Source: Finance Derivative
By Sanjay Tailor, Operations Director, Camwood
Compliance is an exercise in business continuity. It is a clear statement to customers that they can trust their data and transactions with you, and that your business is resilient in the face of an attack. But becoming compliant and staying in that state is a never-ending exercise in diligence, not least because the IT estate is a constantly shifting landscape.
A recent report from Sophos indicates that 46% of financial services firms had suffered a significant financial impact as a result of ransomware over the past 12 months, with 40% of these attacks arising from vulnerability exploits. But the fact that financial services is one of the most targeted sector by cyber criminals shouldn’t be a surprise to anyone. The data in the possession of firms in this sector are an incredibly valuable resource for criminals.
Because of this, firms are required to operate under strict regulatory requirements as defined by GDPR, and in the UK the standard maximum fine for non-compliance can reach £8.7 mln or 2% of annual worldwide turnover, providing clear motivation for ensuring that compliance remains a top priority. Along with GDPR regulations, there is an array of considerations that companies must follow, including the UK government’s Cyber Essentials and the ISO/IEC 27001 standard.
The problem is, in all firms, there are sanctioned IT applications, and then there’s what is often termed Shadow IT – the applications managed by the business rather than the IT team. Gaining visibility of all the tools and software that the company uses is crucial to remaining compliant, not just IT’s applications. This is because software and applications are not static and constantly require updating. Failing to update regularly and falling behind in the update cycle imposes additional risks by exposing the organisation to published vulnerabilities and exploits. And given that an estimated 56% of all applications are owned by the business rather than IT, and 40% of all application spend falls into the category of Shadow IT, then getting this update cycle under control is essential.
Putting applications first
One way to go about staying compliant is to view the issue through the lens of applications. Often relegated under more global infrastructure considerations, applications are at the centre of all operating systems. Whether they run on-premise, hybrid, cloud, mainframe or locally delivered for end-user experience and customer satisfaction – applications are the lifeblood of any organisation.
Ensuring that applications are compliant means applying the latest security patches and bug fixes as and when they are issued by the vendor, in the form of software updates. These patches often fix well-known issues, sometimes zero-day exploits, discovered by security researchers that represent potential open doors into the company. Updating software regularly minimises the risk of data breaches and strengthens a company’s overall security posture.
But when the ownership of so many applications are spread across multiple departments, providing a coordinated and efficient response to updates is difficult. To mitigate this, visibility across the entire application landscape is a requirement, which can be delivered via an audit. Looking at the ‘Windows 10 End of Life’ which comes into effect in October 2025 as an example, there is a clear 3-year window to understand the application estate, combability position, hardware compliance, application ownership within the business, application rationalisation possibilities, evergreen orchestration and management and the list goes on. While this sounds like a long time, not getting on top if it before the window closes imposes additional risks to a business. But all of this is all of this is necessary to achieve compliance, as leaving updates to individual users across the enterprise is prone to risk.
How to stay on top of updates
And while there are risks to not updating software, there are also risks inherent in the update process itself. Most companies work with specific technology stacks, and not all elements of the stack will be updated at the same time. Therefore, the possibility exists that when the update goes through, a compatibility problem will arise between elements. This is why it’s useful to have a test environment prepared for running simulations of the latest software builds, to explore how they work under various conditions.
There might also be problems with the out of the box configuration of an application after an update, particularly if the settings go back to the default. Naturally, with data at the focus of most company operations, risking any data loss is unthinkable, and so a proper back up must be taken before any updates are made. All of these issues are time-consuming, and the need for speed has forced IT departments to restructure and assess their way around new methodologies. Agile, DevOps, or a combination of both are commonplace as businesses accelerate software development and releases. This is particularly true where continuous integration and continuous deployment are in operation.
Automated application packaging is a natural extension of this principle, simplifying the process of preparing software for deployment. By reducing the amount of time and resources required to prepare, compile and deploy new updates, development teams can devote more of each release cycle to developing the company’s core products and services.
Regular software updates should be part of any overall data protection and vulnerability management strategy. It’s important to stay informed about any regulatory changes, security best practices, and privacy standards that may impact software applications. Given that so many applications need to be discovered in the business before this process can be undertaken in earnest, selecting a service provider to run this side of the operation helps to take the strain off the IT team. It also provides visibility and control over the applications that really power a business, leaving the company to focus on its primary business and letting someone else get on with the routine work of compliance.
Leveraging Technology for Sustainable Logistics and ESG Compliance
by Will Lovatt, General Manager and Vice President, Deposco Europe
A growing number of consumers are demanding packaging that is sustainable and environmentally friendly.. Consultancy, McKinsey, recently launched a survey to explore people’s attitudes to the topic across 11 countries worldwide. In all surveyed countries and across end-use areas, the majority of respondents claim to be willing to pay more for sustainable packaging,
Of course, features and functions remain important, but the sustainability and ESG (Environmental, Social, and Governance) aspects of the logistics process are becoming increasingly significant in consumers’ purchasing decisions. The entire supply chain, including the sourcing of raw materials, manufacturing processes, packaging, delivery methods, return policies, labour practices, and initiatives for regeneration, is under scrutiny. Today’s informed consumers are making deliberate choices, favouring brands and delivery services that align with their values on these fronts. Therefore, it’s essential for brands to not only maintain high standards of service but also to provide a variety of delivery options. This range should cater to immediate needs as well as offer solutions like batched deliveries at convenient pick-up points, catering to the growing demand for flexibility and sustainability in the shopping experience.
Regulation and risk management
Consumers are undoubtedly a driving force in ESG-focused logistics transformation, but businesses must also meet a growing number of regulations that are driving the need for ESG considerations in the logistics sector. For example, the European Union’s Sustainable Products Action Plan includes several requirements for businesses to provide information about the environmental impact of their products. Now, we expect regulators to be closely monitoring final mile delivery and whether zero emissions vehicles are being utilised, at least within urban areas.
From a risk management standpoint, ESG considerations are critical. Neglecting ESG risks exposes businesses to reputational harm, financial penalties, and legal repercussions. Today’s consumer sentiment is such that unsustainable logistics practices can prompt consumer boycotts or lead to regulatory fines, underlining the importance of ESG compliance in modern logistics operations.
The role of technology in greening logistics
So what can businesses do to mitigate ESG challenges? To address ESG challenges, businesses must transition from traditional paper-based systems to advanced technology solutions. These solutions enhance visibility across the entire supply chain, from production to delivery. Distributed order management systems, for instance, offer real-time insight across extended fulfilment networks, enabling the optimised allocation of consumer orders to the most suitable stock sources, balancing cost and speed. In today’s era of stringent ESG and sustainability standards, it’s crucial for organisations to have comprehensive oversight over the movement of goods and the various stakeholders involved, beyond mere timing. This technological shift is essential for meeting the evolving demands of ESG compliance and sustainable logistics.
Actively tracking the credentials and integrity of every checkpoint in the supply chain is now everyone’s problem. Consumers care deeply about the ethical sourcing of raw materials and the labour practices of third-party logistics firms involved in product sourcing. Technology can allow organisations to map the complete movement of a specific customer order, from acquisition to final shipment, and then notify that customer directly.
Organisations then need to implement sustainable practices in the warehouse, leveraging technology to optimise operations. This includes using technology to determine the most efficient customer packaging sizes, reducing waste, and guiding staff on consolidating orders to minimise shipments and cut carbon emissions. Additionally, offering consumers options like click-and-collect can align with their existing plans, promoting sustainability rather than just delivery speed. Providing flexible delivery options is increasingly seen as crucial, as the fastest route is typically not the most eco-friendly.
A sustainable future
As data and computer security threats evolve, we’re now transitioning to increased controls around how our products are made, procured, packaged and shipped to the public. For a variety of reasons, from ethical to legal and public sentiment, ESG considerations and controls are becoming increasingly important in logistics and fulfilment.
Alongside this, the trajectory is for more sales to be made via Direct-to-Consumer channels, the desire for more convenient services and customer willingness to hop brands means that businesses must prioritise sustainable practices. Consumers now expect the ability to customise delivery parameters and choose from transparently-priced options, or they will take their business elsewhere. Brands must manage their order and delivery options effectively to stay competitive.
The key to improving supply chain management lies in adopting sustainable order management and fulfilment technologies. Companies should invest in the latest platforms that support best practices in ESG strategy. These advanced solutions enable compliant processes, cost-efficient operations, increased sales, efficient DTC fulfilment and positive customer experiences.
How AI is turning IoT data into actionable insights in the public sector
By Mark Gannon, Director of Client Solutions at Netcall
The use of IoT devices within the public sector is growing rapidly, presenting opportunities for greater efficiency, cost savings, and vast service improvements among a plethora of other benefits. From transportation, infrastructure and even waste management, the ability to monitor and capture data in a range of critical areas has the power to transform organisations across the sector.
Health and Social Care is one setting where IoT devices can drive real impact by significantly improving the day-to-day lives of vulnerable people. In fact, late last year, it was announced that the Glasgow City Region would receive over £3 million to deliver a Health and Social Care-focused project driven by IoT technologies, as part of wider 5G connectivity funding to make public services better. Remote sensors can be used within social housing to detect and control factors such as damp and mould whilst motion sensors can alert emergency services if a vulnerable resident has fallen – not only helping to provide better care, but enabling care to be delivered more efficiently and rapidly to those that need it.
With public sector spending under constant scrutiny, and wider budget cuts increasingly forcing those operating in the sector to achieve more with less, technology that can easily connect and exchange data from device to system, removing a number of manual workflows and processes, is proving invaluable. Taking that one step further, being able to leverage that data and turn it into actionable insights in the future is fast becoming an exciting reality.
So, what’s holding the public sector back from leveraging IoT devices in this way?
The short answer: Data.
Managing IoT-associated data adds a layer of complexity to those responsible for it. With IoT devices typically uploading data multiple times a day, analysing, and actioning the torrents of data can soon become a mammoth task.
IoT and AI: a winning combination
The application of AI alongside IoT is rapidly being recognised as a key solution to this rising data deluge. Not only can it ease the administrative burden by ensuring the IoT devices and any associated workflows are working effectively, but it can also be used to spot any trends and patterns within the device data. Insights such as these can inform longer-term solutions and decisions whilst also acting as predictive analytics to anticipate the likelihood of certain events occurring in the future.
In the case of Health and Social Care, this could mean predicting the probability of a vulnerable resident having a fall based on previous data gathered and putting preventative measures in place to reduce this. IoT wearables are another rising trend in the healthcare setting and can be used to track vital signs and detect anomalies that may need urgent attention. Meanwhile for social housing, using smart solutions including intelligent automation and IoT can help housing providers significantly reduce their risk management burden. For example, the data gained from IoT sensors in tenant homes can be used to proactively identify damp and mold risks and automate alerts.
Looking at the public sector more broadly, we could also see the combination of AI and IoT optimised services such as traffic management, waste management right through to public safety and even managing air quality. By using AI to analyse and draw insights from IoT devices, the concept of the smart city is much closer than we think. AI can use IoT sensor data alongside cameras already in position to adjust traffic signals, optimise routes and even detect incidents and alert public services. It is also expected to play a key role in managing and reducing public service energy consumption, by monitoring and controlling street lighting and other public infrastructures.
Turning insight into action
Whilst AI can take care of the initial analysis, to truly extract the value from IoT data, public sector organisations must ensure these insights are fed into the right systems and married up with the correct workflows to turn them into action.
Fortunately, with the use of application development tools such as low-code application platforms, organisations can rapidly create processes that utilise IoT and AI-driven data, connecting it to internal as well as third-party systems. These solutions move away from traditional development, which can be costly and time-consuming, and can empower broader teams to rapidly build and develop their own applications using a visual drag-and-drop interface. By doing so, organisations can quickly integrate systems and technologies to access actionable data.
As AI and IoT technology continue to advance, we can expect to see more innovative and impactful use cases in the future. Unlocking the benefits, however, will hinge on having the systems and processes in place to trigger next steps. By leveraging the tools that enable this, public sector organisations can use the data from connected devices to create powerful, proactive and dynamic services that fulfil the growing needs of its customers.
Enhancing sustainable commitments in retail banking
Source: Finance Derivative
Mikko Kähkönen, Head of Payment Cards Portfolio at Giesecke+Devrient
Today, more consumers are keeping environmental pledges from banks at the forefront of their financial decisions, and those banks that fall behind their competitors on sustainable action are risking the loss of customers, particularly among the younger generation. This shift highlights a growing expectation from consumers for their banks to make and uphold sustainable commitments, signalling a change in consumer priorities where environmental responsibility is increasingly seen as essential, not just an optional extra. Giesecke+Devrient research shows that as many as 64% of Gen Z consumers would be happy to switch banks if their current provider didn’t meet their expectations.
However, sustainable commitments must be authentic to avoid any accusations of greenwashing. Unfortunately for the banking sector, consumer trust is being strained as greenwashing incidents have risen by 70% around the world. Banks can’t simply make claims that can’t be backed up; pledges must be supported by evidence. There’s a number of practical steps they can take to prove their credentials.
Banking on the evolution of cards
The bank card has increasingly become a physical symbol of the relationship between consumer and bank. As such, banks have taken steps to ensure that it is designed with sustainability in mind. Many are now created with recycled PVC material, commonly up to 100%, with a lower carbon footprint.
Some banks are elevating their sustainable credentials by utilising cards that are made from plastic collected in oceans and coastal regions, helping to clear up the world’s beaches. Alongside this, others are issuing cards made of polylactic acid sourced from (inedible) corn starch. This is a fully renewable biomass that could be industrially composted.
Sustainable cards can then encourage further sustainable initiatives. We’re more often seeing issuers now actively taking part in local conservation, community development and educational projects around the world to help benefit the planet. Communicating these efforts to customers can help reinforce sustainable credentials and leave tangible evidence that proactive action is taking place.
Contributing to the circular economy
Powering the sustainable credentials of issued cards is one aspect, but it’s also vital that banks encourage their customers to do the right thing with them once they expire and they need to be discarded of. We’re already seeing prominent banks making progress in this area. UK retail bank, Santander, has launched a pilot scheme in branches and ATMs that encourages customers to return their outdated credit and debit cards for recycling, for example.
The collected cards are then turned into plastic pellets to be used elsewhere, for instance to make outdoor furniture, sponsored by Santander, for local communities. As more banks opt for card recycling, consumers will be empowered to dispose of their old or expired cards in a green way and help to reduce ecological footprint.
Into the digital world
Outside of card innovations, retail banks can add to their credible green claims with digital solutions. As an example, the card issuance process has typically involved paper letters, with additional PIN letter, that are posted out to customers to activate their payment cards. Instead, an ePIN service can enable customers to instantly access their PIN via their choice of a mobile app or SMS message, reducing paper waste and waiting times.
There are also innovations taking place in terms of QR codes and augmented reality (AR) solutions to enable digital marketing offerings. This means that printed collateral doesn’t need to physically sent out in the post. The more that these types of communications are sent out digitally, the more that consumers see a tangible commitment to sustainable practices.
Banks can even take an additional step by deploying third-party partners to track the CO2 footprint involved with every purchase or payment. By opting for organisations that have a solid track record in green practices, such as supporting product certifications and information on eco-products and their claims, they can make steps to compensate for each transaction carbon footprint.
Contributing to the green story
To ensure they don’t come under any criticism regarding their environmental claims, banks and financial institutions have the opportunity to adopt sustainable practices that align with their customers’ expectations for eco-friendly commitments in both their physical and digital services. They can introduce banking cards made from recycled or entirely compostable materials, eliminating plastic waste.
Digitally, banks can minimise unnecessary paper use by employing online applications to simplify the process of delivering PINs. By innovating in these domains, they can fulfil their environmental responsibilities and establish that essential trust with consumers, contributing positively to the planet’s wellbeing.