Tony Proctor CITP, Principal Lecturer at the University of Wolverhampton and Emily Proctor, Post-Graduate Student in International Security, discuss whether green IT and cybersecurity can be mutually beneficial.

When asked to do something different in the workplace, there are often objections raised and sometimes, we may be presented with a list of reasons why it might not be a good idea and the negative consequences that are certain to result. For example, in implementing better security, users may tell us that this slows them down and results in them being denied access or produces other hindrances when undertaking their work.

It is reasonable to suggest that there are ‘costs’ in implementing effective security. This is what makes finding and using appropriate security measures so important. But astute security practitioners will highlight security as the enabler of services (for example, the ability to work remotely) rather than trying to enforce an approach where the ‘computer says no’.

So, this leads us into considering whether there is a link between ‘green IT’ and cybersecurity, and what might be the requirements for organisations to ‘do things differently’ in the context of operating more ecologically whilst improving security.

Green IT is the future

The Waste Electrical and Electronic Equipment recycling (WEEE) regulations certainly provide opportunities for not only recovery, reuse and recycling, but also for data sanitisation / destruction as part of an integrated process. Adoption of cloud systems makes for a much better approach ecologically (server utilisation increases from 15% to between 65 - 80%) than running multiple on-premise systems, as does virtualisation.

But there are currently many security concerns raised with respect to widespread cloud adoption. However, a well-secured, shared centralised infrastructure surely offers greater security than dedicated, poorly secured, physically separate systems.

As is frequently the case - the devil is in the detail! What we do know, is that a number of more recent high profile data breaches have affected legacy systems, where organisations were in the process of moving towards zero trust cloud-based architectures (that were unaffected by the breach).

Virtualisation facilitates the operation of different environments on the same hardware systems. This produces a reduction in the hardware requirements and much better utilisation of that hardware.

The challenge is in ensuring that effective monitoring is in place to prevent malware from running amok across virtual machines running on the same physical servers. Virtualisation has allowed more people to work from home, especially during the COVID-19 pandemic, and many firms looking to boost their environmental image are now switching to work-from-home on a more permanent basis.

Environmentalists have offered telecommuting as a green alternative to the traditional commute for a long time, since workers will no longer have to drive carbon-emitting cars or take public transport to work. Though perhaps more beneficial to the environment, it presents some security challenges.

Unlike corporate networks, home networks tend to be less secure and employees can be neglectful in the prompt implementation of updates and security patches. So, one of the main challenges is how we can make work, both more environmentally friendly (and flexible for those who wish to work at home) while still retaining the security of being at the office?

Security systems themselves are also evolving as ‘greener’ products. Unified threat monitoring (UTM) provides multiple security functions from a single server, e.g., firewall, filtering, IPS/IDS, and other functions.

Hence, there are two sides to the question offered in the title of this article: one is to consider any security advantages in moving towards a greener approach to using technology and the other considers how security systems themselves can be greener. (Indeed, the increasing growth of cloud security services may render local security solutions uneconomical).

Consumer is key for both

One of the major challenges to green IT is the paradigm of ‘replace’ rather than ‘repair’ or ‘maintain’ that is the rule of the IT industry. Though there are campaigners attempting to push through ‘right to repair’ legislation in many countries across the globe, the costs of hiring skilled repair workers are still too high for many of the largest tech manufacturers to justify paying out.

The IT industry in general needs to clean up its image here - the desperate downward scramble to produce tech at the lowest possible cost to the manufacturers creates devastating consequences for those affected by the industry, from child labour in precious metal mining, to incredibly low wages on final assembly lines in developing countries.

For you

Be part of something bigger, join BCS, The Chartered Institute for IT.

Consumers want to be able to buy tech at the lowest possible price, and that will always be the case. But for green IT to be successful, consumers need to be made aware of the consequences of cheap tech and why, in the future, we might (and probably should) have to get used to paying more for our new phones. Since questions are now being asked about whether some of the nations that produce the cheapest tech are able to offer appropriate assurance for privacy, there is also another link to security.

For many years, cybersecurity has suffered from a similar problem - antivirus software is expensive, and a lot of people make the argument that ‘there’s nothing important on my device, so why do I need to pay that money to protect it?’ Through educating the masses, cybersecurity has (slowly, but surely) begun to change this attitude.

Green IT can take inspiration from this change and map out its own future on the back of cybersecurity’s success. If more people can understand why replacing damaged or out-of-date technology is harmful and the IT industry can be incentivised to change, green IT can be more successful.

However, success in recycling our technology has implications for cybersecurity. While data may have been deleted by the user, it isn’t forensically removed from the device. So personal and sensitive information can still be discovered on the device.

More widespread secure tech recycling facilities could help solve this issue, creating growth and opportunity for interdisciplinary research between the fields of green IT and cybersecurity. Legislation or consumer demand are strong factors that can effect a change of approach towards both security and green IT within the industry.

Shared objectives

There is a lot to be said in both fields about data storage and what some may deem as taking a more minimalist approach to IT. Environmentalists have, in more recent years, made much of ‘deleting emails to save the planet’, with one energy provider going so far as to claim that if people in the UK sent one less ‘thank you’ email per day, it would save more than 16,400 tonnes of carbon over a year (that’s equivalent to 81,152 flights to Madrid!).

Clearing out data is not only important for green IT but is also key for cybersecurity - quite simply, the more data that is used and stored, the more data there is to be lost, damaged, misused or leaked in a cyber attack. Data storage can be a common ground on which these two fields can collaborate and benefit one another, if they so choose.

A requirement for energy is another common objective shared by both cybersecurity and green IT. Any user of technology or IT professional has a vested interest in this. As we move away from fossil fuels, we need to find new ways to power our digital devices that can be relied upon to provide access to files and data 24/7 (‘availability’ from the CIA. security triad).

Green IT advocates for greater use of renewable energy such as wind, solar, and nuclear energy. This creates another nexus between the two fields and a drive to find better ways to power our devices that can be both renewable, and ultimately reliable.

Conclusion

This article suggests a common thread between green computing and cybersecurity. There are definitely aspects where the two fields can collaborate. However, it may well be that asking whether green IT is ‘a cost or benefit’ to cybersecurity, is the wrong question to ask. There is an ongoing requirement for security to evolve (most changes in technology necessitate review or changes in security).

The reduction of the environmental impact of technology must, ‘just be a good thing to do’. Perhaps returning to an enabling theme, a better question to ask is, ‘How can cybersecurity support green computing?’ It is surely a theme worthy of continued work.

About the authors

Tony Proctor is a Principal Lecturer, Consultant and Cybersecurity Specialist. He teaches at the University of Wolverhampton. With many years of experience in academia and the IT Industry across a number of sectors and roles, he is one of the innovators of cybersecurity information sharing to support threat intelligence and is a regular commentator on security.

Emily Proctor is a graduate in International Relations and is currently completing her master’s dissertation in International Security at the University of Groningen in the Netherlands.