21 October 2022 - Looking back at DIG22
Sabrina Samah
Service Desk and Student Support Analyst
Loughborough University
DIG22 was my first in-person conference and a nice change of scenery since joining the IT Security team at Loughborough University in the midst of the new dynamic working norm.
As a nervous first-time attendee, the “Cyber Security in Practice – Learning with Lego” session was a brilliant start to the conference. This collaborative session was an effective icebreaker and a great introduction to conferences as a whole (plus an opportunity to play with Lego – win-win!). The session gamified the challenge of balancing profitability with the expenses of protecting your business in the face of escalating cyber-attacks. Without spoiling the game, my main takeaway is that basing decisions on assumptions can often lend you in a sore spot, and that the strongest starting point to any security-related decision is to ensure you are properly informed about your estate and most valuable and at-risk areas.
Presentations over the 2 days highlighted the fact that while data is the gold of the digital age, there is a real impact on the environment as the volumes of data harvested, transmitted, and stored increase exponentially and their environmental impact with them. Quantifying this accurately is a challenge and with the tendency to focus on scope 1 & 2 emissions, such as from on-site data centres, pushing these to scope 3, e.g., with a shift to the cloud, often may be seen as the “solution”. Rather than a solution, it is important to see this as a step forward and realise that with this shift we have an opportunity as a sector to influence cloud providers by choosing those who demonstrate robust sustainability practices and roadmaps, and thereby reduce scope 3 emissions across the sector. Presentations from Pure Storage and AWS showed that providers are listening and making environment-centred decisions from sustainable building materials to renewable energy sources to drive this change at scale.
This theme of opportunity with technology shifts was echoed through our numerous other presentations such as the ”Surviving the journey to public cloud” panel, “Don’t panic”, and “Preparing your institution for a cyber attack” talks where speakers drove home the point that over time, there is a tendency to retain systems and data that we believe we need but, when pushed, find we are resilient enough to do without. While ransomware attacks are a bit of drastic way to force our hands to a more lean approach to data storage, sustainability (with a sprinkle of rising energy costs) can act as a driver to effect this change while simultaneously benefitting security by reducing an organisation’s attack surface.
On the topic of security, the talks from Tanium and NCSC reinforced the feelings a lot of us may have had over the past year that yes, we are a target, but we have a strength as a sector to combat this. By fostering a supportive and open culture both internally at our organisations and collaboratively as a sector we are disproportionately benefitted. This spirit was perfectly demonstrated by the “Defacement’s Not Dead” talk and Ambrose’s response of continuously finding and informing others who were subject to website defacement in the same way as the University of Surrey. This is probably one of the key things we can take away from events like DIG22 – UCISA is a community ready and willing to help one another and the more open we are with sharing, the more we each get out of the collaboration.