Category: Blog

IT Supply Chain Attacks are Rising – What Steps Can You Take to Protect Your Interconnected Enterprise Systems | Blog

As enterprises have worked harder to protect their IT systems throughout COVID-19, saboteurs have gotten more aggressive in their attacks, going after a trusted piece of hardware or software and hijacking an entire supply chain. What steps can you take to prevent these full enterprise cyber assaults? Read on to learn more about why IT supply chain attacks are on the rise and how to take action.

The COVID-19 pandemic opened enterprises’ eyes to the need to secure their IT systems from malicious threat actors, cyberattacks, and ransomware. With a renewed vision on hardening security controls and perimeters, applying least privilege access controls, and transitioning to improved threat detection tools and technologies, the usual entry points for bad actors have become non-existent.

But threat actors haven’t gone away. With the easier routes shut down, they are now targeting entry points like third-party software and hardware that are beyond most enterprise’s scope and control.

If enterprises only needed to think about thwarting attacks by looking at the firewalls, endpoint security solutions, and Identity Access Management (IAM), the task would be much easier. But since enterprise systems are interconnected, the extended enterprise needs to be considered – and defended.

Understanding the supply chain attack ecosystem

A supply chain attack is defined as an attack that occurs when an attacker/malicious threat vector infiltrates the system through an outside partner or provider that has access to critical data and systems.

The key supply chain attacks can be classified across these six broad categories based on the nature of their origination in the software/hardware supply chain shown below:

Picture1 4

Why are supply chain attacks becoming lucrative?

While supply chain attacks have been prevalent for some time, they have been gaining tremendous traction, especially post-pandemic when vendors lost control and a view of key critical vulnerabilities in their existing products.

Among the key reasons for the prevalence of attacks are:

  • Economies of scale: It is important to understand that a supply chain attack is not directly targeted towards a particular organization. The goal is to infect source codes and legitimate apps/firmware and gain entry within an enterprise to potentially access all enterprises using it. With one placed intrusion, cybercriminals create a springboard to the network of suppliers’ customers. It is rewarding for attackers to have continuous access to new targets without investing in a new tool until the threat is revealed
  • Enterprise trust: Improvements in the enterprise security mechanisms have contributed to the increase in supply chain attacks. Enterprises have put strong defense mechanisms in place that cut off the easy routes to infections, thus pushing attackers to find different ways to infiltrate soft targets. Limited security awareness and non-implementation of security best practices have resulted in enterprises blindly trusting their vendors, third-party applications, and open-source codes. Attackers leverage this blind trust to make their way inside enterprises as this offers a path of least resistance
  • Hard to detect: Most of the supply chain attacks that we have heard of involve adding a backdoor to a legitimate certified software or firmware update that is nearly impossible to detect by existing tools and methodologies. Also, detection at the vendor’s end is difficult as they do not anticipate that the code could be targeted during the development stage. By the time the vendor detects an attack at the end of the cycle and quietly fixes it with their next update, the damage is already done

 Best practices to mitigate supply chain attacks

As with other cybersecurity attacks, the old saying, “The broader question now is not about if the organization will get hacked but when it will get hacked,” still holds. As supply chain attacks do not directly infiltrate the enterprise environment, detecting them brings many challenges for enterprises, especially smaller ones with limited awareness and investments.

Here are best practices enterprises can adopt that can potentially mitigate some of these attacks:

  • Understand the enterprise IT supply chain – The first step for any successful attack mitigation strategy should start with a comprehensive and holistic understanding of the supply chain. It should provide a view of the vendors, open-source projects, IT and cloud services, inventory of all third-party tools and services, and software dependencies hiding inside an organization and their security and licensing issues
  • Trust no one – Similar to the zero trust principles that urge enterprises not to trust but verify; enterprises should stop blindly trusting their third-party vendors. Enterprises need to understand that the severity and diversity of threats challenging them to apply equally to vendors as well. Any small error on the vendor’s part can be devastating for the enterprise not only in financial drains but also on the reputation and trust of stakeholders
  • Limit access to sensitive data – Enterprises must have a properly detailed mapping of data being shared with third-party systems, the privileged users, uses of the data, and key security controls. Limiting access to privileged resources, including access to core data, reduces the chances of the impact from attacks originating at the vendor’s end
  • Ensure vendor assessment and controls – When choosing vendors, enterprises need to conduct a detailed evaluation and due diligence of the existing cybersecurity framework and adjust accordingly what data needs to be shared, with whom, and the communication mechanism. Apart from rigorous assessments, enterprises should implement strong perimeter controls for vendor access such as multi-factor identification and network segmentation, and ensure that the access of data and systems is there until it is required
  • Focus on development pipeline risks – Developer workstations with rights to create, modify, and commit code have been key targets for attackers. Enterprises need to think about shifting the security left, securing their continuous integration and continuous delivery pipelines, and using Endpoint Detection and Response (EDR) to detect endpoint anomalies. By bringing security into the development lifecycle earlier, developers can detect and fix vulnerabilities, thereby ensuring that security is baked into the product rather than being a bolt-on
  • Protect from insider threats – Shadow IT has been a key cause of concern for most enterprises. Not only do enterprises lack a view of the unauthorized software and tools used by enterprises, but they also don’t have proper control mechanisms to check the usage. Employees also represent a significant insider threat to security and, as a result, targeted phishing or social engineering campaigns have become widespread. Thus, enterprises need to put in appropriate controls to mitigate the risk from insider threats
  • Plan your incident response – Taking initiatives to prevent supply chain attacks does not negate the possibility of them occurring. Threat actors can permeate enterprise systems through paths and backdoors that often get unnoticed and undetected, making it necessary for enterprises to also focus on response and remediation. By planning for the worst, enterprises can understand what is happening during a breach, how to engage with suppliers, and work together to mitigate the damage faster

Follow this space for more blogs on cybersecurity. Meanwhile, please feel free to reach out to [email protected] or [email protected] to share your experiences and ask any questions.

Infusing Diversity, Equity, and Inclusion (DE&I) into Talent Management Strategies: Why it Matters | Blog

While improving Diversity, Equity, and Inclusion (DE&I) has always been a goal for most HR managers, the events that erupted in 2020 called attention to the need for change in the workplace. Following the unending tragedies of racial injustice in America, now, more than ever, it is crucial for organizations to raise awareness and take the right steps toward achieving this. DE&I has become a mission-critical piece of any organization’s culture, HR policies, and efforts into modernizing the workplace. To learn more on how to create successful DE&I strategies, read on.

Defining DE&I

Let’s take a look at the key definitions of each of these terms:

Diversity – The presence of differences within a given setting

In a workplace, these could relate to race, gender, gender identity, age, religion, sexual orientation, ethnicity, nationality, socioeconomic status, physical ability, experience, or knowledge. It is a relational concept and shows up in the composition of teams and organizations. This does not refer to a person being diverse, but rather the company and its teams – it is about the “differences” between people within an ecosystem. Diversity is a much deeper concept than perceived and requires individuals to recognize that people are not a set of attributes and that everyone is unique in their own ways.

Equity – Promoting justice, impartiality, and fairness within any procedure, process, or distribution of resources by an organization or institution

Equity recognizes the differences within individuals and considers the needs of all while rebalancing structures and policies to account for disadvantages faced by minority groups – with an ultimate goal of creating fair access and advancement for all. A deep and clear understanding of the root causes of the disparity within a closed space is needed to truly remove equity issues.

One of the points of confusion when discussing equity is the term “equality,” which means that each individual or group of people are given the same resources and opportunities and assumed to take advantage of those. Equity recognizes the difference of circumstances, abilities, and opportunities, and helps an individual rise above this, and further allocates resources to help them reach an equal outcome.

Inclusion – An outcome to ensure those that are diverse feel and are welcomed, are given a voice and have a say

To an outsider looking in at the process, it may often seem as though an individual in an environment that respects diversity and follows equity is set up to feel included – but this is a misconception. These outcomes are only met when a team and/or company is truly inviting to all. It is a measure of how well individuals can participate and voice their opinions openly without being suppressed in the decision-making processes within an organization or group. It is essential to understand what can be done to make everyone feel valued and strive to design-related policies, processes, physical spaces, and products to feel included.

While diversity and inclusion are outcomes, equity is a process and is responsible for upholding the beliefs of diversity- and inclusion-related goals and actions.

Efforts and approach

DE&I often comes up in Everest Group’s discussions with clients on both sides. Enterprises are increasingly interested in improving DE&I practices within their firm. Several providers are also talking about how they are lending their expertise in this area through training, coaching, and leveraging technology to ensure they prevent implicit and explicit bias in the workplace.

Among the key reasons for enterprises to focus on DE&I initiatives are:

  • Larger talent pool: Enterprises driven to hire a variety of individuals from diverse backgrounds can access a wider and under-tapped talent pools
  • Higher employee engagement: DE&I plays a significant role in ensuring employee satisfaction, motivation, and productivity. Losing any of these three could hamper the business outcome of the company
  • Stronger company culture: Engaging with people who have different experiences makes everyone at the firm feel positive about their workplace and creates a sense of greater belonging
  • Greater innovation and creativity: Bringing together people from varied backgrounds promotes more product and service innovation delivered by a company, reinforcing the critical nature of DE&I
  • Better customer alignment: Marketing efforts that reflect the diverse backgrounds of the company’s workforce will help the business build deeper connections with customers and better understand their needs
  • Stronger employer branding: With the competitive talent market, it has become essential for enterprises to look at ways to improve DE&I to attract and retain top talent

How organizations are using DE&I tools  

While enterprises have some DE&I policies in place, it is important to take a more comprehensive approach to ensure these practices exist in the whole hire to retire sphere. To achieve this, vendors in the talent sourcing, management, and engagement space are developing use cases with DE&I as an underlying concept within the existing solutions.

The below exhibits showcases some of these use cases:

Talent sourcing Talent management/engagement
  • Assisting enterprises to develop DE&I supporting job descriptions
  • Partnering with diversity groups to build diverse talent pipelines/pools
  • Leveraging third-party tools such as blind recruitment software (integrated with CRM/ATS software) to anonymize applications and résumés to ensure an unbiased selection process, based only on the candidate’s experience and skills
  • Collecting internal data and developing dashboards to show diversity data in each step of recruitment. Accessing external data to show the talent supply-demand for diverse candidates in any region and their skills
  • Offering consulting and advisory to help enterprises reduce bias from their recruitment process by reprocessing. Conducting training for hiring managers and a diversity assessment of the current organization, followed with recommendations on improvements
  • Building dashboards and using salary benchmarking to understand compensation offered, compare pay equity between different groups of employees, and identify any disparity
  • Harnessing the power of chatbots and analytics, several employee engagement surveys and feedback tools help HR personnel understand the employee sentiments through active listening and deliver actionable insights to them to improve structural imbalances
  • Leveraging tools such as AI and ML to highlight and prevent any instances of unconscious bias, along with tracking such instances to further offer microlearning courses to the user. The ML model continues to learn through multiple instances and continuously improves the set of suggestions for the end-user
  • Using Artificial Intelligence (AI) assistant to present DE&I situations to employees for more proactive learning
  • Tracking key diversity metrics to help enterprises in succession planning, employee development, and performance management

 

Vision for the future  

DE&I in the workplace is an essential business practice that high-performing firms prioritize as crucial to building environments that help their incredible workforce thrive. It is on top of mind these days and will only grow in importance as companies continue to invest in their DE&I programs. Making meaningful efforts can truly benefit a firm’s growth.

To realize the full advantages of a DE&I program, enterprises need to clearly define their vision toward DE&I, develop strategic plans and a formalized framework, measure key metrics tracking the impact of the program developed based on employee feedback, and continue to improve.

How robust is your organization’s DE&I strategy? Share your thoughts with Rachita Mehrishi.

 

Choose Third-Party Service Providers Based On Relevance And Differentiation | Blog

When you evaluate potential third-party service providers, you want to assess them across dimensions that allow your company to take action. Which providers should you give more work to? Which ones should be strategic partners? There simply are too many variables to consider. At Everest Group, we considered this problem and found none of the traditional vectors to be completely satisfactory. We then pushed further to understand the dimensions a company should evaluate in this decision, and this blog explains the best technique.

Work from Home: 3 Underrated Impacts We Should be Talking About | Blog

When COVID-19 pushed millions around the world to work from home, little focus was given at the time of urgency to the longer-term impacts if the practice continued post-pandemic. Work from Home (WFH) is here to stay, but what effect is it truly having on the environment, society and families, and individuals? To learn more about the less obvious repercussions of this new work model, read on.

COVID-19 impetus   

COVID-19 accelerated a workplace experiment that had struggled to gain traction before the pandemic. As we emerge from the immediate crisis, global companies are increasingly clarifying their stance on the future of WFH.

Some are more bullish about sustaining a scaled WFH model than others. Many organizations are contemplating hybrid delivery models for the long term. Google CEO Sundar Pichai agrees on the importance of incorporating remote working. But other sectors such as the financial industry have a different take, with Goldman Sachs CEO David Solomon calling WFH “an aberration.”

While some organizations flourished during WFH with reported cost savings and productivity increases, others had issues below the surface as we previously reported in our blog post on Future of Work From Home in GBS Organizations – Separating Hype from Reality.

Impacts to pay attention to

The indelible impact of WFH on the environment, society and families, and individuals cannot be downplayed as it affects not only the current workforce but also future generations. Let’s take a look at how these three critical areas have been altered – both positively and negatively.

  • The environment

Transportation, especially business travel and commuting, plays an oversized role when we talk about the environmental impact of remote working models. The lack of commuting reduces fossil fuel usage, leading to reductions in greenhouse emissions, air pollution, and the Scope 3 carbon footprint. Another positive for the environment is the significant reduction of paper and plastic usage in offices.

On the other hand, as we previously reported, virtual meetings require large amounts of data that need greater power. This puts huge energy demands on data centers that power the internet and could partially offset the positives.

Other aspects are a mixed bag of positive and negative impacts. Before the pandemic, the lighting, cooling, or heating generally ran at all times in an office building. Individuals working at home will likely use less energy as they tend to be responsible about energy usage as the onus of power bills is on them.

However, one can argue that the power used by individual homes could be collectively higher than offices using well-designed zonal heating and cooling. Another impact to consider is that the WFH model could duplicate enabling equipment (such as external monitors, keyboards, and printers, etc.), which could offset the positives to some extent.

  • Society and families

 WFH has opened up employment opportunities for those who have challenges working in traditional environments, directly improving diversity and inclusivity in organizations and potentially reducing social inequalities in the long term.

Remote working, for example, has enabled organizations that have not yet made their workplaces accessible for people with disabilities to hire these individuals. It also has allowed companies to improve inclusivity by providing opportunities for individuals from disadvantaged backgrounds for whom office location and delivery models have been obstacles.

Further, WFH can help organizations retain workers who have young children they are caring for at home, as household responsibilities are more redistributed today and both partners play a greater role in upbringing children. The flexibility of work from home also can benefit employees in single-parent households in juggling competing priorities of work and child care.

WFH has also allowed employees living in expensive tier-1 cities to move to lower-cost areas and return to their hometowns, providing the benefits of more time with family and social circles along with cost savings. With the pandemic impacting older adults more severely, work from home has allowed adult children to provide much needed support.

On the other hand, remote working has led many people, particularly the marginalized, to feel excluded and left out. A majority of women have reported a negative impact of WFH due to increased household responsibilities and disruption of work-life balance attributed to traditional gender roles.

The social aspects of interacting at work with many different individuals also have been diminished, limiting the development of employee’s social skills and organizational culture. The virtual environment has made it more difficult for people from under-represented groups to be visible and have their voices heard.

Online networking in discussion groups and forums has been a positive social outlet but tends to favor employees with digital skills and an existing large network base.

Another challenge is the increasing numbers of individuals hired during the pandemic who have never met their colleagues in person. While companies are taking new initiatives to solidify peer connections and foster team collaboration with remote workforces, this is a difficult road that will need concerted, ongoing efforts.

  • Individuals

Of all the aspects addressed so far, the impact on an individual is, by far, the most understated. While employees found the WFH model flexible and enjoyable during its early days, most of them have now reported fatigue and tiredness with the model.

Employees feel a negative impact of remote working on their physical well-being, including weight gain and musculoskeletal problems. Those who walked or biked to their jobs or during breaks are no longer getting this exercise. Lockdowns also restricted other physical activities they may have done outside work. Using non-ergonomic furniture like sofas and beds to work also has had negative health consequences.

WFH has had a profound impact on the mental well-being of employees who have difficulties separating work-home boundaries and managing their workloads with irregular long hours. Microsoft CEO Satya Nadella has commented that online meetings can make employees tired as well as make the transition from work to private life hard, saying, “Work from home feels like sleeping at work.”

Employees are increasingly complaining of sluggish cognitive performance, commonly dubbed as “pandemic brain,” which arises from long periods in isolation. Increasingly, more employees are facing changes in sleep patterns, difficulty in stopping working, increased distractions, and greater work anxiety.

The negative impact of WFH varies across groups but seems to have disproportionately affected the disadvantaged, although a certain amount of this could be attributed to the pandemic and lockdown isolation.

The ability of each individual to cope with the changes has largely depended on the degree of their social and peer connections and support from their organizations. Employees of proactive organizations who have actively supported their mental health have adapted well to their new WFH environment, with improved performance and productivity.

Future of work  

While WFH has been a big success out of necessity, organizations need to adopt a pragmatic approach as they strategically re-think the future of work. WFH is not going away. We expect companies to use different variations and combinations to create their own version of a WFA – Work from Anywhere model.

By going beyond a mere tactical approach and getting their hybrid model right, organizations will realize the benefits that WFH can bring of higher productivity, optimized costs, a loyal and diversified workforce, and a stronger cultural fabric.

How are you dealing with these softer, yet unignorable, impacts of WFH? Reach out to [email protected], [email protected] or [email protected] to share perspectives.

CXM Market’s Dream Run – What’s Driving it and Will it Last? | Blog

During a global pandemic with a dire economic outlook, one surprising segment experienced its fastest growth in recent years – Customer Experience Management (CXM) services. Driven by increased demand for digital and other factors, this market seems to have long enough legs to extend into the coming years. But what’s behind this unexpected growth in CXM in an otherwise subdued economy, and will it last? For more on our analysis of this promising area, read on.

COVID-19 impact

As most major economies were shut down partially or almost completely in the first half of the year to contain the spread of the COVID-19 pandemic, businesses across the globe were adversely impacted in 2020. And while some industries such as high-tech or Fast Growth Tech (FGT) fared comparatively better than others like travel and hospitality, overall, the economy looked grim.

With such a dire economic outlook, it was largely assumed that the same would hold for the Customer Experience Management (CXM) services market, given the segment’s dependence on overall economic health for its growth. Gauged by the slow first half of the year, the downcast business outlook, and the huge challenge facing CXM service providers to shift to a Work from Home (WFH) model to continue running their businesses, Everest Group projected the market would shrink by 4-5 percent in 2020 compared to 2019.

Market stunner

However, in a complete reversal of early trends, the CXM market managed to grow at one of the highest paces in recent years, recording 3-5 percent growth in 2020 to stand at around US$90 billion. And it doesn’t look like growth is coming to an end for this sector, as the numbers reported by some of the largest publicly-listed CXM service providers in 2021 look robust and point towards an optimistic future for this market.

Picture1 3

This begs the question: Why hasn’t the CXM market been impacted as severely as was widely expected during the early phase of the pandemic spread? We see several underlying factors that have been at work. In our upcoming CXM State of the Market Report slated for release later this year, these factors will be explored in greater depth. Below we discuss some of the factors that contributed to the segment’s growth and raise questions that need to be addressed further.

The following factors are playing a role in CXM services growth:

  1. Increasing demand for digital: It is no secret that businesses have come to terms with the importance of digital Customer Experience (CX) after the events of 2020. They understand the need for digital CX, not only to create superior customer experience but also to ensure continuity of services in adverse times when traditional methods no longer work. Additionally, customers are increasingly leveraging digital channels to communicate with brands, further fueling the pace of change. Enterprises are exhibiting a new wave of urgency to adopt digital technologies such as automation, analytics, self-service technologies, and digital channels to better prepare for the future and reduce dependence on a human workforce. This new demand is helping the digital segment of the CXM market to post an annual growth of over 40 percent
    Picture2 2
  2. Exceptional performance by certain sectors of the market: While most traditional businesses were severely hit as businesses moved to an online model, those that were already strong in this space did well. Industries such as high-tech and FGT fared exceptionally, and their success also translated into more demand for CXM services from this industry
  3. Demand due to COVID-19 response: Even mature markets such as North America and Western Europe saw good growth in 2020 driven by demand for government support in these regions. The massive push to contain the spread of COVID-19 and to vaccinate the masses fueled demand for CXM services. Programs such as contact tracing and vaccination support are expected to drive new growth for CXM service providers. However, these demand drivers are expected to wind down once the pandemic is controlled and the vaccination programs cover a large portion of the population

 

Here are some of the issues we see that need further exploration:

  1. Is market consolidation hiding within the growth numbers? Given the challenges that 2020 posed around the changing business model, not everyone could thrive and survive in this market. The CXM services market has a very long tail with thousands, if not a magnitude more, of small service providers catering to enterprises globally. It is highly possible that a lot of these small (typically under 50 seats) providers were not prepared to handle the challenges thrown by the pandemic and saw their clients migrate to larger, more organized service providers. Given that a lot of these small players go untracked, a large part of this growth could well be just moving business from one player to another, which, in true essence, wouldn’t be actual growth. That said, it does not mean that the market did not see new growth at all. Based on our research, several providers have been successful in bringing new business to the table. While it may be difficult to determine full impact of the consolidation of smaller service providers on the overall market, our view is that the market is still experiencing net growth
  2. Is CXM growth being driven by new demand or a shift from in-house to outsourcing? With major economies globally under pressure, a lot of new demand for CXM services seems unlikely, barring, of course, certain sectors that were highlighted above.  A lot of the work that was previously being done internally through in-house centers could have moved to an outsourced model, given enterprises’ inability and inflexibility to adapt to new working models. Our research pegged the size of the total CXM services market (including in-house and outsourced) to be around US$350 billion at the end of 2019, with outsourcing accounting for ~25 percent of that spend. While a strong possibility exists that the overall CXM services spend declined in 2020 due to the challenging economic conditions, we believe the share of outsourcing is increasing, thus, resulting in net growth for the outsourced portion of the market

Positive outlook

Despite these factors, the long-term prospects for the CXM services market look favorable, especially with a heightened awareness around the need for superior CX to build differentiation in the market. This change will be hinged around digital CX, where most enterprises lack enough experience and require third-party support to execute the vision they have for their business. Along with green shoots of economic recovery emerging in several regions after a difficult year, service providers who possess CX capabilities have plenty of opportunities to look forward to.

Sharang Sharma, Practice Director: [email protected]

David Rickard, Vice President: [email protected]

Shirley Hung, Vice President: [email protected]

Managing Risks In Third-Party Services Is Changing | Blog

Digital transformation is accelerating as we come out of the COVID-19 pandemic, with more and more companies starting to achieve tangible and meaningful business results. Companies are also undertaking the grand adventure of implementing new operating models that offer better competitive positioning and a lower cost to serve. In addition, we now face an acute talent shortage, and companies must shift their focus away from controlling or cutting costs to instead focus on building an assured supply of the necessary talent. As a result, increasingly, focusing on risk is more important than focusing on profits.

Read more in my blog on Forbes

The Environment’s Calling: Sustainable Software Application Development is the Need of the Hour | Blog

An ever-increasing number of intelligent software solutions on the market is fueling the latest innovations in Artificial Intelligence (AI), digital technologies, and other essential applications, but these come with a real price to the environment. What impact is software development having on our carbon footprint, and how can it be mitigated?

Read on for the first in our blog series of Green Software Development, where we explore best practices that will help enterprises and developers limit their carbon footprint while building applications with a sustainability-first agenda.

Research shows that business use of software is on the rise, and the energy-intensive nature of its design and development is impacting the environment.

The number of software applications deployed by large firms across all industries worldwide has increased 68 percent over the past four years, according to an analysis by Okta Inc. cited in the Wall Street Journal. Recent findings hint that training a single AI model can emit as much carbon as five cars in their lifetimes.

As enterprises embrace the triple-bottom-line-framework of social, environmental, and financial impact, a better understanding of the impact of these digital transformation initiatives on our planet is needed to effectively address these crucial issues.

Hence, the concept of green computing becomes imperative, and greenness in software is emerging as a quality attribute.

Picture2 1 

Green software foundation

More firms than ever before are making commitments to be carbon neutral, or carbon negative as the world attempts to confront the critical carbon dilemma.

Accenture, GitHub, Microsoft, and ThoughtWorks are among the companies that have made commitments to help address the global climate crisis. They have come together to form the nonprofit Green Software Foundation to build a trusted ecosystem of people, standards, tooling, and leading practices for building green software.

The Green Software Foundation is a significant step for the software development industry to manage its carbon footprint and work towards reducing or eliminating it wherever possible. The graphic below illustrates the three pillars that form the basis of the foundation and its steering members:

Picture1 2

However, software relies on hardware to run. As power is physically supplied to machines, energy costs are naturally associated with hardware and are most visible in the data center where they increase costs significantly. While most existing research on green IT focuses on the energy efficiency of hardware, a greater focus is needed on the software development side.

Trends shaping green software development

We see the following three key trends being critical to shaping green software development going forward:

  • High-performance coding standards
  • Building self-adaptable solutions
  • Code reusability

High-performance coding standards:  Going forward, the focus should be on building carbon-efficient applications with the goal of achieving carbon-neutrality. Enterprises should aim to get the most value out of the application for every unit of carbon it is responsible for emitting into the environment.

However, we see a lot of overlap between making an application greener and also faster and cheaper. For existing applications, refactoring can be a very powerful strategy to eliminate useless code, paving the way for energy efficiency and carbon-aware applications.

For net-new application development, below are some key recommendations for green developers:

  1. Control flows within applications should be monitored and optimized. Energy is inefficiently used when an application repeats the same activity in a loop without achieving the intended results and uselessly consumes energy (e.g., polling an unreachable server)
  2. Data exchanged between software applications and/or databases (local or remote) can be optimized using data compression or data aggregation techniques. The energy impact from optimization like this can be crucial in data-intensive and Big Data applications
  3. Interaction with the hardware layer must be enhanced through code. With the increasing footprint of Internet of things (IoT) applications, this becomes crucial as the number of peripheral devices increases exponentially

 

Building self-adaptable solutions: By providing different configurations of the same application and activating them at varying times, a trade-off can be achieved between the features provided and the energy consumed. This is very similar to defining the eco-mode of operation for applications used for cars and appliances. Compared to refactoring, self-adaptation introduces a relevant set of changes to the software system and is more of an architectural concern.

Tools available in the market can be very useful to ensure enterprises are making energy-saving decisions from the start. For Android apps, Android Studio has a built-in energy profiler that estimates the energy consumption of the CPU, the network radio, and GPS sensors as well as showing the occurrence of different system events that may affect energy consumption. When developing iOS apps in XCode, a similar profiler can be used for debugging.

Newer application architectures – such as serverless computing or functions-as-a-service (FaaS) – enable even more control over capacity and, by extension, energy consumption.

Reusability of code: Reusing components of code and automating repetitive tasks can reduce the overall development time and, thereby, energy consumption. Reusable code components also come with the added advantage of being defect-free. This can shorten the application testing time and fix defects in the production environment, which, in turn, will have a net-positive environmental impact.

The emergence of a multitude of low-code/no-code platforms can further aid in this process. These platforms can deliver applications at ten times the speed compared to the traditional software development approach, which implies a direct 90 percent reduction in energy consumption per application development.

When combined with AI-assisted development, this can further the scope of reducing the global carbon footprint of applications. We expect that using AI for applications has the potential to boost global GDP by around 3-5% while also reducing the global greenhouse gas emissions by around 2-4% by 2030 relative to business-as-usual. Microsoft’s recent announcement introducing GitHub Copilot, which aims to make AI-assisted development the new norm, is a big stride in that direction.

Future outlook

As we gear up for an eco-friendly tomorrow, green software development is emerging as the next logical step for technology providers, software integrators, and other players in the value chain.

We can expect CIOs to push for more optimized energy consumption in their organizations. From an application development perspective, this can be realized through the ideal use of location services, timers, and notifications – optimizing media and images, and reducing the amount of data being transferred between the server and the app. It also will require enterprises to relook at gathering requirements and documenting design from a green development lens.

More research will be needed to measure the real-time carbon footprint at the code level. As a result, the definition of full-stack development will evolve from its current focus on website and database development to involve managing user behavior on how electricity is bought and sold on a grid in the future.

Going forward, participation from more and more enterprises in this green mission of building a sustainable future seems inevitable and essential.

In our next blog in this series, we will share a checklist enabling enterprises to adopt a greener approach to application modernization and maintenance, ensure green governance, and achieve a green quality index for applications.

To share your thoughts and discuss our research related to green software development, please reach out to [email protected] and [email protected]

LCLC not SDLC: Low-code Life Cycle Needs a Different Operating Model | Blog

Low-code platforms are here to stay because of the rapid application development and speed to market it enables. But why is no one taking the same “life cycle” view for low-code applications and workflows as typical software development? A new model of Low-code Development Life Cycle (LCLC or LC2) is needed for enterprises to realize the potential benefits and manage risks. Read on to deep dive into these issues in this latest blog continuing our coverage of low-code.   

Our market interactions suggest enterprises adopting low-code platforms to build simpler workflows or enterprise-grade applications are not thinking about life cycle principles. Though enterprises for ages have adopted Software Development Life Cycle (SDLC) to build applications, it is surprising no such initiatives exist for low-code applications.

As we previously discussed, low-code platforms, requiring little or no programming to build, are surging in adoption. We covered the key applications and workflows enterprises are focusing on in an earlier blog, The Future of Digital Transformation May Hinge on a Simpler Development Approach: Low Code.

Given its staying power in the market, it’s time to consider Low-code Development Life Cycle (LCLC or LC2).

Here are some recommendations on how LCLC can be structured and managed:

Rethink low-code engineering principles: Enterprises that have long relied on SDLC concepts will need to build newer engineering and operations principles for low-code applications. Enterprises generally take long-term bets on their architecture preferences, Agile methodologies, developer collaboration platform, DevOps pipeline, release management, and quality engineering.

Introducing a low-code platform changes most of this, and some of the typical SDLC may not be needed. For example, these platforms do not generally provide an Integrated Development Environment (IDE) and rely on “designing” rather than “building” applications. In SDLC, different developers can build their own code using their IDE, programming language, databases, and infrastructure of choice. They can check in their code, run smoke tests, integrate, and push to their Continuous Integration/Continuous Delivery pipeline.

However, for most low-code platforms, the entire process has to run on a single platform, making it nearly impossible to collaborate across two low-code platforms. Moreover, enterprises might be exposed to performance, compliance, and risk issues if these applications and workflows are built by citizen developers who are unaware of enterprise standards of coding. This also might increase the costs for quality assurance beyond budgeted amounts.

Even professional developers, who are well aware of enterprise standards while building code in an existing manner, may not know how to manage their LCLC. Many low-code platforms allow SDLC steps within their platform, such as requirement management. Therefore, all the collaboration will have to happen on the low-code platform. This creates a challenging situation requiring enterprises to have different collaboration platforms for low-code applications separate from the other standard tooling they have invested in (such as Teams, Slack, and other agile planning tools) – unless they are integrated through APIs, adding overhead and cost.

Also complicating issues is the desire by some developers to have the developer portal of these low-code platforms extend to their IDE. Most platforms prefer their own CI/CD pipelines, although they can also integrate with third-party tools enterprises have invested in.  A different mindset is needed to manage this increased technological complexity. Because low-code applications are difficult to scale for large data sets, some of the scaling imperatives enterprises have built for years will need to be rethought.

Manage lock-in: Most low-code platform vendors have a specific scripting language that generates the application and the workflow. Developers who are trained on Java, .net, Python, and similar languages do not plan to reskill to learn proprietary languages for so many different platforms. While enterprises are accustomed to multiple programming languages in their environment, they normally have selected some primary languages. Though low-code platforms do not extensively rely on developers coding applications, enterprises generally would want to know “under the hood” aspects around architecture, data models, integration layer, and other system elements.

Build governance: We previously covered how low-code platform proliferation will choke organizations that are blindly prioritizing the speed of software delivery. Therefore, governance is needed not only in the development life cycle but also to manage the proliferation of platforms within enterprises. Enterprises will need to closely watch the low-code spend from subscription and software perspectives. As low-code platforms support native API-based access to external platforms, enterprises will need to govern that spend, risk, and compliance (for example, looking at such issues as whether some third-party platforms are on the blacklist).

What should enterprises know?

Low-code platforms can provide enterprises with a potent platform. But, if not managed well, it can be risky. To manage the potential risks, enterprises need to be aware of these three considerations:

  • Understand vendor solutions and their history: Different vendors can have different views and visions around low-code based on their history around being led by API, Business Process Management (BPM), BigTech platform, or process automation. Most will need their run time engine/platform to be deployed to execute the application/low-code. Others may allow code to be run outside of their platform. Moreover, their capabilities around supporting aspects such as forms, process models, simple-data integration, application templates, and library components can significantly vary. CIOs need to understand these nuances
  • Require business and CIO collaboration: Businesses love low-code platforms as it allows rapid application development and shortens time to market. However, as the adoption scales, businesses will realize they cannot manage this low-code ecosystem on their own. Whether CIOs like it or not, the businesses will punt over their responsibility to the CIO organization. Therefore, CIOs need to proactively address this requirement. They will need a strong discovery model to take inventory of their low-code adoption, workflow, and applications that they are supporting
  • Assess the applications and workflows the low-code platform can support: Vendors normally claim they can build “complex” applications through their low-code platforms. However, this definition is not consistent and may not be as complex as vendors say. Enterprise-class applications need code standardization, libraries, documentation, security, recovery, and audit trails. Most of these platforms provide out-of-the-box or custom integration with other enterprise applications, project management, and other SDLC tools. CIOs need to evaluate the cost, performance, maintainability, and security aspect of these multi-point integrations

Expect M&A activity

Enterprises’ desires to drive digital transformation will make low-code proliferation a reality. Currently, most low-code vendors derive a small $100-500K revenue per client, indicating the focus is mostly on Small and Medium Business (SMB) segments or small line of business buying. As a result, we expect consolidation in this market with large vendors such as Salesforce, ServiceNow, and Microsoft furthering eating into small vendor’s share. Enterprises should keep a close watch on this M&A activity as it can completely change their low-code strategy, processes, and the business value they derive out of strategic investment into a low-code platform.

What has your low-code journey been like, and how are you using life cycle concepts? Please reach out to share your story with me at [email protected]

Deconstructing the Digital Assets Revolution – What Financial Institutions Can Learn from the Meteoric Rise of Coinbase | Blog

Digital assets have come a long way from only being Bitcoin to a complete array of increasingly used financial assets. Coinbase’s striking rise has demonstrated a growing acceptance for cryptocurrency that could stick with traditional investors. Is the future for digital currency real, and what obstacles do banks and financial institutions face to compete in this growing crypto market? Read on to learn more of our insights on the next-generation currency movement.  

Growing digital asset options

When Coinbase became the first major cryptocurrency start-up to go public on a U.S. stock market this April, the world started giving crypto more legitimacy and the company’s astronomical valuation has garnered great attention.

Along with the skyrocketing value of cryptocurrencies such as Bitcoins and Ethereum, Coinbase – the preferred platform for U.S. investors to purchase these assets – has grown ninefold over the past year. The investment trend over the past five years suggests that cryptocurrency valuation will cross US$24 trillion by 2027.

This rocketing rise can be attributed to increased interest by retail and institutional investors that started investing in Bitcoins and Altcoins as another option to falling interest rates across the world. Other crypto assets such as Non-Fungible Tokens (NFT) traded nine times in the first half of 2021.

Crypto assets have experienced great growth since their early days. Some of the new types (described below in Exhibit 1 and 2) have unique use cases and designs.

Exhibit 1

Picture1 1

Exhibit 2

Picture4

Investors paying attention

Improved technology and better financial services have fueled a remarkable demand in digital assets, especially by institutional investors, over the past 18 months.  Investor groups are getting involved in the market for various reasons, including:

  • Retail investors – improved personal finance management, easier payment and remittance services, and increased transparency offered by Distributed Ledger Technology (DLT) through openly verifiable and immutable transaction history databases
  • Institutional and High Net Worth (HNW) investors – lower operational costs, high reliability and security, faster transaction processing and almost real-time tracing of contracts and payments, and improved access to liquidity for fundraising

Technology firms partnering

As investor interest grows, several FinTechs and BigTechs are investing in technology and infrastructure to support digital assets. Google has partnered with exchange platforms Paxful and Coinbase to add crypto-based transactions on Google Pay. This also allows users to buy Bitcoins and pay using them. Similarly, leading banking software firms such as Temenos recently partnered with specialist digital asset and blockchain infrastructure player Taurus to help banks bridge the gap between traditional and digital assets.

Early access to data will give FinTechs and BigTechs an edge to better understand investor profiles, investment willingness, and funding goals of a large pool of clients. These larger investor groups are also nimble enough to partner with smaller FinTechs and InsurTechs to provide specialty services through a common digital platform.

Opportunities for banks

Since banks would need to cut through bureaucracy, change management challenges, and garner huge financial resources, it is not likely they will develop these technologies quickly enough for the market’s fast pace. However, we believe that increased participation from traditional financial institutions in managing digital assets will pave the way for digital assets in mainstream banking and payments systems as regulations improve.

Large financial institutions such as BNY Mellon recently invested in building a team of technology and business professionals to develop products and platforms that will allow customers to manage cryptocurrency alongside all their other assets. The custodian also received permission from regulatory bodies to offer crypto custodian services in February 2021.

Similarly, Singapore’s DBS Bank received approval earlier this year from the Monetary Authority of Singapore (MAS) to launch the DBS Digital Exchange for tokenized assets. Global banks such as Deutsche Bank are also building services such as institutional-grade hot and cold storage with insured protection for custody services. Huge potential exists to tap into business segments such as wealth management, estate services, financial planning, and asset services in crypto markets since the current penetration is very low.

To stay ahead of the curve, banks should follow this three-pronged strategy to build, partner, and acquire digital assets skillsets in the market:

  • Partner and collaborate: Traditional financial institutions will face several issues in developing
    in-house solutions to adopt new financial technologies, such as updating legacy systems and regularly innovating solutions offered to remain competitive in the market and keep up with global regulations. These institutions can partner with FinTechs specializing in developing and servicing such solutions at a global scale in a plug-and-play model
  • Build and develop: Large financial services firms are developing capabilities and skillsets to stay ahead of the competition in the crypto asset services market. Large Banking and Financial Services (BFS) firms such as Wells Fargo have introduced cryptocurrency funds focused on high net-worth individuals. Similarly, JP Morgan has already tested its stablecoin, JPM Coin, which has been pegged against the U.S. Dollar, and offers a solution to cross-border trade between banks and corporates over blockchain
  • Acquire and invest: Financial institutions can nurture and acquire FinTechs start-ups that are aligned with the future of financial technology. They can also directly acquire solutions already developed in the market to enhance their platforms in serving their customers with the latest technologies

 Exhibit 3

Picture3

Regulatory and other obstacles to overcome

While its potential is promising, banks still face many challenges around regulations, disaster management, private key recovery, insurance-backed custody, and systems for fraud prevention. The biggest roadblock for BFS firms is the lack of clarity of a regulatory framework around digital assets. The process of building a regulatory framework for digital assets will take several years and be iterative. In the interim, policies that are uncertain and not applicable to digital assets should be brought to the notice of regulators and industry bodies as they continuously evaluate policies and provide clarifications.

Banks and financial institutions also will need to make enormous investments in data and technology systems to manage the Risk and Compliance (R&C) around digital assets. Financial institutions will have to adopt a compliance-by-design approach to build platforms to manage the digital assets transactions and the associated mid- and back-office operations. This will require building new data and technology systems for R&C initiatives as no commercially off-the-shelf software in the market has matured enough to manage scaled compliance workflows and operations for digital assets.

For more insights on digital assets adoption, please read our detailed perspective in the report, Deconstructing the Digital Assets Revolution – What Financial Institutions Can Learn from the Meteoric Rise of Coinbase.

If you would like to share your observations or questions on the evolving digital assets landscape, please reach out to [email protected], [email protected], or [email protected].

Implications Of Bringing Employees Back To The Office | Blog

In my recent conversations with Fortune 500 CEOs and other senior leaders of large enterprises, some report their workforce is already starting to shift back to the office from the prior work-from-home model in place during the COVID-19 pandemic. Most state they want their workforce fully back in the office instead of working from home by September. As your company determines its upcoming model for where employees work, you need to keep in mind there are significant implications to the decision.

How can we engage?

Please let us know how we can help you on your journey.

Contact Us

  • Please review our Privacy Notice and check the box below to consent to the use of Personal Data that you provide.