Tuesday, March 9, 2021

Work from anywhere unlocks once-hidden productivity and creativity talent gems

Now that hybrid work models have been the norm for a year, what’s the long-term impact on worker productivity? Will the pandemic-induced shift to work from anywhere agility translate into increased employee benefits -- and better business outcomes -- over time?


The next BriefingsDirect workspace innovation discussion explores how a bellwether UK accounting services firm has shown how consistent, secure, and efficient digital work experiences lead to heightened team collaboration and creative new workflows.


Listen to the podcast. Find it on iTunes. Read a full transcript or download a copy.

To learn more about the ways that distributed work models fuel innovation, please welcome our guests, Chris Madden, Director of IT and Operations for Kreston Reeves, LLP in the UK, and Tim Minahan, Executive Vice President of Business Strategy and Chief Marketing Officer at Citrix. The discussion is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions.


Here are some excerpts:


Gardner: Tim, we’ve been in a work-from-anywhere mode for a year. Is this panning out as so productive and creative that people are considering making it a permanent feature of their businesses?


Minahan: Dana, if there’s one small iota of a silver lining in this global crisis we’ve all been going through together it’s that it has shone a light on the importance of flexible and remote work models.


Companies are now rethinking their workforce strategies and work models -- as well as the role the office will play in this new world of work. And employees are, too. They’re voting with their feet, moving out of high-cost, high-rent districts like San Francisco and New York because they realize they can not only do their work effectively remotely, but they can also be more productive and have a better work life.


A few data points that are important: This isn’t a temporary shift. The pandemic has opened folks’ eyes to what’s possible with remote work. In fact, in a recent Gartner study, 82 percent of executives surveyed plan to make remote work and flexible work a more permanent part of their workforce and cost-management strategies -- and it’s for very good business reasons.


As the pandemic has proven, this distributed work model can significantly lower real estate and IT costs. But more importantly, the companies that we talk to, the most forward-looking ones, are realizing that flexible work models make them more attractive as an employer. And that prompts them to rethink their staffing strategies because they have access to new pools of talent and in-demand skills of workers that live well beyond commuting distance to one of their work hubs.


Businesses work from anywhere

Such flexible work models can also advance other key corporate initiatives like sustainability and diversity, which are increasingly becoming board-level priorities at most companies. Those companies that remain laggards -- that are still somewhat reluctant to embrace remote work or flexible work as a more permanent part of their strategies -- may soon be forced to change as their employees look for more flexible work approaches.


We’ve heard about the mass exodus from some of those large metropolitan areas to more suburban – and even rural locales. At Citrix, our own research of thousands of workers and IT and business executives finds that more than three-quarters of workers now prefer to shift to a more remote and flexible work model -- even if it means taking a pay cut. And 80 percent of workers say that flexible work arrangements will be a top selection criterion when evaluating employers in the future.


Gardner: Chris, based on your experience at Kreston Reeves, do you agree that these changes to a more flexible and hybrid work location model are here to stay?

Companies Support Hybrid Work Models
Madden: I would. At Kreston Reeves, we are expecting to move permanently to a three- or two-days a week in an office with the remaining time working from home and away from the office. That’s for many of the reasons already covered, such as reduced commuter time, reduced commuting cost, more time at home with family, best work-life balance, and a lot better for the environment as well because of people travelling less and all those greenhouse gases not going up into the atmosphere.


Gardner: We certainly hear how there are benefits to the organization. But how about the end users, the customers? Have your experiences at Kreston Reeves led you to believe that you can maintain the quality of service to your customers and consumers?


Madden: It’s probably ultimately going to be a balance. I don’t think it will shift totally one way or go back to how it was. I think for our customers and clients, there are distinct advantages, depending on the type of work. There isn’t always a need to go and have a face-to-face meeting that can take a lot of time for people, time that they could spend elsewhere in their business.

Depending on the nature of the interactions, quite a lot will shift to video calling, which has become the norm overt the last year even as in the past people may have thought it impersonal.

Depending on the nature of the interactions, quite a lot will shift to video calling, which has become the norm over the last year even as in the past people may have thought it impersonal. So I think that will become a lot more accepted, and face-to-face meetings will be then kept for those meetings that really require everybody to sit down together.


Gardner: It sounds like we’re into a more fit-for-purpose approach. If it’s really necessary, that’s fine, we can do it. But if it’s not necessary, there are benefits to alleviating the pressure on people.


Tell us, Chris, about how your organization operates and how you reacted to the pandemic.


Madden: Yes, we began best part of 10 years ago, when we moved on to Citrix as the platform to distribute computer services to our users. Over the years, we have upgraded that and added on the remote-access solutions. And so, when it came to early 2020 and the pandemic, we were ready to take off. We could see where we were heading in terms of lockdowns and the pandemic, so we closed two or three of our offices -- just to see how the system coped.


It was designed to do that, but would it really work when we actually closed the offices and everybody worked from home? Well, it worked brilliantly, and was very easy to deal with. And then a few days after that, the UK government announced the first national lockdown and everybody had to work from home within a day.


From our point of view, it worked really well. The only wrinkles in the whole process were to get everybody the appropriate apps on their phones to make sure they could have remote access using multifactor authentication. But otherwise, it was very seamless; the system was designed to cope with everybody working from anywhere -- and it did.

Gardner: Chris, we often hear that there is a three-legged stool when it comes to supporting business process -- as in people, technology, and process. Did you find that any of those three was primary? What led you to succeed in making such as rapid transition when it comes to the three pillars?


A new world of flexible work

Madden: I think it’s all three of those things. The technology is the enabler, but the people need to be taken with you, and the processes have to adapt for new ways of working. I don’t think any one of those three would lead. You have to do all three together.


Gardner: Tim, how does Citrix enable organizations to keep all three of those plates in the air spinning, if you will, especially on that point about the right applications on the right device at the right time?

Employee Work Environments
Minahan: What’s clear in our research -- and what we’re seeing from our customers -- is that we’re accelerating to a new world of work. And it’s a more hybrid and flexible world where that employee experience become a key differentiator.


To the point Chris was making, success is going to go to those organizations that can deliver a consistent and secure work experience across any and all work channels -- all the Slacks, all of the apps, all the Teams, and in any work location.


Whether work needs to be done in the office, on the road, or at home, delivering that consistent and secure work experience -- so employees have secure and reliable access to all their work resources – needs to come together to service end customers regardless of where they’re at.


Kreston Reeves is not alone in what they have experienced. We’re seeing this across every industry. In addition to the change in work models, we are also seeing a rapid acceleration of their digitization efforts, whether it is in the financial services sector, or other areas such as retail and healthcare. They may have had plans to digitize their business, but over the past year they’ve out of necessity had to digitize their business.

Kreston Reeves is not alone in what they have experienced. We're seeing this across every industry. In addition to the change in work models, we are also seeing a rapid acceleration of digitization efforts. Over the past year out of necessity they have had to digitize their businesses.

For example, there’s the healthcare provider in your neck of the woods, up in the Boston area, Dana, that has seen a 27-times increase in monthly telemedicine visits. During the COVID crisis, they went from 9,000 virtual visits per month to over 250,000 per month -- and they don’t think they’re ever going to go back.


In the financial services sector, we hear consistently customers hiring thousands of new advisors and loan officers in order to handle the demand – all in a remote and digital environment. What’s so exciting, as I said earlier, is as companies begin to use these approaches as key enablers, it becomes a liberator for them to rethink their workforce strategies and reach for new skills and new talent that’s well beyond commuting distance to one of their work hubs.


It’s not just about, “Should Sam or Suzy come back and work in the office full time?” That’s a component of the equation. It’s not even about, “Do Sam and Suzy perform at their best even when they’re working at home?” It’s about, “Hey, what should our workforce look like? Can we now reach skills and talent that were previously inaccessible to us because we can empower them with a consistent work experience through a digital workspace strategy?”


Gardner: How about that, Chris? Have you been simply repaving work-in-the-office paths with a different type of work from home? Or are you reinventing and exploring new business processes and workflows as a result of the flexibility?


Remote work retains trust, security

Madden: There is much more willingness amongst businesses and the people working in businesses to move quickly with technology. We’re past being cautious. With the pandemic, and the pressure that that brings, people are more willing to move faster -- and be less concerned about understanding everything that they may want to know before embracing technology.


The other thing is with relationships with clients. There is a balance, to not go as far as some industries. Some never see their clients any longer because everything is done remotely, and everything is automated through apps and technology.


And the correct balance that we will be mindful of as we embrace remote working -- and as we have more virtual meetings with clients -- is that we still need to maintain the relationship of being a trusted advisor to the client -- rather than commoditizing our product.


Gardner: I suppose one of the benefits to the way the technology is designed is that you can turn the knobs. You can experiment with those relationships. Perhaps one client will require a certain value toward in-person and face-to-face engagements. Another might not. But the fact is the technology can accommodate that dynamic shift. It gives us, I think, some powerful tools.


Madden: Absolutely. The key is that for those clients who really want to embrace the modern world and do everything digitally, there is a solution. If a client would still like to be very traditional and have lots of invoices and things on paper and send those into their accountant, that, too, can be accommodated.


But it is about moving the industry forward over time. And so, gradually I can see that technology will become a bigger contributor to the overall service that we provide and will probably do the basic accountancy work, producing an end result that a human then looks at provides the answer back to the client.


Gardner: Now, of course, the materials that you’re dealing with are often quite sensitive and there are business regulations. How did the reaction of your workforce and your customer base come down on the issues of privacy, control, and security?


The clients trust that we will get it right and therefore look to us to provide the secure solution for them. So, for example, there are clients who have an awful lot of information to send us and cannot come into an office to hand over whatever that is.


We can get them new technologies that they haven’t used in the past such as Citrix ShareFile to share those documents with us securely and efficiently, but in a way that allow us to bring those documents into our systems and into the software we need to use to produce the accounts and the audits for the clients.


Gardner: Tim, you mentioned earlier that sometimes when people are forced into a shift in behavior, it’s liberating. Has that been the case with people’s perceptions around privacy and security as well?

Companies Support Hybrid Work Models

Minahan: If you’re going to provide a consistent and secure work experience, the other thing folks are beginning to see as they embrace hybrid and more distributed work models is that their security posture needs to evolve too. People aren’t all coming into the office every day to sit at their desk on the corporate network, which had much better-defined parameters and arguably was easier to secure.


Now, in a truly distributed work environment, you need to not only provide a digital workspace that gives employees access to all the work resources they need -- and that is not just their virtual desktops, but all of their software-as-a-service (SaaS) apps or web apps or mobile apps – it needs to be all in one unified experience that’s accessible across any location.

That is another dynamic we're seeing. Companies are accelerating their embrace of new more contextual zero trust access security models as they look forward to a post-pandemic world.

It also needs to be secure. It needs to be wrapped in a holistic and contextual security model that fosters not just zero trust access into that workspace, but ongoing monitoring and app protection to detect and proactively remediate any access anomalies, whether initiated by a user, a bot, or another app.


And so, that is another dynamic we’re seeing. Companies are accelerating their embrace of new more contextual zero trust access security models as they look forward to preparing themselves for how they’re going to operate in a post-pandemic world.


Gardner: Chris, I suppose another challenge has been the heterogeneity of the various apps and data across the platforms and sources that you’re managing. How has working with a digital Workspace environment helped you provide a singular view for your employees and end customers? How do workspace environments help mitigate what had been a long-term integration issue for IT consumption?


Madden: For us, whether we are working from home remotely or are in an office, we are consuming the same desktop with the same software and apps as if we were sitting in an office. It’s really exactly the same. From a colleague’s point of view, whether they are working from home in a pandemic or sitting in their office in Central London, they are getting exactly the same experience with exactly the same tools.


And so for them, it’s been a very easy transition. They’re not having to learn the technology and different ways to access things. They can focus instead on doing the client work and making sure that their home arrangement is sorted out.


Gardner: Tim, regardless of whether it’s a SaaS app, cloud app, on-premises data -- as long as that workspace is mobile and flexible -- the complexity is hidden?


Workspace unifies and simplifies tasks

Minahan: Well, there is another challenge that the pandemic has shone a light on, which is this dirty little secret of the business world. And that is our work environment is too complex. For the past 30 years, we’ve been giving employees access to new applications and devices. And more recently, chat and collaboration tools -- all with the intent to help get work done.


While on an independent basis, each of these tools adds value and efficiency, collectively they’ve created a highly fragmented and complex work environment that oftentimes interrupts, distracts, and stresses out employees. It keeps them possibly from getting their actual work done.


Just to give you a sense, with some real statistics: On any given workday, the typical employee uses more than 30 critical apps to get their work done, oftentimes needing to navigate four or more just to complete a single business process. They spend more than 20 percent of their time searching across all of these apps and all of these collaboration channels to find the information they need to make decisions to do their jobs.

Employee Work Environments

To make matters worse, now we’ve empowered these apps and these communication and collaboration channels. They’re all vying for our attention throughout the day, shouting at us about things we need to get done, and oftentimes distracting us from our core work. By some estimates, all of these notifications, chats, texts, and other disruptions interrupt us from our core work about every two minutes. That means the typical employee gets interrupted and forced to switch context between apps, emails, and other chat channels more than 350 times each day. Not surprisingly, what we are seeing is a huge productivity gap -- and it is turning our top talent into task rabbits.


As companies think through this next phase of work, how do they provide a consistent and secure work experience and a digital workspace environment for employees no matter where they’re working? It not only be needs to be unified -- giving them access to everything they need and security, ensuring that corporate information, applications, and networks remain secure no matter where employees are doing the work -- but it also needs to be intelligent.


Leveraging intelligent capabilities such as machine learning (ML), artificial intelligence (AI) assistance, bots, and micro apps personalize and simplify work execution. It’s what I call adding an experience layer between an employee and their work resources. This simplifies their interactions and work execution across all of the enterprise apps, content, and other resources so employees are not overwhelmed and can perform at their best no matter where work needs to get done.


Gardner: Chris, are you interested in elevating people from task rabbits to a higher order of value to the business and their end users and customers? And is the digital environment and workplace a part of that?


Madden: Absolutely. There are lots of processes, many firms, and across multiple campuses. They have grown up over the years and they’ve always been done that way. This is a perfect time to reappraise how we do those things smarter digitally using some robotic process automation (RPA) tools and AI to take a lot of the rework and data from one system into another to produce the end result for the client.

We want to free up our people to do more value-added work -- and it would be more interesting work for those people. It will give a better quality role for people, which will help us to attract better talent.

There is a lot of that on our radar for the coming year or two. We want to free our people up to do more value-added work -- and it would be more interesting work for those people. It will give a better quality of role for people, which will help us to attract better talent. And given the fact that people now have a taste of a different work-life balance, there will be a lot of pressure on new recruits to our business to continue with that.


Gardner: Chris, now that your organization has been at this for a year -- really thrust into much more remote flexible work habits -- were there any unexpected and positive spins? Things that you didn’t anticipate, but you could only find out with 20-20 hindsight?


Virtual increases overall efficiency

Madden: Yes. One is the speed at which our clients were happy to switch to video meetings and virtual audits. Previously, on audits, we would send a team of people to a client’s premises and they would look through the paperwork, look at the stock in a warehouse, et cetera, and perform the audit physically. We were able to move quickly to doing that virtually.


For example, if we’re looking in a warehouse to check that a certain amount of stock is actually present, we can now do that by a video call and walk around the warehouse and explain what we’re looking for and see that on the screen and say, “Yes, okay, we know that that stock is actually available.” It was a really big shift in mindset for our regulators, for ourselves, and for our clients, which is a great positive because it means that we can become much more efficient going forward.


The other one that sticks out in my mind is the efficiency of our people. When you’re at home, focusing on the work and without the distractions of an office, the noise, and the conversations, people are generally more efficient. There is still the need for a balance because we don’t want everybody just sitting at home in silence staring at a screen. We miss out on some of the richness of business relationships and conversations with colleagues, but it was interesting how productivity generally increased during the lockdown.


Gardner: Tim, is that what you’re finding more generally around the globe among the Citrix installed base, that productivity has been on the uptick even after a 20- or 30-year period where, in many respects and measurements, productivity has been flat?


Minahan: Yes, that is a trend we have been seeing for decades. Despite the introduction of more technology, employee productivity continued to trend down, ironically, until the pandemic. We talked with employees, executives, and through our own research and it shows that more than 80 percent of employees feel that they’re as, if not more, productive when working from home -- for a lot of the reasons that Chris mentions. What they’ve seen at Kreston Reeves has continued to be sustained.


It’s introduced the need for more collaborative work management tools in the work environment in order to foster and facilitate that higher level of engagement and that more efficient execution that we mentioned earlier. But overall, whether it’s the capability to avoid the lengthy commute or the ability to avoid distractions, employees are indeed seeing themselves as more productive.


In fact, we’re seeing a lot of customers now talk about how they need to rethink the very role of the office. Where it’s not just a place where people come to punch their virtual time cards, but is a place that’s more purpose-built for when you need to get together with a client or with other teammates to foster collaboration. You still keep the flexibility to work remotely to focus on innovation, creativity, and work execution that oftentimes, as Chris indicated, can be distracting or difficult to achieve strictly in an office environment.


Gardner: Chris, what’s interesting to me about your business is you’re in a relationship with so many client companies. And you were forced to go digital very rapidly -- but so were they. Is there a digital transformation accelerant at work here? Because they all had to go digital at the same is there a network effect?


Because your customers have gone digital, Chris, could you then be better digital providers in your relationships together?


Collaborative communication

Madden: To an extent. It depends on the type of client industry that they’re in. In the UK, certain industries have been shut for a long time and therefore, they are not moving digitally. They are just stuck waiting until they are able to reopen. In the meantime, there’s probably very little going on in those businesses.


Those businesses that are open and working are very much embracing modern technology. So, one of the things that we’ve done for our audit clients, particularly, is providing different ways in which they can communicate with us. Previously, we probably had a straightforward, one-way approach. Now, we are giving clients three or four different ways they can communicate and collaborate with us, which helps everybody and moves things along a lot more quickly.


It is going to be interesting post-pandemic. Will people intrinsically go back to what they were always doing? Will what drove us forward keep us creating and becoming more digital or will the instinct be to go back to how it was because that’s how people are more comfortable?


Gardner: Yes, it will be interesting to see if there’s an advantage for those who embrace digital methods more and whether that causes a competitive advantage that the other organizations will have to react to. So we’re in for an interesting ride for a few more years yet.


Listen to the podcast. Find it on iTunes. Read a full transcript or download a copy. Sponsor: Citrix.

You may also be interested in:



Thursday, March 4, 2021

How to gain advanced cyber resilience and recovery across the IT ops and SecOps divide


Cyber attacks are on the rise, harming brands and supply chains while fomenting consumer and employee distrust -- as well as leading to costly interruptions and service blackouts.

At the same time, more remote workers and extended-enterprise processes due to the pandemic demand higher levels of security across all kinds of business workflows.

Stay with us now as the next BriefingsDirect discussion explores why comprehensive cloud security solutions need to go beyond on-premises threat detection and remediation to significantly strengthen extended digital business workflows.

Listen to the podcast. Find it on iTunes. Read a full transcript or download a copy.

To learn more about ways to shrink the attack surface and dynamically isolate process security breaches, please join Karl Klaessig, Director of Product Marketing for Security Operations, at ServiceNow, and E.G. Pearson, Security Architect at Unisys. The discussion is moderated by Dana Gardner, Principal Analyst at Interarbor Solution.

Here are some excerpts:

Gardner: Karl, why are digital workflows so essential now for modern enterprises, and why are better security solutions needed to strengthen digital businesses?

Klaessig: Dana, you touched on cyber attacks being on the rise. It’s a really scary time if you think about MGM Resorts and some of the really big attacks in 2020 that took us all by surprise. And 23 percent of consumers have had their email or social media accounts hacked, taken over, or used. These are all huge threats to our everyday life as businesses and consumers.

And when we look at so many of us now working from home, this huge new attack surface space is going to continue. In a recent Gartner chief financial officer (CFO) survey, 74 percent of companies have the intent to shift employees to work from home (WFH) permanently.

These are huge numbers indicating a mad dash to build and scale remote worker infrastructures. At the end of the day, the teams that E.G. and I represent, as vendors, we strive hard to support these businesses as they seek to scale and address an explosive impact for cyber resilience and cyber operations in their enterprises.

Gardner: E.G., we have these new, rapidly evolving adoption patterns around extended digital businesses and workflows. Do the IT and security personnel, who perhaps cut their teeth in legacy security requirements, need to think differently? Do they have different security requirements now?

IT security requirements rise

Pearson: As someone who did cut their teeth in the legacy parts, I say, “Yes,” because things are new. Things are different.

The legacy IT world was all about protecting what they know about, and it’s hard to change. The new world is all about automation, right? It impacts everything we want to do and everything that we can do. Why wouldn’t we try to make our jobs as simple and easy as possible?

When I first got into IT, one of my friends told me that the easiest thing you can do is script everything that you possibly can, just to make your life simpler. Nowadays, with the way digital workflows are going, it’s not just automating the simple things -- now we’re able to easily to automate the complex ones, too. We’re making it so anybody can jump in and get this automation going as quickly as possible.

Gardner: Karl, now that we’re dealing with extended digital workflows and expanded workplaces, how has the security challenge changed? What are we up against?

Klaessig: The security challenge has changed dramatically. What’s the impact of Internet of things (IoT) and edge computing? We’ve essentially created a much larger attack surface area, right?

What’s changed in a very positive way is that this expanded surface has driven automation and the capability to not only secure workflows but to collaborate on those workflows.

We have to have the capability to quickly detect, respond, and remediate. Let’s be honest, we need automated security for all of the remote solutions now being utilized – virtually overnight – by hundreds of thousands of people. Automation is going to be the driver. It’s what’s really rises to the top to help in this.

Gardner: E.G., one of the good things with the modern IT landscape is that we can do remote access for security in ways that we couldn’t before. So, for IoT, as Karl mentioned, we’re talking about branch offices -- not just sensors or machines.

We increasingly have a very distributed environment, and we can get in there with our security teams in a virtual sense. We have automation, but we also have the virtual capability to reach just about everywhere.

Pearson: Nowadays, IoT is huge. Operational technology (OT) is huge. Data is huge. Take your pick, it’s all massive in scope nowadays. Branch offices? Nowadays, all of us are our own branch office sitting at our homes.

Now, everybody is a field employee. The world changed overnight. And the biggest concern is how do we protect every branch office and every individual who’s out there? It used to be simpler, you used to create a site-to-site virtual private network (VPN) or you had communications that could be easily taken care of.

Everybody is now a field employee. The world changed overnight. And the biggest concern is how do we protect every branch office and every individual who's out there? The world is different.

Now the communication is open to everybody because your kids want to watch Disney in the living room while you’re trying to work in your office while your wife is doing work for her job three rooms down. The world is different.

The networks that we have to work through are different. Now, instead of trying to protect an all-encompassing environment, it’s about moving to more individual or granular levels of security, of protecting individual endpoints or systems.

I now have smart thermostats and a smart doorbell. I don’t want anybody attaching to those. I don’t need somebody talking to my kids through those things. In the same vein, I don’t need somebody attaching to my company’s OT environment and doing something silly inside of there. So, in my opinion, it’s less about the overarching IT environment, and more about how to protect the individuals.

Gardner: To protect all of those vulnerable individuals then, what are the new solutions? How are the Unisys Stealth and ServiceNow Platform coming together to help solve these issues?

Collaborate to protect individuals

Klaessig: Well, there are a couple of areas I’ll touch on. One is that Unisys has an uncanny capability to do isolation and initially contain a breach or threat. That is absolutely paramount for our customers. We need to get a very quick handle on how to investigate and respond. Our teams are all struggling to scale faster and faster with higher volume. So, every minute bought is a huge minute gained. Right out of the gate, between Unisys and ServiceNow, that buys us time -- and every second counts. It’s invaluable.

Another thing that's driving our solutions are the better ties between IT and security; there’s much more collaboration. For a long time they tended to be in separate towers, so to speak. But the codependences and collaborative drivers between Unisys and ServiceNow mean that those groups are so much more effective. The IT and security teams collaborate thanks to the things we do in the workloads and the automation between both of our solutions. It becomes extremely efficient and effective.

Gardner: E.G., why is your technology, Unisys Stealth for Dynamic Isolation a good fit with ServiceNow? Why is that a powerful part of this automation drive?

Pearson: The nice part about dynamic isolation is it’s just a piece of what we can do as a whole with Unisys Stealth. Our Stealth core product is doing identity-based microsegmentation. And, by nature, it flows into software-defined networking, and it's based on a zero trust model.

The reason that's important is, in software-defined networking, we're gathering tons of information about what's happening across your network. So, in addition to what’s happening at the perimeter with firewalls, you are able to get really good, granular information about what's happening inside of your environment, too.

We're able to gather that and send all of that fantastic information over the ServiceNow Platform to your source, whatever it may be. ServiceNow is a fantastic jumping point for us to be able to get all that information into what would have been separate systems. Now they can all talk together through the ServiceNow Platform.

Klaessig: To add to that, this partnership solves the issues around security data volume so you can prioritize accurately because you’re not inundated. E.G. just described the perfect scenario, which is that the right data gets into the right solution to enable effective assessment and understanding to make prioritizations on threat responses and threat actions based on business impact.

That huge but managed amount of data that comes in is invaluable. It’s what drives everything to get to prioritizing the right incidents.

Gardner: The way you're describing how the solutions work together, it sounds like the IT people can get better awareness about security priorities. And the security people can perhaps get insights into making sure that the business-wide processes remain safe.

Critical care for large communities

Klaessig: You’re absolutely right because the continuous threat prioritization and breach protection means that the protective measures have to go through both IT and security. That collaboration and automation enables not just the operational resilience that IT is driving for, but also the cyber resilience that the security teams want. It is a handshake.

That shared data and workloads are part of security but they reflect actual IT processes, and vice versa. It makes both more effective.  

Gardner: E.G., anything more to offer on this idea of roles, automation, and how your products come together?

Pearson: I wholeheartedly agree with Karl. IT and security can’t be siloed anymore. They can't be separate organizations.

IT relies on what security operations puts in play, and security operations can't do anything unless IT mitigates what security finds. So they can't act individually any more. Otherwise, it's like telling a football player to lace up their ice skates and go score a couple of goals.

IT relies on what security operations puts in play, and security operations can't do anything unless IT mitigates what security finds. So they can’t act individually any more. Otherwise, it’s like telling a football player to lace up their ice skates and go score a couple of goals.

Gardner: As we use microsegmentation and zero trust to attend to individual devices and users, can we provide a safer environment for sets of users or applications?

Pearson: Yes, we have to do this in smaller and smaller groups. It’s about being able to understand what those communities need and how to dynamically protect them. 

As we adjust to the pandemic and the humungous security breaches like we found at the end of 2020, protecting large communities can't be done as easily. It’s so much easier to break those down into smaller chunks that can be best protected.

Klaessig: It’s also around protecting best based on the applications. I think that has a big impact because you can say, “Hey, these are the applications critical for our customers and our organization.”  Therefore, anyone who has access to those, we monitor that much more closely, or they are automatically prioritized at the top of the queue if there's an incident.

We can group things out based on use and the impact to the business. And again, this all contributes to the prioritization and the response when we coordinate between the two solutions, Unisys and ServiceNow.

Gardner: So it’s an identity-driven model but on steroids. It's not just individual people. It's critical groups.

Klaessig: Well said.

Pearson: Yes.

Gardner: How can people consume this, whether you’re in IT, security personnel, or even an end user? If you're trying to protect yourself, how do you avail yourself of what ServiceNow and Unisys have put together?

Speed for bad-to-worse scenarios

Klaessig: The key is we target enterprises. That's where we work together and that's where ServiceNow workflows go. But to your point, nowadays I'm essentially a lone, solo office person, right? With that in mind, we need to remember those new best practices.

The appropriate workflows and processes within our collective solutions must reflect the actual individual users and processes. It goes back to our comments a couple of minutes ago, which is what do you use most? How often do you use it? When do you use it, and how critical is it? Also, who else is involved?

That’s something we haven’t touched on up until now -- who else will be impacted? At the end of the day, what is the impact? In other words, if someone just had a credential stolen, I need the quick isolation from Unisys based on the areas of IT impacted. I can do that in ServiceNow, and then the appropriate response puts a workflow out and it’s automated into IT and security. That’s critical. And that’s the starting point for the other processes and workflows.

Gardner: We now need to consider what happens when you inevitably face some security issues. How does the ServiceNow Security Incident Response Platform and Unisys Stealth come together to help isolate, reduce, and stifle a threat rapidly?

Pearson: The reason such speed is important is that many of you all have already been impacted by ransomware. How many of you all have actually seen what ransomware will do if left unchecked for even just 30 minutes inside of a network? It’s horrible. That to me, that is your biggest need.

Whether it is just a regular end-user or if it’s a full-scale, enterprise-level-type workflow, speed is a huge reason that we need a solution to work and to work well. You have to be fast to keep bad things from going really, really wrong.

One of the biggest reasons we have come together with Stealth doing microsegmentation and building small communities and protecting them is to watch the flow of what happens with whom across ports and protocols because it is identity based. Who’s trying to access certain systems? We’re able to watch those things.

As we’re seeing that information, we’re able to say if something bad is happening on a specific system. We’re able to show that weird or bad traffic flow is occurring, send that to ServiceNow and allow the automated operations to protect an end point or a server.

Because the process is automated, it brings the response down to less than 10 seconds, using automated workflows within ServiceNow. With dynamic isolation, we’re able to isolate that specific system and cut if off from doing anything else bad within a larger network.

That’s huge. That gives us the capability to take on something fast that could bring down an entire system. I have seen ransomware go 30 minutes unchecked, and it will completely ravage an entire file server, which brings down an entire company for three days until everything can be brought back up from the backups. Nobody has time for that. Nobody has time for the 30 minutes it took to do something silly to cost you three days of extra work, not to mention what else may come from that.

With our combined capabilities, Unisys Stealth provides the information we’re able send to the ServiceNow platform to have protection put in place to isolate and start to remediate within 10 seconds. That’s best for everybody because 10 seconds worth of damage is a whole lot easier to mitigate than 30 minutes’ worth.

Klaessig: Really well-said, E.G.

Gardner: I can see why 2+2=6 when it comes to putting your solutions together. ServiceNow gets the information from Stealth that something is wrong, but then you could put the best of what you do together to work.

Resolve to scale with automation

Klaessig: We do. And this leads us to do even more automation. How can you get to that discovery point faster, and what does that mean to resolve the problem?

And there’s another angle to this. Our listeners and readers are probably saying, “I know we need to respond quickly, and, yes, you’re enabling me to do so. And, yes, you’re enabling me to isolate and do some orchestration that ties things up to buy me time. But how do I scale the teams that are already buried beyond belief today to go ahead and address that?”

That’s a bit overwhelming. And here’s another added wrinkle. E.G. mentioned ransomware, and the scary part is in 2020 ransomware was paid 50 percent of the time versus one-third of the time in 2019. Even putting aside the pandemic and natural disasters, this is what our teams our facing.

It again goes back to what you heard E.G. and I touch on, which is automation of security and IT is what’s critical here. Not only can you respond consistently quicker, but you’ll be able to scale your teams and skills -- and that’s where the automation further kicks in.

Businesses can't take on this type of volume around security management with the teams they have in place today. That's why automation is so critical. As attacks escalate, they can't just go and add more people in time, right?

In other words, businesses can't take on this type of volume around security management with the teams they have in place today. That’s why automation is so critical. Comprehensive tooling increases detection on the Unisys side, and that gives them not only more time to respond but allows them to be more effective as well. As attacks escalate, they can’t just go ahead and add more people in time, right? This is where they need that automation to be able to scale with what they have.

It really pays off. We’ve seen customers benefit from a dollars and cents prospective, where they saw a 74 percent improvement in time-to-identify. And now 46 percent of their incidents are handled by automation, saving more than 8,700 hours annually for their teams. Just wrap your head around that. I mean, that’s just a huge advantage from putting these pieces together and automating and orchestration like E.G. has been talking about.

Gardner: Is it too soon, Karl, to talk about bots and more automation where the automation is a bit more proactive? What’s going to happen when the data and the speed get even more useful, but more compressed when it comes to the response time? How smart are these systems going to get?

Get people to do the right thing

Klaessig: The reality is, we’re already going there. When you think of machine learning (ML) and artificial intelligence (AI), we’re already doing a certain amount of that in the products.

As we leverage more of the great data from Unisys, it drives who can resolve those vulnerabilities because they have a predetermined history of dealing with those types of vulnerabilities. That’s just an example of being able to use ML to align the right people to the right resolution. Because, at the end of the day, it still comes down to certain people doing certain things and it always will. But we can use that ML and AI to put those together very quickly, very accurately, and very efficiently. So, again, it takes that time to respond down to seconds, as E.G. mentioned.

Gardner: Are we going to get to a point where we simply say, “J.A.R.V.I.S., clean up the network”?

Pearson: I hope so! Going back to my old days of being an admin, I was an extremely lazy admin. If I could have just said, “J.A.R.V.I.S., remediate my servers,” I would have been all over it.

I don’t think there’s any way we can’t move toward more automation and ML. I don’t necessarily want us to get to the point where Skynet is not going to delete the virus, saying, “I am the virus.” We don’t need that.

But being able to automate helps overcome the mundane, such as resetting somebody’s password and being able to pull a system offline that’s experiencing some sort of weird whatever it may be. Automating those types of things helps everybody go faster through their day because if you’re working a helpdesk, you’ve already gotten 19 people with their hair on fire begging for your attention.

If you could cut off five of those people by automating and very easily allowing some AI to do the work for you, why wouldn’t you? I think their time is more valuable than the few dollars it’s going to cost to automate those processes.

Klaessig: That's going to be the secret to success in 2021 and going forward. You can scale, and the way you're going to scale is to take out those mundane tasks and automate all of those different things that can be automated.

As I mentioned, 46 percent of the security incidents became automated for our customer. That's a huge advantage. And at the end of the day, putting J.A.R.V.I.S. aside, the more ML we can get into it, the better and more repeatable the processes and the workflows will be -- and that much faster. That's ultimately what we're driving toward as well.

Gardner: Now that we understand the context of the problem, the challenges organizations face, and how these solutions come together, I'm curious at how this actually gets embedded into organizations? Is this something that security people do, that the IT people do, that the helpdesk people do? Is it all of the above?

Everybody has role to reap benefits

Pearson: The way we usually get this going is there needs to be buy-in from everybody because it's going to touch a lot of folks. I'm willing to bet Karl's going to say similar things. It's nice to have everybody involved and to have everybody's buy-in on this.

It usually starts for us at Unisys with what we're doing with microsegmentation and with a networking and security group. They need to talk to be able to get this rolled out. We also need the general IT folks because they're going to have to install and get this rolled out to endpoints. And we need the server admins involved as well.

At the end of the day, this goes back to being a collaborative opportunity ... for IT and security to join together. These solutions benefit both teams and can piggyback on investments they have already made elsewhere.

When it comes down to it, everybody's going to have to be involved a little bit. But it generally starts with the security folks and the networking folks, saying, “How can I protect my environment just a little bit more than I was before?” And then it rolls from there.

Klaessig: I agree. At the end of the day, this goes back being a collaborative opportunity. In other words, when we look at this, this is the opportunity for IT and security to join together. These solutions really benefit both teams. And oftentimes, it actually can piggyback on investments they've already made elsewhere.

And that's a big advantage as well. Going forward, I strongly believe in -- and I've seen the results of this -- being a driver toward greater collaboration. It is that type of deployment and should be done in that manner. And then quite frankly, both organizations reap the benefits.