Back in February, data protection firm Asigra issued a warning to the IT community and services providers about the vulnerabilities that can creep through remote monitoring and management platforms.
The early days of the pandemic saw a swell of tech companies launching new services, announcing price reductions, and ultimately capitalizing on the circumstances businesses found themselves in at a pace matched only by the speed of COVID-19’s spread.
Data protection vendors were part of that wave, offering RMM with tightly integrated backup solutions. It was an attractive option for smaller businesses that were suddenly realizing how unprepared they were to meet the needs of a remote workforce. But Asigra’s chief executive officer Eran Farajun saw the writing on the wall: Customers taking this path were risking disaster.
“While the single-vendor approach and the single user interface is appealing, bad guys will take advantage of that,” he said just days after one of the world’s most prominent network monitoring solutions providers, SolarWinds announced its security updates accidentally pushed out malware. “That sloppiness is pervasive. It’s the same with backup software. It’s notoriously under-protected with MFA.”
“That sloppiness is pervasive. It’s the same with backup software. It’s notoriously under-protected with MFA.”
The sloppiness was widespread in 2020. To keep the lights on and business operations running, organizations were forced to make rapid shifts to their digital transformation investments, leading to shortened timelines, higher risk tolerance and the acceleration of “go digital” projects. There’s no end in sight for the demand in remote access, SD branch, SD-WAN, and collaboration tools. IDC Canada says more than 75 per cent of Canadian organizations will adopt on-demand infrastructure by next year during a “digital stampede,” and through 2021 two out of five organizations will need to remediate technical debt. That clean-up job is expected to last until 2022.
In late 2018, Accenture reported that just 35 per cent of companies had fully achieved their expected outcomes from cloud. That number has barely moved since and sits at 37 per cent today. However, the businesses that are leveraging IT channel partners – that’s typically larger enterprises according to Accenture – reported achieving the full benefits of their cloud initiatives (48 per cent) more frequently than those that do not (35 per cent).
Last year, Accenture invested nearly $900 million in training and development for its workers. Over the past three years, it has trained more than 300,000 staff in new technologies – including automation, agile development and intelligent platforms. In Canada, Accenture supports a variety of organizations focused on building digital skills – NPOWER and ACCES Employment among them. Jeffrey Russell, president of Accenture Canada, says there’s a huge push across every single sector to be cloudy.
“We’re accelerating our M&A pipeline so we can better serve both the Canadian and global markets,” Russell said, pointing out the recent acquisition of Ottawa’s Avenai, a provider of consulting and technology services. “They will complement our federal and healthcare business.”
Solution and managed service providers on the front lines did their best to withstand the barrage of new clients desperately trying to set up a remote workforce for the first time, or with tools they’ve never had to configure before properly.
“Microsoft Teams has exploded,” said Craig McQueen, vice-president of innovation at Softchoice. The Toronto-headquartered MSP owns a massive slice of the pie when it comes to Microsoft business in Canada. Collaboration tools like Teams (both Microsoft and Webex branded products, for that matter) are easy to spin up to conduct basic meetings, he explains, but difficult to master and configure for specific situations.
McQueen says retailers entrenched in legacy technology also required a lot of focus on the e-commerce side. Many of them quickly realized they couldn’t scale their e-commerce services fast enough to accommodate the tidal wave of online traffic.
As 2020 progressed, Softchoice’s senior vice-president Andrew Caprara noticed that IT departments “have the ears of the executives like never before,” and that CIOs are investing more time in better understanding the customer experience around their services.
During a Cisco webinar recently – Softchoice is one of its biggest partners – Caprara noted how those types of discussions can also help businesses determine where investments need to be made. The answer is not always going to be cloud.
“Not every application is going to the cloud,” he said. “And we’re just scratching the surface of intelligent edge devices, making on-prem infrastructure even more important.”
During a separate webinar, IDC Canada’s head of cloud Megha Kumar suggested leaders target individual lines of business within the company for digital transformation to reduce the anxiety about the entire process which, eventually, will have to be company-wide. This can also reduce technical debt, she added.
Customers are making buying decisions based on privacy policies
This year has reaffirmed what most data has suggested already: How businesses handle customer data is now a core part of the customer experience. In early 2020, consumers reported that their decision to choose a brand was most influenced by the brand’s perceived “privacy policies” rather than price, quality and status, and according to IDC Canada, that trend is going to continue. In 2021, 40 per cent of Canadian consumers will choose their technology provider based on the brand’s privacy policies.
One of the biggest privacy blunders in 2020 – and there were many – was the rapid rollout of poorly constructed contact tracing apps. The province of Alberta wasn’t immune to this either, but even today, some serious concerns remain when it comes to the 40 per cent of contact tracing apps in the world that don’t feature basic protections offered by the Google/Apple API.
It’s not a good look at this point for governments to ignore the widely-accepted API, says Grant Goodes, chief scientist for mobile application security firm Guardsquare. But the ones that do might not be doing it for nefarious reasons.
“It’s possible that they didn’t want to rely on people to submit test results themselves. That’s what the Google/Apple API forces you to do. But if the government has your personally identifying information, they can effectively go after you directly and say ‘Hey, you are either going to quarantine or come in for a test.’ And this also may help healthcare workers with their jobs,” Goodes told IT World Canada after Guardsquare released a report raising flags about the number of contact tracing apps that did not effectively protect consumer data privacy.
Even Canada’s privacy-minded COVID Alert is seriously flawed. CBC recently reported that the Canadian Digital Service confirmed two distinct issues that are still affecting the app running on both iPhones and Android devices. If the COVID Alert is not opened regularly, it may lead some operating systems to treat it as a rarely used app, preventing it from running in the background.
The responsible collection and use of consumer data are one of the many topics the CIO Strategy Council is actively discussing, as well as the use of digital contact tracing in the workplace, says Keith Jansa, executive director for the CIO Strategy Council.
Leaders are seeking guidance more than ever before
Canada’s economy is seeing the tiniest of rebounds since its gross domestic product plummeted in March and April, but the near-frantic pace at which businesses are adapting to the new reality of work has translated to a lot more work for the CIO Strategy Council.
“We’ve actually seen a significant increase in the number of standards proposals that have been brought forward to the council to begin work on,” Keith Jansa, executive director for the CIO Strategy Council told IT World Canada. The council provides a forum for Canada’s forward-thinking chief information officers and tech leaders to transform the nation’s information and technology ecosystem. Membership is open to both the public and private sectors.
Back in March, the council started seeing more engagement from stakeholders and experts spanning government, industry, academia and civil society groups, according to Jansa. It led to the formation of two committees working to respond to the changing business environments of Canada’s IT operations and technologies. Today, the council has nine committees. They cover areas such as technology procurement, privacy and access controls, connected cities and digital trust.
“I suspect these proposals would have come forward to us but over a much longer timeline,” Jansa said.