Tony Fergusson, Director of Transformation Strategy at Zscaler, discusses the need to examine the carbon emissions of new technologies that organisations are using to enable remote working
Over the last year, we have seen a dramatic shift toward remote work due to the global pandemic. Organisations that were firmly rooted in office environments had to adapt quickly and ensure all employees were able to work from their homes, away from the central office hub, and receive the same type of reliable connectivity and secure data access as they would if they were all sat together in the same office building.
Unfortunately, remote employees no longer under the protection of corporate networks were suddenly goldmines for hackers. Since March 2020 alone, research has shown a 500% increase in ransomware attacks delivered over SSL/TLS channels, targeting industries like technology and communications, that are more likely to pay ransoms as they are business-critical when staff is working remotely. Organisations across the globe quickly upped their security efforts to tackle this issue. While this is to be applauded, the true cost of securing remote workers extends beyond financial payments – the carbon cost must also be examined.
The traditional corporate network features systems, branches, and individual machines linked via spiderwebbed connections designed more than two decades ago. The legacy security systems in place to protect these networks in turn require massive amounts of power to operate, which generates significant greenhouse gas emissions. There are many ways to reduce these cybersecurity emissions, like the reduction of power consumption achieved through efficiency, modernisation, or process change, and adopting renewable energy sources like solar or wind power. Yet legacy approaches still remain de facto for corporate network security.
Corporations and their carbon footprint
Historically, corporations have been required to meet emission standards and report carbon emissions, or potentially pay a fine. This reporting typically takes the form of a “carbon footprint,” the measure of an organisation’s environmental impact on the planet. The lower the carbon footprint, the lower the amount of carbon emitted, the lower the pollution, and the less the harmful effect on global environment. So, what does this really mean behind the scenes? And what’s been the impact of our recent move to remote working?
Most organisations have traditionally operated from legacy hardware-based security. Unfortunately, this type of legacy perimeter-based appliance security isn’t attuned to the way people work today. In legacy security organisations, a “castle-and-moat” security model secures the closed network. IT teams “stack” hardware to process data at their ‘entry’ and ‘exit’ points, and the hardware requirements are determined by bandwidth. The fewer data centre locations companies have globally, the more backhauling of traffic is required. More data traffic means more required capacity to process that data and growing MPLS costs going along with it. Unfortunately, this can also negatively affect user experience.
As such, legacy systems cannot be easily scaled up, as capacity is constrained by physical throughput – worse of all, traditional VPN solutions aren’t necessarily that secure. In fact, hackers specifically target enterprises with this kind of network security because they are scanning for vulnerabilities and exposed infrastructure, and some IT leaders respond with even more traditional security appliances. Threat actors need only breach a firewall once to be able to move laterally within the network and gain access to systems, applications, and data centres housed within the – allegedly – secure perimeter.
Worst of all, they require massive amounts of electricity to operate, therefore, increasing the company’s carbon footprint.
The energy needed to power that hardware adds up. For example, each of these security stacks alone may contain anywhere from four to fourteen appliances – and most organisations require dozens of security stacks, with one or more usually situated in an office environment. The main problem with these security stacks is that they require a lot of electricity and are most likely not operating as energy-efficient as the newer cloud data centres with regards to cooling efficiencies, etc. Companies with legacy on-premise data centres have yet to develop the mindset to switch to renewable energy sources in most cases.
For example, a legacy hardware appliance is designed to filter incoming and outgoing web traffic typically used in large organisations. One year’s operation of such an appliance requires approximately 49,000 megajoules of power – equating to 13,611 kilowatts of electricity – and produces 9.6 metric tons of carbon dioxide output. This is a similar amount of CO2 by-product as the consumption of 22.3 barrels of oil or burning 10,064 pounds of coal – the pollution of which requires dedicated photosynthetic efforts of more than 12.6 acres of trees to offset.
The energy-efficient answer
Thankfully, there are far more efficient, carbon-neutral ways of working, that enable businesses to give their employees a greener way to work from home. For example, within security, Secure Access Service Edge (SASE) implemented systems – which place security-processing in the cloud – mean security services are integrated as a service, with both incoming and outgoing data processed. Routing is optimised, so data traffic travels over the most efficient and direct path. With efficiency comes less energy used, therefore lowering the carbon footprint when the associated data centres are run on green energy. It is estimated that enterprises that shift from a legacy hardware-based security approach to a SASE-based cloud one, not only enjoy better threat and data protection but recent projects have reduced cybersecurity-related carbon output by as much as 97%. This is made possible when more than 70% of the power needed to the required data centres were derived from renewable energy sources, such as wind, hydroelectric, and solar.
As the global population feels the force of our changing environment, it is likely we will see employees start to add pressure on their places of work to ensure they have the most environmentally friendly and efficient remote work setup. This will also become more prevalent in the recruitment side of organisations. Prospective employees will want to understand how secure their potential company is, and how much of their technology is aimed toward a green way of living and working.
The future of enterprise IT
The risks associated with enterprise technology have traditionally been difficult to gauge. In the past, IT leaders have thrown money at identified risk, combating threat with hardware. But did security improve? Not hugely, and pollution got worse. More appliances stacked up, greater power consumption occurred, and therefore a greater carbon output transpired, resulting in negative environmental impacts. Today, the SASE security alternative provides a better impact on the environment, as well as a more seamless ‘work from anywhere’ ability.
IT stakeholders who cling on to outdated, unsecure, polluting legacy security models need to start to answer to their leadership, their colleagues, their constituents, and their communities. Digital technology has a huge amount of potential to help us, as a global community, to reach net-zero – only however if used responsibly. Essentially, if IT teams have the ability to employ solutions which is more secure, more cost-effective, and considerably more energy-efficient, why wouldn’t they?