-
Featured services
Harness innovation to deliver value
Ensure short-term stability as you design a roadmap for new use cases in your industry with emerging technologies.
Explore Connected Industries -
Services
Leverage our capabilities to accelerate your business transformation.
-
Services
Network as a Service
Popular Products
-
Private 5G
Our turnkey private 5G network enables custom-built solutions that are designed around unique use cases and strategies, and deployed, run and optimized through a full network-as-a-service model.
-
Managed Campus Networks
Our Managed Campus Networks services transform campus networks, corporate area networks and interconnected local area networks, and connect smart places and industries.
-
-
Services
Cloud Services
Popular Products
-
Cloud Migration and Transformation Services
Access the people, processes and technologies you need to deliver cloud migration projects that improve your return on investments.
-
Site Reliability Engineering Services
Get the most from your cloud investments when you harness our Site Reliability Engineering Services to support app development and lifecycle management.
-
-
Services
Edge as a Service
Client stories
-
Penske Entertainment and the NTT INDYCAR SERIES
Together with Penske Entertainment, we’re delivering digital innovations for their businesses – including INDYCAR, the sanctioning body of the NTT INDYCAR SERIES – and venues such as the iconic Indianapolis Motor Speedway, home to the Indianapolis 500.
-
Using private wireless networks to power IoT environments with Schneider Electric
Our combined capabilities enable a secure, end-to-end digital on-premises platform that supports different industries with the benefits of private 5G.
-
-
Services
Technology Solutions
-
Services
Global Data Centers
-
Services
Digital Collaboration and CX
IDC MarketScape: Worldwide Datacenter Services 2023 Vendor Assessment
We provide a new kind of intelligent infrastructure to deliver better outcomes through technology.
Get the IDC MarketScape -
-
-
Insights
Recent Insights
-
The Future of Networking in 2025 and Beyond
-
Using the cloud to cut costs needs the right approach
When organizations focus on transformation, a move to the cloud can deliver cost savings – but they often need expert advice to help them along their journey
-
Make zero trust security work for your organization
Make zero trust security work for your organization across hybrid work environments.
-
-
Copilot for Microsoft 365
Everyone can work smarter with a powerful AI tool for everyday work.
Explore Copilot today -
-
Global Employee Experience Trends Report
Excel in EX with research based on interviews with over 1,400 decision-makers across the globe.
Get the EX report -
Discover how we accelerate your business transformation
-
About us
CLIENT STORIES
-
Liantis
Over time, Liantis – an established HR company in Belgium – had built up data islands and isolated solutions as part of their legacy system.
-
Randstad
We ensured that Randstad’s migration to Genesys Cloud CX had no impact on availability, ensuring an exceptional user experience for clients and talent.
-
-
CLIENT STORIES
-
Liantis
Over time, Liantis – an established HR company in Belgium – had built up data islands and isolated solutions as part of their legacy system.
-
Randstad
We ensured that Randstad’s migration to Genesys Cloud CX had no impact on availability, ensuring an exceptional user experience for clients and talent.
-
-
CLIENT STORIES
-
Liantis
Over time, Liantis – an established HR company in Belgium – had built up data islands and isolated solutions as part of their legacy system.
-
Randstad
We ensured that Randstad’s migration to Genesys Cloud CX had no impact on availability, ensuring an exceptional user experience for clients and talent.
-
NTT DATA and HEINEKEN
HEINEKEN revolutionizes employee experience and collaboration with a hybrid workplace model.
Read the HEINEKEN story -
- Careers
How high should we set the bar?
23 June 2020
Topics in this article
One of the many challenges that can be encountered when setting out to improve Operational Technology (OT) security is determining what good looks like.
I'll look at this challenge in three parts:
- gaining a clear understanding of the current situation
- determining how good the design and operations need to become
- justifying, in business terminology, the effort required to get there
I'll explore this challenge here, as I did in person at NTT Ltd.'s Information Security World (ISW) 2019, held at the Institution of Engineering and Technology (IET) in London.
The session discussed securing businesses through digital transformation and included excellent presentations from Nozomi Networks, Fortinet and LogRhythm.
As part of my introduction to the session, I tried to link three of my interests into one concept; athletics, instrumentation and control engineering, and OT security.
Know how high to set your bar
First of all, earlier that month I had watched Mutaz Barshim win a thrilling high jump contest at the 2019 World Athletics Championships, soaring over the bar set at 2.37m in front of a home crowd - just months after sustaining a potentially career-ending ankle injury. An amazing performance. No other tenuous link, my first point is simply about the concept of setting the height of a bar (or setting a target) and knowing how high to set it.
Learn from experience
Secondly, with ISW 2019 held in the IET building, I was thinking back over the engineering methodology I used as a safety systems engineer earlier in my career. I used historical data to help estimate reliability and, therefore, how well to design and maintain a safety system. As a team, we'd gather this data from manufacturers, independent sources, our own operating experience and from others via collaboration across the industry. Once that data was validated and trusted, it helped to form the justification for the design and operation.
This process is vastly more complicated if we need to include software justification, but I'll exclude that here for simplicity.
Use data to inform decision making
Thirdly, I've been reading the excellent book ‘Solving Cyber Risk: Protecting Your Company and Society’, which uses examples of assessing the total impact, in business terms, of a cyberattack on an organization. By using the ever-increasing amount of cyber-impact analysis data, we can justify the improvements required to reach a target, and to help determine what that target needs to be. Targets for OT security, both technical and organizational, are nothing new; IEC 62443 Security Levels, IEC 62645 Security Degree definitions and C2M2 Maturity Indicator Levels for example. Making the required technical and organizational improvements to reach these targets requires change, almost certainly requiring justification via a business case.
Make data work for you
By using emerging and historical data, you can make the business case more convincing, and more specific to the organization in relation to their own business context; to avoid or minimize the impact of loss of production, loss of revenue, loss of reputation etc.
This tied in well with the point made by Daniel Eitler from BMW at ISW's keynote morning session: “Cybersecurity is a priority at BMW, it is what differentiates us from other companies”. Even though being secure is good for business, it still requires justification.
Nothing I have written here is new. I'm not taking credit for Barshim's winning jump, for decades of engineering good practice, or for the work of Coburn, Leverett and Woo in ‘Solving Cyber Risk: Protecting Your Company and Society’.
However, by simply linking these concepts together, it is my hope that something resonates with you and is of use in helping to address some known challenges:
- the lack of investment for cybersecurity
- the difficulty in communicating cyber-risk to the board
- and the challenge in assessing risk across numerous complex systems performing important business functions.
Finally, linking back to the key theme of ISW 2019 which was smart society and digital transformation, covering a range of topics and technologies; cloud, IoT, IT, IIoT and OT.
With all these technologies being available to businesses, it can be difficult to manage, plan, assess and prioritize all these complex systems in terms of cyber-risk. So my final thought is to use another concept from safety system engineering practice; focus on functions first, systems second, technology third.
Keeping sight of the importance of the functions that OT provides (for example, generating electricity, protecting the workers and public) can help determine how well the systems need to be designed and operated, what technology is best suited for realizing those systems, and therefore how well they should be secured.
In other words – how high to set the bar, how much effort is required to reach it, and how to measure the progress in getting there.
This is the general approach we provide for the development of security programs: to assess the current situation, determine the target state and develop a roadmap to achieve that target state.
The threat landscape will change, the build-up of historical cyber-impact data will (unfortunately) continue, and therefore the setting of the bar may need adjusting. However, once that roadmap is set and understood, at least the delta will be known, and measurable.