For companies looking for an edge in the tight talent market, a solid DEI strategy and employee engagement often go hand in hand, creating a balance that fosters an inclusive work environment. When employees feel they can bring their authentic selves to work, it can result in higher levels of employee productivity and satisfaction, improved retention rates, and more effective recruiting efforts.

Blue Cross Blue Shield North Carolina (BCBSNC) is one organization reaping the benefits of a robust DEI strategy, which the company began overhauling in 2020, starting with the establishment of an official diversity council. The idea was sparked by CEO Tunde Sotunde, MD, MBA, FAAP, to establish a “strategy, measurable goals, and a roadmap” around DEI, says Pam Diggs, MPH, director of diversity, equity, and inclusion at BCBSNC.

And those efforts have paid off, with BCBSNC coming in at No. 1 on Computerworld’s 2023 Best Places to Work in IT list for large companies. BCBSNC also ranked No. 1 for diversity and No. 2 for employee engagement.

As part of its DEI strategy, BCBSNC focused on three areas — people and culture, healthcare equity, and strategic partnerships for economic mobility and community. Establishing this as the “Northstar” has helped realize DEI efforts throughout the organization, getting everyone on the same page and working toward shared goals, says Diggs.  

“We deepened our commitment to ‘better health care for all.’ It is embedded in our purpose. When we say ‘for all,’ we are looking at the way we treat our employees internally as well, making sure that all our employees feel like this is an inclusive space to work in and to grow in. That way, they’re able to show up in an inclusive way for our customers and our communities,” she says.

Providing a ladder to the top

As part of its DEI efforts, BCBSNC runs an IT Leadership and Diversity Development Experience Rotation program, called Ladder, that connects BIPOC IT leaders with BIPOC IT professionals early in their careers. These relationships help entry-level and early-career professionals to develop their careers and navigate the workplace.

Representation is crucial, especially for improving diversity up the ranks. “You can’t be what you can’t see,” Diggs says, adding that BIPOC and women IT workers often don’t see themselves in leadership positions, simply because of the lack of representation further up the ladder toward the executive level.

BCBSNC’s Ladder program addresses this issue by fostering leadership relationships for BIPOC IT workers. By connecting seasoned IT pros who understand the nuances of being underrepresented in the industry, early-career IT workers gain access to a wealth of knowledge, mentorship, and a roadmap toward leadership. Participants also have access to tailored training opportunities, as well as opportunities for sponsorship, which can be vital for progressing your career.

“To have a mentor is so important. We see in our data that the participants in our mentorship programs have higher retention rates and higher internal mobility rates, but then the sponsorship takes it a step further.” Diggs says. “We’re encouraging our mentors to think about ways that they can be sponsors. Taking a step further to advocate for individuals when they’re not in the room.”

Rotational program as onramp to IT

The rotational component of Ladder recruits companywide through posted opportunities and direct outreach to employees who qualify. Employees who qualify include anyone in a “pre-professional role” who has an interest in learning what it takes to be an IT professional.

Hiring internally gives the added benefit of bringing on workers familiar with other sides of the business. That knowledge can serve IT well, as they’ll bring outside perspectives from other departments to their roles. For example, someone who has worked in customer service may have a unique take on process improvements, roadblocks, and technology that can help improve the experience for employees and customers alike.

The rotational program takes place over two years, with participants cycling through three rotations to get a feel for various opportunities in IT. Participants are also given the chance to connect with leaders in various areas of the company. Once they’ve completed the program and identify where they want to go next, participants are typically matched with a career at Blue Cross.

Tynia Burrows found out about the Rotational Development Program (RDP) through an internal posting. Prior to joining the program, Burrows worked as a lead project coordinator specialist in Portfolio Management and was “always curious about other opportunities I could take at Blue Cross NC,” she says. Her first rotation was with File Transfer Services, and she’s currently in her second rotation with Enterprise Security.

Tynia Burrows, Blue Cross Blue Shield North Carolina

BCBSNC

The program has completely changed Burrows’ perception of IT, noting that RDP “brings new perspectives and personalities together,” giving everyone a “different outlook when solving programs or improving processes,” she says.

“The structure and support I’ve received through the Rotational Development Program is unlike anything I’ve ever experienced in my career. This program is a great stepping stone, especially for those who have the drive, but are unsure how to seek out opportunities on their own. I’m thankful Blue Cross NC has this program available to employees — it’s allowed me to explore new opportunities, build connections throughout the company, and has helped me understand my value and strengths,” says Burrows.

Opening talent pipelines through internships

BCBSNC IT also works closely with the talent acquisition team and employee networks to recruit at women-focused IT conferences and events. The department has also reshaped its talent pipeline to support diversity through recruitment and internship programs centered around HBCUs.

This year, BCBSNC partnered with the North Carolina’s Governor’s HBCU internship program and recently restructured requirements for the company’s rotational program to give interns the opportunity to apply for RDP after their internship ends. BCBSNC also collaborates with local colleges, such as Durham Tech, to recruit diverse tech talent for apprenticeships and internships.

Ultimately, BCBSNC’s commitment to DEI has helped diversify the workforce, while bolstering employee engagement and retention. Diversity is more than a benchmark for BCBSNC; it’s a vital part of the overall business strategy that helps to drive growth and innovation, as well as employee and customer satisfaction.

“That’s what diversity is all about — it helps companies, teams, and programs be more innovative, more creative, and more productive because we’re bringing in [fresh] perspectives,” says Diggs.

And those perspectives help position BCBSNC to better impact the constituencies it serves, Diggs says, adding that BCBSNC has bolstered its focus not only on equity in the workplace but on healthcare equality as well, given that several “social drivers of health, [including] transportation, affordable housing, food security, and social isolation” can impact up to 80% of a person’s overall health and wellbeing.

The organization now has an entire team dedicated to identifying ways they can change and restructure benefits for members to improve their experience, with a focus on DEI. This group also works to find opportunities for the organization to invest in local communities, with a priority on addressing issues surround systemic bias in the healthcare industry. 

“It can be anything from making sure that we’re addressing systemic bias, that we are connecting equity to the way that we do business, or the way that our providers interact with our patients,” says Diggs, adding that if employees are engaged and satisfied at work, they will be better equipped to help customers and patients navigating the healthcare system.

Diversity and Inclusion

Galloo is a Western European company headquartered in Belgium, founded in 1939 with the noble purpose of processing discarded consumer goods and factory scrap into useful raw materials. Every year, the company gives a second life to more than 1 million tonnes of steel and more than 60,000 tonnes of metals, ensuring an environmental impact as low as possible. Galloo is a business with a purpose.

The team at Galloo realized that driving recycling efficiency requires careful coordination of resources and timely synchronization of transport, logistics, and operations with available people and resources. It is a flow that requires precision and speed to optimize the processes in order to buy waste materials, manage recycling operations, and sell newly recycled metals with minimal waste and maximum efficiency.

Business with a mission

We often read tag lines from businesses wishing to help the environment. Galloo lives this; their entire existence is focused on just that. The Galloo mission is to ecologically recycle metals – converting waste metal materials into new raw materials in a way that benefits the environment, prevents depleting our scarce resources, and reduces and manages the whole process in a clean way.

Turning old and used into shiny and new with constant innovation

Procuring materials to be recycled is not like buying raw inventory materials of standard sizes, shapes, and configurations. The raw material supply is constantly changing, it requires careful testing in order to comply with ISO standards. Through a careful understanding of the people, processes, machines, and transport, Galloo is now able to optimize utilization and ensure that costs are managed so that the business can be sustainable itself and grow for years to come.

In order to drive a sustainable recycling business, processes require automation and constant management. Without integrated business flows and monitoring of KPIs expensive delays and costs can be incurred. To solve this problem Galloo needed solutions beyond the core SAP S/4HANA Cloud ERP and required extended capabilities and integrations enabled through the SAP Business Technology Platform. 

Galloo created extensions in a side-by-side fashion with the SAP S/4HANA Cloud ERP Core using the SAP Business Technology Platform (BTP). This now enables both standard ERP as well as custom applications to be accessible to them via one single point of entry.  To simplify this, the BTP Portal uses the central launchpad architecture along with SAP Cloud Platform Integration (CPI) to integrate all third-party systems for production and planning.

Galloo now has constant visibility to business performance and flow with the help of the SAP Analytics Cloud to monitor their KPIs. The applications are managed for compatibility across versions and upgrades to ensure data integrity by using the SAP Cloud Application Lifecycle Management (ALM).

It takes a village

Recycling requires commitment across the supply chain to ensure a virtuous cycle of receiving materials to be recycled, processing, and selling of recycled metals. In the same way, it takes a commitment across the technology landscape to ensure constant innovation, integrity, and flexibility.

Galloo partnered with SAP and Flexso NV, an SAP-certified implementation partner with offices across Belgium, Luxembourg, and Austria. The Flexso depth of understanding of Galloo, SAP S/4HANA Cloud, and the SAP Business Technology platform provided the needed skills, reassurance, and confidence to make the implementation go smoothly and protect the future needs of Galloo.

Recycling operations must hum as complexities grow

The complexities of recycling grow as new raw material technologies are developed. Battery-powered vehicles, clean processing regulations, global energy costs, and new regulations place demands on recycling companies to be ever more sophisticated in their business operations, compliance, reporting, cost and labor management.

Galloo achieved its goal of digital automation with technology that can now manage processes quickly and securely. By investing in technology, Galloo has control of financial reporting, inventory management, and valuation, ensured regulatory compliance, optimized transport and operations, and used integration and automation to make processes hum.

Future proof sustainability

It is great to see that Galloo can now confidently meet their current and future needs.

For its accomplishments, Galloo has been named a finalist in the 2023 SAP Innovation Awards, which is celebrating its 10th anniversary.

To learn more about the Galloo Innovation Awards recycling innovations, check out their Innovation Awards pitch deck.

Digital Transformation

Over 90 wildfires ravaged Spain’s Asturias principality in March this year. Though not as cold and wet as northern Europe, March is still the tail end of winter in northwest Spain, a region not typically considered a tinder box. But the climate emergency is steadily changing that.

But Spain’s predicament isn’t unique. Across the world, climate change has bitten hard into the economies of tech-centric California, again due to wildfires. Australia and Pakistan have seen communities wrecked by large-scale flooding and continual rain, while in 2022, Europe had its hottest summer on record.

There is a need and realization by the business world to be more environmentally sustainable since organizations are seeing an impact on the bottom line as a direct result of climate change. So the CIO, the technologies they deploy, and the partnerships they form are essential to the future of a more environmentally sustainable way of doing business.

A question of time

Thomas Kiessling, CTO with Siemens Smart Infrastructure, part of the German engineering and technology conglomerate that makes trains, electrical equipment, traffic control systems, and more, understands that time is running out. His concerns are backed up by the Intergovernmental Panel on Climate Change (IPCC), which on March 20, 2023, said it’s unlikely the world will keep to its Paris Climate Accord promises.

And if the world’s temperatures rise by or above 1.5 degrees Celsius, businesses will feel further impacts to their bottom line, including increased supply-chain issues on a network already overstretched and fragile. Food and water insecurity will increase, and energy systems, housing stock, insurance, and currency markets will all become more volatile—a worrying set of scenarios for business leaders and boards.

CIO enablement

Historically, CIOs have been vital enablers during times of major change, championing e-commerce, digital transformation or agile ways of working. Organizations responding to the climate emergency are, therefore, calling on those enablement skills to mitigate the environmental impact of the business.

Key to this is a greater understanding of business operations and their production of CO2, or use of unsustainable practices and resources. As with most business challenges, data is instrumental. “Like anything, the hard work is the initial assessment,” says CGI director of business consulting and CIO advisor Sean Sadler. “From a technology perspective, you need to look at the infrastructure, where it’s applied, how much energy it draws, and then how it fits into the overall sustainability scheme.” 

CIOs who create data cultures across organizations enable not only sustainable business processes but also reduce reliance on consultancies, according to IDC. “Organizations with the most mature environmental, social, and governance (ESG) strategies are increasingly turning to software platforms to meet their data management and reporting needs,” says Amy Cravens, IDC research manager, ESG Reporting and Management Technologies. “This represents an important transition toward independent ESG program management and away from dependence on ESG consultants and service providers. Software platforms will also play an essential role in an organization’s ESG maturity journey. These platforms will support organizations from early-stage data gathering and materiality assessments through sustainable business strategy enablement and every step in between.”

Sadler, who has led technology in healthcare, veterinary services, media firms, and technology suppliers, says consultancies and systems integrators should be considered as part of a CIO’s sustainability plans. Their deep connections to a variety of vendors, skills, experience and templates will be highly useful. “It can often help with the collaboration with other parts of the business, like finance and procurement as you have a more holistic approach,” he says.

The IDC survey further finds that the manufacturing sector is leading the maturity of ESG strategies, followed by the services sector, indicative, perhaps, of industries with the most challenging sustainability demands to get on the front foot.

CIOs in organizations already with ESG maturity adopt data management, ESG reporting, and risk tools. In the 2022 Digital Leadership Report by international staffing and CIO recruitment firm Nash Squared, 70% of business technology leaders said that technology plays a crucial part in sustainability.

“CIOs are in a great position to demonstrate their business acumen,” says Sadler. “They can cut costs and generate additional revenue streams.” And DXC Technology director and GM Carl Kinson says IT is now central to cost reduction, while high inflation and rising energy costs make CIOs and organizations assess their energy spending in a level of detail not seen for a long time. This will have a knock-on environmental benefit. Kinson says CIOs are looking to extract greater value from enterprise cloud computing estates, application workloads, system code, and even the use or return of on-premise technology in order to reduce energy costs.

“We’re working with clients to set carbon budgets for each stakeholder to make them accountable, which is a great way to make sure all areas of the business are doing their bit to be more sustainable,” says Sadler.

Great expectations

Falling short of corporate sustainability goals will not only upset the board but exacerbate the search for skills CIOs face, which, in turn, complicates strategies to digitize the business.

Becoming an environmentally sustainable business is core to the purpose of a modern organization and its ability to recruit and retain today’s technology talent.

Climate urgency also impacts CIOs themselves in their employment decisions, too. “I would need to understand the sustainability angles of an organization,” says James Holmes, CIO with The North of England P&I Association, a shipping insurance firm. Business advisory firm McKinsey also finds that 83% of C-suite executives and investment professionals believe that organizational ESG programs will contribute to an increase in shareholder value in the next five years. And the Nash Squared Digital Leadership Report adds that due to the urgent global move to integrate sustainability into core business operations and the customer proposition, it’s important that digital leaders have what it calls a dual lens on sustainability.

Part of that increased shareholder value will be to ensure the business is able to meet the evolving regulations surrounding environmental sustainability. For CIOs in Europe, the EU Sustainable Finance Disclosure Regulation was adopted in April 2022, and the Corporate Sustainability Reporting Directive (CSRD) secured a majority in the European Parliament in November 2022. California also introduced environmental regulations in September 2022, and other US states are likely to follow.

“Regulation can be pro-growth,” Chi Onwurah, shadow business minister in the UK Parliament and a former technologist, recently said at an open-source technology conference. “Good regulations create a virtuous circle as more people trust the system.”

CIOs and IT leadership, whether in the UK or not, are integral to make organizations more environmentally sustainable in order to help stave off environmental collapse. No vertical market can operate effectively during an ongoing environmental emergency unless a technological response based on collated data is enacted and supported across the organization.

During the Covid-19 pandemic, CIOs and IT leaders enabled new ways of adapting to change, and these need to continue as environmentally sustainable business processes become greater priorities.

CIO, Green IT, IT Leadership

While mobile devices are the symbol of business continuity, they are also the mark of easy prey for cybercriminals. In fact, 75% of companies experienced a “major” mobile-related security compromise in 2022. And that risk brings high costs with it. When remote workers are the root cause of a data breach, mitigation costs rise 20% hiking the price tag up from $4 million to $5 million.

And it’s not just cybercriminals profiting from loopholes in corporate mobile security.

Regulations like GDPR and SOC2, as well as government agencies themselves, have all taken aim at mobile vulnerabilities. In October, the federal Securities and Exchange Commission fined 16 financial firms $1.8 billion after they failed to prevent employees from communicating with clients via their personal devices.

With the proliferation of personal devices used for work, most executives are bracing for impact and recognizing that it’s time to strengthen endpoint security. Whether you are working to avoid federal agents or rising ransomware attacks, here are the best practices for improving the security posture of your corporate mobile fleet.

Remove blind spots to strengthen mobile security 

Widening protections for the entire fleet starts with understanding your devices and where their vulnerabilities hide, as uncovering security blind spots is half the success equation.

Companies are highly reliant on their mobile devices and yet many manage hundreds or thousands of them using poor recordkeeping practices. Comprehensive security starts with a registry that defines what the fleet has, what state it is currently in, and what applications, access methodologies, and services it uses. Devices can include laptops, phones, iPads, watches, scanners, sensors, and a variety of wireless tools.

Gaining visibility is the first step in identifying and managing every device into a known state. Network analytics, usage audits, Shadow IT discovery tools, and IT expense management platforms can be helpful in establishing a working inventory that can be expanded with detailed information about ownership, operating systems, users, their associated applications as well as the security risk of each application in use. A centralized system also helps with overarching insights to prioritize security efforts. For example, you may want to start with high-volume devices or those that use applications bringing the highest security risk.

Consider your mobile strategy and its impact on security

With an accurate assessment of company-owned and employee-owned devices, now is a good time to evaluate how your mobile strategy and device ownership policy uphold security. More devices expand the attack surface for bad actors, and the lack of standardization can make security complex with a broader range of operating systems, device types, applications, and other hardware-based risks for IT teams to manage.

One Vanson Bourne study showed 81% of companies are shifting their corporate policies due to challenges in security and management. At companies with a Bring-Your-Own-Device (BYOD) policy, 65% of devices accessing corporate information are personally owned. This reveals the intertwined relationship between employee devices and the information companies must protect. While today’s dominant approach is to use a BYOD approach with mobile phones and corporate ownership for laptops, tides are shifting as companies better balance security requirements with the convenience of employee devices.

Best practices: configure and secure devices into a known state

Building a foundation for mobile security should start with leading security frameworks, such as the Cybersecurity and Infrastructures Security Agency’s (CISA) Zero Trust Model for Enterprise Mobility, which includes mobile security techniques as well as tips for using the built-in security features of mobile operating systems. The National Institute of Standards and Technology (NIST) Cybersecurity Framework is also helpful in process design.

The act of securing devices requires applying technologies to exert visibility and control over the entire fleet. This way companies can examine the operating system versions, configurations, and firmware, identifying any loopholes or security threats. Moreover, these tools can ensure applications comply with enterprise security standards, detect when system changes have been made, and empower IT teams to take swift action regarding threat investigation and mitigation. Unified endpoint management solutions (also known as mobile device management solutions) package these security tools and services together for ease of implementation and ongoing management.

Particular attention should be paid to:

Cloud-based security compatible across a range of devices, allowing for the widest applicability and the broadest standardization of security across the entire fleet.System updates and patches with real-time, granular insight into device compliance across the operating system, web browsers, and applications in use.Multi-factor and password-less authentication, as compromised passwords are a key cause in mobile device data breaches.Multi-layer security addressing the core, hardware, firmware, and applications.Zero trust network access capabilities on a continuous basis, reducing the attack surface through an identity-based approach to security and access management .Physical separation —whether its network segmentation applied to mobile and IoT devices, secure containerization separating personal information, or data isolation blocking unauthorized communications, separation makes sensitive information more difficult to access.Location tracking and remote controls allow IT teams to digitally control functions from afar, including finding, locking, and unlocking devices, pushing content and applications, and wiping functionality either individually or entirely.Automation and analytics make it faster and easier to manage mobile security.Machine learning and behavioral analytics are best for monitoring threats and accelerating the time to identify malware, ransomware, and zero-day attacks.Process automation eliminates repetitive, manual tasks necessary in maintaining inventories, preparing devices for employee use, and reducing IT intervention when remediation or quarantine actions are needed to bring the fleet into compliance.Dashboards should summarize the active risk exposure including vulnerabilities associated with each endpoint, and automation should prioritize response and remediation based on the likelihood of a breach  .

Often companies have too many devices to secure and too few resources to do the job effectively. That leaves security unchecked at critical moments in the lifecycle of a device, such as during preparation stages, threat mitigation procedures, and employee on- and off-boarding. At these junctures, each device must be protected comprehensively, outfitted with the company’s unique security applications, updated with the latest patches, and enabled with encryption, firewalls, anti-virus, and built-in security features—all before devices are put back into the hands of users.

This explains why many IT teams need to add the support of asset management services to their mobile security software purchase. When IT resources are already overstretched, service providers can handle inventories, orders, service providers, invoices, mobile help desk support, configurations, repairs, and decommissioning and reassignments.

Holistic endpoint security practices

Advanced security capabilities alongside dedication and discipline are necessary in order to configure devices into a compliant state and maintaining that known state is essential as both the business and the threat landscape perpetually evolve.

Mobile security pressures will continue to rise in parallel with more cybersecurity attacks, changing compliance requirements, and more devices to manage. Companies that can make and keep a concentrated effort on mobile security will rise above these challenges by exposing any blind spots inside their fleet, operationalizing a data-driven mobile strategy, and making proactive and ongoing security protections an integrated element of their mobile-first business.

To learn more about mobility management services, visit us here.

Cloud Security

As a 159-year-old family business, Dutch brewing company Heineken owes its longevity to a steady stream of innovation. Founded by entrepreneur Gerard Adriaan Heineken in 1864, who sought to renovate an old brewery in the center of Amsterdam, the beer company that would later bear his name has become synonymous with Dutch beer, readily recognizable from its green bottle with red star label.

Heineken owns its piece of history, too, from becoming the first brewer to introduce quality control laboratories to the first legally sold beer in the US after prohibition was revoked in 1933. Today, it owns over 300 brands, and is sold in more than 190 countries.

Yet in 2023, the brewer faces new constraints, such as an expected recession, rising barley and energy prices, and aluminum supply chain shortages. The firm must also attract younger customers amid growing competition from microbreweries, higher market prices and new attitudes to alcohol consumption.

For Heineken’s global CIO Ing Yan Ong, the journey to keep a historic beer brand relevant starts with simplifying ERP, adopting agile methodologies and rethinking customer and supplier relationships in an age of digital analytics and personalized communications.

Heineken’s ambition to become best in class with connectivity

Heineken has historically excelled at building strong connections with consumers, customers, suppliers and employees, but there’s an understanding that relationships are changing where physical and digital experiences intersect.

As part of Heineken’s 2021 EverGreen strategy to commit to future-proof the organization, adapt to market dynamics, and emerge stronger from the pandemic, there’s the objective to digitally transform the business and its relations with stakeholders. It’s this intention to become the “best-connected brewer” that’s a priority in Heineken’s digital and technology (D&T) organization, and with Ing Yan.

“Becoming the best connected brewer is making sure we strengthen the relationships with our customers, consumers, suppliers and employees in a context that’s fully digital,” he says, who reports into the CDO and was previously senior director for global information services.

Historically, the firm’s route to the consumer was sales representatives going from bar to bar selling orders through paper-based forms. Digital technologies have improved this process, allowing for online and predictive ordering, which would, in turn, offer bars insights and recommendations on what drinks were popular with customers and what other local outlets were ordering.

Such is the proliferation of digital technologies that Heineken sees it as a business in its own right, and is targeting at least €10 billion (USD$10.7 billion) of business through digital channels over the next three years. As of its Q3 2022 trading update, the company achieved €4.3 billion in digital sales value, more than two-and-a-half times against the comparable period the previous year.

Ing Yan says that platforms like SAP, Salesforce and Microsoft are powering such growth, but adds that Heineken has also tapped emerging technologies to derive better insights.

The firm’s connected brewery IoT platform, for instance, is being used for data ingestion and edge computing in breweries, enabling local teams to analyze, adjust, test and optimize production processes, with this in-turn allowing operations to leverage real-time and historical data to support the workers on the shop floor.

Meanwhile, the new AI platform AIDDA (artificial intelligence, data driven advisor, dynamic advisor) gives sales representatives better insight on pricing, stock and promotions. Ing Yan says it’s already helped detect and resolve customer churn, and improve sustainability by reducing sales travel by 30% through optimal routing. Separately, it’s been reported that Heineken has also used AI technologies to optimize the color of the beer to Heineken gold.

“It’s really shifting from a more traditional way of doing business engaging, to making sure we’re now steering the conversation [with customers] and in that way, actually helping the outlets,” says Ing Yan. “Our role is to make sure the outlets are successful, and that works back to our success as well.”

Agility in a federated organization, plus ERP modernisation

Heineken’s size presents opportunity and challenge in equal measure for a digital and technology function tasked with everything from supporting designing new smart fridges, to workshopping with the robotics team and modernising some 45 ERPs and 3,500 applications across 85 operating companies.

Agility has become critical, top-down and bottom-up. Strategically, Ing Yan says there’s board alignment with the launch of a new digital strategy, and close collaboration with his CDO, who sits on the board.

There’s also a growing emphasis on improving team performance. Heineken has embraced flexible working in teams, adopting agile methodologies and introducing two products teams for more than 80 experimentations where people can learn to apply scrum and agile ways of working.

Now proclaiming to be an agile organization, Heineken’s next endeavor is ERP harmonisation, which represents an opportunity to bring together a fragmented IT estate.

This new digital backbone consists of a lean SAP S/4HANA Core with a set of cloud-based business platforms, replacing the existing wall-to-wall ERPs across 80 of Heineken’s operating companies. This backbone, says Ing Yan, will allow the operating companies to provide seamless customer experiences, drive efficient end-to-end processes, and ensure scalability across markets.

“It will allow us to deploy new capabilities across Heineken at speed and maximize the value of data within and across the operating companies,” says Ing Yan. “In 2022, we finished the design and build phase and will pilot the digital backbone in selected [operating companies] this year, and we’ll start industrial deployment in 2024 with the intent to complete the roll-out in the next six years.”

Upskilling teams and balancing the future

Heineken’s growth does, however, require new skills and a change in business ethos. Ing Yan talks about the power of taking people on a journey, and making sure they’re future-fit for the digital age.

The Digifit learning platform, available to D&T teams and external parties, has played an important role to help colleagues understand Heineken’s new direction. Ing Yan says 28,000 training modules were completed in 2022, varying from basic principles of digital to more complex topics.

“Our role is to upskill Heineken on what digital is going to bring,” says Ing Yan. “Digifit is a basic understanding of what digital is, some of the terminology, what it’s going to be and some of the consequences. We also do multiple sessions with the upper management teams, or even regional management teams, to take them on board about how the world is going to be different. I think it helps get the support [for IT] as well.”

The future, he adds, is about balance. On the one hand, Heineken must implement the digital backbone, and navigate the considerable integration and orchestration work. But on the other, it’s approaching a complicated talent market.

“From a technology point of view, getting [the digital backbone] to work is one achievement, but then implementing it in our operating company, changing the ways of working, and changing the task and roles around it to make sure it’s fully operated—that’s huge,” he says. “The focus for me over the next 12 months is to make sure we get live with our first pilot adopters and capture learnings, because we’ll scale this across 85 markets in the next six years.”

Business IT Alignment, Business Process Management, Chief Digital Officer, CIO, Digital Transformation, Enterprise Architecture, IT Leadership, Supply Chain

Cloud services, software-as-a-service (SaaS) applications, and on-premises infrastructures connected by wired and wireless networks now represent the backbone of modern enterprises. To fully harness the benefits of modern network architectures, network operations teams need a deep understanding of how these systems perform. This visibility is essential if teams are to avoid the downtime that results in lost revenues.

To be successful, teams must enhance their operational awareness and gain comprehensive visibility into the performance of both internal networks and those managed by third parties. Even by making small advances in this IT arena, teams can deliver large business benefits and demonstrable return on investment (ROI). 

Broadcom

Fig 1. Following a maturity model enables IT teams to take achievable steps toward expanding their operational visibility

Eliminating Redundant Network Monitoring Software Yields $1M in Cost Reductions

To move from basic visibility to proactive network operations, teams must meet the following objectives:

Establishing unified contextual awareness across network inventory, alarms, events, fault, performance, flows, logs, and configurations for traditional network architectures.Retiring redundant toolsets and establishing one source of truth for data collection and correlation across multi-vendor technologies.Instituting advanced capacity planning and insights into how bandwidth consumption affects user experiences.

Over the years, teams have invested in capabilities for monitoring complex networks that connect employees to a mix of enterprise applications, public cloud environments, and SaaS applications. The end result has been tool sprawl, which costs companies an average of $2.5 million per year. By following a maturity model that advances IT awareness in complex network architectures delivering critical user experience, businesses can expect a 50% reduction in costs over three years, delivering savings of more than $1M.

Avoiding Downtime Yields $2.5M in Revenue Savings

To move from proactive operations to modern observability, teams must establish awareness of modern network technologies like SD-WAN. However, gaining this visibility can’t mean adding more tools to your environment. Today’s teams need tool vendors that offer add-on capabilities, so they can use their current monitoring processes and workflows and apply them to these complex, modern network technologies. This guarantees that teams don’t have to deploy, learn, and administer new tools. Plus, it means teams can more easily apply the operational expertise they already have to the software-defined networking space.

By following these steps, teams can discover opportunities for avoiding downtime. This downtime avoidance can lead to improved network availability for critical business services, which can provide revenue savings of up to $2.5 million over three years.

Realizing an ROI of 160%

The holy grail for network operations is to move from modern observability to experience-driven network observability. Achieving these capabilities requires establishing advanced visibility into the experience of network users.

Research shows that, when following this maturity model for advancing network monitoring capabilities, organizations typically invest around $2.6 million. These investments can deliver business benefits amounting to $6.8 million over three years, resulting in a net present value (NPV) of $4.2 million and an ROI of 160%.

As companies invest in network innovations to support changing business needs, teams need to make commensurate investments in tools to manage their modern environments. However, it’s vital that these investments enable teams to establish unified visibility, including of both legacy and new technologies, and of both networks that are managed internally as well as those managed by external vendors. By leveraging these capabilities, teams can reduce downtime and costs.

Many business leaders still view IT as a cost center, rather than a strategic partner. By delivering significant business outcomes, including sizable cost savings and ROI, IT teams can fundamentally and permanently change this perception.

To learn more, visit Broadcom.

Networking

Journey Beyond, a part of Hornblower Group, is Australia’s leading experiential tourism group. Headquartered in Adelaide, it operates 13 brands and experiences spanning the country. The company’s overall strategy is to “have a customer experience that’s second-to-none — from the moment they first engage with the company to plan their experience, to when they return home at the end of their travels — regardless of what Journey Beyond adventure you are booking.”

However, the company’s disparate technology systems were proving to be a hinderance in its commitment to consistently deliver unmatched services and experiences to customers. As its business diversified, including its own acquisition by Hornblower Group in early 2022, Journey Beyond inherited a range of disparate technology systems, including six different phone systems and an outdated contact center that was only servicing Journey Beyond’s rail journeys. The remaining brands in the company’s portfolio were using basic phone functionality for customer enquiries and reservations.

Madhumita Mazumdar, GM of information and communications technology at Journey Beyond

istock

“The different communication solutions were unable to provide an integrated 360-degree customer view, which made it difficult to ensure a consistent, unrivalled customer experience across all 13 tourism ventures, and any other brands Journey Beyond may add to its portfolio in the future. The absence of advanced contact center features and analytics further prevented us from driving exceptional customer experience. Besides, we couldn’t enable work-from-anywhere, on any device capability, for employees,” says Madhumita Mazumdar, GM of information and communications technology at Journey Beyond.  

These challenges forced the company to transition to a modern cloud-based communication platform.

Multiple communication solutions cause multiple challenges

Because Beyond Journey operates in the experiential tourism market, providing a personalized, seamless customer experience is essential — something its previous communications systems lacked, Mazumdar says.

“For instance, our train journeys get sold out a year prior to their launch. Therefore, when we launch a new season, there is a huge volume of calls from our customers and agents. The existing system lacked callback mechanism, leading to callers waiting in queue for as long as 40 minutes, which adversely impacted their experience,” she says, adding that there was also no way to prioritize certain calls over others.

The existing system also lacked analytical capability to provide any customer insights and it wasn’t integrated with Beyond Journey’s CRM. As a result, representatives interacting with a customer didn’t know whether the customer had traveled with the company before. “The communication between us and the customer was transactional instead of being personalized,” Mazumdar says.

Since the existing systems were very old, they couldn’t be managed remotely. In case of an outage, the company had to send a local person to rectify the on-site phone system, which could take a couple of hours. During this time, customers were unable to call Journey Beyond.

“The IVR was also not standardized across the company. As the IVRs were recorded in voices of employees from different business units, a caller had no idea they were part of the same business,” says Mazumdar.

Incoming calls to Beyond Journey’s toll-free numbers were also adding to the operational cost. “We paid per-minute on the calls received to our toll-free numbers. The high call volumes meant huge costs for us. Even if the call was hanging in the queue, it was costing us every minute,” she says.

Implementing a consolidated communications platform

To overcome the bottlenecks and drive customer engagement to the next level, Journey Beyond launched a contact center transformation, the first step of which was to establish a common unified communications (UC) platform across the business and integrate it with a new contact center (CC) solution. After evaluating several UC and CC solutions, Journey Beyond chose RingCentral’s integrated UCaaS and CCaaS platforms — RingCentral MVP and Contact Center.

“We started evaluating multiple vendors in the first quarter of 2021. The software evaluation process took three to five months after which the implementation started in August 2021. We went live in October 2021,” Mazumdar says. The entire SaaS solution was hosted on AWS.

The company took this opportunity to shift to soft phones and headsets by getting rid of all physical phones. “We purchased good quality noise-cancelling headsets, which was the only hardware we invested in significantly,” says Mazumdar. “Although we had premium support from RingCentral, we decided to learn everything about the solution and take full control over it. So, while the integration and prebuild was completely done by RingCentral, over time we trained multiple people in the team on the solution. In hindsight, this was the best thing we did,” says Mazumdar, who brought in two dedicated IT resources with phone system background for the new solution.

“Different business units within the company work differently. For instance, the peak hours for one business could be different from those of another business, which impacts how you set up the call flows. It’s not one basic standard rule that could be set up for all businesses across the company. With in-house understanding of the solution, we had full control over the solution and were able to make changes, refinements, and complex prioritization rules to it ourselves without depending on the solution provider,” she says.

Cloud-based solution delivers customer visibility and value

Connecting multiple businesses with a common communications platform to deliver consistent customer service across the group has yielded compelling business benefits to Journey Beyond.

A key advantage of the tight integration between UC and CC is the customer service operation’s accessibility for the entire Journey Beyond team.

“At a national integrated level, we now have subject matter experts in each of our experiences available to deliver unrivalled customer experience, with economies of scale. So, if one team is under duress in terms of call volumes, the call can be overflowed and picked up quickly by a consultant with secondary expertise in that brand,” says Mazumdar.

Journey Beyond is supporting its customer experience drive by integrating the CC solution with its CRM to develop omni-channel CX capabilities and build towards a 360-degree view of the customer.

“We are building up our ‘Know You Customer’ strategy, which starts with our customer service agents knowing who you are when you call any of our Journey Beyond brands,” says Mazumdar. “Callers who have travelled with us before, have their phone number in our CRM. When they call, their records pop up. The executive can look at the customer’s history with the company and the communication between them becomes a lot more personalized. The integrated view of the customer also helps to cross sell. For instance, if a person is booking a train journey from Adelaide but our executive knows that he is coming from Sydney, he can sell him another trip in Sydney.”

The other major advantage is the scalability and remote capabilities of the cloud-based platform. The solution allows Journey Beyond to run operations 24×7 with centralized administration and distributed users, working from anywhere, on any device. This has also given Journey Beyond the opportunity to recruit for talent in other locations outside the market around its Adelaide office.

Journey Beyond has also rolled out the solution’s workforce management functionality to better align agent availability with customer demand. The advanced feedback capabilities allow Journey Beyond to measure customer net promoter scores (NPS) right down to the consultant level. That NPS functionality will then be integrated into Salesforce, enhancing the 360-degree view of the customer experience.

The solution’s quality management functionality is providing Journey Beyond with a level of automation to ensure the contact basics are being completed, allowing leaders to focus on scoring the more complex or intangible components of customer engagements — delivering a recording of both the call and what is happening on screen at the same time. “Quality analytics completes the picture in terms of everything we need to see from a skills gap perspective,” says Mazumdar. Journey Beyond has deployed the UC solution to all businesses nationally. The CC solution has been rolled out at the company’ rail division and Rottnest Express while onboarding for the other businesses is in progress.

Unified Communications

When you think about people entangled in organizational politics, terms that come to mind include manipulation, self-serving, turf battles, power plays, and hidden agendas. Not terribly uplifting. But Neal Sample, former CIO of Northwestern Mutual, sees it a different way. “I think of a different set of words like influence, diplomacy and collaboration,” he says. “In reality, politics aren’t good or bad. It’s just how things get done in organizations.”

So how should we be more cognizant about office politics versus organizational politics now that the pandemic has shifted the former to the latter? Managers approach it in different ways but for tech leaders, it can be particularly challenging, something Sample calls the physics of IT.

“I think politics is really about getting a positive outcome when there is scarcity,” he says. “That’s what you’re trying to work for. That clinical definition has the idea of advancing one of your ideas, which I think is okay, as long as it lines up with a positive outcome whether it’s for shareholders, customers, clients or patients. Not every idea can’t be implemented, and that’s when politics comes into play. You have different groups with different ideas of what positive outcomes look like, and then it’s navigating those potentially choppy waters especially as an IT professional.”

Sample, whose career also includes roles at Express Groups, American Express, eBay, and Yahoo!, knows that ethically building critical mass of support for an idea you believe in is a textbook description of those who are politically savvy. But equal empathy for dissenting positions goes a long way to achieve beneficial outcomes.

Tech Whisperers podcast’s Dan Roberts recently spoke with Sample about the evolving nuances of organizational politics. Here are some edited excerpts of that conversation. Watch the full video below for more insights.

On leading equity: I think a lot of the old definitions of politics had to do with the physical space in the office, with relationships, tenure and a notion of favoritism: who had been around before, who had achieved before, who seemed to be in favor versus out of favor. And a lot of that goes away with online equity. But a virtual environment is complex for gathering a diversity of ideas. For example, we remember the first time we saw ourselves in little boxes outside the office in the early editions of Zoom, and there was a certain level of equity associated with it. We all had the same size real estate. On the other hand, people noticed an asymmetry in airtime. Unless you were very intentional about pulling people into a conversation, there was a chance that people who were otherwise shy or part of a marginalized group would be even more shy or more marginalized. It was actually easier to get lost in the conversation. People didn’t talk over each other or sidebar in a way that might have happened in a face-to-face meeting.

On the physics of IT: IT is a unique element of a business. In the notion of resource scarcity, we might want to get something done but then halfway through the year, even with an annual plan, a new idea comes up, or some M&A or a competitive threat emerges and we decide we need to change something. Inside of information technology, sometimes there are these tradeoffs—the physics of IT. You have one particular team that knows a system. They’ve been working on Problem A, and now they’re going to work on Problem B. Or you have a certain amount of capacity and throughput that’s sitting in a data center or in a legacy installation, and you can’t magically grow that by a factor of 10 because of your historical application services. In any way, IT has this notion of physics. There is a limit that happens sometimes with subject matter experts or resources. Other areas don’t have that conundrum. Sometimes you can solve the problem with money, but there are other elements of the workplace that aren’t constrained by the same set of resources, the same physics problems that IT have. Because of that intrinsic scarcity, IT is where the conflict often shows up.

On negotiation: As an IT professional, I’ve spent time learning from the world of business about how to be a good negotiator. One thing that was new to me years ago was the notion of a BATNA—your best alternative to a negotiated agreement. If you find yourself in negotiation, the first thing you have to figure out is what the best alternative is, which tells you what it’s like if you lose. It also tells you what your leverage is with a vendor, let’s say. You have to think about your pricing negotiation. Having that in mind, starting with seeing what it looks like to lose this negotiation, or not end up with the price you want, is incredibly powerful because then instead of talking about it like it’s an all or nothing, it’s really the difference between 100 and 80, but 80 at a lower price. You figure those things out. That is really powerful. What’s also interesting are contracts between IQ and EQ. I think folks used to be happy to be IQ-oriented professionals in technology. And a lot of time, we were thought of as sort of back-office cost control. But that switched to the notion that technology is the product or the experience, or powers the supply chain, is true just about everywhere now. The big difference, from a negotiating perspective, is because of the physics of IT and that tradeoffs happen in technology a lot, you have to be good with your EQ. Not even just dealing with a single partner but somebody who wants something from you. Sometimes, the battleground is two different business divisions or maybe two functions that both want something and suddenly, your job is to now be Switzerland.

On the good fight: We should all be fighting to win for the company, enterprise, organization. But politics is when we have different ideas, when there is scarcity and we can’t do everything. There has to be a tradeoff. If you fight to win, you’re going to set yourself up as an adversary. There’ll be an outcome that’s positive and negative—the classic win-lose. But if you fight to lose, the first thing you do is adopt the opposition idea, philosophy, product or approach—whatever you feel is competing with your proposal or idea. So then you adopt it as your own and spend time figuring out why the other side is right instead of doing research to back up your own position. For example, if you think going to Agile from Waterfall is the right thing to do, spend time trying to figure out why Agile doesn’t work. Then I guarantee two things will happen. You’ll either become more effective and persuasive with your own argumentation because you better understand the alternatives, or you might find yourself changing your mind. And from an office politics perspective, this is one of the best things that can happen for a long-term relationship, coming to a partner with humility. You demonstrate you have empathy and are a good partner because you are willing to compromise.

CIO, IT Leadership, IT Management, IT Strategy, Remote Work

Cybersecurity threats and their resulting breaches are top of mind for CIOs today. Managing such risks, however, is just one aspect of the entire IT risk management landscape that CIOs must address.

Equally important is reliability risk – the risks inherent in IT’s essential fragility. Issues might occur at anytime, anywhere across the complex hybrid IT landscape, potentially slowing or bringing down services.

Addressing such cybersecurity and reliability risks in separate silos is a recipe for failure. Collaboration across the respective responsible teams is essential for effective risk management.

Such collaboration is both an organizational and a technological challenge – and the organizational aspects depend upon the right technology.

The key to solving complex IT ops problems collaboratively, in fact, is to build a common engineering approach to managing risk across the concerns of the security and operations (ops) teams – in other words, a holistic approach to managing risk. 

Risk management starting point: site reliability engineering

By engineering, we mean a formal, quantitative approach to measuring and managing operational risks that can lead to reliability issues. The starting point for such an approach is site reliability engineering (SRE). 

SRE is a modern technique for managing the risks inherent in running complex, dynamic software deployments – risks like downtime, slowdowns, and the like that might have root causes anywhere, including the network, the software infrastructure, or deployed applications.

The practice of SRE requires dealing with ongoing tradeoffs. The ops team must be able to make fact-based judgments about whether to increase a service’s reliability (and hence, its cost), or lower its reliability and cost to increase the speed of development of the applications providing the service.

Error budgets: the key to site reliability engineering

Instead of targeting perfection – technology that never fails – the real question is just how far short of perfect reliability should an organization aim for. We call this quantity the error budget.

The error budget represents the total number of errors a particular service can accumulate over time before users become dissatisfied with the service.

Most importantly, the error budget should never equal zero. The operator’s goal should never be to entirely eliminate reliability issues, because such an approach would both be too costly and take too long – thus impacting the ability for the organization to deploy software quickly and run dynamic software at scale.

Instead, the operator should maintain an optimal balance among cost, speed, and reliability. Error budgets quantify this balance.

Bringing SRE to cybersecurity        

In order to bring the SRE approach to mitigating reliability risks to the cybersecurity team, it’s essential for the team to calculate risk scores for every observed event that might be relevant to the cybersecurity engineer. 

Risk scoring is an essential aspect of cybersecurity risk management. “Risk management… involves identifying all the IT resources and processes involved in creating and managing department records, identifying all the risks associated with these resources and processes, identifying the likelihood of each risk, and then applying people, processes, and technology to address those risks,” according to Jennifer Pittman-Leeper, Customer Engagement Manager for Tanium.

Risk scoring combined with cybersecurity-centric observability gives the cybersecurity engineer the raw data they need to make informed threat mitigation decisions, just as reliability-centric observability provides the SRE with the data they need to mitigate reliability issues.

Introducing the threat budget

Once we have a quantifiable, real-time measure of threats, then we can create an analogue to SRE for cybersecurity engineers.

We can posit the notion of a threat budget which would represent the total number of unmitigated threats a particular service can accumulate over time before a corresponding compromise adversely impacts the users of the service.

The essential insight here is that threat budgets should never be zero, since eliminating threats entirely would be too expensive and would slow the software effort down, just as error budgets of zero would. “Even the most comprehensive… cybersecurity program can’t afford to protect every IT asset and IT process to the greatest extent possible,” Pittman-Leeper continued. “IT investments will have to be prioritized.”

Some threat budget greater than zero, therefore, would reflect the optimal compromise among cost, time, and the risk of compromise. 

We might call this approach to threat budgets Service Threat Engineering, analogous to Site Reliability Engineering.

What Service Threat Engineering really means is that based upon risk scoring, cybersecurity engineers now have a quantifiable approach to achieving optimal threat mitigation that takes into account all of the relevant parameters, instead of relying upon personal expertise, tribal knowledge, and irrational expectations for cybersecurity effectiveness.

Holistic engineering for better collaboration

Even though risk scoring uses the word risk, I’ve used the word threat to differentiate Service Threat Engineering from SRE. After all, SRE is also about quantifying and managing risks – except with SRE, the risks are reliability-related rather than threat-related.

As a result, Service Threat Engineering is more than analogous to SRE. Rather, they are both approaches to managing two different, but related kinds of risks.

Cybersecurity compromises can certainly lead to reliability issues (ransomware and denial of service being two familiar examples). But there is more to this story.

Ops and security teams have always had a strained relationship, as they work on the same systems while having different priorities. Bringing threat management to the same level as SRE, however, may very well help these two teams align over similar approaches to managing risk.

Service Threat Engineering, therefore, targets the organizational challenges that continue to plague IT organizations – a strategic benefit that many organizations should welcome.

Learn how Tanium is bringing together teams, tools, and workflows with a Converged Endpoint Management platform.

Risk Management

Cybersecurity threats and their resulting breaches are top of mind for CIOs today. Managing such risks, however, is just one aspect of the entire IT risk management landscape that CIOs must address.

Equally important is reliability risk – the risks inherent in IT’s essential fragility. Issues might occur at anytime, anywhere across the complex hybrid IT landscape, potentially slowing or bringing down services.

Addressing such cybersecurity and reliability risks in separate silos is a recipe for failure. Collaboration across the respective responsible teams is essential for effective risk management.

Such collaboration is both an organizational and a technological challenge – and the organizational aspects depend upon the right technology.

The key to solving complex IT ops problems collaboratively, in fact, is to build a common engineering approach to managing risk across the concerns of the security and operations (ops) teams – in other words, a holistic approach to managing risk. 

Risk management starting point: site reliability engineering

By engineering, we mean a formal, quantitative approach to measuring and managing operational risks that can lead to reliability issues. The starting point for such an approach is site reliability engineering (SRE). 

SRE is a modern technique for managing the risks inherent in running complex, dynamic software deployments – risks like downtime, slowdowns, and the like that might have root causes anywhere, including the network, the software infrastructure, or deployed applications.

The practice of SRE requires dealing with ongoing tradeoffs. The ops team must be able to make fact-based judgments about whether to increase a service’s reliability (and hence, its cost), or lower its reliability and cost to increase the speed of development of the applications providing the service.

Error budgets: the key to site reliability engineering

Instead of targeting perfection – technology that never fails – the real question is just how far short of perfect reliability should an organization aim for. We call this quantity the error budget.

The error budget represents the total number of errors a particular service can accumulate over time before users become dissatisfied with the service.

Most importantly, the error budget should never equal zero. The operator’s goal should never be to entirely eliminate reliability issues, because such an approach would both be too costly and take too long – thus impacting the ability for the organization to deploy software quickly and run dynamic software at scale.

Instead, the operator should maintain an optimal balance among cost, speed, and reliability. Error budgets quantify this balance.

Bringing SRE to cybersecurity        

In order to bring the SRE approach to mitigating reliability risks to the cybersecurity team, it’s essential for the team to calculate risk scores for every observed event that might be relevant to the cybersecurity engineer. 

Risk scoring is an essential aspect of cybersecurity risk management. “Risk management… involves identifying all the IT resources and processes involved in creating and managing department records, identifying all the risks associated with these resources and processes, identifying the likelihood of each risk, and then applying people, processes, and technology to address those risks,” according to Jennifer Pittman-Leeper, Customer Engagement Manager for Tanium.

Risk scoring combined with cybersecurity-centric observability gives the cybersecurity engineer the raw data they need to make informed threat mitigation decisions, just as reliability-centric observability provides the SRE with the data they need to mitigate reliability issues.

Introducing the threat budget

Once we have a quantifiable, real-time measure of threats, then we can create an analogue to SRE for cybersecurity engineers.

We can posit the notion of a threat budget which would represent the total number of unmitigated threats a particular service can accumulate over time before a corresponding compromise adversely impacts the users of the service.

The essential insight here is that threat budgets should never be zero, since eliminating threats entirely would be too expensive and would slow the software effort down, just as error budgets of zero would. “Even the most comprehensive… cybersecurity program can’t afford to protect every IT asset and IT process to the greatest extent possible,” Pittman-Leeper continued. “IT investments will have to be prioritized.”

Some threat budget greater than zero, therefore, would reflect the optimal compromise among cost, time, and the risk of compromise. 

We might call this approach to threat budgets Service Threat Engineering, analogous to Site Reliability Engineering.

What Service Threat Engineering really means is that based upon risk scoring, cybersecurity engineers now have a quantifiable approach to achieving optimal threat mitigation that takes into account all of the relevant parameters, instead of relying upon personal expertise, tribal knowledge, and irrational expectations for cybersecurity effectiveness.

Holistic engineering for better collaboration

Even though risk scoring uses the word risk, I’ve used the word threat to differentiate Service Threat Engineering from SRE. After all, SRE is also about quantifying and managing risks – except with SRE, the risks are reliability-related rather than threat-related.

As a result, Service Threat Engineering is more than analogous to SRE. Rather, they are both approaches to managing two different, but related kinds of risks.

Cybersecurity compromises can certainly lead to reliability issues (ransomware and denial of service being two familiar examples). But there is more to this story.

Ops and security teams have always had a strained relationship, as they work on the same systems while having different priorities. Bringing threat management to the same level as SRE, however, may very well help these two teams align over similar approaches to managing risk.

Service Threat Engineering, therefore, targets the organizational challenges that continue to plague IT organizations – a strategic benefit that many organizations should welcome.

Learn how Tanium is bringing together teams, tools, and workflows with a Converged Endpoint Management platform.

Risk Management