Environmentally conscious companies are developing projects to incorporate energy efficiency and sustainability management into daily business and IT operations. Analyst Christopher Mines of Forrester Research Inc. tells SearchCIO.com how CIOs can use sustainability software to help the business become more environmentally friendly, gain operational efficiencies and manage energy consumption.
Listen as Mines delves into four types of sustainability software any CIO can procure and deploy to support green IT and business goals.
Below is a table of contents to guide you through Mine's explanation of these four types of software, followed by a short excerpt from the podcast.
Table of contents:
Introduction: 0:00 -1:02
Discussion of collaboration and communication software: 1:03-3:20
More on green IT and sustainability software
SearchCIO.com: In your research, you've identified some categories of sustainability software that any enterprise could use. Can you take us through that a little bit and tell us the problems they can help solve?
Christopher Mines: Perhaps the most widespread and obvious one is collaboration and communication software, which simply allows a company's employees to cut down on their travel, cut down their commuting and, perhaps ultimately for a number of companies, cut down on the physical footprint of their office space. Because workers are working at home, they're in more of a hoteling kind of office situation rather than having permanent offices in a big office building.
Discussion of infrastructure management software: 3:21-5:35
Infrastructure management software -- really, this pretty quickly gets into a conversation around smart buildings. How do you run the physical plant in a more energy-efficient and therefore a more sustainable way? For most companies, the biggest single source of their energy consumption and carbon emission is their building. So, if companies can run their buildings in a more integrated, more transparent way, typically they can find significant reductions -- 20%, 25%, 30% in energy reduction and resulting carbon footprint. It's a difficult, challenging environment, but it offers very compelling ROI.
Discussion of enterprise carbon and energy management software: 5:36-6:34
These solutions help companies monitor, manage, report and reduce their energy consumption and resulting carbon emissions. This is dashboard and analytics software, fundamentally. It is connected into buildings and other assets to monitor their energy consumption.
Discussion of product development software: 6:35 -7:58
This has not taken off in any significant way yet but probably represents the next frontier. This is software that's aimed at product development organizations or R&D organizations [and] project management, perhaps, to help companies think about sustainability at design time. It helps them think about what are the materials, what are the manufacturing processes, what are the distribution channels?
Read the full transcript from this video below:
Christina: Hi. This is Christina Torode, news director for SearchCIO. I'm here with Jay Leek, vice president of international security for Equifax. Equifax is a data solutions provider for financial services companies, and a consumer credit card reporting agency. Jay has worked as a director of fraud, security, and compliance in the Telco and financial services industries for more than 10 years. In this podcast, Jay talks about developing a fraud prevention program based on his experiences at Equifax and in past positions.
Christina: Hi Jay.
Jay: Hello. How are you doing, Christina?
Christina: Good. Thank you. When developing a fraud prevention program, you believe that it doesn't start with the technology; it starts with the corporate culture. How do you build fraud prevention into the DNA of a company's culture?
Jay: Yeah. I mean, I think that's a great question, because it really does start at the top of the organization, and with the tone from your executive management. If you don't have the support to actually have a culture of fraud prevention, which I believe starts with ethics and integrity, first and foremost -- at the top of the organization down, then you're going to have a very difficult time ever implementing what I would consider to be a comprehensive fraud prevention program.
Because, first and foremost, fraud prevention is all about your people; and as a vast majority of investigations that result in fraud being discovered start from whistleblowers, people coming forward, you need to ensure that they have that culture where they feel comfortable coming forward, and also where they have that culture starting at the senior levels of your organization down, where they know that your company wants to operate with integrity. It has ethical values that it holds very high. And they're doing the right thing by sticking their neck on the line and actually coming forward.
Furthermore, you can think about all the technical controls in the world that you might put in to help prevent fraud. Many points in time along the way, what you're going to find is, those technical controls depend on people making smart decisions. Because very few business processes are solely technical, there's often an individual that's inserted throughout that process. And anywhere you put an individual into that process; you potentially run the risk of opening or exposing yourself to a situation that could result in fraud.
If people also know this is important to the organization, that action will be taken if you do something, but also that no action against the individual is going to be taken if they come forward and stick their neck on the line, especially if it's their manager or somebody they might feel threatened to come forward about, if they believe they're doing something wrong, then you're going to build that culture that's going to allow your employees to be very aware of their surroundings, very thoughtful in their approaches and how they try to protect the organization from fraud.
Christina: What is the cornerstone, in terms of processes, of your fraud prevention program?
Jay: I think, it's very important that you know who your customers are, for starters; and not just your customers. It's also who your business partners are. It's your ecosystem of who you're working with. So you want to make sure that you have some kind of credentialing process, or entitlement process, so to speak, for determining who you do business with and who you don't, whether it be a customer relationship or a business partner relationship.
And I think if you take this back to, what most companies do with their own employees. You typically do a background check, and you have some kind of screening process to determine, is this individual someone that I really want to bring into my organization? And you need to have that same kind of thoughtfulness or process in place when you're thinking about all the other touch points, because, quite honestly, you do see a lot of fraud that originates, of course, from the inside. We hear about that all the time, in all kinds of write-ups. And that's where people are talking about fraud.
But what we also see, in my personal experience, is a lot of fraud that comes through our customers, or it comes through contractors, business partners. And this is very unfortunate. And a lot of times, it's not the entity that we're doing business with who commits fraud, but it is an employee of that entity, or it is a contractor of that entity. And they have just enough inside knowledge about how you do business, and they're able to take that inside knowledge and exploit it, and do a lot of things that we definitely don't want to have happen in our organizations.
Christina: Could you actually give an example? I'm not talking about Equifax in particular, but in general, of that kind of situation, where an employee of a customer, or an employee of a partner...
Jay: I think what we typically see... and if you think about organizations that provide various services. So there's no tangible piece of hardware or an asset that's part of the services that that entity provides. And you have a customer, let's say, that is buying this logical asset, or information, or whatever it may be, from you; what I've seen in the past is there's quite often employees of customers where they have certain access rights to this information. This information access, so to speak. And you'd be surprised as to how many side companies I've actually seen set up over the years where employees of our customers were actually stealing from their employer information that the organization I was working for had, and they were selling it on the back end. So in reality, what's happening is that the customer's paying the bill; unfortunately, the bill they were paying wasn't correct.
So we had processes, we had technology capabilities in place to look for this type of behavior that's coming from our customers, identify these anomalies, investigate it, and then go to our customer and say, we believe that you have this particular rogue employee that might be doing something completely correct, but it looks very peculiar to us. Or perhaps even, we might have evidence to show that they're really doing something on the side. And ultimately, we turn that over to our customer, or we would turn it over to our customer, and we would suspend that account or terminate that account, most likely, of the individual. But then it's up to the customer to either do what they're contractually obligated, with the arrangement they have with us, or to take the right action that needs to be taken against that employee.
Christina: You actually mentioned the billing system. Can you explain why is understanding the finance and the billing system so critical to a fraud prevention strategy?
Jay: If you're wanting to look for fraud; you always kind of follow the money, because ultimately, in my experience, people are committing fraud, because there's some kind of dollar value behind it; it's not... like, so often, the things that we see in security, especially these days, where there's political hacktivism going on or whatever it may be. In a fraud case, typically speaking, someone's trying to steal something of a monetary value from you.
And finance has a vast amount of information that can prove to be very helpful. For example, with finance, you can look for statistical anomalies in invoicing type information. So if a customer is typically getting billed
$1,000 a month, and then next month the bill is $30,000, we've never seen that before in the past 12 months, that's an anomaly.
Now, that doesn't necessarily mean that they've done anything wrong, per se. What it does mean is there's an anomaly there that is most likely worth investigating to see if fraud is actually taking place, or if they're just running some kind of special of whatever product that you offer and there's a lot more of it going out the door this month, or not.
So there's a lot of other very interesting customer behavioral type information that you're able to glean from your finance organization. And they're actually sitting on a ton of data that is very relevant to your fraud program. They have no clue, most likely, that this is relevant to your fraud program. But if you're able to get your hands on it, it can prove to be very valuable as you're building out your monitoring and investigating capabilities when either detecting or responding to a potential fraud incident.
Christina: Are they resistant to that at all? Or do you directly work with the people in charge of the billing system and finance?
Jay: Absolutely. I mean, in fact, we haven't had any resistance to that at all. In fact, when we show them the type of information that we can produce from taking the end data they already have, we typically find that they're very excited to work with us. I mean, finance doesn't want invoices coming back from customers saying that, you know, this isn't their invoice. It's not correct. And definitely, they don't want an invoice coming back that's saying this is not a correct invoice, and when the customer inquires as to why, it turns out that there was fraudulent activity.
Now, it could be there was fraudulent activity because, like I said, they have an employee that's stealing from them. But even that doesn't necessarily make your organization look good. In my opinion, you should have control of the place and be able to protect customers, such as the example I gave you earlier, as well as protecting your own organization; because you're all in business together.
Christina: How do you test fraud prevention controls to make sure people aren't kind of finding their ways around them?
Jay: There's several cornerstones to fraud prevention, kind of at a high level; I think, regardless of what organization you're in. And one of them, as we've been talking about today, is this entitlement or enrollment credentialing-type process. We've also been talking about the ability to monitor and look for anomalies, and investigate things like that. The third one that we touched on too is investigation piece making sure that you have the right tools in place to investigate potential fraudulent activity or anomalies that you're detecting.
And the final one we haven't touched on is some kind of auditing mechanism. So whether it be auditing your customers to ensure that they have the proper consent, or whatever it may be, depending on the nature of your products you're offering. To buy that from you, as in our case, where we are heavily regulated, and as we provide credit information to our customers, they have to have the proper consent. In various jurisdictions around the world, it may also vary the level of that consent; and we ensure that they have that by auditing our customers.
You also want to look internally and audit your processes. We're actually in the process right now of sitting down with our business operations teams and our IT teams and we're looking at our data life cycle, and how we manage data quality within our organization.
And we are literally pulling apart all of the internal processes that we have for the full data life cycle, and looking at the controls we have in place today, and saying, those controls made sense when they were implemented X time period ago, and do they still make sense today? And are there new threats, or new risk? New business environments that we're working in today, have things evolved and changed? Is this satisfactory?
And that's something that I think has to be done kind of on a continuous basis, as well, and it really, really requires that you have a strong understanding of how your company does business. Because if you don't understand, at a very detailed process level, how your company does business, how information flows through your company, how money flows through your company, and how products are basically ordered from your customer and then ultimately delivered to your customer, whether that be a physical product or a logical product, then you're going to have a very difficult time protecting it.
And for me, it's doing risk assessment, doing audits on your internal processes that are kind of cornerstones to how your company makes money is how you're going to make sure that you have the right controls of place; and never being satisfied, it is a continuous process.
Christina: Well, thank you for your time today, Jay. I really appreciate it.
Jay: No problem. Thank you.
Christina: This has been Christina Torode, news director of SearchCIO, speaking with Jay Leek, vice president of international security for Equifax. Q: Hi. This is Karen [sp] Goulart features writer for searchcio.com. Joining me today is Christopher Mines, leading analyst on green IT at forester research. We're excited to have Chris with us to share some of his expertise on the state of green IT and sustainability software and what it means for CIO's now. Welcome Chris.
Chris: Hi. Thanks.
Christina: In your research you have identified some categories of sustainability software that any enterprise could use.
Christina: Can you take us through that a little bit and.
Christina: And tell us the problem they can help solve?
Chris: Sure. Yea let's talk about 3 or 4 different classes of software that help companies improve their sustainability posture. These are things aimed not so much at approving an IT organization, but rather what the IT organization can acquire and implement and provide to other parts of the company. Right, perhaps the most widespread and obvious one is collaboration and communication software, which simply allows a company's employees to cut down on their travel, cut down on their commuting. Perhaps ultimately for a number of companies in fact cut down on the physical foot print of their office space, because workers are working at home, there in more of a hoteling kind of office situation, rather than having permanent offices, cubicles, whatever in a big office building. And as I say as a result enable them to cut down on their air plane miles to cut down on their commuting trips and for some companies a strong work at home programs, helps them to actually reduce the physical foot print of their offices. You know airplane travel is probably the single biggest thing that companies can do in terms of you know by creating tel-conferencing, video collaboration kinds of capabilities. Companies can keep their employees off of airplanes, and that's probably the single biggest factor. I know when I do my personal carbon calculator I actually do pretty well and then I get to the airplane section of the questionnaire and I go from the green into the black.
Chris: So collaboration communication software I would say is number one in terms of how companies are applying information technology to help reduce their emissions foot print and energy consumption. They may not be doing it for that reason in many cases they are doing it to drive other things, they are doing drive productivity, they are doing it to drive employee engagement, employee satisfaction, retention and the like, and the sustainability outcome is really a side benefit or a secondary benefit to what they are trying to, in terms engaging and retaining their workforce. Second category to talk about is let's call it infrastructure management software, and really this pretty quickly gets into a conversation around smart building, you know how do you run the physical plant in a corporation in a more energy efficient, therefore a more sustainable way. Most companies the biggest single source of their energy consumption, is their building, and so if they can run their building in a more integrated, more transparent , more visible way, typically companies can find significant reductions [20, 25, 30] percent in terms of energy consumption, and resulting carbon foot print. So this is a pricey difficult challenging environment but it offers very very compelling ROI, and you see companies in this space some coming from the traditional sort of building management space, some coming from the IT world, some coming from the electrical equipment world. Each with particular strengths and weaknesses in that space but all trying to serve this same goal of helping companies to run their building in a more energy efficient way. Now you can extend that when we think about infrastructure, you can extend that argument to other asset classes, vehicles, manufacturing plants. Some companies have significant so called outside plant, think about telecom companies that all these cell towers you know thousands of cell towers are dotted around the landscape. If they can monitor those manage those they can also and do predictive maintenance kinds of capabilities on those assets they can improve their efficiency and reduce their energy consumption. So that whole area of smart infrastructure and infrastructure management software I'd say is the second important category. Third one is what we at forester call enterprise carbon and energy management software ECEM software. These are solutions that help companies monitor, manage, report and reduce their energy consumption and resulting carbon emission. So this is a dashboard and analytic software fundamentally. It's connected into building and other assets to monitor their energy consumption, but then does analytic to help turn energy consumption into what's the emission foot print of these assets. What are, and do scenario analysis to help companies understand, what are the investments that we can make? Where we get the biggest bang for our investment buck in terms of investing to help reduce energy consumption, and carbon emissions. So that's 3 there I'm going to mention one other one that really has not taken off in any significant way yet.
Chris: But I think is, probably represent the next frontier, for software vendor and their customer and that's in product development. So software that is aimed at product development organizations, or R&D organizations, product management perhaps, to help companies think about sustainability at design time, help them think about what are the materials, what are the manufacturing processes, what are the distribution channels, you know think about the full life cycle of a product; the materials, resources, and energy that's going to be consumed, creating it, using it, and disposing of it. So called life, cycle analysis or LCA software; so this is kind of the next frontier, I wouldn't say it has taken of yet, but you can certainly find examples of companies putting this kind of software in place to help them reduce cost, and design products that you know in theory at least will appeal to a broader set of customer or consumers.
Christina: Well, that was great Chris. Thank you very much for joining us today.
Chris: You bet. It was a pleasure.