Cybersecurity and the ‘E’ in ESG: Interview with Christoph Heidler, CIO
Jun 28, 2021
Institutional investors, data providers, corporate directors, and regulators have been factoring cybersecurity into their performance metrics for years. But the beat of the cybersecurity drum has grown louder and more intense with recent cyberattack increases and visibility. The highly publicized ransomware attacks and Federal Action response this spring marked a tipping point.
In addition to saving money and powering the modern virtual workforce, updated cloud-based cybersecurity can help further mitigate risk and help meet data privacy and governance regulations. Cybersecurity can help unlock additional benefits for the wide ESG spectrum by reducing carbon emissions and waste, fighting pollution, and promoting renewable energy.
This week, the second episode of the Zscaler CXO Summit,The Practical Impacts of Clean Cybersecurity: Risk, Cost, and Carbon-footprint Reduction, will focus squarely on the “E” of the ESG equation.
Editorial Team: How do you define a clean digital transformation initiative and why is this important to the board?
Heidler: Boards are generally very focused and concerned about running ethical and sustainable companies to maintain positions and reputations in their respective markets. For some, a clean digitization and digital transformation initiative is seen as an opportunity to ensure these values serve society. When I was at SGS, being recognized as an ESG leader was important. Our slogan, “Value to Society'' meant we went beyond power efficiency and being green and contributed to our communities by giving employee volunteers time off. The program included supporting the homeless, caring for orphans, cleaning parks, and donating blood.
Editorial Team: Speaking of SGS, the 89,000-person company offers data intensive services such as testing, monitoring, and certification. In what ways could this data be used to uncover and seize ESG opportunities?
Heidler: Testing, inspection, and certification companies like SGS that create enormous amounts of data that power how reports and certifications are created. They measure ESG like other companies, but are at the early stage of “mining“ the production data for any use case. They have the ability to create a technical infrastructure with data cubes, data marts, visualizations, Business Intelligence (BI) layers, and so on before connecting internal data analysts with technology partners to explore opportunities. For example, take public infrastructure: we can shift from, say, a twice-per-year snapshot data to continuous and real-time data like from sensors placed on bridges that monitor movement, corrosion, weather, and other features that can help regulate traffic, prevent jams, and reduce pollution.
Editorial Team: How do CXOs get more involved in driving how their organizations play a more integral and accountable role in improving society?
Heidler: It started with a green IT strategy years ago that was almost solely focused on reducing power consumption. Now we have an entire program with ESG measures in the selection of not just solutions, but also vendors. We examine implementation strategies, the most effective and sustainable ways to use the goods and services, and finally, recycling or reusing when the end of life stage arrives for what has been purchased or implemented.
Editorial Team: What factors go into deciding when a company's ESG can be addressable by digital and cloud-based solutions such as cybersecurity?
Heidler: When boards and company leaders look at cybersecurity, they are typically addressing risk and not opportunity. But with cloud, in general, not only are there cost savings, but also flexibility, scalability, and predictability. For some companies that I speak to there are regulatory issues. The question is, how do we marry cloud and cybersecurity in the best possible way? With cloud you can eliminate on-premises dedicated investment of the past, which means you can simplify infrastructure, reduce all the components, and in turn, reduce carbon emissions. The governance component of this shift is critical however, because when you have your arms around the infrastructure, you get more overall control, can better prevent data loss and threats, and are at the edge of innovation.