When it comes to application development, many companies are pursuing no-code and low-code solutions to stay competitive. No-code and low-code solutions require less coding expertise, making application development accessible to more employees and enabling IT staff to focus on more strategic initiatives. They also give end users flexibility and control — all of which is especially valuable during a critical time of ongoing shortages of highly skilled IT workers.

The benefits of no-code and low-code solutions are numerous, including better collaboration between IT and the business and freeing up IT departments for more complex work.

Implementing no-code and low-code solutions also means a shift in employee responsibilities as well as an organization’s culture — both near- and long-term. For example, by 2024, 80% of technology products and services will be built by those who are not technology professionals, according to Gartner. Organizations and employees alike must be prepared for this change.

IT will find that no-code and low-code solutions transform its role for the better by reducing expenditure, encouraging progress with digital transformation corporate initiatives, reducing IT backlog, and increasing its output.

Key benefits of low-code and no-code solutions include:

Reduce IT spending. With low-code, fewer highly skilled developers are needed and the number of single-point solutions drops. Organizations that once held licenses to dozens of software tools — many of which help only a single department — instead now create their own applications and automated processes.

“IT can leverage one low-code development platform and have the flexibility to meet all department initiatives,” says Suprakash Das, GEP’s VP of platform engineering. “Low-code platforms that are flexible and that can achieve results across the organization are extremely valuable to IT organizations.”

Increase innovation. The need for digital transformation is more urgent than ever. New applications must be delivered quickly, and IT teams are under enormous pressure to do so with limited resources. With low-code application development, IT finds that delivering in under a month is attainable. Business goals are achieved faster. No longer does IT lose time to technical debt and bad code. Developers currently spend more than 17 hours a week on these tasks, but with no-code and low-code solutions, more time is freed up for more interesting, innovative work.

Reduce IT backlog. Most IT teams face a long, growing list of priorities to tackle, but thanks to low-code/no-code platforms, the IT backlog is reduced. Programmers equipped with an efficient solution can complete complicated projects in a fraction of the time usually required, and business leaders are now capable of creating their own solutions. “Entire waves of projects vanish from the IT queue as citizen developers take on their own priorities,” Das says. Pro developers welcome this ability to work on more complex projects and the opportunity to increase their skill sets.

Initially there can be a steep learning curve for nontechnical users, but these users benefit from growing their own skill sets and taking a more central role in application development. They are empowered to transform their own ideas into applications that help solve key business problems.

Implementation will bring immediate and long-lasting benefits for employees and corporate culture. “Overall, IT will achieve greater productivity with low-code,” Das says. “By streamlining the development process and increasing the use of low-code automation, IT can accomplish much more in less time.”

To learn more about integrating low-code and no-code solutions into your organization, visit GEP.

No Code and Low Code

The metaverse—a fast-emerging combination of technologies including augmented and virtual reality, IoT, and blockchain—is poised to change the way financial services organizations and other companies do business.   

“By blending the physical and the digital worlds, the metaverse is changing the rules of engagement and enabling us to connect without barriers,” says Anupam Singhal, a Senior Vice President at Tata Consultancy Services (TCS). “For financial institutions, it can transform the way they offer services and training, making them more convenient, engaging, accessible and inclusive.”   

Metaverse applications are developing quickly. According to Gartner, 25% of people will spend at least an hour in the metaverse by 2026. While financial institutions are starting to experiment with pilot programs, they must ensure that they have the right infrastructure and security protections in place to reap the full-scale benefits the metaverse has to offer.  

Innovative products and services 

In the metaverse, financial institutions can offer customers and employees personalized experiences that leave a lasting impression. For example, clients can hold virtual consultations with investment advisors across the globe and improve their financial knowledge by using 3D interactive tools. Financial institutions can also cater to underserved and underbanked customers with minimal to no charges.  

Employees, even the ones situated in isolated, remote locations, can take virtual tours and gain knowledge faster. TCS is developing an application, for example, that leads new employees on a lifelike journey through a bank’s corporate buildings and history as part of their onboarding experience. And with virtual training, employees can practice skills in a realistic, risk-free environment. 

Metaverse services can also help banks attract new customers.  

“We have a lineup of exciting projects, including creating a virtual bank for retail transactions and a non-fungible token marketplace using blockchain,” Singhal says. “We have already implemented augmented marketing and branding solutions in retail, and we are working on pilots in the business-to-business and business-to-consumer spaces.”  

A seamless, secure infrastructure 

To make these dynamic services possible, organizations must create digital replicas of the real world, supported by dedicated offerings on Microsoft Cloud. Seamless connectivity and extremely low latency, enabled by specialized graphics and edge processing, are also critical to providing vivid experiences and near-real time interactions.   

“With decentralized Web3 technology, users can also take advantage of peer-to-peer capabilities, running some tools and platforms on their devices instead of relying on the cloud,” Singhal says.  

In addition to creating ground-breaking experiences, the metaverse, like other emerging technologies, brings a new set of security challenges. Rogue actors could attempt to steal target NFTs and tokens, or use deepfake techniques to impersonate financial advisors. Personal data collected by AR and VR applications creates greater opportunities for identity theft.  

“We must rethink how we address data privacy and security in the metaverse,” Singhal says. “We need strong regulations like GDPR to define clear boundaries. We also need more security measures like multi-factor authentication and digital encryption to ensure secure experiences.”   

Getting started in the metaverse 

Every organization must carve its own path to the metaverse, a process that starts by examining existing technology and defining services to prioritize.   

“TCS has a successful history of helping businesses grow and transform through technology and make a meaningful difference. We can help leaders identify areas where they can improve, whether that means upgrading infrastructure, investing in new technology, or bringing in new talent. We can co-develop metaverse strategies that align with their business goals and objectives,” Singhal says.  

Organizations can then co-create experiences on the TCS AvapresenceTM platform, which uses blockchain, AI, AR, VR, and mixed reality technologies to address customer needs. For financial services companies, TCS has developed a specialized program that involves training their associates to become proficient in using several 3D engines and platforms to address industry challenges, including security, data privacy, and compliance concerns.   

Financial organizations that want to gain a competitive edge should get started soon.  

“Banks that offer virtual services are going to have a larger consumer mindshare, particularly among younger generations,” Singhal says. “By engaging with the right experts, leaders can break boundaries and take advantage of the metaverse’s limitless opportunities.” 

Learn how to master your cloud transformation journey with TCS and Microsoft Cloud. 

Financial Services Industry

Multinational insurance and finance corporation AIA New Zealand’s dream is to help make the country one of the healthiest and best protected nations in the world. That’s no small undertaking, and as CTO for the company, it’s Marc Hale’s core responsibility to help achieve that goal by providing a secure and stable platform on which the business can operate and innovate.

“As New Zealand’s largest life insurer and leading health insurer, our purpose is to help New Zealanders live longer, healthier lives,” he says. “With that in mind, we have a science-backed vitality platform that helps New Zealanders understand the current state of their health, remove barriers to better health, and create incentives to stay motivated to improve health through exercise and nutrition. For us, it’s about enabling the technology platforms that support and deliver on that.”

Of course, those platforms can only perform properly when the strength of the people behind them are optimized. So building a cohesive internal culture is integral to IT success, as well as achieving personal and professional goals.

“That is a really important part of the role,” he says. “What supports our organizational strategy from technology is building an engineering culture, being customer-obsessed and outcome-focused, and simplifying and modernizing our technology stack. We really live and breathe it by building a stronger bench around our talent pipeline.”

Part of those efforts is embracing internships, and encouraging people from more diverse backgrounds to get into tech roles by working with IT training and development accelerator Mission Ready, and TupuToa, which develops talent from the Māori and Pasifika community.

“I think there’s an underrepresentation in STEM fields from school,” Hale says. “As leaders, we can be more involved, and champion our organization when it comes to offering people shifting career opportunities. We live in a fast-changing world as we look after IT, and we’re custodians of systems and businesses that will hopefully outlive us. So it’s important to adapt, keep learning, and be able to drive teams forward through motivating them with new technologies and the right problems to solve.”

CIO.com’s O’Sullivan recently spoke with Hale about developing an ever evolving mindset for digital transformation that equally strengthens the business and engagement with customers. Watch the full video below for more insights.

On the approach to transformation: Each role I’ve had over the last 25 years is really a personal transformation. We take on broader roles, more senior roles, or other roles in the organization as we learn about the business, and each of those comes with its own challenges: language barriers, cultural barriers, acronyms, company culture. There’s a real amount of change that comes with every change in country or role. It’s a personal journey of discovery and a way of getting to know yourself better and deeper, too. There are a lot of challenges we face day to day, as leaders, but in each role we take on, we grow, hopefully learn more too, and become a little wiser. It’s always a worry if we treat transformation as a project with an end date. It’s about continued change. For me, it usually starts with an assessment of the current state—where are we, from a technology, people and skills perspective. That’s the foundation. From there, it’s important to engage key stakeholders. In my role, it’s the rest of the executive team and my boss, the CEO, who make sure we develop a shared vision, and are able to collectively prioritize once that vision has been set in motion. Things change, priorities shift. So you have to embrace change and understand that change management is a continual process. Monitoring progress and having a feedback system is critical as well.

On embracing culture: It’s rare that anyone would step into a greenfield environment and have something to build from scratch. Legacy systems are always there. How legacy they are will somewhat depend on the business and the role that someone stepped into. But legacy systems and processes—often very intertwined—are key things to look out for, and not underestimate in terms of the complexity they can bring. Budget constraints, of course, are ever present and need to be worked through very closely. One of my key relationships is with the CFO. We need to work closely to understand what the implications are of taking or not taking certain decisions in our modernization journey. I think culture is a big piece of this too. As technology leaders, we need to understand where the resistance to change is, and try to face into that early. It’s not an easy conversation. People are generally wedded to the way we’ve done things—I find myself in this group as well. It’s natural to want to be more efficient and more effective at what you do, so changing that dramatically is uncomfortable. And trying to understand whether it’s discomfort because of the fear of change, or through lack of skills is an important differentiator. Either of those can be tackled, but if you get them wrong and try and tackle it with the wrong solution, it can become harder.

On combating change fatigue: We have a high cadence for change. I think there’s no fear of that. But it needs to be balanced with a sense of progress and being able to set milestones for deliveries. Often things will need to run as projects, and other things will live as longstanding products as we adopt more agile ways of working. There’s a real balance to it and no real end date to transformation; it’s a continual improvement journey. Sometimes that needs to be accelerated, and acceleration can fit more naturally with transformation because it feels like a bigger change in a shorter timeframe. But overall, organizations should be comfortable being in constant transformation, and people should feel continuously challenged disrupting themselves. For me, ever present are the changes, challenges, and making sure we have stability and availability of our systems. That plays into change management and being able to address how continuous change is in an organization.

On collaboration with the leadership team: There are a number of stakeholders that the role has and we meet often. I have one-to-ones with each of the other execs and it’s where we can really get into the detail of what’s working, what isn’t, and where some of those priorities might be shifting. Ultimately, it’s about time and being accessible as an extension of the leadership team when they’re having key discussions. It’s also about making sure IT can be pulled into conversations at the right time, and not feel like an isolated part of the business. Being able to show adaptability is key. Setting forward a vision and being too stuck with a direction can often feel like IT is inflexible and not agile. So being able to demonstrate building platforms, and a capability that enables the business to go faster really builds trust. The more conversations I have with my boss and with my peers is always time well spent.

Change Management, CTO, Digital Transformation, IT Leadership

Technology work attracts neurodivergent people. So if you are leading a tech team, it’s likely that someone in your crew may be on the autism spectrum (ASD), be living with ADHD, or have an auditory processing disorder, learning disability, or other mental difference. Without the right accommodations, many neurodiverse professionals can struggle and, eventually, leave. These modifications are typically not equipment you can install or tasks to add to HR’s plate. They are behaviors and processes that start with you.

“This is the unique challenge of leadership,” says Brian Zielinski, vice president of technology at Circa. “Some of the most productive, talented individuals have challenges in terms of how they interact with others, or with the world. That talent is precious. If you can create an environment where they can be productive, you’ve got a leg up on the competition.”

To accomplish that, you likely need to do more than you are. A recent Wiley study found that 60% of business leaders believe they are working to foster an inclusive culture while half of Gen Z tech workers felt uncomfortable in a job because of their gender, race, ethnicity, socio-economic background, or neurodevelopmental condition. This disconnect is hitting companies hard when it comes to retaining talent. The reason most young tech workers gave (20%) when asked why they left or wanted to leave a role was that they lacked a sense of belonging.

I asked experts how to fix this. And it turns out that most of the adjustments neurodiverse people need are relatively simple and inexpensive to implement.

“And most of what we think of as accommodations make the environment better for everybody,” says Cara Pelletier, M.A., senior director of DEI at holistic performance management platform 15Five. “When you’re implementing something that makes life easier for somebody with a disability, you’re making life easier for everybody.”

1. Ask people what they need

Neurodiversity includes a wide range of styles, disabilities, preferences, and needs. You can’t know what any of those are until you ask, which is the best place to start.

“In most of my internal messaging before a meeting, I ask, ‘Do you need any accommodations?’” explains Chloe Duckworth, co-founder and CEO of Valence Vibrations, which makes digital solutions for neurodiverse teams. “I make sure I’m asking the question in our very first encounter.”

If you are leading a team and have not already done this, you might hesitate to raise the subject.  

“The most important thing you can do as an executive trying to support disabled or neurodivergent employees,” says Duckworth, “is to ask them what they prefer. It can be uncomfortable for people to constantly advocate for themselves without knowing if their boss or peers will be accommodating. So a lot of disabled people don’t feel comfortable disclosing their diagnosis. As executives, it’s incumbent on us to proactively ask employees what they need.”

You might feel that you don’t want to probe into things that aren’t your business, bring up something that might make your team member feel uncomfortable, be rude, or know what to say. You don’t have to ask about their disability or neuro type, though.

“People don’t need a diagnosis — and shouldn’t have to disclose one — for you to be able to accommodate the best way for them to perform in your environment,” says Duckworth. Ask instead, “What type of workplace environment helps you focus,” she says.

2. Build a safe psychological space

If you find that getting people to ask for what they need is a challenge, it may mean that your work environment does not feel safe or that people don’t trust the company.

“The more psychological safety there is in an environment, the more you’re going to find disclosure of what would help people perform best or deliver results best,” says Bettina Greene-Thompson, program manager for DEI talent acquisition at Amazon.

For Circa, this took some effort. “The biggest cultural change was building an environment where individuals felt comfortable sharing,” says Zielinski. “We were not getting that reporting early in our journey. That took bold statements by leadership. We did mental health roundtables, where we split up into groups and talked about our own experiences. I think that humanized it for everybody.”

This was true at Amazon, too. “Having environments where conversations can exist and you can feel seen and authentic, has an impact on how secure an individual feels,” says Greene-Thompson. “I know, for myself, having leadership come forth and identify and be public about it, allowed me to feel comfortable with my own disclosure.”

3. Learn to speak many emotional languages

Some people talk in meetings and chat effortlessly with you and coworkers. Others communicate as if they are being charged a fee for every word. Some gesticulate enthusiastically while others present such a flat affect, you wonder if they spoke at all. The way someone expresses themselves can be the result of ASD, their cultural background, and many other factors. It’s important to listen to the intention and meaning of what people say, not only their emotional delivery.

“About 10% of the worldwide population is estimated to have alexithymia,” explains Duckworth. “This is an emotional perception deficit that commonly coexists with autism, ADHD, and anxiety disorders.”

Emotional perception can have a huge impact on the way your team communicates, though. Duckworth offers an example: Duckworth offers an example from another company that had many brilliant, autistic engineers. All of them raised a red flag that something in the stack was broken. “But because they had a very flat affect in the way they were communicating that challenge, the people on their team didn’t address it appropriately. They didn’t realize how severe the issue was,” she says.

This emotional communication breakdown can happen between people of different genders, cultural backgrounds, and neurotypes, too. “We are trained, neurologically, to interpret emotions by comparing them to people like us,” she explains. “So, if we’re speaking to someone that doesn’t have our same vocal tone patterns to convey emotions, we often misinterpret them and may not realize it.”

4. Document expectations and action items

One simple step that helps every neuro type — and takes the onus of asking for an accommodation off neurodiverse people — is to practice good hygiene around work expectations and the action items that arise in meetings. Use daily, weekly, or monthly checklists to make your expectations clear and easy to reference. And write out action items in the meeting chat or a shared document during the meeting.

“Having clear goals and a checklist of things you’re supposed to accomplish between check-ins is important,” says Pelletier. “People with autism or ADHD also sometimes have auditory processing disorders so they miss part of the conversation, or it takes them longer to process what you’re saying.” That checklist becomes an easy source of truth, viewed by both parties, that can prevent misunderstandings and keep people on track.

“It’s another way to be sure you are on track, which is huge for someone with ADHD, anyone who struggles to prioritize their time, or who’s on the autism spectrum and who may come out of conversations without clarity,” says Pelletier.

5. Offer a written version of meetings and agendas

A simple way to address a wide range of needs is also just good meeting hygiene.

“Make meetings more friendly for neurodivergent people,” suggests Pelletier, “by putting out an agenda ahead of time. This gives people a chance to read it, think about it, process it, and prepare for the meeting.”

Also turn on captioning in meetings and make a transcription of it readily available. This helps anyone with an auditory processing disorder overcome the difficulty of following meetings that are audio only. If you make this standard operating procedure, neurodiverse people for whom auditory processing is a challenge won’t have to ask for anything. And those tools, though often intended for people who are hearing impaired “are also helpful for people in a noisy environment, on their commute, who have kids in the background, speak English as a second or third language, and for lots of other reasons,” says Pelletier. It’s even helpful for people who simply prefer to glance over meeting notes for an idea or task, rather than rewatch a video or listen to a recording.

6. Take a break from meetings

One thing 15Five does to provide a more neurodivergent-friendly workplace culture is to have a day without internal meetings, Pelletier says. Most people on your team will appreciate the uninterrupted time as well as a day where they don’t have to dress up, wear makeup, or be social. But for some neuro types, this is huge.

“For many autistic people, video conversations are mentally and emotionally taxing,” explains Pelletier. “Many autistic people have a difficult time matching their facial expression with their emotions. Behind the scenes, there is another track where I’m thinking, ‘Fix your face so you look engaged. Don’t look angry or upset. Look into the camera. Don’t spend a lot of time looking away. It’s like when you watch a duck go across the water. You see only the bird gliding on top. What you don’t see underneath is the feet paddling like hell. If I can turn the camera off, all I have to do is close my eyes, focus on what I hear you saying, and try to interpret the tone of your voice. I don’t have to worry about what is my face doing.”

Video calls can sometimes be necessary or desirable. But often they aren’t. “Provide the grace and flexibility to allow people to show up in a way that’s going to be most productive for them at that time,” says Pelletier. “Sometimes tiny adjustments like that make a huge difference for people.”

7. Get some training

“Education is the foundation,” says Amazon’s Greene-Thompson. The actions you take in your role as leader are important to the success and productivity of a wide range of neuro types. We all know only our own way of seeing and interacting with the world. But ours might not match what others experience.

To discover what you don’t already know, you have to study. Read about neurodiversity. Invite speakers to give presentations. Take a class. “The more you understand,” says Greene-Thompson, “the more you see that your lived experience is only your own perspective. But how do we understand the lived experience of another? How do we make the work environment more accommodating, equitable, and inclusive for everyone? We start with education, training, presentations, through accessing the latest research, and in seeking out subject matter experts in this field.”

This effort usually has benefits beyond your neurodiverse team. “We find that managers start to think, ‘This is going to work for everybody!’ If I, say, start asking what is your communication style or how can I support you best. For a neurodivergent individual, it might be one thing. For a working parent, it might be ‘Can I start at 10 am? Can we schedule meetings at 11?’”

Everyone is different. When you learn about these differences, you might discover people are struggling with something that’s easy to change.

“When we recognize that everybody’s showing up uniquely and support them delivering their best work,” says Greene-Thompson, “we are much more inclusive.”

Diversity and Inclusion, Staff Management

Microsoft CEO Satya Nadella observed last year that every organization in every industry will need to infuse technology into every business process and function so that they can do more with less. But he wasn’t talking about working harder or longer – he was talking about the need to apply technology to augment and amplify what we’re doing across the business, in order to be more resilient and more innovative.

On this episode of The New Work podcast, we explore the role of artificial intelligence (AI), automation, and even augmented and virtual reality (AR/VR) in the new work experience.

The shift to remote and hybrid work has created a large trove of digital information about how work gets done. “We now have an incredible amount of data to reason over, and with that data, we can start to provide some really interesting value to people,” said Jared Spataro, Corporate VP for Modern Work at Microsoft. “When you ground an AI model with data about my calendar, or who I interact with, or the last meeting I went to, or things that I’m messaging people about, you start to get some truly magical experiences.”

In this episode, you’ll hear about:

Why 2023 is poised to become the “year of AI”How AI and other technologies such as AR/VR can have a significant impact on employee engagement and productivityThe importance of trust in training and deploying AI models across an organization

Speakers

Josh Bersin, global industry analyst and author of “Irresistible: The Seven Secrets of the World’s Most Enduring, Employee-Focused Organizations”Jared Spataro, Corporate VP, Modern Work, MicrosoftMartin Veitch, contributing editor, Foundry/CIO (host)
Remote Work

Cloud adoption continues its meteoric rise, with IT leaders increasingly going all-in on the platform. But succeeding in the cloud can be complex, and CIOs have continued to fumble their cloud strategies in 2022 in a variety of ways, industry observers say.

Topping the list of typical cloud strategy are three mistakes that fall under the heading of mental blueprint blunders: assuming that a cloud strategy is an IT-only endeavor, that all data must be moved to the cloud, and that a cloud strategy is the same as a data center strategy.

These fundamental issues resonate strongly with Liberty Mutual Executive Vice President and CIO James McGlennon, who admits to having dropped the ball on these strategic priorities while developing the insurance company’s advanced cloud infrastructure.

“These three are still a work in progress,” says McGlennon, adding that every mistake identified and fixed leads to a healthier cloud transformation. “We have continued to evolve our cloud strategy as we gain more insight into the leverage we can gain in engineering, resilience, scaling, security, and market testing.”

Business-IT alignment — pairing the cloud’s technology prowess with an organization’s business business goals — is a top priority for all cloud journeys, but remains a challenging issue for CIOs.

“C-level executives must be involved in assuring that the IT agenda is in line with the business plan. This is their job relative to IT,” says Paul Ingevaldson, a retired CIO based in St Charles, Ill., who says this should be in the rear-view window by now.

“It cannot be delegated, and it certainly should not be the job of the CIO — although she or he has a voice. We should no longer be discussing this issue,” he laments. “It should be a given for any CIO.”

As 2022 ends, CIOs know that business outcomes can only be as good as their cloud strategy is sound. But often they push forward with a blueprint ripe for disappointment, as these common cloud strategy mistakes show.

No way in, no way out

In addition to going it alone, insisting on moving all data to the cloud, and approaching the cloud the way they would a data center, CIOs also often fall prey to flawed thinking about the scope of their digital transformation, either by failing to have an exit strategy if cloud plan 1.0 flops or believing it is too late to implement a cloud strategy at all.

Research firm Gartner notes, for example, that a cloud exit strategy is an essential “insurance policy” that enables CIOs to bail out of a faulty implementation at the lowest cost possible. But this backup plan often slips through the cracks, analysts say.

On the flipside, many CIOs harbor the misconception that it is too late to reap the prime rewards of IT in the cloud. In some cases, however, CIOs just beginning their cloud journeys are better off than early adopters because the related toolsets and services are more plentiful, mature, and far easier to implement. This makes the cloud transformation less expensive and the outcomes better, CIOs say.

“Sometimes, waiting is better than rushing into cloud computing,” claims Dawei Jiang, chief cloud engineer at the US Trade and Patent Office (USPTO). “Everyone has a roadmap. Do not rush; pick the best and smartest solution, and avoid unnecessary work.”

Serendipity proved this point for boot and shoe manufacturer Wolverine, which hit pause on its cloud journey during COVID, delaying a hybrid-cloud transformation that has leapt forward of late, given newly available tools and an IT culture better-suited to making the most of the cloud.

Superficial planning — or worse, outsourcing your strategy

CIOs also blow their cloud strategy out of the gate by confusing a cloud strategy with an implementation plan or confusing an “executive mandate” or “cloud first” motto with an actual cloud strategy, according to Gartner. Such superficial approaches to the cloud are certain recipes for remorse, the research firm says.

But worse off may be those who pass the buck on their cloud strategy to partners, Gartner maintains. Relying exclusively on a single cloud vendor, such as Microsoft, Amazon, or Google, or a top IT outsourcing firm, for example, to design an enterprise cloud strategy is a big mistake, Gartner and CIOs agree.

The blueprint for each company’s digital transformation is unique and requires a deep dive into all IT systems by the entire C-suite and IT team to optimize the outcome, analysts note. No third party knows an enterprise better than its executives and employees.

Cloud vendors have created a collection of cookie-cutter blueprints that may be customized for specific purposes, or IT consulting firms can be instrumental helping enterprises implement their cloud strategies, Gartner maintains. But under no circumstances should the cloud vendor nor a consulting firm lead the strategic blueprint, analysts and CIOs say.

“Maybe the biggest blunder is just pushing a strategy but not looking at the management and leadership capabilities,” says Vince Kellen, CIO at the University of California San Diego, who hired two executives from consulting firms as university IT employees to help him build the university’s cloud strategy.

“The way to beat the odds on both cost and quality is for the CIO to have high team IQ within its unit, meaning the IT unit is able to apply local context to the technical solution in a way that either saves money and or builds better quality,” Kellen says.

Major sins of omission

Another top cloud expert points out three additional mistakes CIOs often make when formulating their cloud strategies.

“Not architecting for the cloud,” says IDC analyst Dave McCarthy, when asked where CIOs commonly go wrong when building their cloud strategy. “While it is possible to ‘lift and shift’ existing workloads, enterprises often experience less than desirable costs and performance with this approach. You need to adapt applications to cloud-native concepts to realize the full value.”

CIOs also often make the mistake of “not implementing enough automation,” says McCarthy, who is research vice president of cloud and edge infrastructure services for IDC. “Best practices in cloud include automating everything from the deployment of infrastructure and applications to management and security. Most outages or security breaches are the result of manual misconfigurations.

But perhaps the worst sin CIOs can make, analysts across the spectrum agree, is fail to plan for the shift in culture and skills required to devise and implement a successful cloud strategy. The cloud functions differently than traditional IT systems, and a cloud strategy must not only require new skills but a change in thinking about how to design and manage the environment, McCarthy says.

“When you go to the cloud, it’s like moving from a bicycle to a high-performance vehicle, and you can’t assume that what you did before [in the data center] will work the same; otherwise, you’ll have the same mess on your hands,” says Craig Williams, CIO at Ciena. “It can be worse, too, because your costs can get out of control if you don’t get in front of it.”

Budgeting, Cloud Computing, IT Leadership, IT Strategy

Sustainability is a major priority in business boardrooms already, and pressures from regulators, shareholders, board members and employees are likely to further drive this trend. 

Businesses need to do more than just track carbon output. They must reduce waste and increase efficiency. Going green makes good business sense.

While organizations know they need to mitigate environmental risks more effectively across the supply chain, often they struggle to translate that ambition into results. Due to the complexity and scale of the challenge, not all businesses have the resources to move toward net-zero at the necessary pace, and many are lagging.  

At the same time, companies are increasingly being held accountable for their environmental impact, with many countries legislating on emissions reductions. 

There is a clear company risk in not being sustainable, both to the planet and to the business. 

Today’s complex challenges require ambitious solutions that can scale and evolve over time.

NTT recognizes this and has launched the industry’s first full-stack Sustainability as a Service offering. This is designed to help manufacturing, transportation and other industries accelerate sustainability initiatives and make data-driven decisions to reduce their carbon footprint and become more efficient through the intelligent use of IoT connectivity. Rather than making huge investments in infrastructure to collect and process data, companies now have the option to get this as a secure, scalable, fully managed service that requires no large capital outlay.

The full-stack offering, which includes devices, network connectivity such as private 5G, edge computing, an analytics and insight platform, and systems integration, takes a human-centric approach to ensure that the right decision-makers receive relevant and timely information.  The technology stack is complemented by professional services from strategy through to execution to ensure that the data is actionable and that there is a clear ROI.

For example:

NTT is leveraging computer vision to reduce waste in a logistics warehouse. This solution recognizes items that are being picked and packed and provides verification that the quantity and products are correct. NTT is not only providing the technology but is also redesigning the pick-and-pack process and the pick stations to ensure the adoption and effectiveness of the technology.NTT provides a vast ecosystem of sensors that can be used to automate the collection of data on temperature/humidity, occupancy, soil moisture, air quality, water quality, etc. This data can then be combined to provide insights and information to lower energy usage and reduce impact on the environment – for example, by giving notifications of water leaks, chemical spills or exterior doors that are left open. Smart spaces can reduce energy use when unoccupied, while predictive/preventive maintenance can reduce wasteful downtime.As an ICT company with large assets such as undersea cables and data centers, NTT has made aggressive sustainability targets to become net-zero by 2030 and through their supply chain by 2040. NTT is sharing their experience with clients through Sustainability as a Service.

Although evolving, the process to calculate an enterprise’s carbon footprint is still highly manual. Data lives in silos across the IT and OT environment.

Collecting data across the supply chain for scope 2 and 3 emissions creates more complexity.

Organizations can find themselves questioning the accuracy and reliability of their data.

NTT works with clients to understand their data blind spots and leverages the right solution building blocks to collect the data and aggregate it with other complementary data, such as weather and location, to provide actionable insights.

“One of the biggest challenges of IoT is proving ROI,” says Devin Yaung, SVP, Group Enterprise IoT Products and Services at NTT. “You can solve any problem given enough budget. The challenge is to solve the problem in the most efficient way possible. We leverage the right building blocks for the use case and environment and offer these as a service so that clients can start small and grow their sustainability program.”  

He adds: “What is more important is that the data needs to be trusted and actionable rather than just noise. That’s why we also take a user-centric approach to understand who needs to receive the data, how much data they need and at what frequency.”

This becomes more important as the workforce evolves from digital immigrants to digital natives who are accustomed to receiving near real-time data and updates on every aspect of their lives. Sustainability as a Service is not just technology but also considers people, process and the regulatory environment.

Sustainability is a journey that all companies will have to embark upon. NTT’s Sustainability as a Service allows clients to travel this journey at their own pace.

Not only do these solutions help businesses meet sustainability goals, but they also help them benefit from energy cost savings, advanced operational excellence, enhanced risk management, and better work enablement across the organization.

Find out more about NTT’s commitment to sustainability.

Edge Computing

Cybersecurity breaches can result in millions of dollars in losses for global enterprises and they can even represent an existential threat for smaller companies. For boards of directors not to get seriously involved in protecting the information assets of their organizations is not just risky — it’s negligent.

Boards need to be on top of the latest threats and vulnerabilities their companies might be facing, and they need to ensure that cybersecurity programs are getting the funding, resources and support they need.

Lack of cybersecurity oversight

In recent years boards have become much more engaged in security-related issues, thanks in large part to high-profile data breaches and other incidents that brought home the real dangers of having insufficient security. But much work remains to be done. The fact is, at many organizations board oversight of cybersecurity is unacceptable.

Research has shown that many boards are not prepared to deal with a cyberattack, with no plans or strategies in place for cybersecurity response. Few have a board-level cybersecurity committee in place.

More CIOs are joining boards

On a positive note, more technology leaders including CIOs are being named to boards, and that might soon extend to security executives as well. Earlier this year the Security Exchange Commission (SEC) proposed amendments to its rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies.

This includes requirements for public companies to report any board member’s cybersecurity expertise, reflecting a growing understanding that the disclosure of cybersecurity expertise on boards is important when potential investors consider investment opportunities and shareholders elect directors. This could lead to more CISOs and other security leaders being named to boards.

Greater involvement of IT and security executives on boards is a favorable development in terms of better protecting information resources. But in general, boards need to become savvier when it comes to cybersecurity and be prepared to take the proper actions.

Asking the right questions

The best way to gain knowledge about security is to ask the right questions. One of the most important queries is which IT assets the organization is securing? Knowing the answer to this requires having the ability to monitor the organization’s endpoints at any time, identify which systems are connecting to the corporate network, determine which software is running on devices, etc…

Deploying reliable asset discovery and inventory systems is a key part of gaining a high level of visibility to ensure the assets are secure.

Another important question to ask is how is the organization protecting its most vital resources? This might include financial data, customer records, source code for key products, encryption keys and other security tools, and other assets.

Not all data is equal from a security, privacy and regulatory perspective, and board members need to fully understand the controls in place to secure access to this and other highly sensitive data. Part of the process for safeguarding the most vital resources within the organization is managing access to these assets, so boards should be up to speed on what kinds of access controls are in place.

Board members also need to ask about which entities pose the greatest security risks to the business at any point in time, so this is another key question to ask. The challenge here is that the threat vectors are constantly changing. But that doesn’t mean boards should settle for a generic response.

Accessing threats from the inside out

A good assessment of the threat landscape includes looking not just at external sources of attacks but within the organization itself. Many security incidents originate via employee negligence and other insider threats. So, a proper follow-up question would be to ask what kind of training programs and policies the company has in place to ensure that employees are practicing good security hygiene and know how to identify possible attacks such as phishing.

Part of analyzing the threat vector also includes inquiring about what the company looks like to attackers and how they might carry out attacks. This can help in determining whether the organization is adequately protected against a variety of known tactics and techniques employed by bad actors.

In addition, board members should ask IT and security executives about the level of confidence they have in the organization’s risk-mitigation strategy and its ability to quickly respond to an attack. This is a good way to determine whether the security program thinks it has adequate resources and support to meet cybersecurity needs, and what needs to be done to enhance security via specific investments.

It’s most effective when the executives come prepared with specific data about security shortfalls, such as the number of critical vulnerabilities the company has faced, how long it takes on average to remediate them, the number and extent of outages due to security issues, security skills gaps, etc.

In the event of an emergency

Finally, board members should ask what the board’s role should be in the event of a security incident. This includes the board’s role in determining whether to pay a ransom following a ransomware attack, how

board members will communicate with each other if corporate networks are down, or how they will handle public relations after a breach, for example.

It has never been more important for boards to take a proactive, vigilant approach to cybersecurity at their organizations. Cyberattacks such as ransomware and distributed denial of service are not to be taken lightly in today’s digital business environment where an outage of even a few hours can be extremely costly.

Boards that are well informed about the latest security threats, vulnerabilities, solutions and strategies will be best equipped to help their organizations protect their valuable data resources as well as the devices, systems and networks that keep business processes running every day.

Want to learn more? Check out this Cybersecurity Readiness Checklist for Board Members.

Risk Management

Cybersecurity breaches can result in millions of dollars in losses for global enterprises and they can even represent an existential threat for smaller companies. For boards of directors not to get seriously involved in protecting the information assets of their organizations is not just risky — it’s negligent.

Boards need to be on top of the latest threats and vulnerabilities their companies might be facing, and they need to ensure that cybersecurity programs are getting the funding, resources and support they need.

Lack of cybersecurity oversight

In recent years boards have become much more engaged in security-related issues, thanks in large part to high-profile data breaches and other incidents that brought home the real dangers of having insufficient security. But much work remains to be done. The fact is, at many organizations board oversight of cybersecurity is unacceptable.

Research has shown that many boards are not prepared to deal with a cyberattack, with no plans or strategies in place for cybersecurity response. Few have a board-level cybersecurity committee in place.

More CIOs are joining boards

On a positive note, more technology leaders including CIOs are being named to boards, and that might soon extend to security executives as well. Earlier this year the Security Exchange Commission (SEC) proposed amendments to its rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies.

This includes requirements for public companies to report any board member’s cybersecurity expertise, reflecting a growing understanding that the disclosure of cybersecurity expertise on boards is important when potential investors consider investment opportunities and shareholders elect directors. This could lead to more CISOs and other security leaders being named to boards.

Greater involvement of IT and security executives on boards is a favorable development in terms of better protecting information resources. But in general, boards need to become savvier when it comes to cybersecurity and be prepared to take the proper actions.

Asking the right questions

The best way to gain knowledge about security is to ask the right questions. One of the most important queries is which IT assets the organization is securing? Knowing the answer to this requires having the ability to monitor the organization’s endpoints at any time, identify which systems are connecting to the corporate network, determine which software is running on devices, etc…

Deploying reliable asset discovery and inventory systems is a key part of gaining a high level of visibility to ensure the assets are secure.

Another important question to ask is how is the organization protecting its most vital resources? This might include financial data, customer records, source code for key products, encryption keys and other security tools, and other assets.

Not all data is equal from a security, privacy and regulatory perspective, and board members need to fully understand the controls in place to secure access to this and other highly sensitive data. Part of the process for safeguarding the most vital resources within the organization is managing access to these assets, so boards should be up to speed on what kinds of access controls are in place.

Board members also need to ask about which entities pose the greatest security risks to the business at any point in time, so this is another key question to ask. The challenge here is that the threat vectors are constantly changing. But that doesn’t mean boards should settle for a generic response.

Accessing threats from the inside out

A good assessment of the threat landscape includes looking not just at external sources of attacks but within the organization itself. Many security incidents originate via employee negligence and other insider threats. So, a proper follow-up question would be to ask what kind of training programs and policies the company has in place to ensure that employees are practicing good security hygiene and know how to identify possible attacks such as phishing.

Part of analyzing the threat vector also includes inquiring about what the company looks like to attackers and how they might carry out attacks. This can help in determining whether the organization is adequately protected against a variety of known tactics and techniques employed by bad actors.

In addition, board members should ask IT and security executives about the level of confidence they have in the organization’s risk-mitigation strategy and its ability to quickly respond to an attack. This is a good way to determine whether the security program thinks it has adequate resources and support to meet cybersecurity needs, and what needs to be done to enhance security via specific investments.

It’s most effective when the executives come prepared with specific data about security shortfalls, such as the number of critical vulnerabilities the company has faced, how long it takes on average to remediate them, the number and extent of outages due to security issues, security skills gaps, etc.

In the event of an emergency

Finally, board members should ask what the board’s role should be in the event of a security incident. This includes the board’s role in determining whether to pay a ransom following a ransomware attack, how

board members will communicate with each other if corporate networks are down, or how they will handle public relations after a breach, for example.

It has never been more important for boards to take a proactive, vigilant approach to cybersecurity at their organizations. Cyberattacks such as ransomware and distributed denial of service are not to be taken lightly in today’s digital business environment where an outage of even a few hours can be extremely costly.

Boards that are well informed about the latest security threats, vulnerabilities, solutions and strategies will be best equipped to help their organizations protect their valuable data resources as well as the devices, systems and networks that keep business processes running every day.

Want to learn more? Check out this Cybersecurity Readiness Checklist for Board Members.

Risk Management