The USA PATRIOT Act (more commonly known as “the Patriot Act”) was signed into law by George W. Bush on October 26, 2001 as a response to the September 11 attacks. The title of the act (USA PATRIOT) is actually an acronym that stands for “Uniting (and) Strengthening America (by) Providing Appropriate Tools Required (to) Intercept (and) Obstruct Terrorism”. Many aspects of the Act were to expire in 2005; however, renewals and extensions mean that the Act is here for a while yet.
For Security & Risk Professionals, the Patriot Act comes up in conversation mostly with regard to data access. The Act suggests that the US government is able to gain access to data held on US soil, or even by a US firm outside US territory, without the data owner being notified; this is of significant concern when it comes to considerations around the adoption of cloud technology. EU-based organizations are concerned that utilizing cloud as part of their infrastructure will make their data accessible to the US government. In 2004, the Canadian government passed laws prohibiting the storage of citizens’ personal data outside their physical boundaries, and a recent news article suggested that one large UK defense contractor walked away from Microsoft’s Office 365 due to lack of assurances on data location.
There are many types of criminals. These include thrill-seeking hackers, politically motivated hackers, organized criminals after financial gain, and state-sponsored groups after financial gain and intellectual property or both. Any of these have the potential to break these capabilities through information loss, or denial of service. Business processes and their associated transactions need to look at information security as a key component of any architectural design we might create as Enterprise Architects.
Security architecture is dependent on the idea of “security.” Security by some definitions is the trade-off of convenience for protection. When I am unloading the car and have an armful of groceries, it's challenging to unlock the front door at the same time. Alternatively I could just leave the front door unlocked but that might invite guests I had not planned for. So I trade convenience for protection.
Security is often seen as in conflict with business users; however, security is a process that protects the business and allows it to effectively operate.
Security is in response to perceived business risks.
Security can be seen as a benefit and a business enabler and can aid organizations to achieve their business objectives.
7:30 AM, on Monday, December 5th, 2011, flight 1052. As I took my seat in Southwest Airlines' "Business Class," otherwise known as the exit row, I gave a nod to my new seat mate and noticed his MacBook on the tray table. He was reading something on his iPad and set it down for a second to send a text message from his iPhone. Now there's a Kool-Aid connoisseur, I thought. "Going to Salt Lake or beyond?" I asked. "Salt Lake. Gotta visit some customers, and after that I have to go to Boise to train our western region sales team."
And so the conversation began. I learned that his name is Jamie, he is in sales, travels every week, loves his job and his company, and is the top sales performer. $3M in quota last year and his secret sauce is knowing his customers' businesses better than they do, and delivering value with every interaction. He said, "Last week I had a meeting with a new prospect for the first time, and they couldn't believe I showed up without slides, and we spent the meeting talking about their situation instead of throwing up all over them about what we do." Jamie is a HERO. His world revolves around delivering customer value, and he has neither the time nor the patience for anything that gets in the way.
Naturally, I asked him some questions about his MacBook Air and the applications he uses. His answers, while fascinating, echo what I hear from many others like him:
Q: How do you like your MacBook Air? A: I love it.
Q: Does your company issue those or is that one yours? A: Hell no! It's mine! They gave me a huge Dell.
Q: Where is it? A: It's in the closet at home, still in the bag.
Q: Does your company support the Mac?
Do you ever wonder which IT investments really drive competitiveness or comparative advantage for your firm and which are there simply to support mundane processes that are identical to those of all your competitors? Do you ever wonder if it might make sense to standardize on "best practices" for non-differentiating processes and supporting application implementation?
Received wisdom is that accounting processes are not differentiating and so it makes the most sense to support them with packaged apps or maybe with software-as-a-service solutions. Larger firms often implement shared services for financial management across all their business units or even outsource altogether apparently dull processes such as invoice settlement or collections.
But does that really stand up to scrutiny?
One retailer, with which Forrester worked, confessed to having 17 definitions of margin depending on which types of supplier rebates and volume discounts were included. We asked how they calculate markdown and they grinned.
The more I thought about it, the more this fact disturbed me. In some types of specialty retail, inspired opportunity buying is the key to competing with the bulk buying muscle and supply chain scale economies of global discount retail chains.
Many retailers import merchandise and have to calculate "landed cost" based on customs and freight invoices that arrive long after the goods in question have been sold. What price weighted average actual cost accounting, or margin calculation, in such a scenario?
Where is the scope for creative dealmaking in standardized accounting applications that deliver lowest common denominator functionality across verticals as diverse as local government, with its focus on fund or commitment accounting, engineer to order manufacturing with a focus on multi-period project costs and retail with a focus on margin measurement and management?
Over the Thanksgiving holiday I found myself in a gift shop chock-full of unique and interesting items. One sign (that was for sale) struck an immediate chord with me because it’s right on target with the business issues I often encounter when helping organizations adopt BPM programs. The sign said simply:
Throughout 2011, my colleague Claire Schooley and I have published research that focuses on change management — what methodologies and best practices to use, how to organize for change management, and pitfalls to avoid. But the “you go first” part of the sign grabbed my attention — it’s a great point. And to be honest, I haven’t seen a data-driven body of research about the pros and cons of going first in initiatives involving substantial change. If you know of something, we’d love to hear about it. Just add a comment to this post.
Probably everyone can think of the reasons why you shouldn’t go first:
There’s the old saying “Pioneers get an arrow in their backs.”
It’s risky (see bullet point 1).
Prototypes, pilots, or early adoptions are often half-baked and you waste a lot of time experimenting.
Going first may mean that you don’t have time to adequately do your “day job.”
If you go last, you get the benefit of all the feedback from those poor guys who went first!
Just a quickie blog as the ServiceNowKnowledge11 European annual user conference draws to a close in Frankfurt. It’s been a whirlwind three days so far and I still have a couple more sessions to attend including my own (a panel session about working effectively within the information blizzard that is the modern “workplace” … obviously the session has a far flasher title than this … “Information Consumption At The Speed Of Light”). The other is the sexily-titled “Mobility, Cloud, And The Coming Singularity” by Chris Dancy.
For years I have been railing about cloud washing -- the efforts by vendors and, more recently, enterprise I&O professionals to give a cloud computing name to their business-as-usual IT services and virtualization efforts. Now, a cloud vendor, with tongue somewhat in cheek, is taking this rant to the next level.
Appirio, a cloud integration and customization solution provider, has created the cloud computing equivalent of the Razzie Awards to recognize and call out those vendors it and its clients see as the most egregious cloud washing offenders. The first annual Washies will be announced next Wednesday night at The Cigar Bar in San Francisco, and in true Razzie tradition, the nominees are invited to attend and pick up their dubious honors in person. I'm betting that Larry Ellison will be otherwise engaged.
As well as an adaptation of a festive song this could be one of the guiding jingles for ServiceNow.
This week I have been attending, along with my colleague Stephen Mann, the Knowledge11 conference in Frankfurt. ServiceNow is one of those companies that ITSM practitioners have an interest in because of their phenomenal growth and go-to-market model.
So what are their secret ingredients that make the solution so appealing?
Is it simply, that their key differentiator is that they provide a SaaS-based model and have experienced a bit of luck with the ‘cloud’ computing phenomenon? Is it that they have a great company name which lends itself well to becoming a brand? Is it that their sales and account managers have mythical powers?
My answer to you, after spending time with their clients, is that, firstly, they have inherent or at least portray a focus on the end ‘customer.’ They understand that their customers are looking for fast integration that will link in and improve their current ITSM and other business workflow processes. Also, the majority of their customers adopt the SaaS-based solution; it means that they can’t hide behind the age old cloak of “It must be the users infrastructure/network/environment/processes, etc.” If there is a problem with the software they have to fix it because the chances are that another customer will experience the same issue.
I was watching “60 Minutes” last night and started chuckling a little bit over the show’s report about piracy. Stealing isn’t funny, but Leslie Stahl trying to explain how criminals do it is. Take for example the dialogue between a former Justice Department official and Stahl.
"And when we get that complete movie, the technology will rearrange all those little pieces into one complete film that is watchable," John Malcolm, a former Justice Department official, explained.
"There's a technology that automatically puts it in the right order?" Stahl asked.
Yes, Virginia. Technology can do that.
Anyway, the report got me thinking about where we were with multitiered applications and virtualization, and how it won’t be too long before applications can be broken up across servers much the way BitTorrent does with files on the Internet. This dissemination of applications in the data center will force the "dial tone" of IT — an always-on, always-available service for connecting to data and applications — to evolve from a clunky and manual process into an automated one. Much of IP, Dynamic Host Communication Protocol(DHCP), Domain Name Services(DNS) management requires too much hand holding; administrators spend time allocating addresses, capturing unused ones, uploading new records, or checking for errors. On average, it takes two days to allocate a set of addresses for the deployment of new servers when it’s 5 minutes of work.
Infrastructure and operations professionals will have to quickly wean their administrators off manual, script-based, or kludgy homegrown tools soon if they’re going to be ready for:
Kofax is the latest investor in the BPM business (and for Kofax, this means capture-driven BPM). What Kofax has envisioned for more than a year is now reality. The first step will no doubt be to link the Singularity BPM platform with the capture process and lift data that is then filtered and cleansed and move it to straight-through processes. This provides a lighter-weight approach; for some processes, this will bypass the packaged application or ECM platform. Yet more automation leads to more challenging exceptions — and the more we move to STP, the more those exceptions require case management handling and even more serious human intervention. That’s where Singularity’s case management platform will help; Singularity was a Leader in the 2011 Forrester Wave™ for dynamic case management solutions. Overall, there is a lot to like here. Rather then partnering for BPM, building from within, or trying to leverage 170 systems more fit to purpose workflow, this investment shows that Kofax understands that the real customer value is in process transformation rather than in supporting tasks like capture or document management. More tactically, Singularity fits well with existing Kofax SharePoint solutions. But the real synergy is around distribution: Singularity, as a private company based in Ireland with $15 million in annual revenues, suffered from poor recognition in the bigger markets. Now the 700-plus Kofax partners around the world could change that, and quickly, although not all of the partners may be up to the task. Kofax’s recent investment in MobiFlex, which has mobile technology for capturing PDFs and rich media, can also be tied to capture and now case management apps. Overall, there are many positives to this, and I don’t see a lot of conflict with the recent