How much does cybersecurity affect a company’s carbon footprint? Hard to say. “Until now, there was nothing that allowed CISOs (responsible for the security of information systems, editor’s note) to measure their impact or take action”, highlights expert Gérôme Billois, cybersecurity associate at Wavestone.
That’s why, in collaboration with Campus Cyber, your office publishes new methodology this Wednesday so that “cyber teams can play their role in the ecological transition”, calculating their carbon footprint and questioning the way they work. In addition to a complete questionnaire to assess the situation, actions are suggested.
“For almost ten months we worked together and with large companies to develop and then test our method in the field”, highlights Gérôme Billois, who hopes that the entire cyber ecosystem takes advantage and puts it to the test again. , “to bring it to scale.”
“Digital is on the verge of an exponential rise”
When cyber attacks are increasing and becoming more dangerous, It might seem secondary – even risky – to review implemented cybersecurity solutions. And yet, its growing weight in digital technology makes it a parameter that is anything but negligible. “According to our calculations, if cybersecurity represents on average 5.7% of the IT budget, it is responsible for 5% to 17% of CO2 emissions linked to IT”, highlights the expert.
Data centers, smartphones, applications… “Unlike other sectors, such as energy or transport, where we hope to be able to stabilize or even reduce emissions, digital technology is on the verge of an exponential increase. In France, it already represents around 3% of emissions, compared to 4% for air transport”, recalls Mathieu Wellhoff, head of the digital sobriety department at Ademe (Ecological Transition Agency), which joined the initiative.
If the use of streaming or the energy consumed by data centers is regularly highlighted, cybersecurity is a blind spot that deserves to be studied according to him. “It is the first time that we can characterize its impact even though it is a component of all digital services”, he highlights.
By building its cybersecurity differently, an organization can expect to reduce its cybersecurity-related emissions by 5% to 10%. What consumes the most – duplication of servers and backup of PCs in case of an incident – can, for example, be reduced by being virtualized in the cloud. “We should also review the rules for storing event logs: companies collect several terabytes of data per day! », points out Gérôme Billois. And above all, according to the expert, it is possible to initiate these changes “with a constant level of risk”, that is, without affecting the organization’s level of cybersecurity.