Climate change is probably the greatest threat our planet faces today, but this challenge also presents an opportunity to do the right thing. It’s time to step back and look at the role of the IT industry in developing, deploying, maintaining, growing and eventually, sustainably retiring technology and solutions.
It is understood that for a garden to produce fresh vegetables and fruit, it needs more than just water. The soil needs the proper nutrients to ensure that any harvest is not just today but is repeatable and provides food for generations to come.
You may wonder how garden sustainability can compare with IT and cybersecurity, but it does. Digital transformation, online shopping, binge-watching television and video calls depend on data centers that consume power and create waste from burning fuel.
Carbon footprints need to be reduced, but it’s understandably difficult during a time when people want to do more online and require better and faster protection in parallel. Applying sustainability principles to hardware and software makes this an achievable goal. IT usage can become more effective and safer at the same time.
So, why is it important to have sustainable cybersecurity? The benefits of sustainable security and IT are akin to the benefits we get at home from installing smart-heating controls at home – aka – saving money. Still, sustainability is also a key driver in some regulatory decisions and helps develop and maintain a positive corporate profile for businesses today.
There are many benefits and considerations to sustainable security; these include:
Controlling IT Costs
Cybersecurity has sometimes been seen as a spent-cost investment to keep investors happy and is often rolled out as a knee-jerk response to an attack. This has never been a sustainable approach, and fortunately, most organizations now see this and recognize the need for change.
The best security specialists will set priorities at the start of a financial year based on where risks are seen – or on vulnerable business areas. A detailed understanding of these areas means that security expenses can be built into budgeting as forward-looking investments.
• Ensure an incident response plan is in place and review it regularly. The initial design of the program takes the longest, annual updates are then more manageable – and should there be a breach, you will be well prepared to respond in the fastest and most effective way possible.
• Implement Endpoint Detection and Response (EDR), which combines continuous real-time monitoring with automated response or analysis rules. This will help analyze threats and also automate responses to quarantine threats and notify staff when necessary.
Improving Staff Awareness
Over the years, most of us will have viewed an ‘annual security update’ video or been asked to complete a survey on what they feel about IT systems. The problem here is that reusing the same, mildly updated content continuously carries a diminishing return – people take less and less notice. They become blasé about the importance of any security message.
Effective security training needs to keep up with developments in cybersecurity. We see daily ransomware attacks, crypto-wallet thefts, phishes and smishes taking place or data mining via social media. Developing a dynamic security awareness program, perhaps targeted toward different job roles, keeps users interested and helps them learn. It will also make it more likely that they will discuss what’s been learned, not only with colleagues but with family and friends, contributing to a more sustainable cybersecurity culture.
Making ESG a Priority
Everyone is becoming socially aware, seeing the importance of purchasing, using, or investing in products and solutions which look to improve their environmental footprint by implementing ESG best practices (environmental, social and governance). This could include:
• Prioritizing workforce well-being in hiring and retention, and providing a flexible work environment which makes it easier to hire the best cybersecurity talent, without being tied to a specific location.
• Updating manufacturing processes to take advantage of low-carbon emission options and sustainable power. In addition, new products can be designed to be dismantled for repair, upgrade, and eventual recycling.
• Offering refurbishment options for used equipment helps customers extend the life of their investments and reduces electronic waste in landfills, which reduces carbon emissions.
ESG is certainly on the radar of the CIO. They will be watching what other organizations are doing – but in this case, learning best practices and developing sustainable and ethical processes for equipment and data. Making cybersecurity part of this conversation is essential. It can address issues on the protection of business and employee data and assist in regulatory compliance, such as CCPA and the GDPR.
It is vital to build sustainable cybersecurity best practices that mitigate risk and improve resilience whilst at the same time, making it easier to develop and report key risk metrics to stakeholders, which show transparency and enhance trust in the business.
Where to Go Next?
Many large organizations have public commitment statements of corporate responsibility. This is a great place to start, whether you just want to know more or need to understand how to begin developing sustainability options in your own business.
I have only been able to scrape the surface of this enormous topic here, but if there’s one thing you take away from this piece, I hope it’s the sentiment in my first paragraph – climate change is among the biggest threats we face today, and any positive change we make, is a change for good.
