Commentary by Search CIO points a finger at thin-skinned CIOs, quoting a security consultant who thinks that maybe some IT execs don’t want to point out security problems because it makes them look bad. Associate Site Editor Francesca Sales writes, “information security systems are only as good as the humans guarding the gates.” There’s truth to that statement, I think. But given a serious cybersecurity failure gets people fired, the politics within the company would have to be pretty toxic for any competent exec to put his or her image first. Have you ever worked in a place where your peers didn’t want to hear about risk, or get bad news? Is there a way to change the dynamic?
A column by Deloitte outlines ways that benchmarking your IT spending might lead you astray when you’re budgeting. Instead of comparing your company to others, it’s better to examine whether the money you’re spending is supporting business objectives, focus on making IT processes efficient and lowering unit costs. Do you find benchmarks useful? How do you decide that you’re spending the right amount?
Chris Curran, chief technologist with PWC, offers six sources for technology innovations that aren’t vendors, VCs or universities. Companies should be “bringing the outside in” by investigating what’s happening in open source or maker communities, crowdfunding platforms and other places where technologists, designers and developers connect. Where do you go for inspiration?
Successful innovation requires that you listen. That’s what I take from a (light, quick-to-read) story in the August issue of Mental Floss magazine that revisits how Nike’s Tinker Hatfield, as a new-ish shoe designer, won over Michael Jordan with his design of the Air Jordan III.
Hatfield had trained as an architect. “A basic principle of architecture states that you can’t design a great house without knowing the people who will live in it,” the story notes. So Hatfield set out to learn about Jordan on and off the court, homing in on Jordan’s penchant for fashionable clothing and his suggestions for a lighter-weight basketball shoe to wear on the court. Hatfield designed a mid-top (as opposed to high-top) made of a leather never used in athletic shoes previously. Jordan, whose contract with Nike was expiring, was thinking about moving to another brand, but he decided to stay. One reason: “Jordan could feel that someone had managed to tap into him as a three-dimensional human being and translate that personality into a pair of shoes.”
Like Jordan’s sneakers, our devices and our apps are our tools. How do you make sure you and your team are really listening to what end users or customer want from IT and acting on what you learn? (And if Mental Floss is listening, an easy way to share print stories would be great. There’s no online link to the story that I can find. Sorry about that.)
There is no doubt that organizations everywhere are both bewildered and intrigued by the data spewing from connected devices and the internet of things (IoT). We are bewildered because the volume and velocity of the data is unlike anything that we have experienced before (unless you are Yahoo, Google or Facebook). We are intrigued by the many new monetization and business transformation opportunities that the IoT data wave represents. Since data volume and velocity issues have been covered many times over, by me and others, let’s focus on the business opportunities IoT data represents. As IT and business leaders, it’s essential to start thinking about the IoT data at our organization’s disposal, and how we might start developing new service offerings around it. The opportunities for this are just about endless. For starters, the IoT-powered “intelligent” home is going to provide energy suppliers, appliance and equipment manufacturers, telecom providers and others with abundant opportunities to use these new data sources to create intelligence-based products and services. Here are just a few possibilities:
- Home Energy Optimization. Manufacturers and service providers can monitor the energy usage of each connected device and couple that data with information about local energy prices to help home and business owners reduce energy costs. They could also provide services that start up the homeowner’s dishwasher, washing machine and dryers (pre-loaded, of course) at times when costs are lowest (then we just need smart robots to put away the clean stuff, and my life will be complete!).
- Predictive Maintenance. Smart appliance manufacturers and service providers can leverage data coming from connected devices to flag unusual performance that may be indicative of maintenance or servicing issues. The service provider could then provide details, such as the troubleshooting suggestions and even a timeframe when the appliance or equipment is expected to fail. The service provider could even go as far as to recommend local appliance repair services based upon local reviews from Yelp or Angie’s List.
- Home Safety. In 2010, the National Fire Protection Association released a study entitled “Home Fires Involving Clothes Dryers and Washing Machines” that estimated that there were 16,800 reported U.S. home fires caused by these appliances. The incidents resulted in 51 deaths, 380 injuries, and $236 million in direct property damage.
Companies that provide home security and monitoring services could expand to integrate smoke alarms and CO2 sensors with data coming from washers and dryers that flag dangerous home situations. The insurance industry would surely be interested in this opportunity as well.
- Meal Planning Recommendations. Sites like Foodily, Pinterest, and BigOven support a community for sharing recipes and other cooking tips and techniques Manufacturers and service providers could capture data about a family’s shopping, cooking and dietary preferences, and offer a service that delivers food and recipe recommendations, either through a tablet or maybe even an integrated display on the appliance.
While these examples focus primarily on business-to-consumer products and services, the IoT data wave is also providing opportunities to business-to-business organizations of all kinds and across all sectors. Are you ready to take action? Questions that your organization needs to consider include:
- How do you see IoT data affecting your organization’s ability to enhance existing products and provide new services?
- How do you see IoT data impacting your overall industry’s value chain and value creation processes?
- Which organizations within your industry sit at the crucible of exploiting data to create strategic barriers to entry?
- What kinds of challenges do you foresee in managing the volume, diversity and velocity of the IoT data?
As if we didn’t have enough examples this year, the “Corporate Boards Race to Shore Up Cybersecurity” article in The Wall Street Journal reinforced one of our greatest challenges as CIOs and CISOs. How can we enable our business to be more agile and successful, while minimizing risks and protecting our company, intellectual property and customers?
Previously, everyone used the same kind of computers; on the same corporate network; in the same offices. Alas, those days are gone. Today, we aren’t just defending against denial of service attacks – we are vigilantly protecting our companies from more organized, persistent threats to infiltrate our environment and exfiltrate our intellectual property. On the flipside, we must mitigate risks with a more mobile, global and social workforce that expects their IT capabilities at work to mirror the IT experience they have in their personal lives.
Consequently, as CIOs and CISOs, we need to delicately balance both our potential security risks and our employees’ productivity and privacy. Here are two instances to consider:
- I discussed the hybrid cloud in a prior blog. However, we must ask ourselves, have we made it easy for our business users to quickly, conveniently and cost-effectively leverage our private or hybrid cloud services to achieve their goals instead of using a less secure public cloud service? If not, we need to.
- The second instance revolves around our always-connected, mobile workforce. We recently surveyed 15,000 individuals globally and published the EMC Privacy Index, which captured the following stats:
- While 91% of respondents value “easier access to information and knowledge,” only 45% are willing to trade some of their privacy for easier access.
- While half of the respondents’ phones, email and social media accounts have been breached, 62% don’t regularly change their passwords; 33% don’t customize privacy settings on social media; and 39% don’t password protect their mobile devices.
Our users need access to information whenever, wherever and from whatever device they use. To accomplish this at EMC, we have deployed mobile device management; sync and share services; and are starting to roll out unified communications. While each of these services include security elements, their objective is to enable our employees to be more productive and access the information they need without impacting our risk profile or their privacy.
That said, cybersecurity risks aren’t going away. In addition to applying Big Data analytics to monitor our environment for external threats, we must also continue educating our employees about navigating the cybersecurity threats they encounter daily. After all, they are our first line of defense.
Adm. Michael Rogers, commander of the U.S. Cyber Command and director of the NSA, says that cybersecurity professionals need a career path that encourages them to gain experience in different types of organizations. Otherwise, “we are not going to stay current with cutting-edge technology,” according to an interview published by Federal Times. Rogers is talking about the military and government, but I suspect his observation is applicable to many private companies as well, and not just to security. When a promising employee in early- or mid-career leaves for a new opportunity, how easy is it for them to keep apprised of openings at your company, and for you to hire them back?
Even if you think you do, you probably don’t evaluate it thoroughly or consistently, suggests CIO magazine editor Kim Nash. Nash (we used to work together closely) talked to CIOs and data management experts about their approaches. Valuing a virtual asset isn’t easy, but it’s time to buckle down, she writes: “Knowing its value means you’ll have better answers when fellow members of the C-suite want to quantify the risks and rewards of creating new products and services from internal data.”
What are your key considerations when defining what your data is worth?
By now you’ve probably heard and read about the unanimous U.S. Supreme Court decision in Riley v. California requiring police to get a warrant if they want to search someone’s mobile phone (if you haven’t, there’s a plain-English summary here —http://www.scotusblog.com/2014/06/get-a-warrant-todays-cellphone-privacy-decision-in-plain-english/ — and lots of commentary everywhere). Legal experts say it’s an important decision, in no small part because it acknowledges that our lives are on our phones, and in fact, police can learn more about us from the data on our phones (and data stored in the cloud that we access on our phones) than they could by searching our homes.
The case doesn’t contemplate any rules for how private businesses use people’s data, and the conditions under which companies collect it are obviously different. But it seems as if the ruling ought to influence the discussion. If the data on our devices is, legally, an extension of ourselves, does is follow that companies a) are more limited in how they can use it and b) have greater obligation to protect it?
From Chief Justice John Roberts’ ruling—part of his reasoning about why cell phone data falls under Fourth Amendment protections against unreasonable search and seizure:
“First, a cell phone collects in one place many distinct types of information that reveal much more in combination than any isolated record. Second, the phone’s capacity allows even just one type of information to convey far more than previously possible. Third, data on the phone can date back for years. In addition, an element of pervasiveness characterizes cell phones but not physical records. A decade ago officers might have occasionally stumbled across a highly personal item such as a diary, but today many of the more than 90% of American adults who own cell phones keep on their person a digital record of nearly every aspect of their lives.”
Food for thought here about your own data policies? Does it change how you think about privacy?
New Yorker writer and Harvard historian Jill Lepore takes on Clayton Christensen’s ideas about disruptive innovation–arguing that it rests on a shaky foundation. It’s hard to resist her opening salvo: “A pack of attacking startups sounds something like a pack of ravenous hyenas, but, generally, the rhetoric of disruption—a language of panic, fear, asymmetry, and disorder—calls on the rhetoric of another kind of conflict, in which an upstart refuses to play by the established rules of engagement, and blows things up…Disruptive innovation is competitive strategy for an age seized by terror.” And she has a point when she observes that “many of the failures that are often seen to have resulted from failing to embrace disruptive innovation look like bad management.” But she seems to miss what I think is an essential point—that complacency in the face of change *is* bad management. Witness the trials of the news industry, where I spent most of my career.
Take the time to read the article (I confess, I’m a fan of Lepore’s writing, in the New Yorker and elsewhere), and see what you think. Meanwhile, let’s consider this question: Is panic about disruption disrupting clear thinking about how and when to deploy new technologies? How do you keep the discussion strategic?