Archive | January 2021

Achieve great things with great people

Smarter upskilling. Greater team diversity. Better work life balance. They can all help to boost employee productivity, engagement and retention. But getting these elements right is a big challenge – especially when the world of work is undergoing radical change. 

Introducing new processes, technologies and workstyles at such a turbulent time can do more harm than good if not managed and communicated correctly. Even prior to the Covid-19 pandemic, 57% of companies said organisational change was a major risk to employee wellbeing1

And employee wellbeing is going to be a big focus in 2021. Mental health experts predict that up to 10 million people in England will need either new or additional support as a direct consequence of the Covid-19 crisis2.

As well as conducting wellbeing initiatives, business leaders need to help employees get smarter at managing their work life balance – especially as more people are now based at home instead of an office. This will not only help to reduce the risk of mental health issues and absences but also increase talent retention: 49% of employees prefer to work for an organisations that protects their health and financial wellbeing3

But that’s not all. Employees also want their work to give them a sense of purpose. When people feel they are making a difference, it can have a massive impact on employee retention: businesses rated highly for a purposeful mission experience 49% lower attrition rates4.

With skills gaps and availability still a major concern, maximising employee retention needs to be a top priority not just for HR departments but every leader and manager. And that means rethinking how best to harness the potential and passion of your people.  

From flexible hours and assistive technologies to talent marketplaces and collaboration tools, they can all make a difference to how people work. And how people feel about work. 

But where do you begin? Our latest Insight Guide will help you identify the strategies and solutions needed to inspire stronger employee engagement and retention. Produced in partnership with Microsoft, the Insight Guide combines industry research with expert advice and best practice checklists. 

By investing in your people today, you’ll also be able to attract – and retain – the talent of tomorrow. 

Read more here – Insight Guide

The link between mental health, wellbeing and movement

Today is what is known as ‘Blue Monday’.  This is the third Monday in January every year and is the day that people’s mental health is said to be at a low point due to a number of factors:  the weather is cold, people don’t have much money after Christmas and are waiting for payday to come around, and you can add in the guilt of New Year’s resolutions falling by the wayside before the end of January.

However, I think the last year has had lots of blue days, so this year is a little different – especially as we are in lockdown again! For me it’s the fact that home-schooling begins again on a Monday whilst I try to work. A sentiment many parents will be feeling today and every Monday.

Have you been feeling blue for a while?

With the announcement of another lockdown, I could just hear the entire country groaning at the thought of further disruption as we wait for the vaccine to help take us on the path to emerging from the Covid-19 induced nightmare of the last 12 months.

We are sure to see and feel more troughs and peaks before we are out of the woods.  That’s why I have been encouraged to see the important topic of mental health is being talked about more openly and more often than ever before as the realisation that this is a major challenges to people’s health on top of the physical symptoms of Covid-19.

Talking about it is one thing, however, there isn’t much said about how to find ways to enjoy better mental health.

If you are in a low place what kind of things might help?  Or what can you do to prevent you reaching a low point?

How getting enough exercise can help your mental health

There are some simple things which may prove useful in both scenarios and one of them is exercise. All forms of exercise count from walking to High Intensity Interval Training (HIIT) classes, yoga to weight training – many of which can still be enjoyed at home even during a lockdown.

Exercising indoors during lockdown

When gyms closed in the first lockdown, many people in the UK turned to outdoor exercise, meeting friends for walks and getting out into the fresh air.  Unlike other countries where the temperature is still conducive to exercising outdoors, we are now deep into the long, cold winter months in the UK where the days are wetter, shorter and darker.  As a result, it can be hard to summon up the motivation to get those 10k steps in, or to build some exercise into your routine before or after your working day, particularly if you are having to fit home-schooling in too.

One of my colleagues invested in a treadmill.  That’s a real investment and sign of commitment! However, he is the type of person that will actually use it.  As for me, I’m fairly confident if I bought one, it would quickly become somewhere to hang items from.

Avoiding distractions

During the first lockdown I dug out the limited weights that I already had, dusted off the step machine and invested in some exercise bands. But with home-schooling and various other demands on my time, I found that workouts dropped off the radar.

I accepted exercise was too difficult to fit in. The effect on my mental health was so much bigger than I expected.

I use exercise to channel the thoughts in my head out of my body via movement. So, I got back into the routine of walking, added some new workouts and as the original lockdown restrictions eased, I went back to the gym slowly.

And then we went back into lockdown, a bit like the hokey cokey. With announcements seemingly made every other day, there is great uncertainty about when we might emerge from the latest lockdown and this uncertainty keeps throwing our plans into chaos.

Routine, routine, routine

There is saying that to build a routine, then make it a habit takes approximately 30 days. Most of us are finding it hard to maintain a routine these days. I was an avid gym member pre lockdown #2.  But the break has made it more challenging to get back into the swing of things.

When I did, I wasn’t consistent and found excuses for not going.  So, this time I decided I was going to get back into a good routine.

Back in Lockdown #2, I decided to commit to a 28-day challenge run by a personal trainer called Courtney Black that I found on Instagram during the first lockdown. She runs the challenge every other month, the alternative months also have daily workouts.  The 28-day challenge involves more intense exercises designed to challenge your body. I have previous experience of trying a 28-day challenge on the Courtney Black app. I quit after 6 days!  It is a tough challenge of weights and HIIT workouts, 6 days a week for 28 days.

There is a 28-day food plan but as Diwali fell in the middle of that 28 days, I decided I would focus on the exercise.

One step at a time after all.

An immediate challenge was how am I going to build a routine that I can stick to?  I am pleased to tell you I completed the challenge albeit a few days over the 28 days due to my body screaming at me to take a few days off.  Always listen to your body.

I made sure that even though I had taken a few days off I wasn’t going to allow excuses like “well I am almost done now anyway” or “I will start again next week” to creep in.

Here are some of the ways you can make a routine into a habit:

  1. Commit to something for 30 days, a month is a good target to aim for.
  2. Make it daily. It is easier to form a habit if you are used to doing it every day.
  3. Start simple, try not to do too many things at once.  Over committing will stop you in your tracks.
  4. Consistency is key. Think ‘same again tomorrow’.
  5. If buddying up or joining a team is out, look for a virtual version to help keep you motivated.
  6. Be imperfect. If you don’t get it right all the time, that’s okay. Trying is better than not trying.

Now in lockdown #3 I am back on the 28 day challenge and almost half way through.

What exercise will do for you

What I really noticed was the difference a 45 min workout can make.  I never look forward to a workout if I am honest. Throughout the workout I want it to be over because it is tough. But at the end, I am proud I made it through, and thankful its over for the day. These are all physical aspects.

But here are the mental benefits. Before starting a workout, my mind feels confused, full of lists, worries about what needs to be done at home and at work, home schooling my child. I have been emotional and in tears, stressed and tired prior to a workout.  After 45 to 60 minutes of exercise I feel much more balanced.

“The mental benefits of aerobic exercise have a neurochemical basis. Exercise reduces levels of the body’s stress hormones, such as adrenaline and cortisol. It also stimulates the production of endorphins, chemicals in the brain that are the body’s natural painkillers and mood elevators. Endorphins are responsible for the “runner’s high” and for the feelings of relaxation and optimism that accompany many hard workouts — or, at least, the hot shower after your exercise is over.” Source

I have often said that my brain functions better post exercise; I think quicker and feel more awake. My mind is clearer as to what needs to be done and I feel less emotional, which I believe makes me work better and deal with trying to wear the teacher hat better too.  Using up 30 mins of my work day to fit in exercise often makes me more productive for the next 7 hours and has far more benefit compared to a day where I don’t exercise.

There are lots of free workouts available and most of these Personal Trainers, such as Joe Wicks, Courtney Black, other online trainers, including Bez from the Happy Mondays, have offered free workouts during lockdown. Remember exercise can be a bike ride, taking the dogs for a walk, going for a run, movement of any kind will help you and your mental wellbeing – some people swear by an hour of gardening or even housework – done at a brisk pace.

Fitting it all in – tips on getting enough exercise during the working day

This image has an empty alt attribute; its file name is photo-1501139083538-0139583c060f

Time! We are always short on time.  Here are my top tips for getting some exercise into your working day:

  • Start early – I find exercising first thing in the morning means it is out of the way before I start work. As mentioned, I always focus better after a workout. This can be any kind of workout including a brisk walk listening to music or podcasts.
  • Steps – use walking meetings. I often take calls where I don’t need to be in front of a screen on a walk. My manager and colleagues are very familiar with my walking 1-2-1 meetings. Even two x 10 minutes walks are better than none.  Crucially, it gives you a break from your desk and screen.
  • Use the furthest bathroom – most of us will go to the closest bathroom in our house. Go to the furthest if you have more than one. You get do more steps and get a longer break from your desk.
  • Do a YouTube walking workout – this is a thing and you can do it whilst on a call. There are videos that help you achieve 5k (or other amounts depending on time) steps in 35 minutes. Not recommended for video meetings!
  • Scheduled lunch break workouts – this helps you get a workout and gets you away from your desk. Most people that work from home don’t take a proper lunch break often enough.

The value of getting away from the desk

This brings me to my final point around wellbeing and mental health.  I’ve talked about the value of getting away from your desk.  But make sure you are not just raiding the food cupboard! When I started working from home 8 years ago, I was guilty of doing this too often and soon realised I needed to find another way to force me to take a break.

I’ve managed to build something into my lunchtime that is easy to do.  Before I tell you, promise not to judge? I got into watching an Australian soap, I am sure you can guess which one.

I did this originally because we almost moved to Australia and – well – it made sense to watch an Aussie soap, right? But when we didn’t make the move, I realised by watching it every day, I had to take a lunch break.

Of course, you can choose something better if soaps aren’t for you.  Aim for a programme that lasts 30 to 45 minutes that you can watch daily.  This gives you enough time to make lunch or heat something up, watch a programme and eat.  You might have time to make a cup of tea before going back to your desk.

People normally laugh when I tell them what I watch.  But then I ask them if they take a lunch break, the answer is normally no and then they get my point.  It’s not about the programme but what it indicates to my brain.

By taking a break and watching something harmless my brain can switch off from work.  The show is series-linked to I can be flexible with when I take my lunch break too.

Look after yourself and be more productive

We all have a job to do. But you will only do your job well if you look after yourself.

Lockdown or not, this does not change. The options may seem limited but there are plenty of ways to take care of yourself.

Taking the first step is always the hardest.

So, take that break, do some exercise, eat and sleep well. Your body, your mind and your employer will thank you for it.

Is it time for us to work how, when and where we want?

2020 was a tough year in many ways. But it’s also taught us a vital lesson: how to work smarter. 

The pandemic has accelerated the journey to modern work. Lockdown and social distancing forced IT departments to adopt technology that allowed employees to work in new ways – ways in which fixed location, fixed hours and fixed devices became less important. 

Now, traditionally office-based employees are more likely to begin their day in an open-plan kitchen than an open-plan office. Contact centre agents are taking customer calls in their lounge. And frontline hospitality, healthcare and retail staff are using new mobile devices and collaboration tools that allow them to work safely and effectively, either remotely or within an adapted environment.

The changes have shown us the advantages of a more modular, blended approach to a day’s labour. We can see a path towards a world in which many of us will work more convenient hours, from a location that suits our lifestyle, and with technology that empowers us rather than frustrates us. 

Work can fit around our lives, rather than the other way around. 

It’s an enticing future. But we’re not quite there yet.

Many businesses are struggling with the aftermath of such rapid change. They’re worrying about security now their IT assets are in suburbia. They need to rationalise their recently enlarged IT estates. They’ve realised their vast technical debt hampered their ability to be agile. And they’ve accepted that their ‘quick fix’ changes may have to become something more permanent.

So what’s the next step?

Businesses know new hybrid ways of working can lead to competitive advantage through better employee engagement, enhanced productivity, greater collaboration, cost savings and being able to attract top talent. 

So they have to reimagine their workplaces for the long-term. The quick fixes have to become long-lasting solutions. And business leaders have to ask themselves how they can make their employees feel empowered, and invested in, while maintaining productivity, collaboration, innovation and security.

It’s a conversation that inevitably leads to technology. And that’s where we can help.

Working with Microsoft, we’ve outlined some thoughts on the challenges facing CIOs in our new insight guide The Great Workplace Reset, which you can read here. We’d love to know what you think.

Put your faith in Zero Trust Security

The world of work has changed significantly in the last six months with millions of employees now working from home.  Perimeter defences that businesses previously relied on are proving insufficient because the controls that were applied when employees were predominantly office-based, with approved devices connected to the network, do not work as well for a distributed workforce.  Many organisations are now finding that Zero Trust Security offers a better approach.

What is Zero Trust?

Zero Trust is a security concept that requires all users to be authenticated, authorised and have their security configuration and posture continuously validated, before being granted access to applications and data.

The concept was introduced by Forrester Research over a decade ago but is more relevant than ever.

Zero Trust uses a variety of advanced technologies that are able to continuously monitor and validate that a user and device have the right privileges and attributes.  Organisations must ensure that all access requests are also continuously verified prior to allowing a connection to any enterprise or cloud asset. The policies rely heavily on real-time visibility of attributes such as:

  • User identity
  • Endpoint hardware
  • Patch levels
  • Vulnerabilities
  • Applications installed
  • Security or incident detections

Why Zero Trust is important

Zero Trust is one of the most effective ways for organisations to control who and what has access to their networks, applications and, more importantly, data. Adding preventative measures like next generation firewalls, often called the micro-perimeters or micro-segmentation, can effectively segregate and manage the network.

This will help deter attackers and limit access in the event of a breach.  It is a critical layer of security that organisations require when they have a remote or global workforce with a growing number of endpoints.

‘Never trust, always verify’ principle

Zero Trust is a methodology, not a tool or a product.

At its heart is the simple concept: do not trust anybody operating inside your network and, instead, make them continuously authenticate their identity.  It is targeted at both attackers outside of the network that have breached it and malicious insiders.  The aim being to prevent them moving laterally through the network as they seek out sensitive data.

The importance of this approach was demonstrated in the case of Edward Snowden, the American whistle-blower who copied and leaked highly classified information from the National Security Agency (NSA) in 2013.

Snowden had legitimate credentials to operate as a subcontractor within the National Security Agency (NSA) network. Once he was granted access there was no further authentication procedures and he was able to download top-secret material. 

Had Zero Trust with its core principles of least privilege and real-time monitoring of malicious activities been in place, it is likely that he would have been discovered earlier.

Key principles of Zero Trust Security

There are a number of key principles behind a robust Zero Trust policy, which are explored below:

Know your Architecture – including users, devices and services

It is critical to have comprehensive information about your assets.  In order to get benefit from a Zero Trust approach, you need to know about each component of your architecture – from users and their devices, through to the services, applications and data they are accessing. 

There are several pre-requisites that must be considered:

  • Storing component information in a centralised place
  • Business process mapping
  • Identifying all potential connection points — both physical and virtual
  • Determining if the device accessing your services is up-to-date, compliant with your device configuration policies and in a healthy state

Together, these represent some of the most important signals used to control access to services and data.  Having policies that govern the above, in a place where they can easily be managed, reviewed, and updated are fundamental to the success of a Zero Trust environment.

Services also need to be kept up to date with the latest software patches.  You need to be able to determine the version and patch level of the service you are using and, it goes without saying, that patches fixing vulnerabilities should be applied at the earliest opportunity. Identifying and prioritising patching can minimise the effect of users suffering from ‘patch fatigue’ and ensures that the most vulnerable devices are at the highest patch levels.

Create a strong device identity

Each device should be uniquely identifiable in a single device directory. This enables efficient asset management and clear visibility of the devices which access services and your data.  This will help when applying policies and compliance as well as managing the health of the device estate.

Leverage a variety of preventative technologies

Multi-factor authentication (MFA) is a major requirement for a Zero Trust architecture.  But it should be implemented in a way that does not hinder the use of the service.  Therefore, it is important to select where additional authentication points are or where additional authentication factors are used.  For example, authentication should be used when requests are high impact or important, or when the user is accessing sensitive data or requesting privileged actions, such as creating or deleting users.

To enable granular access control, specific roles for each user should be created.  Then ensure the access control and device directory can be employed by all the services you plan to use, both internal and external.  This will also allow the organisation to use least privilege access, granting the user and devices the lowest level of access required in order to carry out their role.

The micro segmentation technique can be used to create small zones within the network to help maintain separated access to different parts of the network.  This could be invaluable in helping to contain an attack if a breach occurs.

Focus on monitoring devices and services

Organisations should also incorporate real-time monitoring capabilities to improve their “breakout time” — the critical window between when an intruder compromises the first machine and when they can move laterally to other systems.

Real-time monitoring is essential to the organisation’s ability to detect, investigate and remediate intrusions. Automation and orchestration can also be a benefit here in helping remediation to take place quickly if an attack or breach is identified.

Set policies according to value of the service or data

The power of a Zero Trust architecture comes from the access policies that you define.  These policies can consider several signals from the connection in real-time and from the signals database to a build context for the connection. This context is then used to gain confidence in the connection request and decide if it is trusted enough to continue. The role of the Policy Engine performs this policy evaluation and decision.

Focus on the broader security strategy, not just the technology

A Zero Trust architecture is just one aspect of a comprehensive security strategy. Whilst technology plays an important part in protecting the organisation, digital capabilities alone will not prevent breaches. Companies must adopt a holistic security solution that incorporates a variety of endpoint monitoring, detection and response capabilities to ensure the safety of their networks, but another challenge is getting staff to think along new lines.  Moving to a Zero Trust architecture takes time and should be part of the organisations digital transformation strategy involving the CISO, CIO and others at this level so they can prioritise the actions needed to move to this operating model.

Audit everything!

While not a glamorous activity, auditing should be a central part of your security strategy.  With a documented record of all actions performed by a user, these data sets can be used in forensic analysis and help to identify suspicious activity in real-time with the option to terminate sessions. In addition, audit data can be leveraged to prove compliance, with reports on every user’s privileges and associated activity.

How can you leverage ServiceNow to achieve Zero Trust Security?

Achieving all of the above is not easy.  But there are a number of ways ServiceNow can help. The diagram below shows some of the key points.

The architecture

ServiceNow’s configuration management database (CMDB) and IT Operations Management (ITOM) capabilities provide device, service and asset visibility. The CMDB allows you to build logical representations of assets, services, and the relationships between them to develop a better understanding of your organisation’s architecture.  Using ServiceNow we can build relationships to the assets and services to the users who have access or are assigned to an asset. This supports the auditing and visibility of the risks to the organisation’s architecture.

Details about these components are stored in the CMDB which you can use to monitor the infrastructure, helping ensure integrity, stability, and continuous service operation.  It gives you the central repository of all information which is key to achieving a Zero Trust model.

Greater visibility

ITOM Visibility gives you an accurate, up-to-date view of your IT infrastructure and services, spanning both multi-cloud and on-premise environments. It automates the end-to-end infrastructure discovery and service mapping process—including tracking ongoing changes—creating a complete and reliable record in your CMDB.

This infrastructure and service information is seamlessly leveraged by other ServiceNow applications such as ITOM Health, ITOM Optimization, and Software Asset Management.  It can be easily enriched with additional configuration information/items. Software Asset management allows you to see who is using the software, provides approvals for access to software applications and workflows.

SecOps & GRC

Ensuring that your devices are kept up to date with patches can also be done using ServiceNow SecOps and the Vulnerability Response (VR) application.  VR helps organisations to identify and quickly respond to vulnerabilities, helping to track, prioritise, and resolve them efficiently using a single platform.

Configuration compliance within ServiceNow SecOps can also help ensure that assets are configured as per the company policy. Improperly configured software can create a risk for the organisation and can go unidentified for a long time. Configuration compliance leverages the CMDB to determine which assets are most critical and using third party security configuration assessment scans can quickly remediate misconfigured devices.

Coordinating the response

ServiceNow’s workflow and automation capabilities can coordinate an IT response, from a single platform to address changes and updates.  Configuration compliance can also be fed into the continuous monitoring feature of ServiceNow Governance, Risk and Compliance to further mitigate risk.

There are a number of preventative technologies that can be leveraged, including:

  • Identity and access management
  • Privileged access management
  • Cloud access security broker or policy orchestrator
  • SIEM or other user and entity behaviour analytics
  • Network segmentation
  • Next-generation firewall

As the platform of platforms, ServiceNow provides a unified experience across multiple technologies deployed across the enterprise.  ServiceNow has seamless integrations with many of the key vendors working in this space.  It brings the ability to leverage the above technologies and add context using the CMDB and ITOM to make the task of identifying high-risk assets much easier.  Whilst ServiceNow supports security teams in responding faster there is significant value in its ability to provide a single pane of glass to monitor these various technologies.

Focus your monitoring on devices and services using ServiceNow SecOps. As mentioned above, the platform has the ability to provide a centralised place to capture the information from your security technologies.  The platform can utilise that information along with workflows, automation and if possible, orchestration. Moving to this stage of the Zero Trust model can ensure remediation can take place quickly should a breach or attack occur. 

By also monitoring your devices, ServiceNow gives you visibility into your organisation’s security posture using detailed dashboards and reports. This visibility over what is baseline will help establish normal behaviour.  In turn this can assist with identifying abnormal behaviour, that could be a sign of malicious activity, as is occurs.  Using the reports and dashboards can provide administrators with an insight into how well the security tools are working, if anything needs changing or if further automation can be added to further secure the network.

Auditing using the ServiceNow platform

To ensure everything is captured correctly, audit logs should be created automatically. ServiceNow has a dedicated audit table that can be configured to audit a wide range of things and, by default, the system tracks changes to the incident, change and problem tables, among others. The audit information is invaluable in creating the reports to ensure that your security posture is correct.

Implementing a Zero Trust Model

Zero Trust is not a new concept – however it is one that can be implemented using some of the existing technologies already in place within the corporate IT infrastructure.

Starting a Zero Trust architecture is a process that requires careful planning and execution.  However, I recommend that you progressively add layers as per the various sections described above, rather than attempting a big bang ‘jump’ to Zero Trust.

Using a platform that can bring lots of disparate systems and information together in one place can help make the transition smoother.  For example, a key aspect of the Zero Trust model is knowing what devices, assets, services and users you have and how they work. This is more difficult to attain since large swathes of the workforce began working from home, but the ServiceNow CMDB lets you know exactly what assets are in your IT environment using current, accurate configuration data.

In addition to using existing technologies to achieve Zero Trust Security, new technologies may also be required to feed into this model. Computacenter can provide an agnostic view on the optimum technology to use in each case to help create a Zero Trust architecture and also advise on how to best utilise the existing technologies that you already have.

Only then can you have the confidence to put your faith in a Zero Trust model.

Bharti Lim is an experienced Senior Security specialist at Computacenter’s ServiceNow Centre of Excellence – part of a highly skilled team using solutions built on the ServiceNow platform that deliver innovation, efficiencies and a world class experience for customers.  Bharti has worked across a variety of security technologies over her career, specialising in network and data security. She has worked with a number of large organisations, advising on how to use ServiceNow for Security Operations and how to address Governance, Risk and Compliance challenges.  Bharti is also a passionate advocate for Women in IT and mental health issues.

%d bloggers like this: