At the 28th UN Climate Change Conference (COP28) towards the end of last year, attendees were reminded of this harsh reality during the opening speech made by Simon Stiell, Executive Secretary. According to Simon, countries must deliver new Nationally Determined Contributions by 2025 which include achieving a 1.5C world by 2030. This comes following the publication of the Provisional State of the Global Climate 2023 report, calling 2023 “the warmest year on observational record”, concluding a near-decade of the highest temperatures on record.
What is net zero?
The United Nations (UN) has stated that to avoid significant climate change, global warming must be limited to 1.5C above pre-industrial levels. Most countries believe that they can meet this target by achieving net zero global emissions by 2050, however, to achieve net zero, greenhouse gas emissions must be balanced with those that are removed from the atmosphere. So, what practices can businesses adopt to balance their greenhouse gas emissions? How can businesses overcome the obstacles these practices may present?
Business benefits of moving to net zero
In addition to the environmental benefits, focusing on net zero has a strong business case. Many businesses are now increasingly being asked by investors, funding bodies, clients and staff about their net zero goals and actions. There’s a real risk of losing business because of market changes driven by global net zero efforts, it’s no longer simply a facilities issue.
What are the main obstacles?
It’s important to recognise the need for serious financial investment in more large-scale opportunities like:
Authorising emissions reductions when transferring to other countries, and the revising or revoking of authorisation
Reviewing confidential information and correcting any reporting inconsistencies
Defining the scope of “cooperative approaches” on carbon trading to help countries meet their NDCs
Eligible activities within carbon markets.
Despite these challenges, to make a real difference to carbon reduction– whether you’re a SME or large enterprise– you must look at your entire asset base, from IT infrastructure to end user devices to physical assets. Businesses must also consider how to track the environmental impact of these assets and understand their interdependencies to decide which are the most damaging or which are repair or replacement priorities to achieve a positive carbon impact. Ambitious targets will also need to be set out and met by businesses to support their country’s NDCs by 2025.
How can CACI help you overcome these obstacles?
Our Mood Environmental Hub helps track all of your assets across multiple geographic locations and assess the environmental impact of your business. It distills assets from multi-site, business-level functions to departments or even individual teams to provide suggestions for swapping your power-hungry devices to less polluting alternatives and its resulting impact. This enables you to cut costs and fully understand your environmental footprint on demand, empowering your decision making.
The Mood Environmental Hub also takes your existing data and visualises it through user-friendly dashboards that show carbon impact, consumption and cost at an enterprise level. With a single click, you can drill down to asset type, location, department or business function, enabling a quick assessment of priority focus areas for improvement. The advanced modelling feature helps you explore potential improvements, indicating ROI and carbon reduction impact.
You can also easily benchmark performance against carbon commitments such as Social Value through the initiatives tracker. Producing carbon reduction target tracking reports or modelling for a business case is now a click away – to see how it works, you can book a demo here.
Looking to work with an IT outsourcing provider? Finding the right partner to deliver your requirements can be a tricky and time-consuming process. But, done right, a successful outsourcing relationship can bring long-term strategic benefits to your business. We asked our experts to share their top tips on how to find the right IT outsourcing partner.
Evaluate capabilities
Having the right expertise is the obvious and most essential criterion, so defining your requirements and expectations is the best way to start your search.
When it comes to narrowing down your vendor choices, it’s important to consider the maturity of an organisation as well as technical capabilities. “The risk of working with a small, specialised provider is that they may struggle to keep a handle on your project,” warns Brian Robertson, Resource Manager at CACI. Inversely, a larger organisation may have the expertise, but not the personal approach you’re looking for in a partner. “Always look for a provider that demonstrates a desire to get to the root of your business’s challenges and can outline potential solutions,” Brian advises.
Find evidence of experience
Typically, working with an outsourcing provider that has accumulated experience over many years is a safe bet; however, Daniel Oosthuizen, Senior Vice President of CACI Network Services, recommends ensuring that your prospective outsourcing provider has experience that is relevant to your business, “When you bring in an outsourcing partner, you want them to hit the ground running, not spending weeks and months onboarding them into your world.” Daniel adds, “This becomes more apparent if you work in a regulated industry, such as banking or financial services, where it’s essential that your provider can guarantee compliance with regulatory obligations as well as your internal policies.”
So, how can you trust a provider has the experience you’re looking for? Of course the provider’s website, case studies, and testimonials are a good place to start, but Daniel recommends interrogating a vendor’s credentials directly, “A successful outsourcing relationship hinges on trust, so it’s important to get a sense of a vendor’s credibility early on. For example, can they demonstrate an in-depth knowledge of your sector? Can they share any details about whom they currently partner with? And can they confidently talk you through projects they’ve completed that are similar to yours?”
Consider cultural compatibility
“When it comes to building a strong, strategic and successful outsourcing partnership, there’s no greater foundation than mutual respect and understanding,” says Brian. Evaluating a potential provider’s approach and attitudes against your business’s culture and core values is another critical step in your vetting process. As Daniel says, “If you share the same values, it will be much easier to implement a seamless relationship between your business and your outsourcing partner, making day-to-day management, communication and even conflict resolution more effective and efficient”.
While checking a company’s website can give you some insight into your prospective provider’s values, it’s also worth finding out how long they’ve held partnerships with other clients, as that can indicate whether they can maintain partnerships for the long-term.
However, Daniel says, “The best way to test if a provider has partnership potential is to go and meet them. Get a feel for the team atmosphere, how they approach conversations about your challenges, and how their values translate in their outsourcing relationships.” Brian adds, “Your vision and values are what drive your business forward, so it’s essential that these components are aligned with your outsourcing provider to gain maximum value from the relationship.”
Assess process and tools
Once you’ve determined a potential outsourcing provider’s level of experience and expertise, it’s important to gain an understanding of how they will design and deliver a solution to meet your business’s needs. “It’s always worth investigating what tech and tools an outsourcing provider has at their disposal and whether they are limited by manufacturer agreements. For example, at CACI, our vendor-agnostic approach means we’re not tied to a particular manufacturer, giving us the flexibility to find the right solution to meet our clients’ needs,” Daniel explains
Speaking of flexibility, determining the agility of your potential outsourcing provider’s approach should play a role in your selection process. “There’s always potential for things to change, particularly when delivering a transformation project over several years,” says Brian, adding “that’s why it’s so important to find a partner that can easily scale their solutions up or down, ensuring that you’ve always got the support you need to succeed.”
Determine quality standards
Determining the quality of a new outsourcing partner’s work before you’ve worked with them can be difficult, but there are some clues that can indicate whether a vendor’s quality standards are in line with your expectations, says Daniel, “A good outsourcing partner will be committed to adding value at every step of your project, so get details on their method and frequency of capturing feedback, whether the goals they set are realistic and achievable, and how they manage resource allocation on projects.”
Brian also recommends quizzing outsourcing providers about their recruitment and hiring process to ensure that you’ll be gaining access to reliable and skilled experts, “It’s easy for an outsourcing provider to say they have the best people, so it’s important to probe a little deeper. How experienced are their experts? How are they ensuring their talent is keeping up to date? What is their process for vetting new candidates? All these questions will help to gain an insight into an outsourcing provider’s quality bar – and whether it’s up to your standard.”
Assess value for money
For most IT leaders, cost is one of the most decisive factors when engaging any service; however,
when looking for an IT outsourcing partner, it’s critical to consider more than just a provider’s pricing model. “Contractual comprehensiveness and flexibility should always be taken into account,” says, Brian. “A contract that is vague can result in ‘scope creep’ and unexpected costs, while a rigid contract can tie businesses into a partnership that’s not adding value.” He adds, “Ultimately, it comes down to attitude, a good outsourcing provider can quickly become a great business partner when they go the extra mile.”
Daniel agrees and advises that IT leaders take a holistic view when weighing up potential outsourcing partners, “Look beyond your initial project, or resource requirements and consider where your business is heading and whether your shortlisted providers can bring in the skills and services you need. After all, a truly successful outsourcing partnership is one that can be relied on for the long haul.”
Data Governance is our priority when designing a data management solution. The significant contradictions between blockchain technology and The European Union’s General Data Protection Regulation (GDPR) arouse vigorous discussions in the industry. In contrast, European Parliament highlights that it can be a suitable tool to achieve some GDPR objectives.
Contradictions between blockchain technology and GDPR
The study “Blockchain and the General Data Protection Regulation”, written by European Parliament, highlights several paradoxes in the fundament of blockchain technology and GDPR:
Data Controller GDPR assumption: Data is centralised on at least one or legal person. Blockchain technology concept: Data is decentralised to multiple nodes.
Data Modification GDPR assumption: Data can be modified or erased where necessary to comply with Articles 16 (Right to rectification) and 17 (Right to erasure). Blockchain technology concept: Data is immutable and stored in the append-only database to ensure data integrity and increase network trust.
Data Process GDPR requirement: Personal data to be kept to a minimum and only processes data purposefully specified in advance. Blockchain technology concept: Databases grow continuously as new data is added.
The study also underlines different forms of distributed databases. Hence the compatibility between distributed ledgers and the GDPR is determined by a case-by-case analysis that accounts for the specific technical design and governance set-up of the blockchain use case.
The above analysis leads to two overarching conclusions:
Blockchain use cases’ technical specificities and governance design can be hard to reconcile with the GDPR. Therefore, blockchain architects must be aware of this from the beginning and ensure their design complies with GDPR.
It also stresses the current lack of legal certainty on how blockchain can be designed to comply with the regulation – Not just due to specific features of this technology but also highlights significant conceptual uncertainties related to GDPR.
How can blockchain technology achieve GDPR objectives?
There was an ongoing policy debate in European Parliament on this topic. Their report in 2018, Blockchain: A Forward-Looking Trade Policy, pointed out that ‘blockchain technology can provide solutions for the ‘data protection by design provisions in the GDPR implementation based on their common principles of ensuring secured and self-governed data.’ Recital 7 GDPR foresees that ‘natural persons should have control of their own personal data.’ This rationale is based on the data subject rights, such as the right of access (Article 15 GDPR) or the right to data portability (Article 20 GDPR) that provide data subjects with control over what others do with their data, and what they can do with that personal data by themselves.
At the 52nd Hawaii International Conference on System Science in 2019, a group of experts proposed a multi-layer blockchain system which can provide users with complete data transparency and control over their data. European Parliament commented that this solution would help comply with the right to access (Article 15 GDPR) and grant a fundamental right to individuals to access their personal information. This looks like a significant move in blockchain because European Parliament recognises the new standards. We believe more corporates are willing to explore the feasibility of applying blockchain in their business, and experimental cases will be boosted out in the market.
Blockchain applications in European Union
Estonian eHealth Patient Portal Estonia is one of the first governments to embrace blockchain technology. Estonian eHealth Patient Portal, a blockchain-based infrastructure, has been used by their eGovernment to give individuals more control over their health data. A patient can authorise access to their data. By default, medical specialists can access data. However, a patient can deny access to any case-related data to any care provider, including their own general practitioner/family physician.
MyHealthMyData MyHealthMyData is a project funded under the EU Horizon 2020 scheme that uses blockchain technology to create a structure where data subjects can allow, refuse and withdraw access to their data according to different cases of potential use. Further research can build on this project to determine whether blockchain technology can achieve GDPR objectives and create a benchmark for the industry.
Blockchain Roadmap of the UK Government
The UK Government is endeavouring to develop blockchain use cases and governance. A report by the UK Government Chief Scientific Adviser in 2016 acknowledged that Distributed Ledger Technologies could help governments collect taxes, deliver benefits, issue passports, record land registries, assure the supply chain of goods and generally ensure the integrity of government records and services. In the NHS, technology can enhance health care by improving and authenticating the delivery of services and by sharing records securely according to exact rules.
Yet, effective governance and regulation are critical to successfully implementing distributed ledgers. Law will need to evolve in parallel with the development of new technology applications.
HM Revenue and Customs started a trial on social welfare payment distribution in June 2016 to track the distribution of benefits. They are still working with a UK start-up to integrate blockchain technology into supply chains to increase efficiency and security.
Department for Work and Pensions studied the first full production implementation, such as Santander’s One Pay FX, a blockchain-based international payments service to retail customers in multiple countries. The benefits include reducing transaction time, cost and failure rate whilst data is stored on a secure, immutable ledger.
Conclusion
Though there are significant tensions between the nature of blockchain technology and the legal frameworks surrounding data privacy, blockchain technology can be an alternative form of data management system for you to achieve particular data governance objectives, depending on the system architecture. With more governments recognising the benefits brought by blockchain, we believe blockchain technology can be compatible with data privacy law.
Despite the legal framework of GDPR being built on the fundament of a centralised database system, corporates should be more familiar with the regulations; they can face catastrophic data breaches and hefty fines in light of weak security layers. Data breaches of British Airways in 2018 and Marriott in 2020 were considered case studies.
British Airways was fined £20m for a data breach which affected more than 400,000 customers. A subsequent investigation concluded that sufficient security measures, such as multi-factor authentication, were not in place at the time.
Marriott International was fined £18.4m for a data breach that exposed 339 million customer records in 2018, caused by poor data management policies and unencrypted sensitive data. An investigation by the Information Commissioner’s Office found the hotel giant “failed to put appropriate technical or organisational measures in place to protect the personal data being processed on its systems, as required by the GDPR.”
In other words, a robust security system is essential to data protection, not the technology itself.
Other than data privacy law, Financial Stability Board intends to implement its first recommendations on global crypto regulation in early 2023. This powerful regulation may provide more clarity for the crypto businesses on how to set up the blockchain system. Let’s follow the latest news on the regulation.
Our upcoming discussion focuses on how blockchain can improve cybersecurity and impact different business cases.
How CACI can help
Our experts can advise you on the best practice for managing your data under your regulatory requirements. We help large enterprise organisations define and execute data standards, policies and strategies.
Blockchain technology has revolutionised an array of fields including financial services, supply chain, healthcare and the Internet of Things. In the first of a series of blogs exploring blockchain, we look at the key areas to consider before deciding to invest in blockchain – an overview of the technology, its business applications and strategic business values.
What is a blockchain?
A blockchain is a shared, decentralised database that uses Distributed Ledger Technology (DLT) to store data in a succession of segments called blocks. After the latest block is filled, it is cryptographically connected to the previous completed block. The data chain created is called a blockchain.
How does it work?
What types of blockchain are there?
Public blockchain
A public blockchain is non-restrictive and permissionless. Any internet user can register on a public blockchain platform and become an authorised processing and storage node. All nodes in the network have equal rights to access, create, and validate the data in the blockchain. Bitcoin and Ethereum are the most well-known public blockchain platforms dealing with cryptocurrency.
Private blockchain
A private blockchain works in a restrictive environment and is governed by one organisation which determines node access, executes the consensus protocol and maintains the shared data. A private blockchain typically runs within an organisation’s network to cope with highly confidential data and is held securely. Audit management and asset control are common use cases of private blockchain.
Hybrid blockchain
A hybrid blockchain combines characteristics of both public and private blockchains to control access to specific private data held on a public blockchain. For instance, property companies use hybrid blockchains to run systems privately but disclose certain transaction information to the public.
Consortium blockchain
Consortium blockchains are a type of private blockchain managed by multiple organisations rather than one entity. Supply chain management, especially for food and medicine, is an ideal application for this type of blockchain – from sourcing to delivery, all parties involved in the supply chain can form a consortium to track the product status.
The advantages of blockchain
Decentralised trust
Users no longer rely on centralised intermediaries to complete transactions. By storing data in a peer-to-peer network, every node has the same data and authority to view all transactions. There is no single point of control.
Enhanced security
Cryptographic hashing, which converts arbitrarily large amounts of data into a short unique string of text, plays a crucial role in blockchain security. A hash value is automatically calculated for each block and consists of the block’s ID number, user ID number, previous block’s hash value, timestamp and other details. Employing hashing in this manner makes it impossible to change any data held in the block, metadata about the block, or its position in the chain without having to recompute that and every subsequent block in the chain.
High level of data integrity
From the verification process to storing transactions, data is verified by a consensus algorithm specific to the blockchain protocol. Any invalid data is rejected, protecting the chain from human error. The integrity and security of blockchains make them immutable, transparent and unimpeachable.
Disadvantages of blockchain
Uncertain legal and regulatory environment
Blockchain technology is still developing and the principles of existing regulations may not accommodate the fundamentals of blockchain. For instance, General Data Protection Regulation (GDPR) assumes data is centralised on at least one legal entity, while blockchain decentralises data storage to an anonymous network of nodes. Blockchain technologists should study the regulations thoroughly before implementation.
Novel cyber-attacks
Blockchains are not immune to cyber-attacks and all new technologies have undiscovered vulnerabilities. Attacks such as the following are effective against blockchain:
a 51% attack – where more than half of the nodes computing a chain are influenced by a bad actor
a Sybil attack – where a single entity creates multiple dummy nodes to wield disproportionate voting power
DDOS – where nodes are flooded with connections which block out legitimate traffic
There are no quick solutions to safeguard your systems, blockchain technologists can implement careful plans on system architecture and design to pre-empt cyber-attacks.
High energy consumption and data storage cost
Older blockchains, such as Bitcoin, validate blocks using a Proof of Work consensus algorithm in which all the nodes compete to compute a completed block in exchange for an administrative payment. Only one node can win resulting in all the partial computations being wasted. This amounts to a tremendous waste of electricity. More modern blockchains employ Proof of Stake, which is much more efficient, but migrating from one protocol to the other is extremely complicated. Blockchains ledgers – the data chain – are replicated at least in part to every node. By 2021, the Bitcoin ledger had reached 433GB [1] and the Ethereum ledger close to 1TB [2]. Given node counts in the thousands, even partial replication represents vast duplication across the world.
Considerations before you implement blockchain
Business needs
Before you implement blockchain technology, we strongly advise your team to evaluate existing business models and needs. Businesses that require a high level of data integrity and traceability are more likely to apply this. Investing in blockchain technology is worthwhile if the application transforms your user experience, democratises governance or reduces overall cost; but it is fundamentally a distributed database.
Integration concerns
Given that most organisations rely on legacy systems to run their business, careful technical analysis is essential to ensure that blockchain systems can integrate successfully with the existing estate.
Privacy issues
Logical layers in a blockchain system are the key to complying with privacy regulations. Stakeholders should examine the interactions between different layers – how the data is stored, accessed and transacted in the system.
Cost and revenue analysis
Enormous investments in setting up a blockchain system – such as infrastructure, data storage and maintenance – often create barriers for organisations to get involved. However evaluating its strategic business values can change your mind. Let’s take some examples from The Blockchain 50, named by Forbes [3] :
Allianz streamlines cross-border auto insurance claims in Europe. Processing time for insurance claims has been reduced from several months to minutes and costs have fallen 10%. The quick claim procedure absolutely contributes to a high customer satisfaction level and customer retention. No wonder Allianz has led in the claims category with a satisfaction score of 76.04%, according to Brokerbility’s survey. [4]
Boeing builds a digital aircraft record system to help airlines keep up with required maintenance, saving 25% on maintenance costs, potentially worth up to $3.5 billion (~£2.96 billion) annually.[5]
De Beers has registered over 400,000 gems worth $2 billion (~ £1.6 billion) to provide immutable records of a gem’s origin, to track it along the supply chain and improve jewellery retailers’ confidence in procurement. [6]
Scalability
As more nodes join a blockchain network, latency and convergence can increase. Compare the transaction speed between Bitcoin, the oldest and biggest public blockchain network which can only process 7 transactions per second, and Visa, a centralised electronic payment network which can handle more than 24,000 transactions per second [7].
Scalability is a challenge in setting up a public blockchain, but there are several options to enhance it:
Data Sharding – Data sharding splits an extensive blockchain network into smaller, more easily managed parts called shards. A node does not need to rely on the whole database to verify and process a transaction. Instead, all nodes work in parallel, resulting in more efficient transaction throughput.
Off-chain data storage – Transactions can be completed on the blockchain network, and data is stored in the off-chain environment to reduce the on-chain storage requirements.
Scalable consensus mechanisms – The Proof of Work consensus protocol in Bitcoin provides a high-security mechanism but a long transaction time. Proof of Stake consensus mechanism is a possible solution to speed up transaction time and higher scalability.
Conclusion
To decide whether to invest in blockchain technology, your team should ascertain whether your business needs will be best met by using this approach and explore cost and revenue impact as much as possible. Equally, you should consider the disadvantages of blockchain technology such as potential cyber-attacks, high energy consumption and scalability concerns to decide how to address each of them. Blockchain technology is not the only way to perform full data transparency or traceability – well-managed centralised databases can solve it.
Blockchain technology changes how we trust and solve problems in a traditional database system, like disintermediation and data security enhancement. It can optimise the operation in low-trust environments where users rely on third-party checks.
An insight written by McKinsey Digital [8] analysed the monetary impact in more than 90 use cases; they estimated that approximately 70 per cent of the value at stake in the short term is cost reduction, followed by revenue generation and capital relief. Cost can be taken out by removing intermediaries and administrative efforts on housekeeping, as well as improvements in transparency and fraud control.
Specific industries that capture the most significant revenue from blockchain are Automotive, Healthcare, Property, Public Sector and Technology, Media & Telecommunications. We believe the value of blockchain will enable brand-new business models and revenue streams over time.
This is the first blog in our new series which aims to help you understand the different aspects of blockchain technology. Over the course of the series, we will discuss how blockchain impacts data governance, cybersecurity and cyber-attacks.
How CACI can help
Equipping your systems with blockchain-compatible elements is a key initial step. Our services enable you to ensure that the foundations are correct and our experts can advise you on network design, architecture, service design, business process, data governance and cybersecurity solutions. Get in touch with us today.
From entering new markets to growing market share, mergers and acquisitions (M&As) can bring big business benefits. However, making the decision to acquire or merge is the easy part of the process. What comes next is likely to bring disruption and difficulty. In research reported by the Harvard Business Review, the failure rate of acquisitions is astonishingly high – between 70 and 90 per cent – with integration issues often highlighted as the most likely cause.
While the impact of M&A affects every element of an organisation, the blending of technical assets and resulting patchwork of IT systems can present significant technical challenges for IT leaders. Here, we explore the most common problems and how to navigate them to achieve a smooth and successful IT transition.
Get the full picture
Mapping the route of your IT transition is crucial to keeping your team focused throughout the process. But you need to be clear about your starting point. That’s why conducting a census of the entire IT infrastructure – from hardware and software to network systems, as well as enterprise and corporate platforms – should be the first step in your IT transition.
Gather requirements & identify gaps
Knowing what you’ve got is the first step, knowing what you haven’t is the next. Technology underpins every element of your business, so you should examine each corporate function and business unit through an IT lens. What services impact each function? How will an integration impact them? What opportunities are there to optimise? Finding the answers to these questions will help you to identify and address your most glaring gaps.
Seize opportunities to modernise
M&A provide the opportunity for IT leaders to re-evaluate and update their environments, so it’s important to look at where you can modernise rather than merge. This will ensure you gain maximum value from the process. For example, shifting to cloud infrastructure can enable your in-house team to focus on performance optimisation whilst also achieving cost savings and enhanced security. Similarly, automating routine or manual tasks using AI or machine learning can ease the burden on overwhelmed IT teams.
Implement strong governance
If you’re fusing two IT departments, you need to embed good governance early on. Start by assessing your current GRC (Governance, Risk and Compliance) maturity. A holistic view will enable you to target gaps effectively and ensure greater transparency of your processes. In addition to bringing certainty and consistency across your team, taking this crucial step will also help you to tackle any compliance and security shortfalls that may result from merging with the acquired business.
Clean up your data
Managing data migration can be a complex process during a merger and acquisition. It’s likely that data will be scattered across various systems, services, and applications. Duplicate data may also be an issue. This makes it difficult to gain an updated single customer view, limiting your ability to track sales and marketing effectiveness. The lack of visibility can also have a negative impact on customer experience. For example, having two disparate CRM systems may result in two sales representatives contacting a single customer, causing frustration and portraying your organisation as disorganised. There’s also a significant financial and reputational risk if data from the merged business isn’t managed securely. With all this in mind, it’s clear that developing an effective strategy and management process should be a key step in planning your IT transition.
Lead with communication
Change can be scary, and uncertainty is the enemy of productivity. That’s why communication is key to a successful merger and acquisition. Ensuring a frequent flow of information can help to combat this. However, IT leaders should also be mindful of creating opportunities for employees to share ideas and concerns.
If you are merging two IT departments, it is important to understand the cultural differences of the two businesses and where issues may arise. This will help you to develop an effective strategy for bringing the two teams together. While championing collaboration and knowledge sharing will go a long way to helping you achieve the goal of the M&A process – a better, stronger, more cohesive business.
How we can help
From assessing your existing IT infrastructure to cloud migration, data management and driving efficiencies through automation, we can support you at every step of your IT transition.
Following the introduction of the Telecommunications (Security) Act into UK law in late 2021, all telecommunications providers will soon need to comply with ‘one of the toughest telecoms security regimes in the world’ or risk financial penalties up to £10m.
With the clock counting down for Telcos to enter a new era of security, we consider the critical steps for providers to prepare for the regulatory road ahead.
1. Identify your gaps
Understanding your current state is the first step in achieving a successful transformation. A full audit of your security strategies, plans, policies, and effectiveness will expose your weaknesses and gaps, enabling you to take the right actions to protect your business and ensure compliance.
2. Prioritise your most pressing threats
While gathering data can provide better visibility of your network, taking reactive action to lower your risk isn’t the most efficient approach. Establishing levels of prioritisation will ensure your resources are being used to reduce risk in the right areas.
3. Get the right people in place
From gap analysis to operating model design, programme delivery, and reshoring, it’s likely you’ll need more people in place and new competencies developed. Getting the right partnerships and people now is key to getting ahead.
4. Incorporate legacy issues into your planning
Today’s telecommunications industry is built on multi-generational networks, and legacy systems continue to underpin critical infrastructure. While extracting these systems is not going to happen overnight, dealing with your legacy infrastructure should be an integral part of planning your implementation of the new Telecoms Security Framework.
5. Implement transparent designs
Failing to disclose evidence of a breach could result in a £10m fine, so built in transparency and traceability are key to your programme. Consider the likely information requests that are to come to ensure your design changes enable clear tracking and reporting.
6. Embed a security-first focus
Mitigating the risks facing the UK’s critical national infrastructure is the driving force behind the TSRs, and telecommunications providers will need to ensure that this mindset is embedded in the everyday. Buy-in from the business is core to any cultural shift, so align your leadership with a shared, cross-functional vision and get some early delivery going to build gradual momentum.
7. Prepare for more legislation
In November 2021, the Government announced The Product Security and Telecommunications Infrastructure Bill (the PSTI) to ensure consumers’ connected and connectable devices comply with tougher cybersecurity standards. As cybersecurity evolves, so will the threats to organisations, and telecommunications providers must be prepared for more regulatory oversight.
8. Embrace the benefits of built-in security
Ultimately, security that is built in rather than bolted on will enable providers to offer better protection and performance for customers, as well as foster trust with greater transparency. While the industry may not have been seeking the Telecoms Security Act, its passing prompt action to remove the constraints of old and reimagine and reshape to seize the opportunities of a new era.
The introduction of The Telecommunications (Security) Act into UK law late last year marked the arrival of a new era of security for the telecommunications sector, where everyone – from executive to employee – is responsible for protecting the UK’s critical network infrastructure against cyber attacks.
However, embedding a security conscious culture from top to bottom requires significant resource and expertise to steer towards success. With the clock already counting down, telecommunications providers are under pressure to begin their TSR compliance journey whilst ensuring that existing change programmes stay on track. Here, we consider the key considerations for communications leaders to ensure successful navigation and utilisation of the obstacles and opportunities that lie ahead.
Clear visibility is critical
Protecting your network, applications and data has never been more critical. However, blind spots, missing data, and the risk of dropped packets make management and protection of these challenging, not to mention the scale and complexity of many providers’ hybrid network infrastructure. Nonetheless, providers must ensure they are able to monitor security across the entirety of their network and can act quickly when issues arise.
Security and service quality will need to be carefully balanced
Whilst enhancing security is the ultimate goal of the Act, this cannot be at the cost of network performance. Outages themselves can put providers in breach of the regulations.
Security scanners are a key line of defence for network security, helping to identify known vulnerabilities which can be exploited if the correct mitigation steps aren’t followed, so ensuring you have a robust vulnerability management process is critical. Incorporating the right vulnerability scanning tools and following the required change management processes to correctly implement tools will help to secure your network whilst minimising any potential performance impact to your existing infrastructure or service outages.
Auditing abilities are a new superpower
Demonstrating compliance with the new legislation may pose a significant challenge to providers, particularly as they attempt to flow down security standards and audit requirements into the supply chain. However, implementation of robust auditing processes to identify and eliminate weaknesses and vulnerabilities are a must for keeping providers on the right side of the regulations.
Knowledge is power
With any significant legislature change comes a period of uncertainty as businesses adapt to change, so getting to grips with the new regulation changes ahead of the game is key. Many providers have already begun the search for talent with the technical skills and experience to deliver their TSR programmes; however, with the jobs market at boiling point, some providers may find utilising external partnerships provides a more practical route to successful delivery as well as a means to upskill and educate internal teams.
You’ll be tested
In 2019, OFCOM took over TBEST – the intelligence-led penetration testing scheme – from DCMS and has been working with select providers on implementation of the scheme. Whether through TBEST or not, providers will be expected to carry out tests that are as close to ‘real life’ attacks as possible. The difficulty will be in satisfying the requirement that “the manner in which the tests are to be carried out is not made known to the persons involved in identifying and responding to security compromises.”[1] Providers may need to work with an independent vendor to ensure compliant testing.
Costs are still unclear
While the costs for complying with the new regulations are still undermined, an earlier impact assessment of the proposed legislation carried out by the government indicated that initial costs are likely to be hefty: “Feedback from bilateral discussions with Tier 1 operators have indicated that the costs of implementing the NCSC TSR would be significant. The scale of these costs is likely to differ by size of operator and could be of the scale of over £10 million in one off costs.”[2].
Culture may challenge change
Technology will, of course, be at the forefront of communications leaders’ minds, yet the cultural changes required to successfully embed a security-first mindset are of equal importance and must be considered in equal measure. Change is never easy, particularly when there is a fixed deadline in place; however, delivery that is well-designed and meticulously planned is key. Ultimately, the onus will be on leaders to craft a clear vision – achieving network security that is intrinsic by design – as well as mapping out the road to get there.
A relationship breakdown is never easy, not least when it’s with your IT outsourcing partner. But what makes a seemingly good relationship go bad, and can you spot the signs of impending IT outsourcing failure before it’s too late? To get some insight from both sides of the relationship, we asked Backbone Connect Co-founder and Director, David McLeod, as well as our own CACI Network Services Sales Director, Liam Delaney, to share their outsourcing experiences, reveal the red flags to watch, and the secret to maintaining a successful relationship with an IT outsourcing partner. Here’s what they told us…
1. Communication has broken down
One of the earliest warning signs that your relationship with your IT outsourcing partner is flagging is that the frequency of your communication has dropped. “There’s always a honeymoon period with any new outsourcing relationship – the energy levels are high, and contact is constant,” explains David. “The issues arise when that contact becomes less routine and conversations turn forced and fractious,” he continues.
“Confusion about how a team should communicate with their outsourcing partner can also lead to protracted conversations and frustrations from both sides of the relationship if they’re not clearly defined at the outset,” says Liam. Further, changes over time can significantly contribute to communication barriers. “Through the duration of any long-term outsourcing relationship, team members leave, and a legacy starts to develop, which limits the potential of your outsourcing partnership,” says David. Liam agrees, “Whenever there’s a major personnel change on either side of the partnership, it’s time to review the service and make sure that it’s still meeting your needs.”
2. The vision has become (or already was) blurry
While both David and Liam agree that a successful IT outsourcing relationship is one that evolves over time, Liam highlights the necessity of starting the relationship with clear expectations. “You can’t outsource a problem that you can’t define,” he warns. “Outsourcing partnerships can bring a wealth of expertise and experience into your team as well as achieve cost savings, but you need to be clear on what success you’re looking to achieve.” If the goals aren’t clear, it can be difficult for an outsourcing provider to take effective action.
David also advocates working with outsourcing partners whose cultural values align with your business to ensure longevity in the relationship. “Your business’s culture is the one constant, unchangeable thing, so it should be one of the key measures you use when considering any potential outsourcing provider.” He adds, “Put simply, if you’re wearing t-shirts, and they arrive in business suits, you’re likely to have a problem.”
3. Fingers are being pointed
“When something goes wrong and blame is being thrown around, you stop being on the same team and your pathway forward becomes blocked,” says David. Liam agrees, “A good outsourcing provider is one that acts as an extension of your team, always looking to add value and deliver positive outcomes, especially when tackling an unexpected challenge.”
While it’s important to understand why a problem has occurred, both David and Liam agree that maintaining open, honest and constant communication can ensure both sides of an outsourcing relationship resolve conflicts and challenges together, although David notes that “when you seem to have a stream of issues, a stigma can become attached to the outside party, making it difficult for that partnership to continue effectively if it’s not addressed.”
Liam says that establishing a communications flow which facilitates continuous feedback is one way to avoid minor problems becoming bigger issues, although he also acknowledges the value in a proactive vendor – “At CACI, we’re always trying to anticipate our clients’ potential roadblocks and challenges, so we’re providing solutions before something becomes a problem.”
4. Your contract has become a constraint
A contract provides both parties in an outsourcing relationship the benefit of structure and protection, but it can become a barrier to progress when projects pivot in a new direction. Working with a vendor that can be flexible and offer an element of elasticity in their approach can help to avoid partners becoming stuck in a bind.
However, the size of an outsourcing provider can also impact on how agile a partner can afford to be, warns David. “Smaller organisations are typically more agile than bigger providers, but they can be highly volatile as they grow and evolve, which can lead to issues later. On the flip side, a very large outsourcing provider may not be able to offer the personal, value-add partnership that you’re looking for.”
Liam also advises that businesses pay attention to the finer details when firming up their outsourcing requirement. “It’s important to consider the unexpected and unusual use case scenarios. You can’t capture everything, but having awareness and alerting your vendor of the potential changes and challenges ahead means they can be prepared to act and adapt, preventing your project from coming to a standstill.”
5. You’re not growing together
“A clear sign that your outsourced relationship isn’t working is when you start to feel anchored,” says David. An outsourced relationship that continues to evolve and enhance your business as it grows is one that is truly valuable according to our experts. One way to form a relationship that adds long-term value is to select an outsourcing partner that has a wider capability offering. “I’m always thinking about the longevity of a relationship, looking beyond the initial requirement, and thinking about what else we can do to add value to our clients,” says Liam.
Nonetheless, capability isn’t the only thing to look out for. As Liam explains, having a future-focused mindset is also critical to a long-standing relationship. “I believe that the most successful partnerships are the ones where the provider brings both vision and value. They’re not just focused on what the client currently does, but they’re looking at what else they can be doing to improve.”
However, both our experts noted that, like any relationship, an outsourcing relationship requires investment and trust to realise its full potential. “It’s all about building and nurturing a partnership,” says Liam. David agrees and adds, “Trust is critical, and it’s not established overnight. Take the time to get the basics right – once you’ve got that with the right partner, you can achieve much bigger things.”
With digital transformation initiatives high on many organisations’ agendas and the impact of COVID-19 changing how most of us work forever, network transformation has never been more important.
And the truth is, there are a wide range of network transformation vendors to choose from. But most take a transactional approach to network transformation, delivering little value beyond the basic works carried out.
Rather than an “in and out” service, great network transformation relies on an end-to-end partnership-based approach, with your vendor working closely to understand all your requirements. It can also sometimes mean working across multiple lines of business and projects to deliver network transformation programmes at scale.
In working on multiple network transformation projects with one of our major transportation clients, there were some interesting opportunities we’d like to share. Here are three potential opportunities to be had by working with a network transformation specialist.
Opportunity #1 – Turn spare network capacity into additional revenue
For organisations with vast internal networks, there’s significant opportunity to commercially monetise spare capacity and offer greater flexibility to customers.
With a significant fibre network across its estate stretching tens of thousands of miles, our client realised that any spare capacity could be used for commercial applications to help generate additional revenue.
Using an end-to-end delivery process, we developed and launched a dark fibre service to help our client deliver connectivity as a service, in a way that was repeatable and efficient.
We kicked off the project by mapping out the client’s service lifecycle to identify any capability gaps. Once this was established, we brought together a selection of our client’s stakeholders virtually and ran interactive workshops to walk through draft processes, focusing on providing end customer service.
Following a successful service launch, several end customers now use our client’s services, with our client driving continuous improvements across the network. And we’re now working with our client to deploy the service across its wider network and develop a service model and approach for future deployments – allowing our client to develop its offering.
Opportunity #2 – Tackle customer complaints to strengthen relationships
In large organisations, it can often be a challenge to discover and resolve issues that directly impact customers. Following the regionalisation of our client’s legacy telecom assets, our client found that many of its asset managers were concerned about whether its legacy voice estate was fit for purpose.
Working with our client’s leadership team, we devised and managed a service improvement plan, which involved understanding the issues and what was needed to resolve them.
To help stakeholders mobilise the plan, we set up management reporting processes and acted as an intermediary between our client’s leadership and account management teams.
In just four weeks, we helped our client reach a resolution around its legacy voice estate, and moved the focus to other areas of concern – delivering improved service to our client’s regions.
Opportunity #3 – Dramatically reduce data centre costs
Outdated technology can be a significant drain on resources. And while it can be all too tempting to throw money and resources at the problem, this strategy can often cause more problems than it solves.
Our client had an ageing data centre infrastructure which was interfering with its ability to deliver a reliable service. What’s more, it was keen to ensure its mission-critical applications were always available. With its legacy technology approaching end of life and support, we recommended an infrastructure migration.
We worked closely with key stakeholders to create a test organisation at the start of the project to support the migration, helping our client build two new data centres with modern technology stacks.
Ensuring a thorough assurance process was used throughout to maintain regulatory compliance, we oversaw the design, implementation, and migration phases. And to confirm all programme deliverables were managed correctly, CACI developed a project management and testing platform using Jira and Zephyr.
By working closely with our client throughout the project, we helped the company save £40K and delivered the project two months ahead of schedule. Looking to the future, we’re now working with our client in an advisory role, helping it to shortlist an operating partner.
Network transformation: a world of opportunity
While network transformation opportunities can be wide-ranging and cover several lines of business, it’s important to select an outsourced vendor that also understands the importance of being a familiar point of contact.
Often embedded in clients’ teams for maximum impact, our end-to-end services allow our clients to benefit from a portfolio of skills and resources, helping them free up their teams to focus on more strategic activities.
To find out more about how we can help you design and implement network services – and even unite third party stakeholders – across your organisation, get in touch with our team of experts today.
From reducing costs to meeting tight project deadlines and accessing specialist expertise, there are many advantages that come with outsourcing IT, but when does outsourcing offer the most benefit to businesses? We asked Brian Robertson, Resource Manager at CACI, to reveal the common signs that indicate a business would be better with an outsourced IT solution.
1. Your IT costs are high
Are budget worries keeping you up at night? Cost control is the most obvious reasons for businesses outsourcing IT. Indeed, a 2020 study by Whitelane Research found that 71% of UK businesses said that cost reduction was the main driver for outsourcing IT. But, is outsourcing really cost-effective?
“Just having a couple of IT specialists on your payroll can really rack up costs,” says Brian. It’s not just high salaries and the cost of employee benefits that are a concern. Companies that opt to run in-house IT departments also face the costs of purchasing, maintaining, and upgrading hardware as well as purchasing the software they need. “With outsourcing, these fixed costs become flexible, allowing you greater control of your budget,” says Brian.
2. You have skills gaps
The severe shortage in tech skills has long been a challenge for businesses, but as Brian explains, “The pandemic put organisations across every industry on a fast-speed trajectory to digitalisation.” He adds, “now, the focus is to keep that momentum going, but we’re seeing that many of our clients are looking for very specific expertise in a fiercely competitive and increasingly expensive marketplace.”
With recent research by ManpowerGroup finding that 69%, of employers globally are struggling to find workers with the right blend of technical and interpersonal skills, it’s clear that many businesses are fighting a losing battle. “This is where working with a trusted IT outsourcing partner can prove to be a strategic move,” says Brian. “A good outsourcer will always assess their client’s requirements holistically – matching skills and experience as well as cultural fit with end goals.”
3. Your IT infrastructure is outdated
“IT infrastructure is a vital component in every business, but it can become a huge drain on productivity, not to mention a growing security risk if not invested in,” warns Brian. He adds, “However, upgrading an outdated infrastructure is a resource investment that many lean I.T departments can ill-afford, creating a stalemate situation that prevents a business from maintaining competitive advantage.”
Therefore, if a business is struggling to maintain and manage its day-to-day IT operations, outsourcing may provide a practical solution. In addition to unlocking access to the latest and greatest tech, working with a reliable IT outsourcing partner will ensure your IT operations are optimised for enhanced performance, releasing your in-house staff to focus their efforts on achieving your business objectives.
4. Your business is vulnerable to security threats
Cyber security breaches are increasing. According to a survey released by GOV.UK last year, 46% of UK businesses and charities reported a cyber attack during the year, with 33% of those claiming they experienced a cyber breach at least once a week in 2020 – up from 22% in 2017.
The growing sophistication of cybercrime puts immense pressure on in-house teams as they struggle to stay on top of critical security practices such as 24/7 networking whilst also maintaining the myriad security systems they have in place. As Brian warns, “When it comes to cyber security, it’s not just a case of having the right technology in place, you need round-the-clock specialists that have the experience and expertise to utilise those tools and prevent potential threats before they become a problem.”
The global shortage in professionals with the right security skill sets are an additional challenge for businesses as they struggle to recruit and retain the specialists they need. Partnering with a trusted IT outsourcer can provide a cost-effective and reliable solution, as outsourcing removes vulnerabilities by ensuring a business’s security defences are ‘always on’.
5. Compliance is a concern
While cyber security is one concern, ensuring regulatory compliance is another, particularly in heavily regulated industries such as financial services. Failure to comply can lead to reputational damage and hefty fines, but to ensure compliance, organisations must have the capability to implement, maintain, monitor, and accurately report on IT infrastructure and security processes. As Brian explains, a partnership with a reliable IT outsourcer can offer significant value to a business that is under pressure to maintain compliance, “As well as providing the necessary resources and expertise to ensure compliance, an outsourcing partner will keep abreast of regulation changes, so your business is always one step ahead.”
6. You need flexibility
When you’re embarking on a new project, getting the right people with the right skill sets in place can be a difficult task. While upskilling your existing team members can be beneficial, inexperience coupled with a limited bandwidth can pose major risks to your project delivery as well as have a negative impact on your day-to-day operations. These problems are more acute if your delivery deadline is tight.
“Hiring new talent in-house is an option, but often it’s not the best one if a project is short-term or requires a range of specialist skill sets,” explains Brian. In these instances, partnering with an IT outsourcer can provide the most strategic, timely and cost-effective route forward because solutions are tailored to your specific needs. “Clients also gain from the insights and expertise of an experienced team – with the added benefit of elasticity to adapt if requirements change,” says Brian.
7. You need niche expertise
More budget-friendly than hiring a team of in-house specialists, and more reliable than challenging your existing team, outsourcing IT is often the most effective option when it comes to delivering projects that require niche expertise such as cyber security. Brian also highlights the benefit of introducing an outside perspective, “One of the most overlooked benefits of outsourcing is that businesses don’t just get access to specific skills and knowledge, they get to tap into a whole wealth of experience.”
“That’s why it’s so important to look for an IT outsourcing partner that has a proven record of proficiency and delivering results. Knowing what’s worked before, how to handle specific challenges, and what pitfalls to avoid –is truly invaluable to finding the solution that’s really going to work for your business.”
From entering new markets to growing market share, mergers and acquisitions (M&As) can bring big business benefits. However, making the decision to acquire or merge is the easy part of the process. What comes next is likely to bring disruption and difficulty. In research reported by the 
