Chapter 1
Innovation
In collaboration, we devised a unique framework blending elements of Gartner's Hype Cycle and Thoughtworks Tech Radar. Technologies were categorised into four sections: Architecture, Development, Operations, and Delivery. Our primary goal was to delineate where our resources and focus currently lie and where they do not.
Innovation Wheel
Each of us had 4 red and 4 green stickers to allocate. Green stickers symbolise our primary focus areas, while red indicates our areas of least focus. Here's our final scope and ensuing discussion.
Technology Scope
Based on the data gathered during our group session, we crafted a 'Technology Scope.' This scope is structured around the four quadrants of Architecture, Development, Operations, and Delivery, showcasing the tech leadership's areas of focus and disinterest.
Topic 1
Mark Simpson
Engineering Director
Griffiths Waite
So a lot of the larger research companies think we should be focusing on all of these things but as we know, our people and our budgets can only stretch so far.
Cyber Security seems a massive area that we are all focusing on – can we discuss?
Working in IT for more than 25 years, I find clients are naturally guarded over the security of their legacy systems. So, it becomes a different problem of how do I take this and open it up to a digital world? Security often becomes the barrier, not just a risk to them. We see a lot of examples where people simply don't trust their internal networks.
So you come up with a great new architecture for cloud and they go, “Oh yeah, but I don't trust that someone can't get in elsewhere and get to that. So, I'm not opening that up to the cloud.” I think this is one of the great challenges - how do you fit in with legacy? How do you start opening up your heritage systems?
I think regardless of whether you are enterprise or greenfield you're in exactly the same boat. It's kind of the same whether you've been in business for hundreds of years because vulnerability effects everybody, doesn't it.
Greg Telford
Global Head of Infrastructure and Operations
Hogan Lovells
Jas Bassi
Head of Solutions Delivery
Gateley
A lot of organisations are going to have signature-based AV solutions in-place on a multi-year deal, that are not going to be replaced until they encounter an issue or a breach, leaving them particularly vulnerable to zero-day attacks. However, you've got a number of new entrants to the market, with the likes of @Crowdstrike and @Artric Wolf, who deliver a combined SIEM and XDR type solution, where those kind of vulnerabilities are far more likely to be contained.
No, you're right. The principle behind zero trust is you will be penetrated, you know, like the whole point is someone will find a way into your network. It's how you mitigate that.
Matthew Evans
Director of Markets
TechUK
Vinay Parmar
Non-Exec Director & CX Keynote Speaker
Curo
The articulation of the barrier is probably a better way of kind of crystallising what I was thinking about. My personal experience is in organisations we're excited about transformation and innovation, we have people coming to us saying that they want to work with you on this and that.
So you know we are running around an innovation lab over at the science park and we have people coming in and doing sprints for like 6 or 12 weeks. They get to the end of it and they'll be like, right, great implement this into the business. But then there are security barriers that stop innovation.
It’s the wrong way around. You’ve got to build that design from the ground up and build it around the security. So, zero-trust becomes about having that strength in depth in your security stack and not trusting anyone, device or network implicitly. It starts with having security involved in all early iterations of the R&D process.
Jas Bassi
Head of Solutions Delivery
Gateley
Peter Wainwright
Director of IT
ERIKS UK & Ireland
Absolutely, the devs should have that upfront and build it in.
Security should be paramount at the inception of an idea. I’d much prefer to go into a start-up and put security in than to go into an enterprise with a 30-year old legacy system in place. The threat remains the same, but you can involve the right people from the beginning and make it a 360 solution that all key stakeholders are involved in.
The biggest threats now are with the enterprises on old technology. We’ve seen the like of Royal Mail and Johnson Controls attacked in recent times. Quite often, the work was done by people that are no longer with us, meaning the architecture isn’t documented, so any attacks are painfully resolved.
James Walsh
Business Director of Cyber Security
Hays
Mark Simpson
Engineering Director
Griffiths Waite
I think this brings us to one of the biggest challenges. It’s not spotting the risks it’s getting the updates and closing them in a timely manner and having the processes in the place to deal with the vulnerabilities at the earliest opportunity.
I wonder if we might be missing something on our wheel around security design for the end user?
Matthew Evans
Director of Markets
TechUK
Greg Telford
Global Head of Infrastructure and Operations
Hogan Lovells
Yes, I actually think instead of quarters this should be fifths and the new section should be 100% on security as its such a huge issue for all of us.
Topic 2
Generative AI & AI Governance
Mark Simpson
Engineering Director
Griffiths Waite
Generative AI & AI Governance took up a lot of our stickers.
AI Governance for me should be Data Governance. The issue for me is not AI but the data that you are pushing into it.
Peter Wainwright
Director of IT
ERIKS UK & Ireland
Matthew Evans
Director of Markets
TechUK
Yes, Peter. I think its 95% data and how we are using it. Understanding AI algorithms and being able to explain to a customer how decisions are being made.
It’s the governance piece that concerns me. I read in the Guardian recently about a group of chemists that were looking for a new anti-biotic. There was a resistant strain of e-coli and they were using machine learning to help with the process, with great success.
They were then invited to a weapons conference to engage in conversations about how they could invert the process to help create nerve gas! My point really is, there must be guard rails around AI so that misuse can be stamped out.
Reuben Boughton
Board Member
Birmingham Tech Leaders
Mark Simpson
Engineering Director
Griffiths Waite
There’s a really good book called The Coming Wave that I’d recommend. The author Mustafa Suleyman talks about a lot of theses topics, and how we can learn from history; Oppenheimer, etc.
I think the key here is crystallising how AI can help businesses understand real risk and intended/unintended consequences. CFO’s are thinking about cost reductions and efficiencies. Other parts of the business need to clearly understand all the other implications.
Vinay Parmar
Non-Exec Director & CX Keynote Speaker
Curo
Matthew Evans
Director of Markets
TechUK
If you’re thinking about dynamic ticket pricing, for instance, and use an AI model, how do we stop it discriminating? Guard rails, governance, and potential outcomes are what’s needed.
What is clear, is that you must act now. All our competitors, regardless of industry, already are.
Reuben Boughton
Board Member
Birmingham Tech Leaders
Mark Simpson
Engineering Director
Griffiths Waite
It’s been the same for 30 years, when automation first came in or when outsourcing became a thing. Guardrails are key.
Conclusion
What is clear is that Cyber Security, AI, AI Governance, Skills, and Automation are the core focus for our IT leaders right now. Getting the people the processes and tech working together remains paramount. How we define the guardrails especially around AI is a key missing ingredient for all of us to consider in our further sessions.
We eagerly invite insights from fellow IT leaders across the UK regarding their challenges and whether our scope has overlooked any critical aspects. We’d also like to hear feedback on how AI is helping your organisation supercharge what you do and how you manage the complex issues around security and data management.
Next week, we’ll be sharing our discussions and the outcomes of our vote on the barriers that block innovation.
#BirminghamTechLeaders
