Monday, October 24, 2016

What happens when your CEO chooses an IT vendor without help from IT ?

The company was on the way to recovery after management change which decided to renovate the business and bring it back to relevance to new customers at their terms; products went through a facelift and upgrade to appeal to the younger generation of consumers. The forgotten sleepy company thus began their journey into the big bad world of Digital customer engagement, ecommerce, and compete with the old and new age companies who had already gained mindshare and market share with a head start.

The new CEO had some success to his credit of having turned around ailing business; in his no nonsense style he reviewed and made appropriate changes across various functions inducting fresh talent where required. As a part of the transformation he also endorsed technology enablement of company operations which was executed successfully by the new CIO. Everyone aligned to the vision of the CEO who took decisions swiftly, leveraging old connections and partners from the industry who had worked with him.

With aspirations to make a dent in the global market with digital commerce, he tasked an old friend and known marketing guru with much acclaimed success of having turned around the fortunes of flagging brands a few decades back. Bringing him out of semi-retirement, the CEO believed that he would be successful in the new age too. The old man acquiesced to the request and used it as a launch pad for his struggling digital practice run by the next generation; the project was signed off with broadly agreed scope and timelines.

Months passed quickly as they progressed on the journey with Marketing taking the lead of the new business opportunity. Working with the vendor and market sales team, the HQ Marketing team created a market communication plan, collateral, outreach and activation program, while coordinating with other teams to come together to launch the business. It is then they realized that integration with the new IT systems was critical to launch and sustain the new business; so the CIO was inducted into the group.

By this time the initial deadline had already passed and the CIO was asked to rush through system integration and not delay the launch. Apologetically he agreed to expedite the task and traveled the extra mile to understand requirements from the vendor and provide the necessary help. As meetings progressed, his antennae buzzed that everything was not hunky dory. He dug deep and wide to realize that they were hurtling towards eventual Armageddon with no signed off requirements, project plan, and skills of the developers.

Subtle shift of responsibility, the CIO setup project governance, requested weekly updates that reluctantly started coming as the second deadline passed. Marketing happily deferred to the CIO to take lead in fixing the broken and achieve success; the CEO was apprised of the situation and that the project will slide some more before recovery. Surprisingly, the CEO accepted the status without too much protestation and asked the CIO to keep him informed as they progressed; he justified the potential debacle as a calculated low cost risky experiment.

The CIO intuitively knew that the project will not be able to deliver to expectation if it continued on its current trajectory. Taking external help he educated the team about best practices and what can be with the right set of resources; The CEO unwilling to accept the mistake of having chosen an incompetent vendor continued to push on; he was unable to go back to his old friend to shift the project to an alternative vendor. The project thus continued to flounder for a while, the business losing the opportunity as a result.

This situation of the CEOs pet project continues to haunt companies where decisions are taken based on comfort and past performance even though unrelated; in many cases convenient scapegoats are found. Almost every CXO steps outside their competency to demonstrate value addition beyond their roles, many times with detrimental results. Corporate politics unfortunately does not allow open debate on these matters; power centers get away with suboptimal designs and strategies leaving the organization at loss.

It requires strong leadership to accept a mistake and equally strong leadership to challenge the situation before it gets out of hand. C level teams rarely get into confrontations preferring to be nice to each other and loud mouth managers take advantage of this state of affairs. “I am here to be effective and not popular” was a quip I had heard from one such maverick leader who had taken the company to new heights. Everyone loved him as he bonded the team together on sustained success that he brought to the company.

Where did the project end up ? Coming soon … 

Monday, October 17, 2016

Fatigue is setting in on Information Security scares, a darker future ahead ?

Another site hacked, millions of user credentials compromised !
Zero day attack discovered, patch on the way !
Ransomware is getting smarter, stay alert !

Everything having an embedded computer or chip is vulnerable to potential attack especially if connected to the Internet. Compromised software, backdoors, unchanged admin passwords, shared identities, complex every changing passwords written down on pieces of paper, the number of ways in which we are being exposed is increasing every day. The information security bogey is breathing down our neck every minute while we wonder where the next attack with emerge from to compromise our identity or steal from us.

Every company going Digital is exposing information to the Internet; strategy varies by company and implementation, but the fact is that now information is available on servers that are facing the public and thus will be targeted. IT organizations and vendors tend to live in their self-proclaimed paradise, smug that they have taken adequate steps to protect themselves. Most of believe that if there is no evidence of leakage or compromise, then I am protected and do not need to worry about the changing threat landscape.

IT departments are under constant pressure to keep the information assets of the company secure and ensure safety of data residing in various machines, removable media, data in motion, and also address phishing attacks on customers using their domains, as well as employees clicking through on spam. Protect the gullible, irresponsible, and naïve who refuse to learn from training programs and past mistakes; at the same time provide access to information on mobiles, via internet cafes, and public wireless hotspots.

Device management, network management, VAPT (Vulnerability Assessment & Penetration Testing), firewalls, anti-virus, DLP (Data Leakage Protection), log management, SIEM (Security Information & Event Management), patch management, hardened devices, VPN (Virtual Private Network), multi-factor authentication, identity management, IDS (Intrusion Detection System), IPS (Intrusion Prevention System), Automatic malware detection and analysis, Anti-adware, WAF (Web Application Firewall), the list of tools is almost endless.

All these pieces or combination have to work together to make the enterprise safe and protect the extended ecosystem and staff. The information security organization struggles to educate and protect the digital assets of the company while consumerization of IT keeps creating holes in the fabric. Everyone wants email access on phones and enterprise apps on the go; the same phones have all kinds of apps downloaded from public app stores snooping around; containerization is still new though evolving.

Employees, especially senior management desire flexibility to additionally access corporate applications from their home computers which are not under the corporate security programs. Increasing touch points increase susceptibility; the CISO has to work hard keeping under control the complex jigsaw which threatens to collapse regularly. Organizations are reaching a break point wherein they are now working on acceptable risk models rather than fix every piece that is broken or likely to be threatened. Let some fires burn !

Most companies live in the perception that targets are normally the visible and high profile companies rather than the small, relatively unknown, obscure or insignificant websites and portals. DDOS attacks are launched only when there is commensurate gain; hacking attempts are made only on digital assets of value or high visibility. While this may be relative truth, reality is that no one can afford to be slack in their preparedness or live in a fool’s paradise that as a low profile non-entity they are safe.

In most large enterprises, security budgets have been steadily increasing to the point that they are now being managed independent of IT. Business expects periodic feedback on information asset security and action being taken by competitors; Boards want answers on risks to business, market, and reputation in the digital world. The bogey of security is no longer adequate to get budgets sanctioned, they need clearly outlined business case, risk profiling, regulatory compliance for some industries, ROI, and connect to business outcomes.

News of breaches today have become less sensational with people accepting the fact that some will get compromised while the majority will stay safe and a few will not disclose. In most cases the root cause analysis indicates human oversight, error or not following the basics resulted in successful attacks with majority being internally motivated. Complex and high tech attacks target (pun not intended) easy pickings on financial and personal data that can be used for monetary gain, or are orchestrated by state actors.

Don’t let fatigue defeat you, stay awake and alert, the complex digital world increases dependence on technology and there are no choices to make !

Monday, October 10, 2016

Technology changes the game, customers change the rules !

In the early 90s, the initial days of email it was fashionable to have a personal tag line at the end of the message over and above the signature; it used to be a famous quote or a witty one liner that represented the persona. Unaware of the profoundness of the statement as a youngster I had the following going for almost 5 years: “My interest is in the future, because I am going to spend the rest of my life there”. I don’t know the source from where I picked it up as it was before the advent of the browser, contemplating it now feels awkward !

The future is here and how ! We aren’t done with technology evolution, we keep anticipating new disruptions and welcome them. Technology disruption over the last century or more started with electricity and then continued with transportation and electric appliances which change the way we live and travel today. Today when we think of technology and its power of disruption we think about the last two decades and the impact they have had on us and business with disintermediation and customer engagement.

A famous venture capitalist and Angel investor once wrote about “Why software is eating the world” which outlines the technology led disruption to almost every industry. Old and even new economy companies have been threatened by software evolution and software led disruptions. The concept of software is applied in a broad sense with computers and related technologies being clubbed. That does not in any way reduce the impact technology has created across industries as captured by the author.

Mobile phones have been around for a while now and so have smartphones; but the newer devices are stretching the limits of compute in our hands thus providing enterprises new ways of engaging their customers. Be it services or products, every company wants to use the primary consumer device to push all kinds of notifications, track locations, access contacts, store cookies, at times to the extent of becoming a pain; today almost every service is available via an app and so is every fathomable product.

Multitude of channels bombard the customer from physical to digital to mobile assaulting the senses through the day and night. Every visit to a website, an app opened, store visited, mobile wallet used, credit card swiped, destination searched on maps, every action leaves indelible bread crumbs which are picked up. For the customer fatigue starts setting in when gamification offers freebies in return for action once again creating a short lived surge of activity while everyone catches up to the game with me too offerings.

Every person has a trigger point, some short where consumers don’t tolerate anything that is not aligned to their interests; they research options to shield themselves from the barrage and shut off all possible triggers they can and broadcast these to their circle to follow suit; activist behavior marks this segment of consumers who love to be served at their terms and are cautious of their privacy. They are opinion leaders and shapers who people listen to and take action because it feels right and good.

However, the majority tend to maintain status quo while being subjected to all kinds of incitement, and at times irrelevant messages; the effort to change appears high and thus inertia keeps them going until an incident – direct or hearsay – provokes them to take action. This segment is tolerant to being hounded ignoring small indiscretions thereby once again landing in the same state from where they started. They play the game with their brands of choice until they become tormentors and fall off grace only to be replaced by others.

A minor and growing segment plays the game becoming the protagonist to beat business at their own game. They know how to exploit the system, get best of deals, hack into models to find value and distribute to whosoever may be interested. Predominantly millennials who love the technology connect and take disruptions in their stride. At times they are the source of ideas that send shivers down established conventional business entities. They are inventors wanting to change the world and thus lead change in the rules of engagement !

It is unimportant to enumerate the list of disruptors and the disrupted across industries, the most talked about being the hospitality, transportation, photography, music and music distribution, gaming, media and advertisement, logistics, education, healthcare, the list goes on. Every new idea gets copied to death threatening the original and at times succeeding in uprooting the innovator. Customer expectations continue to change as they love the adulation of the wooers who compete for the same segment.

Keep innovating, stay hungry, stay connected !

Monday, October 03, 2016

Blaming technology is an easy target when business fails

The company was a pioneer in adoption of technology for a long time; this was facilitated by a visionary business leader who believed that IT will make the difference when every other aspect of business had been copied by competitors. Thus he pushed the enterprise to invest in technology which none in the industry had deployed; they did not succeed all the time, but he continued to push on, challenging not just the business team, he also nudged the IT team to take risks and come up with new opportunities to grow the business.

As the company grew, so did competition expanding the market as well as taking advantage of newer technologies. That did not take away the advantage of process and technology maturity from the early adopter; with new leaders taking on the primary mantle of business, they however did not pick up pace that was necessary in the face of new paradigms of business. Leadership change made decision making shift to lower risk model for new projects and doing more of what made them successful in the past.

A shift occurred when a new CIO was hired to replace the exiting IT leader who had lost interest due to change in organization dynamics and the fact that he had lost connect with the business. With the new came wave of expectations; he got off the ground running and had the IT team charged up with his collaborative approach. Business also loved his connect, can-do attitude and the ability to get things moving; he established credibility with projects that were deemed difficult and path breaking in the industry.

The project was neither innovative nor first for the industry, but its scope impacted the entire business and company reputation. The CIO worked with the business head to present the case to the management and then the Board. They were given an in-principle approval but with a low-risk caveat attached to keep investment to the barest minimum. Even if it does not work, we will not be too much out of pocket. So the investment schedule was changed along with the solution to adapt to set expectations.

Since the project required cross-functional collaboration, they had difficulty in aligning everyone to the goal which stretched timelines and budget a bit. Coaxing and cajoling the non-believers, they managed to get off the ground and launched the new business. Ramp up was slow and steady as business slowly found traction with customers; the peak during the following festive season broke the process as they faced the ire of customers and internal teams who were stressed by the additional workload.

Learning from the incident, root cause indicated the nonchalant behavior of the unaligned as the primary reason. The CEO unwilling to acknowledge the failure by the business team blamed the technology and implementation partner seeking a change to an alternative solution. With no recourse, the team reluctantly moved on to evaluate a better system which would help them scale up and also meet expectations; the caveat remained this time around also, do more with less, we cannot invest too much.

Usual project travails and a year later, the new system found light of day; newer technology comes with new features which were expected to provide better capability to the business teams. Some of the non-believers converted and joined the wave which made good addition to their resumes. Since the root cause was not fully addressed, the next big surge created problems of larger proportions, also impacting the brand apart from loss of business; the ostrich CEO fired the team and decided to go to market again for a better solution !

The new team wiser to history took cautious steps towards selection of the new solution going with global leaders, unwilling to try any other approach. They patiently waited for budget approvals and the cross-functional team to be formed that would drive the project along with the technology team. They chose the best of implementation partners, collectively turning it into the mother of all projects for the company. With the large budget the CEO was under pressure to deliver the project right third time, the Board demanding results.

From the first attempt to the one now, the gap was close to a decade; competition had risen with the waves, many had fallen too. Customers had evolved expecting better experience, service and bargains. Changeover took some effort, the new platform was deployed with new capability and expectation of higher business. The large investment rankled somewhere, the Board expecting commensurate returns in a fast growing market. The business teams continued their other lives while the platform struggled.

Internal process alignment, market dynamics and customers finally decide success; the CEO was heard blaming the tool again !