Press

The Great Resignation

40% of employees are looking to resign in the next 12 months

Coming out of the pandemic 40% of employees are looking to resign in the next 12 months

Positive economic growth and record highs on Wall Street are creating an increasingly optimistic sentiment in the job market. In the US, the Bureau of Labor Statistics reported that the US economy added 850,000 jobs last month. Hidden by this encouraging figure is the hint of an unusual trend: people are beginning to quit their jobs in extraordinary numbers – 4 million resignations in April alone – the highest rate seen since the Bureau of Labor Statistics (BLS) began to collect this data in 2000.

According to a recent report from Microsoft, 41% of the global workforce is considering leaving their jobs. This isn’t limited to blue collar roles – it’s across industries from technology to financial services. To put that in context, if you’re the CEO of a 500 employee business in the technology sector you’re at risk of losing 200 staff in the next 12 months.

Market buoyancy and low household debt (US household debt went down in 2020 – only the second time in 35 years) may increase the appetite to take a risk and change careers. The number of new businesses registered in the United Kingdom in the third quarter of 2020 rose 30 percent compared with 2019, showing the largest increase seen since 2012. The pandemic was certainly a time for many to reflect on what matters in life and re-evaluate the work-life balance. For some, the realisation that they can work effectively from home was the catalyst for a lifestyle change – budding entrepreneurs across the country were starting their own business, or just having a “side hustle” (Cambridge Dictionary describes it as: a piece of work or a job that you get paid for doing in addition to your main job – https://www.theukdomain.uk/best-places-to-start-a-side-hustle/).

Employers have had a lot to deal with during the pandemic – according to McKinsey’s Global Survey of executives – companies have accelerated the digitization of their customer and supply-chain operations by three to four years. And the share of digital or digitally enabled products has accelerated by seven years. 

That’s a lot of change done quickly, and the toll on employees has been exacting. This high productivity and output is masking an exhausted workforce. In the last quarter of 2020, the average number of hours worked in the US rose by over 10% percent. 

One of the consequences of the shift to remote and the reliance on tech-based communications has been the phenomenon of digital burnout. I know I’ve certainly felt that at times. But a more subtle trend in Microsoft’s report is that the workforce has become more siloed. 

In the shift to remote working, much of the spontaneous sharing of ideas that can take place within a workplace was lost. The loss of in-person interaction means individual team members are more likely to only interact with their closest co-workers.

“At the onset of the pandemic, our analysis shows interactions with our close networks at work increased while interactions with our distant network diminished,” the report says. “This suggests that as we shifted into lockdown, we clung to our immediate teams for support and let our broader network fall to the wayside. Simply put, companies became more siloed than they were pre-pandemic.”

Employers are now adapting to these challenges, the Microsoft Work Trend Index: 2021 Annual Report says that two-thirds of leaders are redesigning offices space for hybrid work to increase opportunities for collaboration, and giving employees greater flexibility on when to come to the office. 

Employers should also be investing in their people. According to Personio – the HR software company – nearly half (45%) of HR decision makers saying they are worried that staff will leave once the job market improves. Yet, despite this, only a quarter (26%) of HR decision makers say that talent retention is a priority for their organisation over the next 12 months. Retaining staff by career development opportunities, addressing work-life challenges and supporting physical or mental wellbeing are all key areas to increase the chances of retaining good staff.

For employees who have an increasingly wide range of options, a strong employee value proposition which starts with a great sense of company culture – and collaboration is key. Retaining and attracting the best talent is a key element of any great company – a cornerstone of Jim Collins ‘Good to Great’ bestseller. With the increasing pace of change from digital transformation, now is the time to focus on investing in your people. With resignation rates set to increase, it’s never been as important.

coward

Anonymous Cowards – Online Abuse Needs to Stop

Like most of the country, last night I spent time with friends looking forward to the English team play Italy to win on home turf. The entire tournament lifted the spirits of multiple home nations – and I loved the sense of excitement across the country – much needed after 18 months of a pandemic.

Seeing England go out from penalties was devastating, but the racial abuse via social media cannot be the channel to vent that frustration. Football needs to rid itself of racism, sexism or any other forms of prejudice. We all have a role to play to ensure that happens, and quickly.

Social media and internet companies have a big role to play in this. Online “trolling” is too much of a cutesy word, the abuse that Marcus Rashford, Jadon Sancho and Bukayo Saka suffered is hate speech, and those responsible should be prosecuted – to the full extent of the law. 

Unfortunately, that’s not happening. Case in point is Ian Wright, who expressed disappointment in February after an Irish teenager – who admitted racially abusing him – escaped a criminal conviction.  

Too often the abuse comes from faceless cowards expressing their hate from a keyboard. Social media and internet companies should ensure that anyone registering a twitter account, a domain name or any other online presence, go through robust authentication processes to ensure they can be traced. Online accountability and personal identification is one of the ways the cloak of anonymity can be removed. Online abuse is not free speech and people should be held accountable for their actions – online or not. Civil libertarians must recognise the line between points of view and online hate or harassment. 

I’m not suggesting handles on Twitter can’t be amusing – I’m sure XxXDirtyDanXxX is an upstanding member of society – but the identity of the individual should be traceable. For full disclosure, I was CEO of Nominet – the domain name company for the UK. We tried to implement tracking and authentication of individuals with limited success. I think the time is now for the industry to up its game – and for governments to strengthen legislation and enforcement to deal with this sort of abuse.

The power of the internet as a force for good should be encouraged, but we should all have the courage to stand up to prejudice and abuse online.  Let’s call it out when we see it…let’s remove their masks.  

The birth and growth of SaaS

Over the last few months I’ve been using a variety SaaS based applications, some for data analysis (www.sisense.com), some for connecting (www.LinkedIn.com) but others to simplify my working life (www.pyrus.com). By far one of my favourite SaaS platforms is x.ai (www.x.ai). It’s a calendar scheduling tool that automatically finds times to connect you and other parties, and avoids the constant back and forth of calendar negotiations. I think in the first month alone it saved me hours and they’ve integrated it with workflows to make it intuitive to use. 2021 has continued their prior year’s growth with a near-doubling of Monthly Recurring Revenue – perhaps not surprising then that it was bought by Bizzabo (www.bizzabo.com) – the SaaS platform for virtual events – in June this year. Regrettably, I wasn’t a shareholder!

A short history lesson…

While the ubiquity of SaaS based platforms is relatively new (last five years in particular), its origins can be traced back to the 1960 when IBM and other mainframe providers used centralized hosting of business applications and provided them as a service bureau business, often referred to as time-sharing or utility computing.

The expansion of the Internet during the 1990s brought about a new class of centralized computing, called application service providers (ASP). ASPs provided businesses with the service of hosting and managing specialized business applications, to reduce costs through central administration and the solution provider’s specialization in a particular business application. Software as a Service essentially extends the idea of the ASP model. 

Adoption of SaaS

When people think about the first software-as-a-service (SaaS) startup, typically Salesforce comes to mind. But while Salesforce began as a SaaS, other early SaaS software started on the floppy disks and CD-ROMs of the pre-internet time, but then several important changes to the software market and technology landscape have facilitated the acceptance and growth of SaaS solutions:

  • Slimming down: The growing use of web-based user interfaces continuously decreased the need for traditional client-server applications. Consequently, investment in software based on ‘fat clients’ was a disadvantage (support costs for one).
  • Web Dev: The standardization of web page technologies (HTMLJavaScriptCSS), the increasing popularity of web development as a practice, and the ubiquity of web application frameworks like Ruby on Rails reduced the cost of developing new SaaS solutions.
  • Internet everywhere: The increasing penetration of broadband Internet access enabled remote centrally hosted applications to offer speed comparable to on-premises software – which has only gotten cheaper.
  • Security: The standardization of the HTTPS protocol as part of the web stack provided universally available lightweight security that is sufficient for most everyday applications. Netscape Navigator, in October 1994, introduced the Secure Sockets Layer (SSL) protocol, enabling encrypted transmission of data over the internet so – for example, people could shop online without fear of losing their data. That opened up the world of ecommerce. 
  • Integration protocols: The introduction and wide acceptance of lightweight integration protocols such as REST enabled affordable integration between SaaS applications (in the cloud).  (source Wiki)

Rise in popularity of SaaS

In the 2000’s SaaS models were thought to be only for small businesses as they were slow or unreliable. As the internet became ubiquitous, faster and cheaper, it started to become increasingly viable for enterprises. The chart below shows what while growth is slowing, it’s now an industry worth over £120 billion. 

Benefits of SaaS

In the SaaS model, the provider gives customers access to a single copy of an application and the source code is the same for all users, and any additional features or updates are immediately deployed to all customers. Despite this, a user can still customise the application for their own needs (within the constraints of the code). 

The benefits of SaaS are that it removes the need for businesses to develop, install or run applications in their own datacentres, and in so doing can remove the associated staffing, hardware, provisioning, maintenance and security costs. They are often subscription-based pricing models, meaning you can pay for what you use and move to another provider when needed. SaaS-based applications can be used on multiple devices i.e., mobile phones, with a single login, anywhere in the world. As a result, adoption of SaaS is growing both in sectors covered – from retail to healthcare, and subscribers from small to multi-national organisations.

How it works

SaaS works through cloud delivery. As a software provider – say Salesforce – will either host the application and data using its own infrastructure (servers, databases, networking etc.) or outsource that to a cloud hosting provider, sometimes a combination of both – a so-called hybrid cloud model. As a user or subscriber to the SaaS software, you would access it via a web browser. The advantage is you can use the service without having to enter into a software purchase and have to maintain the ‘kit’ on your own premises. 

SaaS – integration

Often SaaS applications interface with other software and workflow tools within a client – for example, the open-sourced e-commerce platform Magento (www.magento.com) has modules that could be quickly implemented, but could then be customised with other software using application programming interfaces (API’s). 

SaaS Architecture

SaaS architecture is gaining popularity because it doesn’t require developing an app from scratch and then maintaining it. You may choose to develop a SaaS platform yourself, but we will come on to this in another blog post. 

Most SaaS platforms are what is termed as ‘multi-tenant’. This means that a single instance of a software application serves multiple customers.  While all customers will run on a single version of the software infrastructure platform, a customer can subscribe to different pricing and usage plans and data from different customers will be segregated.  This is achieved either through separate databases or one database that displays adequate information to particular users. It also infers a level of security as the infrastructure is shared. There are a number of flavours of multi-tenacy architectures ranging from isolated tenancy – where none of the layers in the platform are shared among the tenants to shared tenancy – where the infrastructure, databased and applications are shared, but each tenant in the database are separate. 

Security of SaaS

Any organisation looking to move to a SaaS based platform needs to think through the cybersecurity risks which differ from traditionally deployed software. Security covers access management, physical data centre security, passwords, data encryption, guardrails (automated mechanisms to enforce policy requirements. This will be covered in a separate blog – but needless to say, it’s important and expensive – especially if you get breached. 

In this series I’ll be covering:

  • How to integrate SaaS into your business – with a few case studies
  • How to move your product to a SaaS Platform if you’re not already there yet
  • The technology underpinning SaaS – cloud and beyond
  • How to manage the data integration challenge
  • Building in security – where and how
  • Key insights for scaling SaaS platforms

I’m always looking for good insights and case studies, so please feel free to get in touch.

Business Transformation Report in the Times

The Times Newspaper and Digital Leaders have teamed up to publish a special report on Business Transformation in this morning’s edition of the Times. Today, more than three quarters (77%) of UK CEOs plan to increase their investment in digital transformation over the next year – according to PwC’s 24th Annual Global CEO Survey report. 

This digital imperative to evolve has been accelerated by the pandemic as companies implement changes across supply chains and customer or employee engagement channels. Moving to the cloud, mining data for insights, adopting machine learning, investing in software development and keeping the organization secure are just some of the tasks to be accomplished.

The supplement includes an article by Digital Leaders Chair, Russell Haworth who considers whether in the turbulence of change, do you bunker down or build windmills?

Digital Leaders who are not already Times subscribers can download a free copy of the report below.

Active Cyber Defence – The Third Year

On 19 February, the National Cyber Security Centre (NCSC) published the annual report into the efforts and achievements of their Active Cyber Defence programme, which aims to reduce the impact of cyber attacks on the UK by providing services that protect against a range of threats.

The report, ‘Active Cyber Defence (ACD) – The Third Year’, covers 2019 and includes the incredible progress of Protective DNS (PDNS), which has proudly been delivered by Nominet on behalf of NCSC and the UK Government since 2017.

PDNS prevents public sector users from accessing domains or IPs that are known to contain malicious content and stops malware already on a network from calling home.

The ACD report captures new milestones for the use of PDNS in 2019, when the estimated number of protected UK public sector employees reached 1.4 million. This was a 57% increase on 2018 – and has increased even further recently. PDNS was also deployed by 200 additional organisations over the course of the 12 months, which includes most central Government departments and the majority of local authorities. These achievements have increased the breadth of cyber security Nominet is providing across the UK public sector.

For example, the report estimates that PDNS dealt with 142 billion queries in 2019, more than double the 68.7 billion queries made in 2018. It also highlights common culprits identified by PDNS in 2019, including Emotet, Necurs, Kraken, Sphinx, Neutrino, Cerber, CryptoLocker. GandCrab, Wannacry, NotPetya, BadRabbit, Ramnit, Tiny Banker, Conficker.

The sheer extent of queries and responses demonstrates that PDNS is a genuine force multiplier in cyber defence and the data produced has proved instrumental in identifying and quickly remediating incidents. Once aware of an incident affecting a particular type of infrastructure or service, PDNS data informs analysis to identify affected organisations and to begin the next steps of remediation.

In taking those ‘penultimate steps towards service maturity’, and as active users grow, PDNS is giving the NCSC visibility across the UK public sector that is allowing it to make observations, provide more meaningful metrics and feedback, and identify the areas most needing attention.

The uptake of PDNS would not be possible without a focus on customer support and the PDNS onboarding statistics are testament to the hard work of the team here at Nominet. We firmly believe that it’s not just what you deliver, but how you deliver it. The service wrap that sits alongside PDNS is second-to-none and ensures that end users are both protected and feel supported throughout the process.

In particular, the ACD report calls out the training documents, workshops and webinars that were carried out throughout the year and made available online as part of the PDNS knowledge base.

Ultimately, the report shows that PDNS made incredible headway in 2019 – and for that we’re incredibly proud. Based on the fantastic engagement and utilisation of PDNS from organisations across the public sector, the NCSC took the decision in 2019 to prepare for the future and doubled the capacity of the PDNS. This decision allowed us to increase our support of the public sector throughout 2020.

The NCSC’s Active Cyber Defence programme is pioneering and we look forward to playing our part as it treads new ground in years to come.

Safety first at Wired Security

The cyber industry is awash with events and trade shows, but one that really made an impact on me was last week’s Wired Security 2017. This event brought together some of the most inspiring and influential thought leaders in the industry. They shared knowledge, provoked debate and discussed both abstract ideas and very real threats that will help us avoid myopic thinking as we pursue security in an era of cyber vulnerability.  

Nominet was delighted to get involved, and I took part in a panel discussion that tried to answer the hypothetical question; “your company has been breached – now what?” And just as important, how do you make sure you minimise the chances of it happening in the first place? 

Wired are covering the discussion in a forthcoming issue. But it won’t be too much of a spoiler alert to say that along with fellow panellists Jim Wheeler, Angela Sasse and Allison Miller, we covered everything from whether insurance for cyber is worthwhile, how to create corporate ‘muscle memory’ through cyber drills, to using nudge theory to create a culture of security. We were in violent agreement about one thing – that preparation is crucial. 

As a CEO, doing all you can to prepare for a cyber attack is as important as taking responsibility for the aftermath. Accepting the inevitability of a breach at some stage is a crucial first step, and Board directors have a fiduciary duty to do all they can to protect their business. This includes firm, thorough and careful plans to manage, mitigate and recover from an attack.  

At Nominet, we work to create a culture of security, including the aforementioned nudge strategy, introducing changes in an incremental, unobtrusive way, rather than seismic shifts to keep staff on board and allow new procedures to be easily assimilated into daily operations.  

I was struck by the discussion on the complicated issue of insurance against a cyber breach; specifically, is it worth the money spent? It’s a tricky question to answer. Businesses need to have a thorough understanding of the compliance required and know exactly what the entitlement might be. As Angela Sasse pointed out, you can bet the insurance firms have thought it through more carefully than you and you may find you are not entitled to the compensation you’d hoped.  

Our panel formed just one part of a day filled with intriguing speakers. Dmitri Alperovitch from CrowdStrike discussed the different nation-states and the type and level of cyber threat they pose – he said it’s North Korea’s cyber capability keeps him awake at night. We got some fascinating insights into Russian internet culture and the influence of the Kremlin from Red Web’s Andrei Soldatov. We also learnt from Charlie Winter, senior research fellow at ICSR, that IS has a centralised propaganda strategy and makes use of mobile app Telegram to deliver it.  

Google’s Allison Miller made an interesting point in her keynote about considering language use when trying to persuade people to make the right choice in response to everyday cyber threats. Don’t make it too bland; if you have the actionable intelligence, give people more clarity on how they should respond.  

The challenges of cyber security impact all society nationwide and could be seen as one of the most pressing issues of our time. In an industry in which the landscape is always changing, discussions and information sharing are pivotal in helping us all better protect ourselves and maintain the country’s status as a digital leader.