Tag: business continuity

Posted on by

IT Sustainability Think Tank: Environmental trends to redefine IT strategies in 2025

Sustainability is a critical driver for business growth. This is not just a response to consumer demand but also a strategic move to mitigate risks associated with environmental changes. For instance, changing weather patterns have already impacted over half of global businesses, prompting significant operational shifts.

Investors are also raising the bar. Companies with strong sustainability credentials are becoming more attractive, with these credentials often surpassing traditional metrics like productivity.

With this in mind, Gartner has identified nine environmental trends IT leaders need to get on the front foot of in order to redefine their IT strategies in 2025.

These trends are not just reactive measures but proactive strategies that offer competitive advantages.

Distributed energy resources (DERs)

Small-scale energy systems, such as solar panels and microgrids, are revolutionising power consumption. DERs reduce costs, alleviate grid congestion, and provide organisations with more control over energy sources. IT leaders should explore integrating DERs into operations, particularly for powering datacentres and edge computing sites.

Climate adaptation

The increasing frequency of extreme weather events necessitates robust climate adaptation strategies. Resilient infrastructure, predictive weather analytics, and other measures are essential for safeguarding operations and ensuring business continuity.

Resource-positive buildings

 Imagine buildings that generate more energy, water, or heat than they consume. Resource-positive designs are reshaping sustainable construction, with IT playing a crucial role through smart sensors, Internet of Things platforms, and real-time monitoring systems.

 Digitally enabled sustainability

 Digital tools such as analytics, artificial intelligence (AI), and automation are becoming indispensable for reducing environmental impacts. IT leaders can leverage predictive maintenance to optimise energy consumption and use AI-driven insights to identify inefficiencies across operations.

Circular economy models

The days of “take, make, waste” are over. Circular economy principles focus on extending product lifecycles through reuse, repair, and recycling. For IT, this means adopting modular hardware designs, refurbishing assets, and reducing e-waste.

Hidden greenhouse gas and emissions from waste

Unaccounted-for emissions from landfills are a silent contributor to climate change. IT leaders must track these emissions across supply chains and operations, implementing better waste management systems to address the issue.

Be prepared for course corrections on the path to net-zero

 Setting net-zero targets is easy – achieving them is another story. IT leaders must focus on practical, interim actions such as transitioning to renewable energy, tracking scope 3 emissions, and adopting carbon-offsetting technologies. Transparency is key to building stakeholder trust.

Environmental consequences of conflict

Geopolitical unrest exacerbates environmental challenges, from damaged infrastructure to displaced populations and biodiversity loss. Organisations must assess supply chain vulnerabilities and implement strategies to manage risks in volatile regions.

Space pollution

A growing concern, space debris from retired satellites and discarded rocket components threatens critical infrastructure, including communications networks. IT leaders should stay informed on this emerging issue and advocate for sustainable satellite technologies.

Ignoring these trends is not an option. From regulatory penalties to reputational damage, the risks of inaction are clear. IT leaders must take proactive steps to address environmental challenges and transform them into opportunities for growth and resilience.

This involves adopting resilient practices by building infrastructure and processes that can withstand environmental disruptions, as well as implementing systems to monitor and manage greenhouse gas emissions across operations.

Embracing circularity is another crucial strategy, which includes transitioning to modular, reusable IT assets and prioritising recycling initiatives to minimise waste.

Additionally, IT leaders should reduce dependency on centralised grids by leveraging localised energy solutions, such as distributed energy resources, to enhance operational efficiency and sustainability. By acting decisively and thinking innovatively, IT leaders can ensure their organisations remain competitive in the face of environmental challenges.

Looking ahead: a strategic necessity

The environmental challenges outlined here are not distant threats — they are immediate disruptors that demand urgent action. Every delay increases the risks of resource depletion, regulatory penalties, and reputational damage.

IT leaders have a pivotal role in shaping the response, not just by mitigating risks but by positioning their organisations as innovators in sustainability.

The question isn’t whether to act—it’s how quickly you can adapt to these realities. Organisations that proactively integrate these environmental trends into their IT strategies will not only safeguard their future but also unlock competitive advantages that propel them ahead of their peers.

Source

Posted on by

Where IT comes from: Pure Storage’s lean Czech assembly

As with Pure Storage’s research and development (R&D) efforts, its final product assembly also rests on a three-site system. Flash arrays put together at regional sites – two in Texas and one in Czechia – cater for regional demand. We visited its European assembly location in Pardubice, Czechia, to see how it works.

Pure occupies a small part of a site run by Taiwanese contract manufacturing giant Foxconn, which is Czechia’s second largest exporter after Skoda and employs 4,500 people in the country.

Its relationship with Pure stretches back 10 years at the Pardubice site, which is built in part of a former Tesla (the Czech electronics company) factory that dates to 1964. The facility covers a vast area devoted to Pure Storage FlashArray and FlashBlade assembly, of which 30 and four are produced per shift respectively. 

Pure’s Pardobice operation forms one third of its global assembly capacity, with arrays made to order on a lead time of less than two weeks from customer order to fulfilment. The plant also produces upgrade components for customers on the Evergreen subscription model, as well as replacement units. Ordinarily, it runs only one eight-hour shift, but can take up the slack from Pure’s other two facilities should the need arise, as part of its business continuity/disaster recovery provision, by running three shifts.

Components come in as sub-assemblies, such as controllers and power supplies, and components, such as central processing units and memory, from plants in Vietnam, Mexico and the US, by air. China is not on the supplier list, says Pure Storage supply chain manager Jiri Černy, or at least it won’t be soon.

“We’re working to have zero from China, because of the geo-political situation,” he says.

Production is “almost just-in-time”, says Černy, referring to the tight timescales used to deliver components directly to production. In Pure’s case, a larger warehouse on the Foxconn site – “thousands of pallets’ worth” – but some distance away holds stocks of parts that are delivered to the assembly area twice a shift, with two days’ worth held there. 

Work in the facility runs on lean manufacturing principles, and the kind of upstream-downstream information flows that implies. 

Six Sigma and lean are built-in to make sure we learn from mistakes,” says Černy. “It’s OK to make mistakes, but stupid to do it twice or three times.”

Loyal and valued staff

Shopfloor staff “are not skilled”, says Černy, but he is keen to emphasise they know the job well and are valued. And it’s an environment with strict controls on static electricity owing to the risk to damage to componentry.

“They are mostly women,” he says. “I think that’s good. They are sensitive. They know the value of the product. We have long retention periods – they’ve been here years – and are multi-level operators that know every [assembly] station.”

Six Sigma and lean are built-in to make sure we learn from mistakes. It’s OK to make mistakes, but stupid to do it twice or three times Jiri Černy, Pure Storage

“They’re even so experienced that they can work directly with the engineers and give good feedback,” adds Černy. 

Production is tightly monitored, with component and assembly barcodes tracked through their production lifecycle. Assembly staff work to instruction manuals viewed via on-bench monitors. Not because they don’t know their work well enough, but because it constantly changes as equipment configurations change due to feedback received from the field.

Each workstation is monitored by CCTV, not to keep an eye on staff, says Černy, but to provide evidence if damage or faults are discovered down the line.

“We can see who built what, and when, and whether anything went wrong, with processes monitored matched to parts serial numbers,” says Černy. “So, if something happens, we can say it is not at the Foxconn site. We’ve had cases where there has been damage and have proved it didn’t happen here.”

After assembly, arrays go through rigorous testing, for general base configuration (“vanilla”) and customer-specified configurations (“chocolate”). The plant runs a constant temperature of 24°C to mimic datacentre temperatures, while there are also 35°C “burn in” chambers where hardware is stress tested beyond temperatures normally encountered.

This happens to all FlashBlade arrays due to their higher performance levels, and the first 1,000 of any new configuration of an array.

At the end of the line, arrays are fully inspected and packaged for shipment to customers. 

That’s not the end of the story, however. As we’ve seen, testing of systems built to replicate customer setups can continue for years after at Pure’s R&D centres. Meanwhile, components and sub-assemblies are also refreshed for those that pay for Pure products via their Evergreen subscription model. All of which, arguably, contributes to lean principles in its operations.

Source

Posted on by

The most pressing challenges for CISOs and cyber security teams

The UK Ministry of Defence recently published its Global Strategic Trends report which sets out the developments that will shape the world over the next five years. These provide an insight into some of the challenges that CISOs and cyber security teams will face.

The first threat is that of global and regional political instability. As regional and global power competition intensifies, we may see growing authoritarianism and a decline in democracy. The capabilities of violent extremist organisations and organised crime groups to cause harm will increase. Access to data will become a key component of global power for both state and non-state actors, all of which will require greater vigilance from cyber teams.

The second area of concern comes from the expanding attack surface, The exponential reliance on data and connectivity across states, organisations, and individuals in an increasingly connected world will significantly expand the attack surface. With stretched resources from dealing with an ageing population and climate change, nation states may not be able to provide the increasing level of direct support needed for cyber defence operations.

A further trend driving cyber threats is the technological arms race. The increased reliance on data and connectivity, coupled with advances in Quantum and AI, will escalate the arms race between cyber exploiters and victims. This shift is already being seen in the rise of zero-day attacks. The National Cyber Security Centre (NCSC), in collaboration with cyber security agencies from the US, Australia, Canada, New Zealand, and others, identified that most of the top 15 vulnerabilities exploited in 2023 were initially targeted as zero-day attacks. This trend has continued into 2024, highlighting the evolving tactics of cyber adversaries and the increasing availability of advanced exploitation tools.

Pressing challenges for CISOs and security teams

Given these trends, the most pressing challenges for CISOs in the next five years will be related to the rise of AI, building a culture that fosters secure behaviours, the threats from insiders, data management and patching and monitoring, as well as the ongoing need for operational resilience.

The rise and risk of AI is increasing as adversaries weaponise AI for malicious purposes, using it to create undetectable malware, automate reconnaissance, and execute deepfake-based scams. Organisations are rapidly chasing the ‘AI dream’, looking at ways in which it can deliver significant business benefits and CISOs will need to make their voice heard at the planning stage to avoid security being seen as a secondary consideration.

Organisations invest heavily in protecting their digital systems, physical assets, and people from adversaries with software solutions to detect cyber threats, restrict access to buildings and safeguard sensitive employee information. However, up to 95% of security incidents typically result from human actions, whether through unintentional errors or intentional breaches. A technical solution alone is not going to keep the future organisation safe. To protect what matters most CISOs should look to leverage the power of their people by embedding the right security behaviours into organisational culture to create an effective first line of defence. A robust security culture ensures every individual within the organisation understands their role in maintaining security and takes proactive steps each day to enhance it. 

Insider threats, whether stemming from intentional actions by malicious employees and contractors or unintentional mistakes by negligent staff, remain a significant source of security breaches. These risks are further amplified by the rise of hybrid work models, which reduce organisational control over devices and network environments. These create additional vulnerabilities that security teams must address through more joined up approaches to physical and cyber security.

Data management and protection is ever more critical as there is more data and greater connectivity to manage. CISOs need to know what their critical data is, where it is located, who has access to it, how it flows, how it is protected, and where it is vulnerable. Understanding their own systems and their residual risks, as well as the risks to their data when it is in the hands of others, is crucial. CISOs also must have confidence in their supply chain and its ability to protect assets properly. Networks and data sources must be appropriately protected both in transit and at rest. Ransomware and phishing remain a persistent and evolving danger, with attacks becoming more targeted and destructive. Meanwhile, the advent of quantum computing poses a looming threat to traditional encryption methods, compelling organisations to prepare for a transition to post-quantum cryptographic standards.

The increasing use of effective zero-day exploits means that we need to stay on top of patching and monitoring, which itself will occur at a faster pace. CISOs must get smarter with protective monitoring so that they can identity suspicious system behaviour as early as possible. They should also make better use of AI and machine learning tools as they develop.

As all these threats increase, security teams will have to prioritise operational resilience so they can respond to natural disasters, geopolitical instability, and supply chain disruptions that can compromise infrastructure and data availability. The growing reliance on third-party vendors and services heightens the risk of supply chain attacks, exposing organisations to vulnerabilities that lie beyond their direct control. Ensuring rapid recovery and effective business continuity will increasingly become central to security strategies.

Many of these threats are not new but their number and impact is growing and it is clear that the task of the CIO is only going get harder in the next five years.

Source

Posted on by

Six trends that will define cyber through to 2030

Guessing the future is always a difficult task. Six trends for the next five years seem more apparent than others, and it will be interesting to re-read this article in 2029 to assess its accuracy. In the meantime, the six trends standing out as top priorities, in no particular order, are:

Preparing the post-quantum cryptographic migration, including raising top management awareness to provide sufficient resources.

There will be a need to identify where cryptography is used in the organisation, which can be found in several places, including libraries, the Internet of Things (IoT), communication protocols, storage systems, and databases. Prioritizing systems for the transition will be paramount, taking care to clearly identify your critical systems.

Choosing how to manage the transition will also be essential since it may hinder the organisation. More precisely, hybrid protocols, mixing classical and post-quantum cryptography, could be an interesting option to consider, since it allows your clients to migrate at their own pace.

Also, testing will be mandatory, while deploying a realistic test environment might be complex. Finally, the right migration time will be hard to establish, even if governments provide guidelines.

Finalising operational technologies (OT) oversight, improving their cyber resilience, and integrating them into existing cyber security operations.

This convergence started more than 10 years ago and is still ongoing. OT cyber security must include addressing human safety concerns and intensive collaboration with engineering.

The monitoring approach should rely on artificial intelligence (AI) to identify abnormal behaviour, from weak signals, to support advanced persistent threat hunting. Since some systems are legacy, they may lack the necessary features to directly collect the information needed. Encapsulating with an intermediate security system could be a viable solution.

A layered defence strategy and a movement toward a zero-trust architecture might help minimise the attack surface.

Improving cyber security fundamentals, including identity management and network micro-segmentation, and supporting zero-trust architecture while enabling automated threat response.

This leads to implementing robust identity and access management that enforces least-privilege principles and multi-factor authentication.

By integrating policy-based automation, access management becomes more dynamic, transparent and enforceable. Continuous monitoring and real-time analytics should be used to detect anomalies and unauthorised activities, including user behaviour, device posture and geolocation.

Learning how to conduct cyber security for artificial intelligence pipelines (AIOps) while constructing a business case for artificial intelligence-based cyber security, like zero-day attack detection.

This dual focus addresses the sharply increasing complexity of cyber threats and the pervasiveness of AI. As AI continues to revolutionise the landscape, international and domestic regulations are being defined and will become vital to ensure its compliance, resilience and trustworthiness.

Addressing increasing regulations to maintain global compliance, notably for privacy, critical infrastructure, and business continuity.

As stricter rules are adopted, like European Union’s (EU’s) General Data Protection Regulation (GDPR) and AI Act, California’s Consumer Privacy Act (CCPA) for privacy, as well as European Network and Information Systems Directive 2 (NIS2) and CISA guidelines in the United States for critical industries, and more specific requirements from the EU’s Digital Operational Resilience Act (DORA) for the financial industry, organisations need to contextualize these requirements and integrate them into their security posture.

Collaborating closely with third parties, including identifying their Software Bill of Materials (SBOM), and communicating any vulnerability along the supply chain. This will remain an important priority for security leaders as the global enterprise landscape becomes increasingly interconnected.

This should ensure a better understanding of the dependencies toward the third parties, and when an organisation becomes more mature, the broader interdependencies of their ecosystem.

In conclusion, while predicting the near future remains a challenging task, these six top priorities will play a pivotal role in organisational resilience.

As we look ahead, there seems to be a distant echo on the horizon. Let’s hope it is not your next threat!

Pierre-Martin Tardif is a member of the ISACA Emerging Trends Working Group. A longstanding IT and cyber security professional and educator, he is based in Quebec, Canada.

Source