We’ll talk about:
Welcome, gentlemen. Let’s roll!
Bart Van den Branden: It’s very much about combining the concepts of a ‘digital workplace’ and ‘cyber resilience’ – so not exactly rocket science. We want to emphasize the fact that these two logically belong together, as two sides of the same coin. Any workplace – and especially in this post-COVID-19 era – ought to be cyber secure by default. No one buys a car without seat belts, that’s just unthinkable. But you can still set up an unsecure workplace! Which is nuts when you think about it.
Bart Van den Branden: (smiling) Well, as a matter of fact, yes. But because cyber security and cyber resilience are so crucial when it comes to workplaces, we feel it’s still something we specifically want to highlight. It’s no coincidence that we are using the word ‘resilient’, which goes much further than ‘secure’. You see: ‘secure’ deals with things like prevention and detection. You can compare it to making your house safer: getting alarms installed, burglary-proof glass, special locks, cameras, you name it.
“No one buys a car without seat belts, that’s just unthinkable. However, you can still set up an unsecure workplace. Which is nuts when you think about it.”
But resilience goes beyond that. It’s a never-ending journey to get better at cybersecurity. You have to be constantly evolving – standing still is going backwards. To expand a little on the house analogy I made just now: you might have installed all sorts of equipment, and that’s a great first step. But what if an alarm goes off? Are the police automatically informed? Do you know what to do – and what not to do – in response? To put it another way: if the thing you’re trying to guard against actually happens, how do you ensure your systems are only minimally impacted?
More than this, we also need to ask: how do you recover and how can you do this quickly? While it’s hard to believe, the number of companies that genuinely have no idea of what happens after a security breach is huge. And this is particularly strange given that we live in an era where so many of us work digitally, and in just about any location imaginable: in the office, at home, on the road, at the client’s premises, you name it. Even more puzzling is that we now know that every organisation is a potential target. Not just banks or big corporations, but also small companies, cities and towns… all the way down to the library in those cities and towns. Almost every day there’s a new story in the papers.
“Everyone, that is, every organisation, is a potential target for cybercriminals. Not just banks or big corporations.”
Bart Van den Branden: Exactly. In 2022, we radically modernized our own SOC (Security Operations Centre) with a C-SOR2C service: the ‘R’ squared refers precisely to response and recover. These are two elements that are still so often overlooked. We are dedicated to completely unburdening our customers by offering them an end-to-end approach that covers everything, from A to Z.
The idea behind our C-SOR2C is simple: you can come to us for the complete picture. If the customer so wishes, we will be the designated SPOC or Single Point of Contact throughout the project. And experience shows that’s exactly what customers want. If there’s a problem, they don’t want different parties pointing fingers at each other or playing hide-and-seek. You don’t buy a car and then get your airbags and seat belts somewhere else. You want a safe car as standard, in much the same way as you want a safe workplace.
Bart Swerts: Thanks to the pandemic, organisations’ security perimeters have moved from the office walls to our own wireless networks at home. This has both taken it out of sight and given it endless access points – every device and every sensor is a potential point of entry. Managing all this is like tightrope walking: on the one hand, you want to increase people’s awareness as much as possible and ensure their behaviour doesn’t compromise the network. At the same time, you want to do this in an effective, non-invasive way.
“Thanks to the pandemic, organisations’ security perimeters have moved from the office walls to our own wireless home networks.”
One thing that is striking in this respect is that we accept security hoops of all kinds, such as MFA (Multi-Factor Authentication), very readily when it comes to private matters that affect us in a very direct way: few people complain that the banking application on their smartphone requires a number of authentication steps. But when it comes to our workplace, we get upset. This attitude needs to be tackled as well.
Bart Swerts: What we are seeing is that while our way of working may have changed significantly, workplaces have not necessarily followed suit – the issues with security and wireless home networks is an excellent example of this. Similarly, workplaces are often not set up in line with the reality of modern working styles. In many cases, there’s a ‘one size fits all’ approach where everyone is expected to arrive at 9 am, pop open their laptop, plug in some cables and then disconnect and go home at 5 am.
That kind of approach is seriously outdated. In today’s business environment, not everyone works the same way: you’ve got your ‘road warriors’ who are constantly travelling and working remotely, often on public networks. There are also people who never leave their desk, and you have a huge range of people somewhere in between. Essentially, every type of user requires their own personalized digital workplace, with matching cybersecurity features. And that’s exactly what we offer: persona-based resilient workplaces. So we’re adding yet another buzzword to our vocabulary (laughs).
“Essentially, every type of user requires their own personalized workplace, with matching cybersecurity features.”
Bart Swerts: We can see that this is definitely the case. People value the flexibility that comes with being able to work from home. But they also want to return to the office on a regular basis to maintain their relationships in person. Companies that gave up on their office workplaces during the pandemic... I am afraid they are going to regret it. Most people really seem to thrive with hybrid working arrangements, where there is a healthy mix of ‘in real life’ teamwork and ‘focus time’ or working independently.
When we roll out digital workplaces, we also constantly keep the non-technical impact of these new ways of working in focus, that is, the human side of things. For instance, adoption and change management are two important components of this. Recently, we also partnered with How’s Work, a company that focuses specifically on wellbeing. If, as a manager, you send an email to your employee at 9.30 pm: that’s fine. But expecting a reply that same evening: that’s something else entirely. For some people that is part of the job, while for others it’s not. Companies may want to be more mindful of that.
“One cool thing is that things like wellbeing are increasingly being embedded in digital tools like Microsoft Viva.”
One cool thing is that things like wellbeing are increasingly being embedded in digital tools. Viva Insights – which is part of Microsoft Viva, a Microsoft ecosystem solution that you can access in part through Teams – offers people insights and tips to boost their wellbeing. Think of it as a kind of assistant that schedules focus time for you, reminding you to disconnect, schedule breaks and so on. Give it a try! (smiles)
Bart Swerts: AI is great at silently solving all kinds of problems without the end user noticing. Now, most of the time, people still have to log a ticket or call us if something goes wrong. These reports are then given a number: a 3 means that a helpdesk employee has to solve your issue, a 0 means that you can solve it yourself, using a bot, for example. A minus 1 report goes one step further: in that case, you don’t have to do anything and the system can solve the issue itself, often before you even know something is wrong.
Bart Van den Branden: We see the same thing happening with AI in security. AI models are getting better and better, which in turn results in a lower false-positive ratio. And as for AI in the workplace, I believe that it’s only a matter of time before generative AI becomes embedded in a variety of workplace tools. Just look at the impact that ChatGPT has had in the last few months. It’s a mind-boggling tool, although you have to learn to use it correctly.
Bart Van den Branden: Well, there are quite a few! Obviously the classic one is the gap between business and IT. IT will be making sure everything works correctly, and then on the business side, everyone will still use Dropbox because they find it easier to use than the official tool. I realize I’m simplifying things here, but you get my point. Within security, too, there’s a gap, or, rather, a lack. We know that many companies – I believe it’s about 22% in Belgium – are simply not equipped to deal with issues related to response and recovery. Our SOC, however, houses people who are able to tackle these issues quickly and efficiently.
“Nowadays, HR departments are increasingly the ones taking the lead in selecting and rolling out new workplace tools. And that’s quite remarkable.”
Bart Swerts: Another gap out there is the one between technology and the human beings who are supposed to work with it. I’ll reference a few things that I mentioned earlier: corporate culture, wellbeing, our specific persona that helps determine where and how we are working. One thing to note for that matter, is that nowadays, HR departments are increasingly taking the lead in selecting and rolling out new workplace tools. Other times it’s people from the marketing and communications department doing this. In any case: it’s not the IT departments. And that’s quite remarkable.
Bart Van de Branden: That’s right! And you know what: Cegeka’s security services are ranked #1 (*) – and so is our infrastructure hosting. This result is a fantastic boost for our team. While Cegeka has always provided security services, with the arrival of Fabrice (Wynants, Cybersecurity Global Director) three years ago, we have made a huge leap forward in terms of maturity. Today, we are able to compete with the major players, which, I’m sure you’ll agree, is quite an achievement in just a few short years.
(*) The BeLux 2023 IT Sourcing study, conducted by Whitelane Research, surveys more than 600 unique IT sourcing relationships and more than 560 cloud sourcing relationships. The survey is conducted among Belgium and Luxembourg’s 260 main ICT outsourcing service buyers.