Creating business advantage with technology-enabled flexible work

As businesses plan for a future where more of their workforce can be located just about anywhere, how should they rethink hiring, training, and talent optimization? This major theme for 2021 and beyond poses major adjustments for both workers and savvy business leaders.

The next BriefingsDirect modern workplace strategies discussion explores how a global business process outsourcing leader has shown how distributed employees working from a “Cloud Campus”are improving productivity and their end users’ experience.

Listen to the podcast. Find it on iTunes. Read a full transcript or download a copy.

To learn more about best practices and advantageous outcomes from a broadly dispersed digital workforce, we are now joined by José Güereque, Executive Vice President of Infrastructure and Nearshore Chief Information Officer at Teleperformance SE in Monterrey, Mexico; Lance Brown, Executive Vice President Global Network, Telecom, and Architecture at Teleperformance, and Tim Minahan, Executive Vice President of Business Strategy and Chief Marketing Officer at Citrix. The discussion is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions.

Here are some excerpts:

Gardner: Tim, when it comes to flexible and hybrid work models we often focus on how to bring the work to the at-home workforce. But this new level of flexibility also means that we can find and attract workers from a much broader potential pool of talent.

Are companies fully taking advantage of this decentralized talent pool yet? And what benefits are those who are not yet expanding their workforce horizons missing out on?

Pick your talent anywhere

Minahan: We are at a very interesting inflection point right now. If there is any iota of a silver lining in this global pandemic it’s that it has opened people’s minds to both accelerating digitization of their business, but also opening their minds to new ways of work. It’s now been proven that work can indeed occur outside the office. Smart companies like Teleperformance are beginning to look at their entire workforce strategies -- their work models -- in different ways.

Minahan

It’s not about should Sam or Susie work in the office or work at home. It’s, “Gee, now that I can enable everyone with the work resources they need, and in a secure workspace environment to do their best work wherever it is, does that allow me to do new things, such as tap into new talent pools that may not be within commuting distance of my work hubs?”

This now allows me to even advance sustainability initiatives or, in some cases, we have companies now saying, “Hey, now I can also reach workers that allow me to bring more diversity into my workforce. I can enable people to work from inner cities or other locations -- rural locations -- that I couldn’t reach before.”

This is the thought process that a lot of forward-thinking companies are going through right now.

Gardner: It seems that a remote, hybrid, flexible work capability is the gift that keeps giving. In many cases we have seen projections of shortages of skilled workers and gaps between labor demand and supply. Are we in just the early innings of what we can expect from the benefits of remote work? 

Minahan: Yes. If you think way back in history, about a year ago, that’s exactly what the world was grappling with. There was a global shortage of skilled workers. In fact, McKinsey estimated that there was a global shortage of 95 million medium- to high-skilled workers. So managers were trying to hire amid all that.

But, in addition, there was a shortage of the actual modern skills that a lot of companies need to advance their business, to digitize their business. And the third part is a lot of employees were challenged and frustrated with the complexity of their work environment.

Now, more flexible work models enabled by a digital workspace that ensures employees have access to all the work resources they need, wherever work needs to get done, begins to address each of those issues. Now you can reach into new areas to find new talent. You can reach skills that you couldn’t before because you were competing in a very competitive market.

Now you can enable your employees to work where and how they want in new ways that doesn’t limit them. They no longer have a long commute that gives them added stress in their lives. In fact, our research found that 80 percent of workers feel they are being as, if not more, productive working remotely than they could be in the office.

Gardner: Let’s find out from an organization that’s been doing this. José, at Teleperformance, tell us the types of challenges you faced in terms of the right fit between your workforce and your demands for work. How have you been able to use technology to help solve that?

Güereque: Our business was mostly a finite structure of brick-and-mortar operations. When COVID struck, we realized that we faced a challenge of not being able to move people to and from the work centers. So, we rushed to move all of our people, as much as possible, to work from home (WFH).

At-Home Workers May Explore Their Options. 

Here's What They Will Be Looking For.

Technically, the first challenge was to restructure our network, services, and all kinds of resources to move the workforce to WFH. As you can imagine, that came in hand with security measures. Security is one of the most important things we need to address and have in place.

But while there were big challenges, big opportunities also arose for us. The new model allows us to be more flexible in how we look for new talent. We can now find that talent in places we didn’t search before.

Our team has helped expedite this work-at-home model for us. It was not embraced in the massive way it is right now.

Gardner: Lance, tell us about Teleperformance, your workforce, your reach, and your markets.

Remote work: Simpler, faster, safer

Brown

Brown: Teleperformance is a global customer experience company based in France. We have more than 383,000 employees worldwide in 83 countries serving over 170 markets. So it’s a very large corporation. We have a number of agents who support many Fortune 500 companies all over the world, and our associates obviously have to be able to connect and talk [in over 265 languages and dialects] to customers.

We sent more than 220,000 of these associates home in a very quick time frame at the onset of the pandemic.

Our company is all about being simpler, faster, and safer -- and working with Citrix allowed us to meet all of our transition goals. Remote work is now a simpler, faster process -- and it’s a safer process. All of our security that Citrix provides is on the back end. We don’t have to worry as much with the security on our endpoint as we would in other traditional models.

Gardner: As José mentioned, you had to snap to it and solve some major challenges from the crisis. Now that you have been adjusting to this, do you agree that it’s the gift that keeps giving? Is flexible work here to stay from your perspective?

Our company is all about being simpler, faster, and safer -- and working with Citrix allowed us to meet all of our transition goals. Remote work is now a simpler, faster process -- and it's a safer process.

Brown: Yes, from Teleperformance’s perspective, we fully are working to get our clients to remain at WFH -- for a large percentage of the workforce. We don’t ever see the days of going back to 100 percent brick and mortar, or even mostly brick and mortar. We were at 90 percent on-site before the pandemic. Now, at the end of the day, that will become between 50 percent to 65 percent work at home.

Gardner: Tim, because they have 390,000 people, there is going to be a great diversity of how people will react to this. One of the nice things about remote work and digital workspaces is you can be dynamic. You can adjust, change, and innovate.

How are organizations such as Teleperformance breaking new ground? Are they finding innovation that goes beyond what they may have expected from flexible work at the outset?

Minahan: Yes, absolutely. This isn’t just about can we enable ourselves to tap into new talent in some remote locations or for disenfranchised parts of the workforce. It’s about creating an agile workforce model. Teleperformance is on the frontlines of enabling that for its own workforce. But Teleperformance is also part of the solution, due to their business process outsourcing (BPO) solutions and how they serve their clients. You begin to rethink the workforce.

We did a study as part of our Work 2035 Project, in which we went out over the past year-and-a-half and interviewed tens of thousands of employees, thousands of senior executives, and probed into what the world of work will look like in 2035. A lot of things we are talking about here have been accelerated by the pandemic.

One of those things is moving to a more agile workforce model, where you begin to rethink your workforce strategies, and maybe where you augment full-time employees with contractors or gig workers, so you have that agility to dial up your workforce.

Maybe it’s due to seasonality, and you need for a call center or other services to be able to dial up or back down. Or work locations shift, moving due to certain needs or responses to certain catastrophes. And like I said, that’s what a lot of forward-thinking companies are doing.

What’s so exciting about Teleperformance is they are not only doing it for their own organization -- but they are also providing the solution for their own clients.

Gardner: José, please describe for us your Cloud Campus concept. Why did you call it Cloud Campus and what does it do?

Cloud Campus engages worldwide

Güereque

Güereque: Enabling people to WFH is only part of what you need. You also need to guarantee the processes in place perform as well as they used to in a brick-and-mortar environment. So our cloud solution pushes subsets of those processes and enables control -- to maintain the operational procedures – at a level where our clients feel confident of how we are managing their operations.

In the past, you needed to do a lot of things if you were an agent in our company. You needed to physically go to a central office to fulfill processes, and then you’d be commuting. Today, the Cloud Campus digitalizes these processes. Now a new employee, in many different countries, can be hired, trained, and coached -- everything -- on a remote basis.

We use video technology to do virtual face-to-face interactions, which we believe is important to be successful. We still are a very human-centric company. If we don’t have this face-to-face contact, we won’t succeed. So, the Cloud Campus, which is maintained by a really small team, guarantees the needed processes so people can WFH on a permanent basis. 

Gardner: Lance, it’s impressive to think about you dealing face-to-face virtually with your clients in 83 different countries and across many cultures and different ways of doing business. How have you been able to use the same technology across such a diversity of business environments?

Brown: That’s an excellent question. As José said, the Teleperformance Cloud Campus gives us the flexibility and availability to do just that. For our employees, it just becomes a one-on-one human interaction. Our employees are getting the same coaching, counseling, and support from all aspects of the business – just as they were when they were in the brick-and-mortar office.

Planning a Post-Pandemic Workplace Strategy? 

These Timeless Insights Will Help.

We are leveraging, like José said, video technology and other technologies to deliver the same user experience for our associates, which is key. Once we deliver that, then that translates out to our clients, too, because once we have a good associate experience, that experience is the same for all of the clients that the associate is handling.

Gardner: Lance, when you are in a brick-and-mortar environment, a physical environment, you don’t always have the capability to gather, measure, and digitize these interactions. But when you go to a digital workspace, you get an audit trail of data.

Is that something you have been able to utilize, or how do you expect that to help you in the future?

Digital workspaces offer data insights

Brown: Another really good question. We continue to gather data, especially as the world is all digitized. And, like you said, we provide many digital solutions for our clients. Now we are taking those same solutions and leveraging them internally for our employees.

We continue to see a large amount of data that we can work with for our process improvements and our technology, analysis, and process excellence (T.A.P.) teams and the transformation our agents do for our clients every day.

Gardner: Tim, when it comes to translating the value through the workforce to the end user, are there ways we can measure that productivity benefit?

Minahan: One of the key things that came up early-on in the pandemic was a huge spike in worker productivity. Companies settled into a hybrid work model, and that phase was about unifying work and providing reliable access for employees in a remote environment to all the resources they needed.

The second part was, as José said, ensuring that all employees can safely access applications and information -- that our corporate information remains secure.

A solid digital workspace environment provides an environment where employees can perform at their best and collaborate from the most remote locations.

Now we have moved into the simplify-and-optimize phase. A lot of companies are asking, “Gee, what are the tools I need to introduce to remove the noise from my employees’ day? How do I guide them to the right information and the right decisions? How do I support more collaboration or collaborative work execution, even in a distributed environment?”

If you have a foundation of a solid digital workspace environment that delivers all the work resources, that secures all the work resources, and then leverages things like machine learning (ML), virtual assistants, and new collaborative work management tools that we are introducing -- it provides an environment where employees can perform at their best and can collaborate from the most remote locations.

Gardner: José, most businesses nowadays want to measure everything. With things like Net Promoter Scores (NPS) from your agents and employees, when it comes to looking for the metrics of whether your return on investment (ROI) or return on innovation is working, what have you found? Have you been able to verify what we have been talking about? Does this move beyond theory into practice, and can it be measured well?

Güereque: Yes, that’s very important. As I mentioned, being able to create a Cloud Campus concept, which has all the processes and metrics in place, allows us to compare apples with apples in a way that we can understand the behavior and the performance of an agent at home -- same as in brick-and-mortar. We can compare across those models and understand exactly how they are performing.

We found that a lot of our agents live in cities, which have a lot of traffic. The commuting time for them, believe it or not, was around one-and-a-half hours – as many as two hours for some of them -- just going to and from work. Now, all that commuting time is eliminated when they WFH.

At-Home Workers May Explore Their Options. 

Here's What They Will Be Looking For.

People started to give lot of value to those things because they can spend their time smarter -- or have more family time. So from customer, client, and employee satisfaction, those employees are more motivated -- and they’re performing great. Their scores are similar – and in some cases better -- than before.

So, again, if you are able to measure everything through the digitalization of the processes, you can understand the small things you need to tweak in order to maintain better satisfaction and improve all scores across both clients and employees.

Gardner: Lance, over the past 30 years in IT, we’ve been very fortunate that we can often do more with less. Whether it’s the speed of the processor, or the size of the disk drive. I’m wondering if that’s translating into this new work environment.

Are you able to look at cost savings when it comes to the type of client devices for your users? Are your networks more efficient? Is there a similar benefit of doing more with less when we get to remote work and digital workspaces?

Cost savings accumulate via BYOD

Brown: Yes, especially for the endpoint device costs. It becomes an interesting conversation when you’re leveraging technology like Citrix. For that [thin client] endpoint, all of the compute is back in the data center or in the cloud.

Your overall total cost of ownership continues to go down because you’re not spending as much money on your endpoint, as you had in the past. The other thing is the technology allows us to take an existing PC and make it a thin client, too. That gives you a longer life of that endpoint, which, overall, reduces your cost.

It’s also much, much safer. I can’t stress enough about the security benefits, especially in this current environment. It just makes you so much safer because your target environment and exposed landscape is reduced. Your data center is housing all the proprietary information. And your endpoint is just a dumb endpoint, for lack of better word. It doesn’t have a large attack vector. So you really reduce your attack vector by leveraging Citrix and putting more IT infrastructure in your data center and in your cloud.

Güereque: There is another really important factor, which is to enable bring your own device (BYOD) to be a reality. With the pandemic, the manufacturers of equipment, the PCs and everything, their time to deliver has been longer.

What used to take them two to three weeks to deliver now takes up to 10 weeks. Sometimes the only way to be on time is to leverage the employees’ equipment and enable its use in a secure way. So, this is not just an economic perspective of avoiding the investment in the end device, but is an opportunity to enable them to work faster rather than waiting on the delivery time of new equipment.

Minahan: At Citrix, we’re seeing other clients do that, too. I was recently talking with the CIO of a financial services company. For them, as the world moved through the pandemic, they saw the demand for their digital banking services quadruple or more. They needed to hire thousands of new financial guidance agents to support that.

And, to José’s point, they couldn’t be bothered with sending each one a new laptop. So BYOD allowed them to gain a distributed digital workspace and to onboard these folks very quickly. They attained the resources they needed to service their end banking clients much faster.

Güereque: Just following on Tim’s comments, I want to give you an example. Two weeks ago we were contacted by a client who needed to have 1,200 people up and running within a week. At the beginning, we were challenged. We wanted to be able to put 1,200 new employees with equipment in place, and weirdly our team came back with a plan. I can tell you that last week they were all in production. So, without this flexibility, and these enablers like Citrix, we wouldn’t be able to do it in such a small time frame.

Gardner: Lance, as we seek work-from-home solutions, we’re using words like “life” and “work balance.” We’re talking about employee behaviors and cultures. It sounds like IT is closer to human resources (HR) than ever.

Has the move to remote work using Citrix helped bond major parts of your organization -- your IT capability and your HR capability, for example?

IT enables business innovation

Brown: Yes, now they’re seeing IT as an enabler. We are the enabler to allow those types of successes, from a work-life balance and human standpoint. We’re in constant contact with our operations team, our HR team, and our recruiting team. We are the enabler to help them deliver everything that we need to deliver to our clients.

In the old days, IT wasn't viewed as an enabler. Now we're viewed as an enabler. We come up with innovative solutions to enable the business to meet its business needs.

In the old days, IT wasn’t viewed as an enabler. Now we’re viewed as an enabler, and José and I are at the table for every conversation that’s happening in the company. We come up with innovative solutions to enable the business to meet those business needs.

Gardner: Tim, I’m going to guess that this is a nice way of looking at the glass as half full. IT enabling such business innovation is going to continue. How do you expect in the future that we’re going to continue the trend of IT as an enabler? What’s in the pipeline, if you will, that’s going to help foster that?

Minahan: With the backdrop of the continued global shortage of skills, particularly the modern skills that are needed, companies such as Teleperformance are looking at what it means for their workforce strategies. What does it mean for their customer success strategies? Employee experience is certainly becoming a top priority to recruit the best talent, but also to ensure that they can perform at their best and deliver the best services to clients.

In fact, if you look at what employees are looking for going forward, there’s the salary thing and there’s the emergence of purpose. Is this company doing something that I believe in that’s contributing to the world, the environment?

Planning a Post-Pandemic Workplace Strategy? 

These Timeless Insights Will Help.

But right behind that is, “What are the tools and resources? How effectively are they delivering them to me so I can perform at my best?” And so IT, to Lance’s point, is a critical pillar, a key enabler, of ensuring that every company can work on making employee experience a competitive advantage.

Gardner: José, for other companies trying to make the most of a difficult situation and transitioning to more flexible work models, what would you recommend to them now that you’ve been through this at such a large, global scale? What did you learn in the process that you think they should be mindful of?

Change, challenge, partner up

Güereque: First of all, be able to change, and to challenge yourself. We can do much more than we believe sometimes. That’s definitely something that one can be skeptical of, because of the legacy we have been working through over many years. Today, we have been challenged to reinvent ourselves.

The second one is, there is tons of public information that we can leverage to be able to find successful use cases and learn from them. And the third one is, approach one consultant or partner that has experience in putting all these things in place. Because it is, as I mentioned, not a matter of just enabling people to WFH, it’s a matter of putting all the security environment in place, and all of the tools that are required to be able to perform as a team so you can deliver the results.

Brown: I’ll add one thing to that. It was about a year ago that I was visiting with Tim and the pandemic was starting to come to fruition. The pandemic had started overseas and was rapidly moving toward the US and other parts.

I met with Tim at Citrix and I said, “I’m not sure exactly what’s going to happen. I don’t know if this is going to be 100 people that go home or 300,000 people. But I know we need a partner to work with, and I know we have to partner through this process.”

So the big thing is that Citrix was that partner for us. You have to rely on your partners to do this because you just can’t simply do it by yourself.

Gardner: Tim, it sounds like an IT organization within Teleperformance is much more of an enabler to the rest of the organization, but you, at Citrix, are the enabler to the IT department at Teleperformance.

Minahan: Dana, to borrow a phrase, “It takes an ecosystem.” You move up that chain. We certainly partner with Teleperformance to enable their vision for a more agile workforce.

But, again, I’ll repeat that they’re doing that for their clients, allowing them to dial up and dial down resources as they need, to work-shift around the globe. So it is a true kind of agile workforce value chain that we’re creating together.

Listen to the podcast. Find it on iTunes. Read a full transcript or download a copy. Sponsor: Citrix.

You may also be interested in:

• Here to stay, remote work promises to deliver new levels of engagement, productivity, and innovation
• COVID-19 teaches higher education institutes to embrace latest IT to advance remote learning
• Work in a COVID-19 world: Back to the office won’t mean back to normal
• Why flexible work and the right technology may Just close the talent gap
• Business readiness provides an agile key to surviving and thriving in these uncertain times
• Busy work is a dumpster fire and it’s time for something completely different
• IT and HR: Not such an odd couple
• How IT can fix the broken employee experience
• Happy employees equal happy customers -- and fans. Can IT deliver for them all?

Disaster recovery to cyber recovery -- What is the new best future state?

The clear and present danger facing businesses and governments from cybersecurity threats has only grown more clear and ever-present in 2021.

As the threats from runaway ransomware attacks and state-sponsored backdoor access to networks deepen, too many businesses have a false sense of quick recovery using traditional business continuity and backup measures.

That’s because the criminals are increasingly compromising vulnerable backup systems and data first -- before they attack. As a result, visions of flipping a switch to get back to a ready state may be a dangerous illusion that keeps leaders under a false sense of business as usual.

The next BriefingsDirect security strategies discussion explores new ways of protecting backups first and foremost so that cyber recovery becomes an indispensable tool in any IT and business security arsenal. We will now uncover how Unisys and Dell Technologies are elevating what was data redundancy to protect against natural disasters into something much more resilient and powerful. 

Listen to the podcast. Find it on iTunes. Read a full transcript or download a copy.

To learn more about the latest in rapid cyber recovery strategies and technologies, please welcome Andrew Peters, Director of Global Business Development for Security at Unisys, and David Finley, Director of Information Assurance and Security in the Data Protection Division at Dell Technologies. The discussion is moderated by Dana Gardner, Principal Analyst at Interarbor Solutions.

Here are some excerpts:

Gardner: David, what’s happened during the last few years -- and now especially with the FireEye and SolarWinds attacks -- that makes cyber recovery as opposed to disaster recovery (DR) so critical?

Best defense is good offense

Finley: I have been asked that question a few times just in the last few weeks, as you might imagine. And there are a couple of things to note with these attacks, SolarWinds and FireEye.

Finley

One, especially with FireEye, it was demonstrated to the entire world something that we didn’t really have our eyes on, so to speak, and that is the fact that folks that have really good security -- where they sit back and the Chief information security officer (CISO) and the security team say, “We have really good security, we spent a lot of money, we have done a lot of things, we feel pretty good about what we have done.” That’s all great, but what was demonstrated with FireEye is that even the best can be compromised.

If you have a nation state-led attack or you are targeted by a cybercrime family, then all bets could be off. They can get in and they have demonstrated that with these latest attacks.

The other thing is, they were able to steal tools. Nothing worse can happen than the bad guys having new toolsets that they can actually use. We believe that with the increased threat from the bad actors because of these things, we really, really need the notion of a cyber vault or the third copy, if you will. Think about the 3:1 rule -- three copies, two different locations, one off-site or offline. This is really where we need to be.

Gardner: Andrew, it sounds like we have to assume that we are going to be or are already attacked. Just having a good defense isn’t enough. What’s the next level that we need to attain?

Peters

Peters: A lot of times organizations think their security and their defenses are strong enough to mitigate virtually anything that happens to the organization. But what's been proven now is that the bad guys are clever and are finding ways in. With SolarWinds, they found a backdoor into organizations and are coming in as a trusted entity.

Just because you have signed Security Assertion Markup Language (SAML) tokens and signed certificates that you trust, you are still letting them in. It’s just been proven that you can’t exactly trust them. And when they come inside an organization and they win, what do you do next? What do you do when you lose? The concept here is to plan to win, but at the same time prepare to lose.

Gardner: David, we have also seen an uptick in the success of ransomware payouts. How is that also changing the landscape for how we protect ourselves?

Finley: I was recently was thinking about that and I saw something written, it might have been a Wall Street Journal article, on security recently. They said CISOs in organizations have a decision to make after these kinds of attacks. The decision really becomes pretty simple. Do they pay the ransom or do they not pay the ransom?

We would all like to say, “Don’t pay the ransom.” The FBI says don’t pay the ransom, because of the obvious reasons. If you pay it, they may come back, they are going to want more, and it sets a bad precedent, all those things. But the reality is when this actually happens to a company, they have to sit down and make the hard decision: Do I pay or do I not pay? It’s based upon getting the business running again.

We want to position ourselves together with Unisys to create a cyber vault that is secured in a way that our customers will never have to pay the ransom.

If we have a protected set of data, and it's protected in a vault secured by zero trust, to be able to get it back into play -- that's the best answer. It means not paying the ransom.

If we have a protected set of data that is the most important data to the firm – the stuff that they have to have tomorrow morning to actually run the business -- and it’s in a protected vault secured by zero trust, through Unisys Stealth software, to be able to secure it and get it back out and put it back into play, that’s the best answer.

So that means not paying the ransom and still having the data available to bring the business back into play the next day. A lot of these attacks, as we know, are not only stealing data, like they did recently with FireEye, but also encrypting, deleting, and destroying the data.

Gardner: Another threat vector these days is that more people are working remotely, so there are more networks involved and more vulnerable endpoints. People are having to be their own IT directors in their own homes, in many cases. How does the COVID-19 work-from-home (WFH) trend impact this, Andrew?

Work from home opens doors

Peters: There are far more points of entry. Whereas you might have had anywhere from 10 percent to 15 percent of your workforce remotely accessing the network, and that access was fairly controllable, now you have up to 100 percent of your knowledge workers working remotely and accessing the network. There are more points of entry. From a security perspective, more rules need to be addressed to control access into the network and into operations.

Then one of the challenges an organization has is that once they are on the inside of these big, flat networks the bad guys can map that network. They learn the systems that are there and they learn the operations extremely well and manipulate them, taking advantage of zero-day vulnerabilities in the systems and so operate within that environment without even being discovered. Once again, going back to the SolarWinds, they were operating for about eight months before they were eventually discovered.

Gardner: And so are we at a point going on 30 years of using wide area networks (WANs), and we are still under a false sense of security. David, do we not understand the threats around us?

Finley: There is the notion within our organizations and within the public sector that we believe what we have done is good enough. And good enough can be our enemy. I can’t tell you the number of times I have spoken with folks during incident response or after incident response from a cyberattack where they said, “We thought we were secured. We didn’t know that this could happen to us, but it did happen to us.”

That false sense of security is very real, evidenced by these high-level attacks on firms that we never thought it would happen to. It's not just FireEye and it's not just SolarWinds. We have had attacks on COVID-19 clinical trial providers, we have had attacks on our own government entities. Some of these attacks have been successful. And a lot of these attacks don’t even get publicized.

The most dangerous thing is a false sense of security. A lot of times these attacks happen and get swept under the rug. They quietly get cleaned up. That leads to a false sense of security.

Here is the most dangerous thing in this false sense of security we are talking about. I ask customers what percentage of the attacks do you actually believe you have visibility into within your own region? And the answer, the honest answer, is usually probably less than 20 percent.

But because I do this every day for a living, as does Andrew, and we probably have visibility to maybe 50 percent, because a lot of times these attacks happen and they get swept under the rug. They quietly get cleaned up, right? So we don’t know what’s happening. That also leads us to a false sense of security.

So again, I believe that we do everything we can upfront to secure our systems, but in the event that something does get through, we need to make sure that we have a secure offline copy of these backups and of our data.

Be prepared to resist ransom

Peters: An interesting dynamic I have noticed since the pandemic is that organizations, while they recognize it’s important to have that cyber recovery third copy to bring themselves back from the brink of extinction, say they can’t afford to do it right now. The pandemic has squeezed them so much. 

Well, we know that they are invested in backup. We know they are invested in DR, but they say, “Okay, we may table this one because it’s something that is a bit too expensive right now.”

However, on the other side, there are organizations that are picking up on this at this time, saying, “You know what? We see this is way more critical because we know the attacks are picking up.”

But the challenge here is the organizations that are feeling squeezed, that they can’t afford to invest in a solution like this, the question is, can they afford not to invest in this given all the exposure of the threats to their organizations. And we keep going back to SolarWinds, which is a big wake-up call.

But if we go back to other attacks that happened to organizations in the recent past -- such as the WastedLocker backdoor and the procedures the bad guys are using to get into organizations to learn how they operate, to find additional backdoors and operate within that environment, and to even learn to avoid the security technologies that were put in there specifically to detect such breaches – they can operate with impunity within that environment. Then they eventually learn that environment well enough to shut them down enough so that the company has two choices. That company can either pay the ransom or go out of business.

And if you are a bad guy, what would be your goal? Do you want to expose the company’s information and embarrass them? No, you want to make money. And if they are in the process of making money, how do they do it? You have to squeeze an organization as much as possible. And that’s what ransomware and these backdoors are designed to do -- squeeze an organization enough to where they are forced to pay the ransom.

Gardner: So we need a better, fuller digital insurance policy. Yet many organizations have insurance in the form of DR designed for business continuity, but that might not be enough.

So what are we talking about when we make this shift from business continuity to cyber recovery, David? What are the fundamental challenges organizations need to overcome to make that transition? 

Cyber more likely than natural disaster

Finley: The number-one challenge I have seen over the past four or five years is that we need to realize that DR -- and all the tenets of DR -- will not cover us in the event of a cyber disaster. So those are two very different things, right?

Oftentimes I challenge people with the notion of how they differ. And just to paint a picture, we have been doing DR basically the same way for many decades. The way it normally works is we have our key systems and their data connected to another site outside of a disaster radius, such as for earthquakes, floods, tornados, and hurricanes. We copy that data through a wide-open pipe to the other side on a regular basis. It’s an always-open circuit to the other side, and we have been doing it that way for 40 years.

What I often ask customers is based on that, how much do you spend every year to do DR? What does it really cost? Do you test? What are the real costs for DR for you? And there is usually a tangible answer.

The probability of cyber events is much higher than disaster events.The IT infrastructure and security groups have been making cyber recovery part of DR planning -- and it's taken a long time to get there. We have to change how we approach this.

With that in mind, the next question is, “If you look at the probability of something happening in the future to you, what do you think is more probable -- a natural disaster event or a cyber disaster? What’s more probable?” And the answer is unanimously, it’s been 100 percent in recent years, it’s going to be a cyber disaster.

Of course, the next question is, “How do you deal with cyber recoveries and is it a function of DR within your organization?” And the answer usually is, “Well, we don’t deal with it very well.”

So the IT infrastructure and security groups have in the last year been making cyber recovery part of DR planning -- and it’s taken a long time to get there. When you think about that, if the probability of cyber events is much higher than disaster events -- and we spend $1 million a year on DR -- how much do we spend for cyber recovery? The answer historically has been that they spend very little on true cyber recovery.

That’s what has to change. We have to change how we approach this. We have to bring the security and risk folks into those decisions on protecting data. We need to look at it through the lens of a cyber event destroying all of the data, just as a hurricane may destroy all of the data.

Peters: You know, Dave, in talking to a lot of organizations on what exactly they are going to do if they have a ransomware meltdown, we ask, “How are you going to recover?” They say, “We are going to go to our DR.” 

Hmm, okay. But what if you discover in your recovery process those files are polluted? That’s going to be a bad situation. Then they may go find some tapes and stuff. I ask, “Okay, do you have a runbook for this?” They say, “No.” Then how will they know exactly what to do?

And then the corollary to that is, how long is this recovery going to take? How long can you sustain your operations? How long can you sustain your company, and what kinds of losses are you prepared to sustain?

Wow, and you are going to figure this all out when you are going through the process of trying to bring your organization back after a meltdown? That’s usually the tipping point where you are going to say, like other organizations have said, “You know what? We are just going to have to pay the ransom.”

Finley: Yes, and that also begs the question that we often see folks miss. And that is, “Do you believe that your CEO and/or your board of directors -- the folks who don’t do IT as an everyday job, the folks who are running the business -- do they understand the difference between DR and cyber recovery?”

If I were to ask people on the board of any organization if they were secure in their DR plans, most of them would say, “Yes, that’s what we pay our teams to do.”

If I were to ask them, “Well, do you believe that being able to recover from cyber disasters is included in that and done well?” The answer would also be, “Yes.” But oftentimes that is simply not the truth.

They don’t understand the difference between DR and cyber recovery. The data can all be gone from a cyber event just as easily as it can be gone from a hurricane or a flood. We have to approach it from that perspective and start thinking through these things.

We have to take that to our boards and have them understand, “You know what? We’ve spent a lot of money for 40 years on DR, but we really need to start spending money on cyber recovery.”

Yet we still get a lot of pushback from customers saying, “Well, yes, of course making a third copy and storing it somewhere secure in a way that we can always get it back -- that’s a great idea -- but that costs money.”

Well, you have been spending millions of dollars on DR, so make cyber recovery part of that effort.

Gardner: To what degree are the bad guys already targeting this discrepancy? Do they recognize a capability to go in and compromise the backups, the DR, in such a way that there is no insurance policy? How clever have the bad guys become at understanding this vulnerability?

Bad guys targeting backups

Peters: What would you do if you were the bad guy and you wanted to extort money from an organization? If you know they have any way of quickly recovering, then it’s going to be pretty hard to extort from them. It’s going to be hard to squeeze them.

These guys are not broke, they are often professional organizations. There’s a lot of focus on the GRU, the former KGB operation that’s in Russia, and Cozy Bear and a number of these different organizations are well-funded. They have very clever people there. They are able to obtain technologies, reverse engineer them, understand how the security technologies operate, and understand how to build tools to avoid them. They want to get inside of organizations and learn how the operation runs and learn specifically what’s key and critical to an organization.

The second thing, while they want to take out the primary systems, they also want to make sure you are not able to restore them. This is not rocket science.

So, of course they are going to target backups. Are they going to pollute the files that you are going to actually put in your backups so if an organization tries to recover, they can create a situation that is bad, if not worse, than it was previously? What would you do? You have to figure that this is exactly what the bad guys are doing in organizations -- and they are getting better at it.

Finley: Andrew, they are getting better at it. We have been watching this pretty closely for the last year now. If you go out to any of the pundits or subscribe to folks like Bleeping Computer, Security Today, CIO.com, or CISO, you see the same thing. They talk about it getting worse. It’s getting worse on a regular basis.

They are targeting backups. We are finding it actually written in the code. The first part of what they are going to do when they drop this on the network is they are going to go seek out security tools to disable them. Then they are going to seek out shadow copies to link to them and seek out backup catalogs and link to them.

And this is the one that a lot of people miss. I just read this recently, by the FDIC, and they are publishing this to their member banks. They said DR has been done well for a number of decades. You copy information from one bank to another or from one banking location to another and you are able to recover from disasters and spin up applications and data in a secondary location. That’s all great.

But realize that if you have malware attacking you in your primary location, it very often will make its way to your DR location, too. The FDIC said this pointblank, they said, “And you will get infected in both locations.”

A lot of people don’t think about that. I had a conversation last year with a CISO who said that if an attack gets to your production environment they can manage to move laterally and get to your DR site. And then the date is gone. And this particular CISO said, “You know, we call that an ‘Oh, crap’ moment because there is nothing we can do.”

That’s what we now need to protect against. We have to have a third copy. I can’t stress it nearly enough.

Gardner: We have talked about this third copy concept quite a bit. Let’s hear more about the Dell-Unisys partnership. What’s the technology and strategy for getting in front of this so that cyber recovery becomes your main insurance policy, not your afterthought insurance policy?

Essential copy keeps data dynamic

Finley: We want everyone to understand the reality. The bad guys can get in, they can destroy DR data, we have seen it too many times. It is real. These backups can be encrypted, deleted, or exfiltrated. And that is the fact, so why not have that insurance policy of a third copy?

There’s only way to truly protect this information. If the bad guys can see it, get to the machines that hold it, and get to the data – whether the data is locked on disk or not – they can destroy it. It’s a real simple proposition.

We identified many years ago that the only way to really, truly protect against that is to make a copy of the data and get it offline. That is evidenced today by the guidance being given to us by the US federal government, Homeland Security agency, and FBI. Everybody is giving us the same guidance. They are saying take the backups, the copies of your data, and store them somewhere away from the data that you are protecting – and ideally on the other side of an air gap and offline.

When we create this third copy from our Dell solution for cyber recovery we take the data that we backup every day and move that key data to another site, across an air gap. The idea is the connection between the two locations is dark until we run a job to actually move the data from production to a cyber recovery vault.

With that in mind, there is no way in until we bring up that connection. Now, that connection is secured through Unisys Stealth and through key exchanges and certificate exchanges to where the bad guys can’t get across that connection. They can’t get in. In other words, if you have a vault that’s going to hold all your important data, the bad guys can’t get in. They can’t get through the door. Even though we open a connection, they can’t use that connection to ride into our vault.

And with that in mind we can take that third copy and store it in this cyber vault and keep it safe. Now, getting the data there and having the systems outside the vault communicate to the machines inside the vault – to make sure that all of that is secure – is something we partnered with Unisys on. I will let Andrew tell you about how that works.

Secure data swiftly in cyber vault

Peters: Okay. First off, Dave, you are not talking about putting all of the data into the vault, right? Specifically people are looking at only the data that’s critical to an operation, right?

Finley: Yes. And a quick example of that, Andrew, is an unnamed company in the paint industry. They create paint around the world and one of their key assets is their color-matching databases. That’s the data they put into the cyber vault, because they have determined that if that proprietary data is gone, they can lose $1 million per day.

We can take a third copy and store it in the cyber vault and keep it safe. We have partnered with Unisys on getting the data there and making the communication with all of the machines secure.

Another example is an investment firm we work with. This investment firm puts their trade databases inside of the cyber vault because they have discerned that if their trade databases are infected, affected, or deleted or encrypted – and they go down – then they lose multiple millions of dollars per hour.

So, to your point, Andrew, it’s usually about the critical business systems and essential information, things like that. But we also have to be concerned with the critical IT materials on your networks, right?

Peters: That’s right, other key assets like your Active Directory and your domain servers. If you are a bad guy, what are you going to attack? If they want to cripple you so much that even if you had that essential data, you couldn’t use it. They are going to try and stop you in your tracks. 

From a security perspective, there are a few things that are important – and one is data efficacy. First is knowing what I am going to protect. Next, how best am I going to securely move that critical data to a cyber vault? There is going to be automation so I am not depending on somebody to do this. This should happen automatically.

So, to be clear, I am going to move it into the secure vault, and I want that vault to be air gapped. I want it to be abstracted from the network and the environment so bad guys can’t find it. Even if they could find it, they can’t see anything, and they can’t talk to it.

The second thing I want is to make sure that the data I’m moving has high efficacy. I want to know that it’s not been polluted because bad guys are going to want to pollute that data. Typically, the things you put into the backup – you don’t know, is it good, is it bad, has it been corrupted? So if it’s going to be moved into the vault, we want to know if it’s good or if it’s bad. That way, if we are going to be going into a recovery, I can select the files that I know are good and I can separate them from the bad.

This is really important. That’s one of the critical things when you’re going into any form of cyber recovery. Typically you aren’t going to know what’s good data unless you have a system designed to discern good from bad.

You don’t want to be rebuilding your domain server and have the thing find out that it’s been polluted, that it’s locked, and that it has ransomware embedded in it. Bad guys are clever. You have to ask, “What would I do if I were a clever bad guy?” Sometimes it’s hard to think like that unless you put your bad guy hat on. 

There’s another important element here, too. The element of time. How quickly am I going get to this protected data? I have all of this data, these files and these applications, and they’re in my protected vault. Now, how am I going to move them back into my production environment?

But my production environment actually might still be polluted. I might still have IT and security personnel trying to clean up that environment. At the same time, I have to get my services back up and running, but I have a compromised network. And what’s the problem? The problem is time.

Ultimately, all of this comes down to business continuity and time. How quickly can I continue my critical operations? How quickly am I going to be able to get them up and running – despite the fact that I still have a lot of issues with ransomware and with hackers inside my IT operations?

From a security and rapid recovery perspective, there are some unique things that we can do with a cyber recovery approach. A cyber recovery solution automates the movement of your critical data into a secure vault, then analyzes it for data efficacy to determine if the data has been compromised. It also provides you with a runbook so you know how you’re going to get that data back out and get those systems operating so you can get users back online.

So even with a zero-day attack, by being able to use things like cryptography, cloaking, and basically hiding things from the rest of the network, I can get cryptographic micro-segmentation to restore the operations of critical services and get users back up on those services. Even if my network is compromised, I can start doing that very, very quickly.

When you put the whole cyber recovery solution that we have together – with automation, the security built in, to get to the critical data on a daily basis, move it into a vault, analyze it, and then obtain a runbook capability – you can quickly move it all back out and get those critical services back up and running. 

Manage, monitor, and restore data

Finley: One of the things that I hope everyone understands is that we can create a secure vault, put information in it, and do that all securely. But as Andrew was saying, most folks also want the ability to monitor, manage, and update that secure vault from their security operations center (SOC) or from their network operating system (NOS).

When we first began our relationship with Unisys, around the Stealth software, I was very excited. For a couple years before that, we were working with folks to show them how to use firewalls to protect information going in and out of our cyber vault, or how to configure virtual private networks (VPNs) to make that happen.

But when we got together and I looked at the Unisys Stealth software a few years ago, from a zero trust networks perspective – instead of just agents on the machines – it becomes invisible.

When I saw the tunnels that Unisys creates to our Dell vault I realized it not only allows us to have a new way to manage everything from the outside, it allows us to take clean data inside the vault and restore it quickly through the secure tunnels back to the outside.

When I first saw that those tunnels Unisys creates to our Dell vault are as secure as they are, I quickly realized that not only did it allow us to have a new way to manage everything from outside – we can also monitor everything from outside. It allows us to take what we know is clean data inside the vault and be able to restore it quickly through one of those secure Stealth tunnels back out to the outside.

That is hugely important. We all know there are various ways to secure communications like this. Probably the least secure nowadays are VPNs, or remote access, if you will. The next secure, quite frankly, is viral access, or import access, and then the most secure is, I believe, zero trust software like we get with Unisys Stealth.

Peters: It’s not that I want to beat down on firewalls, because firewalls and ancillary technologies are very effective in protecting organizations – but they’re not 100 percent effective. If they were, we wouldn’t be talking about ransomware at all. The reason that we are is because breaches occur. The bad guys go after the low-hanging fruit, and they’re going to hit those organizations first. Then they’re going to get better at their craft and they’re going to go after more-and-more organizations.

Even when organizations have excellent security, you can’t always prevent against the things that people do. Or now, with SolarWinds, you can’t even trust the software that you’re supposed to trust. There are more avenues into an organization. There are more means to compromise. And the bad guys can monetize what they are doing through Bitcoin in these demands for ransoms.

So, at the end of the day, the threats to organizations are changing. They’re evolving, and even with the best defenses an organization has, you’re probably going to have to plan on being compromised. When the compromise happens, you have to ask, “What do we do now?”

Gardner: Are there any examples that you can point to and show how well recovery can work? Do we have use cases or actual customer stories that we can relate to show how zero trust cyber recovery works when it’s done properly?

Get educated on recovery processes

Finley: Sure, one happened not too long ago. It was a school system in California. And that particular school system worked with us to procure the cyber recovery solution, created a cyber vault, the third copy, and secured all of that. We installed it and got it all up and running and moved data into the vault on a Thursday of a particular week. And then they had a cyber event happen to the school system. This is one of the biggest school systems in that part of California. They had a cyber event over the weekend in that school system, and they had just gotten the vault up and running and had copied all of the critical data into it.

The data in the vault was secure. They were able to recover it as soon as they forensically could, according to the FBI, because the data was secure. It saved a bunch of time and a lot of effort and money.

Now, I contrast that to a couple other major attacks on other companies that happened in the last 120 days. One where they had no cyber vault, the customer data was attacked in production and a lot of DR was attacked. That particular set of events was done through a whole series of social engineering, but they were taken down encrypted and a lot of the data was destroyed.

It took them days, if not weeks, to begin the recovery process because of a lot of things that we all need to be aware of that happen. If you don’t have data that you know is secured somewhere else and that is clean, you’re going to have to verify that it’s clean before you can recover it. You’re going to have to do test recoveries to systems and make sure you’re not restoring malware. That’s going to take a long period of time. You’re not even going to be able to do that until law enforcement tells you that you can.

Also, when you’re in the middle of an incident response, regardless of who you are, the last thing you’re going to do is connect to the Internet. So if your data is stuck somewhere in a public cloud or clouds, you’re not going to be able to get it while you’re in the middle of an incident response.

The FBI characterizes your systems as a crime scene, right? They put up yellow tape around the crime scene, which is your network. They are not going to allow anybody in or out until they’re satisfied they’ve gathered all the date to be able figure out what happened. A lot of folks don’t know that, but it is simply true.

So having your critical data accessible offline, on the other side of the crime area, having it scrubbed every day do make sure it is absolutely clean, is very important.

In a case of a second company, it took days if not weeks before they could recover information.

There is a third example. The IT people there told me the cyber vault saved their company, and “saved our butts,” they said. In this particular case, the data was encrypted in all of their systems. They were using backup software to write to a virtual client and they were copying that day from virtual clients into our cyber vault.

They also had our physical clients, called Data Domain from Dell, in production and writing into the cyber vault. They did not have our analytics software to scrub and make sure it was clean because it was an older implementation. But at the end of the day, everything in production was gone. But they went to the vault data and realized that the data there was all still good.

The bad guys couldn’t get there. They couldn’t see the cyber vault, didn’t know how to get there, and so there was no way they could get to that information. In this case, they were able to spin up and restore it rather quickly.

In another incident example, in the cyber vault, they had our CyberSense software, which does cyber analytics on the data being stored. We can verify the data is clean at a 99.7 percent effective level to tell the customer the data is restorable and clean. In this case the FBI got involved.

The FBI actually used the information from our CyberSense software to help them to ascertain the who, what, when, and where of what happened. Once they knew who, what, when, and where, they knew the stored data was clean and we were able to do a more rapid rescue.

Plan ahead with precise processes

Peters: What’s important too is knowing what to do. For example, what applications are you going to recover first? What do you need to do to get your operations running? Where are you going to find the needed files? Who’s going to actually do the work? What systems you are going to recover them onto?

Have a plan of action versus, “Okay, we’re going to figure this out right now.” Have a pre-prescribed runbook that’s going to take you through the processes, procedures, and decisions that need to be made. Where is the data going to be recovered from? What’s going to be determined? How is it recovered? Who’s going to get access to it?

This is different than DR. This is different than backup, it's way different. It's its own animal. You can define the runbook so that you can recover fully.

All of these things. There’s a whole plan that goes into this. This is different than DR. This is different than backup, it’s way different, it’s its own animal. And this is another place where Dell expertise comes in, being able to do the consulting work with an organization to define the plan or the runbook so that they can recover.

Finley: I wanted to also point out a consideration about ransomware payments. It’s not always a clean option to actually make the payment because of the U.S. Treasury Office of Foreign Assets’ controls. If an organization pays the ransom, and the recipients of that payoff are considered a threat to the United States, they may be breaking another law if you pay them the ransom.

So that needs to be taken into consideration if an organization is breached for ransom. If they pay the ransom off, they may be breaking a federal law.

Gardner: Do the Dell cyber recovery vault and Unisys Stealth technologies enable a crawl, walk, and run approach to cyber recovery? Can you identify those corporate jewels and intellectual property assets, and then broaden it from there? Is there a way to create a beachhead and then expand?

Build the beachhead first

Finley: Yes, we like to protect what we call critical rebuild materials first. Build the beachhead around those critical materials first, then get those materials Active Directory and DNS zone tables in the vault.

Next put the settings for networks, security logs, and event logs into the vault -- the stuff in your production environment that you could get out of the vault and make everything work again.

If you have studied the Maersk attack in 2017, they didn’t have any of that, and that was a very bad day. They finally found those copies in Africa, but if they hadn’t found them it would’ve been a very bad month or year. So with that kind of a thing in mind, it has happened to many folks besides just them where this had to be most publicized.

So with that in mind, get those materials into the vault as a beachhead, if you will. Let’s build together the notion of this third location, let’s secure it with Unisys Stealth, and let’s secure it with an air gap that’s engulfed in Stealth, and with all of the connections in and out of the vaults protected by Stealth using zero trust. Let’s take those critical materials and build that beachhead there. Ideally, I’ve seen great success when I was doing that, and then gathering maybe total of three to five of the most critical business applications that a firm may have and concentrating on them first.

Here’s what we don’t want to do. I see no success in sitting down and saying, “Okay, we’re going to go through 150 different applications, with all of their dependencies, and we’re going to decide which of those pieces go into the cyber vault.”

It can be done, it has been done, and we have consulting that can help do that between Dell and Unisys, but let’s not start that way. Let’s instead start like we did recently with a big, big company in the U.S. We started with critical materials, we chose five major applications first, and for the first six months that’s what we did.

We protected that environment and those five major applications. And as time goes on, we will move other key applications into that cyber vault. But we decided not to boil the ocean, not look at 2,000 different applications and put all that data into the vault.

I recently talked to a firm that does pharmaceuticals. Intellectual property is huge for them. Putting their intellectual property into the cyber vault is really key. It doesn’t mean all of their systems. It means they want intellectual property in the vault, those critical materials. So build the beachhead and then you can move any number of things into it over time.

Peters: We have a demonstration to show what this whole thing looks like. We can show what it looks like to make things disappear on your network through cloaking, moving data from a production environment into a vault, and in-retention locking that, analyzing the data, and finding out if something is bad on it, and being able to select the last known good copy of data and start to rebuild systems in your production environment. 

If somehow you had an environment you’re recovering and malware manages to slip inside of that we can detect that and we can shut it down in about 10 to 15 seconds. For organizations interested in seeing this working in real-time, we have a real live demo.

Finley: That’s a powerful, powerful demo for all of the folks who are listening. You can see this thing work from beginning to end to see how the buttons are put in and how the data essentially moves out of scrubbing of the data to make sure it’s clean. It was fascinating for me the first time I saw this. It was great. 

Listen to the podcast. Find it on iTunes. Read a full transcript or download a copy. Sponsor: Unisys and Dell Technologies.

You may also be interested in: 

• The future of work is happening now thanks to Digital Workplace Services
• How Unisys ClearPath mainframe apps now seamlessly transition to Azure Cloud without code changes
• How security designed with cloud migrations in mind improves an enterprise’s risk posture top to bottom
• How Unisys and Microsoft team up to ease complex cloud adoption for governments and enterprises
• How Unisys and Dell EMC head off backup storage cyber security vulnerabilities
• How Agile Enterprise Architecture Builds Agile Business Advantage
• How an agile focus for Enterprise Architects builds competitive advantage for digital transformation
• The Open Group digital practitioner effort eases the people path to digital business transformation