CISO2CISO.COM & CYBER SECURITY GROUP

Amazing little-known ways to drive sustainability, IT and security growth

EXECUTIVE SUMMARY:

Sustainable business practices – it’s not just another buzzword. It’s a business opportunity. Organizations are improving creativity when it comes to how to intertwine sustainability, ESG agendas and technology operations. As a result, businesses have generated new revenue streams, increased client bases and decreased costs. Here’s how greater sustainability can culminate in positive, value-add IT and security trends…

From boring to brilliant

Does the idea of carbon capture sound like a serious snooze fest? As a business leader, building your strategic thinking around sustainability, IT and security will pay-off in the long-run. Leverage the following concepts within your organization to drive stronger overall business outcomes. Be sure to share these insights with the relevant teams across your organization.

It’s all in the details…

Computing architecture naturally creates a carbon emissions ‘footprint’. In reducing this environmental impact, businesses can also reduce the potential for cyber security threats.

“…do less and save less data, which should also reduce attack surfaces,” says Anne Currie, who is co-author of the draft paper ‘The State of Green Cloud Software Practices’ and the community chair at Green Software Foundation. In other words, if organizations create less data and store less data, they will achieve both greater sustainability and a smaller cyber attack surface.

But how can organizations create less data? That may sound untenable, but it’s easier than it might appear. “…generally, greener means fewer lines of code and that [also] means [a] smaller attack surface,” says paper co-author Paul Johnston, who is also a former senior developer advocate for serverless at Amazon Web Services (AWS).

How can organizations create fewer lines of code?

Read on to learn more…

Memory-safe languages

Currie and Johnston’s analysis encourages developers to rewrite code in such a way as to use a relatively lightweight framework or language. For example, migrating from Python to Rust could result in a 10-fold cut in CPU requirements. From the security standpoint, this could have benefits in that Rust, unlike Python, is memory-safe by default.

The programming language known as Golang is also being touted as more efficient and easier than the classic HPC options of C or C++. And again, from the security perspective, this modification tracks with the US National Security Agency’s recommendation for organizations to abandon languages lacking inherent memory protection, such as C/C++. Instead, organizations are urged to use memory-safe alternatives – Golang, C#, Java, Ruby and Swift.

C and C++ have been blamed for the fact that 70% of Microsoft and Google Chrome flaws are memory-safe vulnerabilities.

Security and C, C++

Experts say that it would be overly simplistic to conclude that ‘lightweight’ languages – generally assessed based on syntax, memory footprint and implementation complexity – are inherently more sustainable and more secure than other languages in every single instance.

It is possible to compose a super-efficient ‘green’ program in C++. However, such pursuits are contingent upon developers’ capabilities.

The potential for vulnerabilities decreases if the language constructs are organized in such a way where the obvious way to write code can’t or isn’t likely to introduce a vulnerability.

C is a comparatively simple programming language in that it retains relatively few constructs. In that regard, it is lightweight. However, many operations in C (array deference, pointer assessment or deference…etc) provide zero automatic protections, meaning that a mistake can quickly result in an issue.

In contrast, C++ is a much larger and more complex language. At least a few measures would not be understood as lightweight. But its lack of safety mechanisms by default can lead to the same problems.

Managed cloud services

Managed cloud services are comparatively environmentally friendly, as they offer high compute density and autoscaling via serverless services.

Yet, some organizations remain nervous about shifting data security into shared environments and delegating security functions can create risks. In response to this concern, Currie says “The cloud puts way more effort into infosec than companies.”

All in all, the benefits of a ‘greener’ approach can be very positive from an infosec view, although every organization must independently weigh the pros and cons.

Environmental Incentives

While computing and cyber security were once seen solely as technology issues, they are now considered key environmental, social and governance issues.

As part of your 2023 computing and risk management practices, align new initiatives with sustainability agendas. Sustainable practices can result in more sustainable technology and business outcomes.

For more on this topic, please see CyberTalk.org’s past coverage. Lastly, to receive cutting-edge cyber security news, exclusive interviews, high-minded expert analyses and leading security resources, please sign up for the CyberTalk.org newsletter.

The post Amazing little-known ways to drive sustainability, IT and security growth appeared first on CyberTalk.

Leer másCyberTalk

Leave a Reply

Your email address will not be published. Required fields are marked *