While cybersecurity is still crucially important, the ability to recover from breaches quickly and cost-effectively is also imperative. How you recover from a breach will ultimately determine your organisation’s long-term viability and success. The capabilities needed to recover quickly include:
A well-documented and practices incident response plan. The plan should outline the roles and responsibilities of all team members, communication protocols, and steps to be taken in the event of a breach.
Backup and Disaster Recovery (DR) solutions. Regular backups of critical data and systems are essential to quickly recover from a breach. Backup solutions should include offsite or cloud-based options that are isolated from the main network. DR solutions ensure that critical systems can be quickly restored and made operational after a breach.
Cybersecurity awareness training. Investing in regular training for all employees is crucial to ensure they are aware of the latest threats and know how to respond in the event of a breach.
Automated response tools. Automation can help speed up the response time during a breach by automatically blocking malicious IPs, quarantining infected devices, or taking other predefined actions based on the nature of the attack.
Threat intelligence. This can help organisations stay ahead of the latest threats and vulnerabilities and frame quicker responses if a breach occurs.
Backup and Disaster Recovery is Evolving
Most organisations already have backup and disaster recovery capabilities in place – but too often they are older systems, designed more as a “just in case” versus a “will keep us in business” capability. Backup and DR systems are evolving and improving – and with the increased likelihood of a breach, it is a good time to consider what a modern Backup and DR system can provide to your organisation. Here are some of the key trends and considerations that technology leaders should be aware of:
Cloud-based solutions. More organisations are moving towards cloud-based backup and DR solutions. Cloud solutions offer several advantages, including scalability, cost-effectiveness, and the ability to access data and systems from anywhere. However, technology leaders need to consider data security, compliance requirements, and the reliability of the cloud service provider.
Hybrid options. As hybrid cloud becomes the norm for most organisations, hybrid solutions backup and DR that combine on-premises and cloud-based backups are becoming more popular. This approach provides the best of both worlds – the security and control of on-premises backups with the scalability and flexibility of the cloud.
Increased use of automation. Automation is becoming more prevalent in backup and DR solutions. Automation helps reduce the time it takes to backup data, restore systems, and test DR plans. It also minimises the risk of human error. Technology leaders should look for solutions that offer automation capabilities while also allowing for manual intervention when necessary.
Cybersecurity integration. With the rise of cyberattacks, especially ransomware, it is crucial that backup and DR solutions are integrated with an organisation’s cybersecurity strategy. Backup data should be encrypted and isolated from the main network to prevent attackers from accessing or corrupting it. Regular testing of backup and DR plans should also include scenarios where a cyberattack, such as ransomware, is involved.
More frequent backups. Data is becoming more critical to business operations, so there is a trend towards more frequent backups, even continuous backups, to minimise data loss in the event of a disaster. Technology leaders need to balance the need for frequent backups with the cost and complexity involved.
Super-fast data recovery. Some data recovery platforms can recover data FAST – in as little as 6 seconds. The ability to recover data faster than the bad actors can delete it makes organisations less vulnerable and buys more time to plug the gaps that the attackers are exploiting to gain access to data and systems.
Monitoring and analytics. Modern backup and DR solutions offer advanced monitoring and analytics capabilities. This allows organisations to track the performance of their backups, identify potential issues before they become critical, and optimise their backup and DR processes. Technology leaders should look for solutions that offer comprehensive monitoring and analytics capabilities.
Compliance considerations. With the increasing focus on data privacy and protection, organisations need to ensure that backup and DR solutions are compliant with relevant regulations, often dictated at the industry level in each geography. Technology leaders should work with their legal and compliance teams to ensure that their backup and DR solutions meet all necessary requirements.
The sooner you evolve and modernise your backup and disaster recovery capabilities, the more breathing room your cybersecurity team has, to improve the ability to repel threats. New security architectures and postures – such as Zero Trust and SASE are emerging as better ways to build your cybersecurity capabilities – but they won’t happen overnight and require significant investment, training, and business change to implement.
In our previous Ecosystm Insights, Ecosystm Principal Advisor, Gerald Mackenzie, highlighted the key drivers for boosting ESG maturity and the need to transition from standalone ESG projects to integrating ESG goals into organisational strategy and operations.
This shift can be difficult, requiring an alignment of ESG objectives with broader strategic aims and using organisational capabilities effectively. The solution involves prioritising essential goals, knitting them into overall business strategy, quantifying success metrics, and establishing incentives and governance for effective execution.
The benefits are proven and significant. Stronger Customer and Employee Value Propositions, better bottom line, improved risk profile, and more attractive enterprise valuations for investors and lenders.
According to Gerald, here are 5 things to keep in mind when starting on an ESG journey.
In my last Ecosystm Insight, I spoke about the 5 strategies that leading CX leaders follow to stay ahead of the curve. Data is at the core of these CX strategies. But a customer data breach can have an enormous financial and reputational impact on a brand.
Here are 12 essential steps to effective governance that will help you unlock the power of customer data.
Indians are adapting to consume multiple services on the smartphone and are demanding the same from their financial services providers. COVID-19 has accelerated this digital trend beyond imagination and is transforming India from a data-poor to a data-rich nation. This data from various alternate sources coupled with traditional sources is the inflection point to the road to financial inclusion. Strong digital infrastructure and digital footprints will create a world of opportunities for incumbent banks, non-banks as well as new-age fintechs.
The Cloud Imperative for Banks
Banks today have an urgent need to stay relevant in the era of digitally savvy customers and rising fintechs. This journey for banks to survive and thrive will put Data Analytics and Cloud at the front and centre of their digital transformation.
A couple of years ago, banks viewed cloud as an outsourcing infrastructure to improve the cost curve. Today, banks are convinced that cloud provides many more advantages (Figure 1).
Banks are also increasingly partnering with fintechs for applications such as KYC, UI/UX and customer service. Fintechs are cloud-native and understand that cloud provides exponential innovation, speed to market, scalability, resilience, a better cost curve and security. They understand their business will not exist or reach scale if not for cloud. These bank-fintech partnerships are also making banks understand the cloud imperative.
Traditionally, banks in India have had concerns around data privacy and data sovereignty. There are also risks around migrating legacy systems, which are made of monolithic applications and do not have a service-oriented architecture. As a result, banks are now working on complete re-architecture of the core legacy systems. Banks are creating web services on top of legacy systems, which can talk to the new technologies. New applications being built are cloud ready. In fact, many applications may not connect to the core legacy systems. They are exploring moving customer interfaces, CRM applications and internal workflows to the cloud. Still early days, but banks are using cloud analytics for marketing campaigns, risk modelling and regulatory reporting.
The remote working world is irreversible, and banks also understand that cloud will form the backbone for internal communication, virtual desktops, and virtual collaboration.
Strategy for Cloud Service Providers (CSPs)
It is estimated that India’s public cloud services market is likely to become the largest market in the Asia Pacific behind only China, Australia, and Japan. Ecosystm research shows that 70% of banking organisations in India are looking to increase their cloud spending. Whichever way one looks at it, cloud is likely to remain a large and growing market. The Financial Services industry will be one of the prominent segments and should remain a focus for cloud service providers (CSPs).
I believe CSPs targeting India’s Banking industry should bucket their strategy under four key themes:
Partnering to Innovate and co-create solutions. CSPs must work with each business within the bank and re-imagine customer journeys and process workflow. This would mean banking domain experts and engineering teams of CSPs working with relevant teams within the bank. For some customer journeys, the teams have to go back to first principles and start from scratch i.e the financial need of the customer and how it is being re-imagined and fulfilled in a digital world. CSPs should also continue to engage with all ecosystem partners of banks to co-create cloud-native solutions. These partners could range from fintechs to vendors for HR, Finance, business reporting, regulatory reporting, data providers (which feeds into analytics engine). CSPs should partner with banks for experimentation by providing test environments. Some of the themes that are critical for banks right now are CRM, workspace virtualisation and collaboration tools. CSPs could leverage these themes to open the doors. API banking is another area for co-creating solutions. Core systems cannot be ‘lifted & shifted’ to the cloud. That would be the last mile in the digital transformation journey.
Partnering to mitigate ‘fear of the unknown’. As in the case of any key strategic shift, the tone of the executive management is important. A lot of engagement is required with the entire senior management team to build the ‘trust quotient’ of cloud. Understanding the benefits, risks, controls and the concept of ‘shared responsibility’ is important. I am an AWS Certified Cloud Practitioner and I realise how granular the security in the cloud can be (which is the responsibility of the bank and not of the CSP). This knowledge gap can be massive for smaller banks due to the non-availability of talent. If security in the cloud is not managed well, there is an immense risk to the banks.
Partnering for Risk Mitigation. Regulators will expect banks to treat CSPs like any other outsourcing service providers. CSPs should work with banks to create robust cloud governance frameworks for mitigating cloud-related risks such as resiliency, cybersecurity etc. Adequate communication is required to showcase the controls around data privacy (data at rest and transit), data sovereignty, geographic diversity of Availability Zones (to mitigate risks around natural calamities like floods) and Disaster Recovery (DR) site.
Partnering with Regulators. Building regulatory comfort is an equally important factor for the pace and extent of technology adoption in Financial Services. The regulators expect the banks to have a governance framework, detailed policies and operating guidelines covering assessment, contractual consideration, audit, inspection, change management, cybersecurity, exit plan etc. While partnering with regulators on creating the framework is important, it is equally important to demonstrate that banks have the skill sets to run the cloud and manage the risks. Engagement should also be linked to specific use cases which allow banks to effectively compete with fintech’s in the digital world (and expand financial access) and use cases for risk mitigation and fraud management. This would meet the regulator’s dual objective of market development as well as market stability.
Financial Services is a large and growing market for CSPs. Fintechs are cloud-native and certain sectors in the industry (like non-banks and insurance companies) have made progress in cloud adoption. It is well understood that the banks that were early adopters of cloud have clearly gained market share during COVID-19. Banks are keen to adopt cloud but need a partnership approach balancing innovation with risk management so that it is ‘not one step forward and two steps back’ for them.
The views and opinions mentioned in the article are personal. Anupam Verma is part of the Leadership team at ICICI Bank and his responsibilities have included leading the Bank’s strategy in South East Asia to play a significant role in capturing Investment, NRI remittance, and trade flows between SEA and India.
There are significant considerations for banks in offering these types of capabilities, such as:
Privacy. While the technology operates on non-identifiable information, the perception of clients being ‘stalked’ by their bank in order to drive business to a merchant is one that would need to be managed carefully.
Consumer opt-out. The ability for customers to opt out of this type of service is critical.
Consumer financial wellbeing. It may be in the best interests of some consumer to not receive merchant offers, for instance where they are managing to a strict budget. These considerations can be baked into the overall customer journey (eg. prompts when the consumer is nearing their self-imposed monthly budget for a category), but care will need to be taken to keep customers’ best interests at heart.
While there are multiple challenges to overcome, the fact remains that personalisation is quickly becoming a core expectation for consumers. How will banks respond, and will we see AI use cases like Crayon Data become more prominent?
If you have not yet started personalising your customer’s experience, now is the perfect time to build a Proof of Concept (POC) demonstrating the business and customer outcomes you can achieve. This will help the CX and/or marketing teams to understand what data you need to collect from existing systems and processes – or source externally to create the desired experience. Initially your personalisation experience may target a limited number of key personas – but it should have the capability to roll out to all customers and/or prospects, eventually considering many scenarios and requirements. It should continue to learn and adapt. Too many businesses discovered during the pandemic that static personalisation programs will fail when market conditions change.
The POC can provide the data that your senior leadership will need to deepen their investments in and think of personalisation as a business capability – not a single project. They can demonstrate the ROI (or lack of return) and will help to guide the larger spend should the POC be a success.
Invest in Behavioural Science Skills
Building a successful personalisation strategy often goes beyond simply listening to the experts within the business and even listening to your customers. Often your customers don’t know what affects their behaviour – and will mis-report motivations or mis-attribute actions. It is important to understand the science behind behaviour – what is possible, what can work, what is guidance and what is coercion. These experts, along with your legal or privacy teams, can help to set up the guide rails for the personalisation program to operate within, and help you create customer journeys where customers can achieve their desired outcomes.
Target Consent as a Key Customer KPI
Consent is a key enabler of deep personalisation capabilities. While some level of personalisation without formal consent can be created, the real benefits of personalised journeys come with consent to use customer data to offer better services. Many businesses ask for consent in the sign-up process, but often it feels like wishful thinking – not a serious attempt to offer a better customer experience. Businesses that make “Consent to Use Data” a CX KPI think more broadly of the customer journey, the brand promise and what that means to levels of consent. It isn’t a “tick-a-box” activity at sign-up – it considers what the customer wants to get out of the engagement or a longer relationship. It focuses on helping customers achieve their instant goals more effectively and the benefits the data can bring to nurture a longer-term relationship.
Businesses that seek a higher level of consent use more tangible outcomes, simpler language and no “sweeping statements” in their consent request. They are explicit how they will use data and what data they will use. Sometimes they don’t even ask for consent to use data at sign-up – they ask after they have formed a relationship and the customer has developed a level of trust in the brand or company.
Start Your Personalisation Journey Today
Your competitors are already thinking about personalisation – some have even implemented personalised elements within their existing or new customer journeys. Personalisation – while easier than ever – is still a significant capability to build within your business. You are likely to need new technology tools and/or platforms, new skills, and new budgets. The impact for your customers – and therefore for your business – can be significant. And the impact of no action can potentially be damaging. Start your personalisation journey today to help your business take the next step towards becoming a customer-obsessed, agile, and digital business.
Woolworths have announced the adoption of a new Software-as-a-Service capability from One Door to support the quality and compliance of their in-store merchandising. There are some valuable lessons from this announcement for other retailers.
The power of data, particularly as the capability of specialist AI tools improves, continues to help retailers improve their offering to customers.
SaaS Capabilities Offer Performance Improvements
Woolworths are working on improving the compliance of product merchandising in-store using One Door Visual Merchandising solution.
One Door will improve the accuracy of data available to both the in-store teams and for the central supermarket merchandising team. The supply chain in Woolworths is already highly automated but getting the shelf presence right is dependent on the quality of data being captured. While store teams already use a range of electronic tools to capture this information, the compliance with store planograms and visual merchandising standards has been difficult to automate.
One Door’s solution provides a single source of this information in an easy to use digital format. The AI tools that One Door have developed appear to be able to show the degree of compliance of the actual shelf layout and stock position.
For store teams, One Door will simplify tracking layout changes by highlighting them and making the data available on the shop floor. This should deliver productivity benefits to the store – benefits that can be reinvested in new activities or on better customer service.
Store teams will be able to verify that third party merchandisers are compliant. Major product manufacturers often use their own merchandising teams in supermarkets and One Door will provide a simple mechanism to verify they have done their jobs properly.
The central merchandise teams will be able to quickly get data-driven feedback on how the stores are making planned changes, as well as verifying the quality of compliance with their store layouts.
All of these factors should mean that the product that is available in-store is presented in the manner that the merchandising teams have defined, and the customers will see a more consistent presentation of products.
Integration is Critical for Rapid Deployment
Effective integration with existing systems and new cloud capabilities is critical to support the real-time operation in Retail.
The ability to introduce and scale up new capabilities that can be delivered by cloud services such as One Door will only be effective if integration is simple and quick. This requires compatibility at a number of levels including data semantics and the ability to exchange data effectively. Woolworths have been growing their capability for managing and supporting APIs that will make this integration smoother.
In addition, the cloud service providers have made the development of integration capabilities an investment priority.
The introduction of One Door is showing how the company can integrate new capability and introduce it to almost 10% of their stores as a pilot capability, with the full deployment to be completed across their chain during 2022.
Other retailers who don’t have this capability to integrate cloud services quickly, reliably and cost-effectively are going to lag companies that have invested to achieve this capability.
CIOs and CDOs should be leading their organisations in the development of a rich and scalable set of APIs to enable the integration of this type of high-value specialised solution.
Deployment without Consistent Architectures will be Complex
Rapid deployment of new capabilities requires a well-architected cloud, network, and edge infrastructure – and a well-trained team.
It is highly likely that the deployment of the One Door solution will be delivered over the existing Woolworths infrastructure. The capability is delivered from the cloud, with little or no deployment costs or time required. With the existing network and hybrid cloud capabilities that Woolworths have developed this type of rollout will be a relatively simple technical activity.
The integration of the service into the Woolworths environment is likely to be the most complex activity to make sure accurate data is exchanged.
It doesn’t take long to identify a wide range of different digital initiatives that Woolworths are pursuing. With the platform that they have established, they are well-positioned to take advantage of new capabilities as start-ups and existing suppliers develop them.
Every retailer needs to maintain their focus on their digital capabilities. As companies such as One Door develop AI-based enhancements, CIOs and their teams need to be ready to integrate these capabilities quickly.
Strong architectures for both infrastructure and digital services are needed to achieve these outcomes.
Recommendations for Retailers
Retail organisations continue to find new ways to leverage the power of the data that they are able to collect. The flexibility that SaaS developments deliver will be essential to maintaining an organisation’s competitive positioning.
CIOs and their teams need to lead their organisations and ecosystems by:
Identifying new SaaS capabilities that support the strategic positioning of their companies
Preparing their environments by supporting a rich set of APIs to support the rapid integration of these new capabilities
Developing and maintaining strong architectures that provide organisations a solid framework to develop within
Checkout Alan’s previous insight on Woolworths micro automation technology adopted to speed up the fulfilment of online grocery orders