Balancing security, employee experience and cost

You can get near-perfect security at tremendous cost, while making the IT department very unpopular with employees. Or you can get great user experience for pretty cheap, but you’re just one data breach away from disaster. How does the CIO, in collaboration with the rest of the management team, craft out the equilibrium?

Jicara Media’s Frontiers of Work 2021 Conference, brought together C-level executives and senior enterprise IT leaders across Asia-Pacific. The Conference was aimed at predicting the shape and form of the varied forms of working in the “new normal”. The speakers focused on concrete ideas and case studies, and shared problem-solving strategies.

The first-panel discussion centred around “Security, experience, cost: Balancing the three building blocks of workplace transformation”, and was moderated by Krishna Baidya, Director and Head of Asia Pacific Connected Work Practice, Frost & Sullivan. 

Dealing with remote working

The moderator began the discussion by emphasising the importance of striking a balance between security, experience and cost in an organisation, especially in these unprecedented times.

Nick Lim, SMB Segment and Channel Lead, Lenovo Singapore opined that the pandemic has accelerated the need for adapting to the times, especially in terms of how organisations work, with most companies choosing to operate in a hybrid model. “Fortunately as a technology leader, Lenovo has always been adopting an agile, and flexible workforce with almost 90% of employees (Singapore-based) working from home.”

The main challenge that MTR Foods Pvt. Ltd. faced during the pandemic — according to Ganesh Shenoy, the company’s CFO and CTO — was the need to go “touchless”. The organisation invested in front-end apps, enabling faster growth, and incorporated automation at the back end. Shenoy’s team deployed analytics effectively, which helped with business continuity, with 70% of their workforce operating from home. 

“Pertaining to the food sector, specifically to a manufacturing organisation, I would talk about this in three different ways. First of all, for a manufacturing business, the front end, sales and marketing becomes a very important area, because the pandemic ensured that you could not travel to the markets. 

So, how do you really sell your product range? How do you market your product, to the consumers, going touchless? In India, as opposed to a mature market, we normally sell to our stockists, who in turn sell to retailers, and then it goes to the consumers. So, to actually do this, [going] touchless was a big challenge, and fortunately for us, we had invested heavily in front-end apps and that helped the business continue,” he said.

The company grew extremely fast during this period, according to Shenoy. There were unprecedented growth rates due to investments in front-end technology. Secondly, automation at the back-end helped – Shenoy’s team had automated accounts payable and automated travel expense statements, among other processes. 70% of the MTR Foods workforce works from home, which Shenoy cited as the only reason the company was able to continue business in a very controlled manner. 

“Thirdly, analytics is very important too. How exactly do you harness your transaction platforms, the multiple systems that you have, and deliver them to the people that matter, including the front-end, back-end and controller’s department? This is a genre where you have to continuously invest, and we all know that technology lifecycles are becoming shorter and shorter, so you really have to be at the cutting-edge of delivering analytics,” he explained.

Sourabh Chitrachar, Regional VP (Asia) – IT Strategy & Transformation, Liberty Mutual mentioned that their organisation had picked up the pace with regards to technology implementation. 

“If you look at the transformation in the insurance space, it has been a buzzword, there have been a lot of activities going on especially related to our core transformation,” said Chitrachar.

“If you look at banking or insurance, most of our back-end systems are very monolithic. The current scenario needs you to have more micro-services based applications — the work had been happening in phases, but there was a lot of convincing that needed to be done, in order to get those transformation projects working. When you look at situations when you are not allowed to go to meet your customers, how do we make it work?”

A lot of effort has been put into seamless communication and collaboration at Liberty Mutual, revealed Chitrachar. For example, using AI for policy renewals and customer analytics to help identify how many customers have viewed a website for a policy. Data acquisition and putting it to meaningful use have greatly accelerated over a period of the last one and a half to two years. 

“Now, it’s not about going and tying up only with the established players, but also looking at the insur-tech and fintech companies, focusing on technologies that they bring in to support effective collaboration and reaching out to more of our users,” said Chitrachar.

“We have looked at virtual platforms, whether it’s Citrix authentication, or whether it’s more mobile devices coming into the environment. We are talking about extending security to a huge extent. We are evolving the models, whether it’s intrusion prevention or threat detection — security has undergone a complete shift in that manner.”

The main drivers forcing organisations to go digital

Lim held the view that in the Singapore context, subscription-based models and Everything-as-a-Service IT models have gone mainstream — especially in the work from home culture currently in place. 

He lauded the Singapore government’s initiative for pushing enterprises towards digitalisation and digital transformation. Referring to the Singapore Budget 2021, he said the COVID-19 package, the Productivity Solutions Grant (PSG), and the SMB digital program, have helped a lot of SMBs remodel and transform their business through digitalisation — in which Lenovo often played a key role. 

Regarding the transformational journey both internally and externally, Leonard Ong, Regional Information Security Officer, APAC, GE Healthcare, mentioned that his organisation spent a lot of time figuring out what has changed, and what needs to be implemented. 

“It’s really the business model that we are looking at to identify what has changed. For example, in the health sector, we need to be operating at all times. GE Healthcare, being a technology equipment manufacturer, needs to make sure that hospitals are able to run and provide the healthcare services that people need. Because of that, we started thinking of the best way to deliver services to others, and part of that is cybersecurity,” he said.

“We have to ensure that all the equipment in the hospitals is working fine. But, since there is limited movement during the pandemic, we have to enable remote service, which depends on security. How do we secure remote service delivery? Secondly, we have to ensure that the uptime of these devices is guaranteed; if there is the slightest performance issue in the devices on the customer side, we can detect it beforehand using machine learning and analytics. 

Lastly, we have to ensure that medical devices are secured appropriately because we are hearing lots of news about hospital ransomware and software supply chains attacks. We want to keep our customer services secure, because in healthcare, the ultimate customers are the people,” Ong explained.

A question of quest

Shenoy said that MTR Foods divided the workforce into batches, with three to four working remotely in unison, as though they were in office. “It was like a virtual office,” he commented. 

Ong said: “I think it’s quite a confusing time for many of us — we have been hearing a lot about no-trust/zero trust security. But, trust is something that we need, because customers need to trust their service providers, and service providers will need to trust the supply chain. That’s something we continue to struggle with and try to find the best way to address this.

For example, in rendering services to healthcare organisations remotely, you have to be able to trust the technology. Trust is pivotal, but you can’t trust everything that you come across.”

Chitrachar believes that especially in a BYOD scenario, the idea of trust is very important, since not all employees can have laptops shipped to them. One of the most important things was the BYOD implementation tools for mobile device management at Liberty Mutual. The company has also started looking at models like DaaS (Device as a Service) and leasing options, where the service provider helps manage the device as a service.

From Lenovo’s perspective, Lim mentioned that though Lenovo encourages BYOD, it is recommended that employees use devices with higher security capabilities.

Balancing the trinity

When asked if security, experience and expenses can be balanced effectively, Shenoy said, “It’s that time when the CFO has to probably take off his CFO hat and put on a business hat, as it’s important to look at things from a business perspective. There are applications like employee websites, where experience becomes extremely important. An employee is also a consumer — they are exposed to a lot of apps that provide good services, and when they come to the company website, they should not have a poor experience.” 

According to Shenoy, cloud services are ideal in this instance. The OPEX (Operating Expense) model delivers the same experience as CAPEX (Capital expenses) probably at a lower cost, while providing the flexibility to change the application at any stage. “If something is out of fashion, and you need to upgrade, then the OPEX platform gives you the opportunity to switch seamlessly,” said Shenoy.

Chitrachar opined that investing in a permanent solution through CAPEX investments might be difficult for an organisation. Different tools can be explored to determine what works best, rather than reinventing the wheel altogether.

Ong said, “Balancing cost and functionality is something we must do. First and foremost is to take care of employees’ and colleagues’ well being. Being healthy mentally allows us to tolerate different work arrangements. This will also help us to be more productive, tolerant, creative and try to figure out what can be done better. To me, focusing on the people aspect, encouraging them to communicate with each other is important. During work from home, these practices are fundamental.”

Lim concluded saying that technology is merely an operational tool, but work-life balance is important, and adjustment to employee needs is critical. He stated, “It’s important to note when to plug in and when to unplug. With work from home, we are working more than usual, and with technology, we’re actually working harder. Everything is on one screen now — taking a pause is very important.”