber defense skills are in acutely short supply. Money is often invested in line with strategies that are misguided.
And yet, the greatest threat to an organisation is its own people. Even if a company has appropriate technology and a robust strategy, employees represent the most significant security vulnerability at any business.
A good analogy is the way you protect your home from a fire. An alarm protects you by alerting you to a blaze. However, the presence of the alarm doesn’t mean you should leave the oven on all night, or leave your hob unattended for hours. The alarm gives you a good layer of protection, but ultimately it’s your responsibility to take the appropriate steps to avoid burning down the house. The example mirrors a common approach to cybersecurity. You shouldn’t solely rely on a final warning system or layer of technological protection to keep your business safe.
But educating an entire organisation on the need to be vigilant, and how to be, is complex. Employees are already overwhelmed securing their personal online identities. Individuals in the UK need to remember an average of 22 separate passwords to secure their identity online, a constant juggling act that has resulted in a serious case of cybersecurity fatigue.
So what can organisations do to breathe new life into this exhausted issue?
As a starting point, businesses should look for inspiration at how they address security and authentication with their customers. There’s a growing understanding that success hinges on balancing security and user experience, and organisations are taking steps to simplify authentication processes for users. If your customers need a solution that simplifies security, why shouldn’t the same level of attention be paid to your employee experience?
Security leaders should strive to instill the same values that define the customer experience at an organisational level. By untangling the authentication process and making it more straightforward, business leaders can boost employee engagement with cybersecurity processes and begin to combat cybersecurity fatigue.
The principles of this employee experience can be found in a study from the US National Institute of Standards Technology (NIST), which uncovered an overwhelming amount of cybersecurity fatigue among North American workers. The report suggested businesses split their approach into three steps: limit the number of security decisions users need to make; make it simple for users to choose the right security action; and design for consistent decision making whenever possible.
One authentication method companies can roll-out that addresses all three of these points is a tool that provides each employee with a single digital user identity – one connected username and login method for every platform. For example, the business could introduce a single sign-on system that works in conjunction with a second factor authentication method unique to them – such as their work or personal mobile – that generates a unique sign-on key each time they need to log on.
By investing in methods that make it simpler for employees to prevent potential threats from the outset, alongside in a strong layer of digital defense, security leaders will build a more complete level of protection - something that will be required if the arrival of GDPR is not going to lead to an emergency fire drill for them.
By Mike Turner, Global Cybersecurity Business Leader at Capgemini
GfK and VMware: Innovating together on hybrid cloud
GfK has been the global leader in data and analytics for more than 85 years, supplying its clients with optimised decision inputs.
In its capacity as a strategic and technical partner, VMware has been walking GfK along its digital transformation path for over a decade.
“We are a demanding and singularly dynamic customer, which is why a close partnership with VMware is integral to the success of everyone involved,” said Joerg Hesselink, Global Head of Infrastructure, GfK IT Services.
Four years ago, the Nuremberg-based researcher expanded its on-premises infrastructure by introducing VMware vRealize Automation. In doing so, it laid a solid foundation, resulting in a self-service hybrid-cloud environment.
By expanding on the basis of VMware Cloud on AWS and VMware Cloud Foundation with vRealize Cloud Management, GfK has given itself a secure infrastructure and reliable operations by efficiently operating processes, policies, people and tools in both private and public cloud environments.
One important step for GfK involved migrating from multiple cloud providers to just a single one. The team chose VMware.
“VMware is the market leader for on-premises virtualisation and hybrid-cloud solutions, so it was only logical to tackle the next project for the future together,” says Hesselink.
Migration to the VMware-based environment was integrated into existing hardware simply and smoothly in April 2020. Going forward, GfK’s new hybrid cloud model will establish a harmonised core system complete with VMware Cloud on AWS, VMware Cloud Foundation with vRealize Cloud Management and a volume rising from an initial 500 VMs to a total of 4,000 VMs.
“We are modernising, protecting and scaling our applications with the world’s leading hybrid cloud solution: VMware Cloud on AWS, following VMware on Google Cloud Platform,” adds Hesselink.
The hybrid cloud-based infrastructure also empowers GfK to respond to new and future projects with astonishing agility: Resources can now be shifted quickly and easily from the private to the public cloud – without modifying the nature of interaction with the environment.
The gfknewron project is a good example – the company’s latest AI-powered product is based exclusively on public cloud technology. The consistency guaranteed by VMware Cloud on AWS eases the burden on both regular staff and the IT team. Better still, since the teams are already familiar with the VMware environment, the learning curve for upskilling is short.
One very important factor for the GfK was that VMware Cloud on AWS constituted an investment in future-proof technology that will stay relevant.
“The new cloud-based infrastructure comprising VMware Cloud on AWS and VMware Cloud Foundation forges a successful link between on-premises and cloud-based solutions,” says Hesselink. “That in turn enables GfK to efficiently develop its own modern applications and solutions.
“In market research, everything is data-driven. So, we need the best technological basis to efficiently process large volumes of data and consistently distill them into logical insights that genuinely benefit the client.
“We transform data and information into actionable knowledge that serves as a sustainable driver of business growth. VMware Cloud on AWS is an investment in a platform that helps us be well prepared for whatever the future may hold.”