The Frontline CIO Interview - Transport
In this, the fifth in our series talking to IT Leaders coping with specific industry challenges from COVID-19, we look at the world of transport, and specifically the management and training of drivers. The pandemic restrictions in the UK saw the use of cars drop dramatically as the immediate impacts of the lockdown were felt. However, motoring organisations reported a shocking increase in the number of speeding offences as drivers found themselves on unusually quiet roads. As a provider of Speed Awareness courses, where motorists who are found to have broken the speed limit can, in some cases, be offered a training course instead of being prosecuted, this has a particular impact on the subject of this interview.
Who are you, what organisation do you work for and what’s your role?
Ian Dudley, I am the IT Director for Drivetech, who are a subsidiary of The AA. We provide driver risk management and training solutions to the fleet market, and also provide referral training on behalf of many police forces, the most known of which is the speed awareness courses for those caught going over the speed limit.
Since you joined, what do you think the biggest change has been in terms of how the organisation views technology (up until the pandemic) What improvements are you most proud of from your time in that role?
To be honest it’s a journey we are still on. In time-honoured manner, I inherited a very old legacy estate, along with team and governance structures that weren’t really fit for purpose. As a result, IT was where ‘good ideas go to die’ and in a very real sense, our systems were a millstone around our neck for growth. We have a great product that people really like, but the day to day admin in our tools isn’t great, which is sometimes a cause for user frustration.
I’m a fair way down the road of changing this, and my stated strategic goals for IT include the following statements.
1. There will be no IT-driven barriers to growth. By which I mean if the company wants to do something, be it new products, new customers or just market expansion, then within reason, I can give them a sensible time and cost estimate to do it, and the decision to grow is a commercial one. Rather than the as-is, where very often we are blocked from growth because we lack the systems capability. People often think this is a bit of a bland statement, but when you really think it through, it has very profound impacts on how you design and build systems, so they have the flexibility and scalability to make it real.
2. Our IT systems will be a commercial advantage and USP in the market. This is more straightforward, we will be better than our competition, sell more, make more profit and be more successful, as a result of our systems. Again, from a position where the best you can say about our systems is that the competition is just as bad, turning IT into a direct commercial advantage will be a paradigm shift for both us and the wider business.
In terms of being proud, it’s putting in place the foundations for the above and starting to see it work. Seeing a previously cynical user, customer or IT team member be happily surprised. Watching them reappraise what we can do and start to view us positively, that’s a great feeling.
What do you find surprises people about your organisation and how it uses tech?
For people joining our business that it is as poor as it is and we still make money! Especially in the MI space, which like many companies with legacy systems we really struggle with.
When you look at the Speed Awareness courses that we run on behalf of the Police, the biggest surprise is the volume. We process around half a million drivers a year, and we only have a third of the market. It’s one of those things people tend to keep quiet about, but I very frequently find myself talking to people who sheepishly admit they have been a customer of ours.
The other surprising thing there is that we were able to transfer the entire police business from being 100% in the classroom into a fully online solution within a week of the Covid lockdown starting, and within a couple of weeks we had our capacity up to the same levels as when we were doing it in a real world setting. I knew the tech was available, but it took a lot of very focussed effort, and support from partners like Microsoft, to get it spun up so quickly. Doing a video conference meeting is easy, but doing hundreds a day, seven days a week, for tens of thousands of members of the public is a large logistical challenge. Our competitors were weeks behind us, especially at scale. Many still haven’t managed to provide a solution and we’ve ended up running courses on behalf of some of them who just don’t have the capability.
In many ways this is a great early example of those strategic goals I stated, as our ability to quickly flex and scale has led to what was looking like a business ending crisis turning into a commercial opportunity, and we have actually grown our market share. That makes it sound like we were profiting off of the crisis, which isn’t the case. Our objective was just to get our business back up and running as quickly as possible, and to keep providing a service to the public rather than seeing people get prosecuted. But by being so much faster than others, the work naturally flowed to us and has allowed us to support the whole market in getting back to business as usual.
How have you responded to the remote working challenge of the pandemic?
Thankfully we were already a fair way down the road of moving systems to the cloud and generally decoupling from on prem solutions. I also saw what was coming and got my team collecting and building as many laptops and desktops as they could a week or two before lockdown started. As a result we had pretty much our entire staff working from home within a fortnight. It wasn’t without its hiccups, but overall the disruption was manageable.
Of course the biggest impact was on our product, which primarily consists of face to face training sessions with people. All that came to a shuddering halt. But a week later we had the speed courses up and running as an online solution, and actually both the trainers and the delegates are largely happier with the result. We had a pretty good NPS rating to start with, but it has gone up 10 points for the online courses. It will be interesting to see how the market changes as a result of all this. The regulator thinks everything should go back to the classroom once the lockdown ends, but there is a distinct feeling of the genie having been let out of the bottle for the online solution.
Have you furloughed many IT staff – how did you manage that and how are you keeping those staff engaged?
Not in IT. The infrastructure guys have been up to their eyes in getting remote working up and running, and the developers often work from home anyway. In fact, the reduction in normal business change requests has given them an opportunity to get stuck into the project work that always tends to slide to the bottom of the list.
Will the effect of the pandemic change your priorities as an IT organisation?
It is going to accelerate many of the things we were doing anyway. I was already a fair way down the road of 100% cloud-delivered, non-localised systems, but to some extent, it was my brainchild and the rest of the business just took me for my word that it was a good idea. Having now seen the advantages it has given us in this crisis, and even the commercial opportunities it has led to, the rest of the management team is much more on board with it as a principle, which can only make my life, and business adoption, easier.
Largest Ever DDoS Attack Shows the Value of Digital Trust
An unnamed AWS customer suffered the largest distributed denial of service (DDoS) attack in history, a third larger than the previous record-holder — a 1.7 Tbps attack mitigated by NETSCOUT Arbor in March 2018.
While news headlines in June 2020 remain dominated by COVID-19 and the Black Lives Matter movement, another major development this month has been somewhat less reported: the publication of the AWS Shield Q1 2020 Threat Landscape Report.
While the title may not scream “headline news,” it may yet echo down the ages given a statement made on page 3 of the report: “In Q1 2020, a known UDP reflection vector, CLDAP reflection, was observed with a previously unseen volume of 2.3 Tbps. This is approximately 44% larger than any network volumetric event previously detected on AWS.”
While the size of the attack is significant, there is another important angle to consider: although AWS Shield (the DDoS protection service provided to customers who host web apps on AWS) acknowledges that it took three days to contain the attack, it was able to protect its customer against the attack using in-house capabilities.
Gaining (Digital) Trust Is Key
For companies on the receiving end of such attacks, gaining and retaining trust from customers, partners, and public opinion is of paramount importance to remain competitive in business. According to IDC’s global CXO survey, which was in the field earlier this year, trust is now the top priority new agenda item for CXOs over the next five years.
Trust introduces new variables that go beyond the traditional idea of “security” to include risk, compliance, privacy, social responsibility, and even business ethics.
In an organization with a strong digital trust posture, enterprises, users, and partners can interact and innovate without having to worry about security implications.
To get there, security teams must engage with lines of business and consider the evolving technology landscape to better support people and process. This is a clear means by which, if they get this right, security can support business outcomes and elevate their influence.
Security by Design: Milestone for Enterprise Security
This development is indicative of the rise of “native” security tools being offered by the big 3 cloud “hyperscalers” (AWS, Google Cloud Platform, and Microsoft Azure), as well as major SaaS providers such as Salesforce.com and ServiceNow, built into their platforms. In fact, the now well-established boardroom criticality of IT security means that cloud service providers (CSPs) cannot afford to go to market with solutions that are not “secure by design.”
While security by design is a major milestone for enterprise security, unfortunately the practice of working with secure-by-design CSPs is not a silver bullet. That is before we even consider that the number of organizations whose IT is based entirely on public cloud services is vanishingly small.
The vast majority of enterprises are operating across a complex “multicloud” blend of on-prem, private cloud, and public cloud infrastructures and applications.
Why DDoS Attacks Are Difficult to Negate
To further complicate the picture, there are two conditions that make DDoS attacks particularly difficult to negate. First, “DDoS for hire” services mean that anyone with sufficient motive can launch an attack, regardless of their capability.
Second, as many DDoS attacks achieve scale through botnets (such as the October 2016 Mirai Botnet attack on Dyn), enterprises cannot mitigate these attacks by remediating vulnerabilities in their own environment. Rather, they are dependent on the security hygiene of third-party connected devices that botnets prey on.
This shows the importance of the digital trust that comes from visibility into connected assets and the data they generate.
While DDoS attacks highlight the vulnerability of connected devices, this is far from their only risk factor. This is especially relevant when considering the interconnectedness of partner ecosystems that operate across shared infrastructures, such as those based on IoT and IT/OT convergence.
Varying approaches to tasks such as patch management, asset maintenance, and compliance make it tough to understand the provenance of data generated by third-party assets. Yet this exposure to third-party risk may be critical to the development — or indeed loss — of brand reputation.
This challenge is prompting interest in how trust can be distributed across partner ecosystems to foster transparency and confidence between partners to minimize risk, while simultaneously honing efficiencies through greater automation of transactions with trusted third parties.
IDC is launching a new research theme — Future of Trust — to shine a light on how enterprises can build trust, and the benefits that this can bring. Please visit our new dedicated European security and trust website to learn more.
How Has COVID-19 Changed the Emerging Technologies landscape in Europe?
IDC recently held a webcast on emerging technologies and their role in enabling not only resilience during the COVID-19 period, but also paving the way toward the successful enterprise of the future.
What Are Emerging Technologies?
Emerging technologies are those technologies that have not yet reached an inflection point, defined in terms of a series of criteria such as adoption rate, investment, and business impact.
Emerging Technologies in the COVID-19 Era
Although these technologies already attracted major interest and mindshare, COVID-19 affected sentiment around innovation, especially in terms of the more innovative, and emerging technologies.
Emerging Techs Threatened by the Covid Quake
IDC structured a framework in five steps to describe how the pandemic affected companies, and how their technology focus changed. To simplify, during the webcast we described two phases:
- The descent (from Covid crisis to recession), and
- The ascent (from the return to growth to the next normal).
According to IDC’s European IT Buyer Sentiment Survey (wave 5, May 18-25, 2020) the great majority of the organizations still place themselves in the descent phase.
So, the question is how these two phases are connected to emerging technologies, and what is their role?
To answer these questions, we need to start thinking about the priorities of the organization in the descent and ascent phases, linking them to the use cases they are prioritizing, and only then understanding the key enabling technologies. In this way we discover constellations of emerging tech-infused use cases across the two phases. But there’s more. The two phases are also connected to different approaches end-user companies should take.
Descent — Emergency is Experimentation
Despite the impact of the pandemic on digital transformation efforts, our biweekly survey shows that more than half of companies are changing their technology road map to take advantage of the uncertainty and introducing new business models. This means that the emergency period is the right time to experiment. And we collected also lots of examples from European companies leveraging emerging tech experimentation to cope with the emergency in the past few months. Technology providers are also taking the experimentation approach.
Ascent — Place Your Safe Bets
Once the descent is over, the following phase is the moment to set up for the future, preparing for the future enterprise, defined by extreme automation, remote everything, hyper connectivity, omni-experience, intelligent everywhere and full collaboration. In the short term, this implies looking at new trajectories according to the industry and the ecosystem each company plays in, and placing safe bets that ensure short-term ROI related to core modular and flexible competencies that can be quickly launched and tested, and fuelled by trickle budget.
Where to Start?
We believe that to build anti-seismic foundations for the future enterprise, making it resilient to market quakes and shocks, companies should focus on three pillars: People, (technology) Platforms, and Power of Sight, orchestrating an emerging technologies value loop.
To make it concrete, CxOs should:
- launch now one experiment aimed at disrupting traditional models,
- Select one KPI to track on a weekly basis and picking 3 digital use case short-term bets.
- They should also bring in 2 other C-suite members in any digital initiative (emerging tech-dedicated taskforce)
- Prioritize an ROI focus, plugin & play impact, and an act-fast approach as key features in tech provider selection.
Why 5G Could be the Elevator for Cities in the Digital Age
As a technologist, I’ve been fascinated to read about the promise of 5G — augmented reality, connected cars, avatars. At last, the city of the future realized! But, disappointingly, not just yet …
With any “revolutionary” technology there’s lots of buzz and hype, but that can jade those on the outside into thinking it’s such a long way off. They think, I won’t worry about that now, and it goes on the to-do pile.
In a 2018 IDC survey of mobile operators, government (including city infrastructure) emerged as the number 1 industry target for 5G, with 55% of operators believing the vertical showed the most revenue potential for 5G. Do governments still feel the same? Or have they simply added 5G to the bottom of a long list?
Here’s why I think it’s imperative for cities, master planners, and developers to go beyond the hype, get knowledgeable, and start 5G planning today.
5G Architecture and Capabilities
Let’s start with some basics. G stands for “generation,” and there has been roughly a new generation every decade since the ’80s. We’re now at number 5 — hence 5G.
So what about the architecture? There are three main elements to a mobile network that are important to understand in terms of long-term planning:
- Radio access network (RAN): largely the hardware — masts and antennae — that is visible in cities
- Core network: where much of the software resides that provides the transition from cell to cell and routes appropriately as you move around
- Transport network: the final element in the architecture and the part that links the components above together
All of these elements change with each new “G,” but the defining component is the RAN, which accesses the finite resource of electromagnetic spectrum.
Below are the main capabilities of 5G that will unlock certain properties of the network as the standards emerge:
- Enhanced mobile broadband (eMBB): providing faster access
- Ultra-reliable/low-latency communications (URLLC): providing the near-real-time response needed to control machine-to-machine communications
- Massive machine-type communication (MMTC): enabling hundreds of thousands of devices to be connected to a single site cell
- Network slicing: carving a virtual segment through the network that can be ringfenced to provide a particular service and therefore guaranteed performance
The generational cycle for mobile communications is inevitable, but for cities it is hard to reconcile the faster pace of change with the slower pace of the evolving built environment.
The Elevator for Digital Cities
As cities are bound by physical space, so 5G is bound by another finite resource — the electromagnetic spectrum. This becomes congested as both the number of users and the intensity of the data requirements increase, so the generational step change required is that of encoding the data to make it more efficient and to cram more data into the available spectrum.
The improvements in speed, capacity, and reliability are what make it special, as outlined above. Take the elevator as an example. The concept had existed for some time, but the capabilities of speed, capacity, reliability, and safety were paramount for mass adoption among people rather than just for goods. Elisha Otis is credited with solving these issues, installing the first public elevator in New York following a demonstration at the World’s Fair in 1854.
For me, a revelation about urban master planning was that it’s very long term — a century even — but buildings are transient on that horizon, perhaps even as short-lived as a decade or so in some Asian cities.
So, coming from London with a history of intergenerational projects that outlasted their original planning horizon — the London Underground and the sewers, for example — how do you begin to even plan for a digital landscape where software cycles around within weeks and even digital hardware infrastructure within a decade? The answer? Accept the innovation cycles and plan for them.
If a building is transient on the master planning horizon, then so your radio access network must be transitional. Buildings will come and go and so will RANs and standards within a decade.
Given your digital master plan will cover many technologies, you might find that your connectivity infrastructure is surprisingly durable compared with other software components.
Cities solved the finite land resource problem by building upwards. In the early 1800s, the upper floors of buildings commanded less rent, as it was considered an inconvenience to climb stairs, so there were no tall buildings.
The economic impact of the elevator in cities is undeniable — transforming where the highest value places were in a building and the compactness of development enabling dense cities from London to Singapore.
The speed, capacity, and reliability improvements to the mobile network that 5G brings are critical to the enablement of multiple smart city projects to run simultaneously in the future, as well as bringing reassurance around safety when applied to use cases such as traffic management and, eventually, autonomous vehicles.
The development of 5G is analogous to the continuous improvement of the elevator — and will have a similar economic impact.
Conclusion
As transformative as the elevator has been to the architecture and the economic prospects of the urban environment, so 5G could be as impactful again to cities in the future. Whether it’s support for autonomous vehicles in the U.K. or immersive media to recreate a historic digital twin for tourism in Italy, there are many exciting possibilities ahead.
Success with mobile infrastructure requires long-term strategic thinking and not a focus on short-term vanity projects. With that, I urge you to move 5G planning up the to-do list and start learning more about the impact it can have on your projects today.