This winter in Boston has been a record breaker. Bostonians are tired of the weather, while non-Bostonians are tired of hearing Bostonians complain about the weather. However, this never-ending winter provides a useful analogy for assessing your organization’s identity and access management (IAM) processes.
My analogy is based on two words that strike fear into many Boston-area homeowners: ice dams. Ice dams are ice structures that form on roofs, following heavy snowfall, that can cause leaks.
Ice dams often dissipate naturally, but record snowfalls and persistent cold temps have exacerbated ice dams this winter.
Just as ice dams can cause leaks, “identity dams” can cause data leaks and other internal problems. Identity dams may result from reorganizations or may just be existing business processes, but they should be removed.
The challenge is overcoming complacency. Just as many homeowners hope ice dams will dissipate naturally, organizations delude themselves with “This is how we’ve always done it,” and conclude that therefore removing identity dams is not necessary. For complacent organizations, the worst case is having users become accustomed to complicated manual processes for requesting access to new applications, waiting weeks to get access to new applications, and having multiple passwords.
Organizations and homeowners should follow these three steps to minimize the potential damage caused by ice dams and identity dams:
Over the past year, there has certainly been plenty of press coverage surrounding the emergence of the new “Chief Digital Officer” (CDO). And the research we published in 2013 on the CDO role does identify how some firms can potentially benefit from a CDO role working alongside the CMO and CIO. But I’m beginning to see more business-savvy CIOs follow Starbucks' ex-CIO Stephen Gillett’s example and step up to lead digital strategy and digital initiatives.
In fact, CIOs with experience in marketing and/or business-unit leadership — especially eBusiness — are well equipped to lead the future digital transformation journey in many companies. They understand business strategy; they can relate to the outside-in customer view; and they already have an enterprise perspective.
OK, so there are not many CIOs out there today with this kind of experience (my estimate is around 20%) — but this is exactly the kind of CIO that CEOs need to hire in the future.
So let’s not get too hung up on titles — what really matters is the ability to combine a deep understanding of the customer with an understanding of how digital technology will drive new sources of customer value.
That’s the focus of a new series of reports we’ve just published (see below). The reports help digital-savvy CIOs work with business leaders to create a clear vision for what it means to be a digital business and start down the path toward digital business transformation.
Did I pack socks? Check. Toothbrush? Check. Business cards, phone charger, passport? Check, check, and check. Do I know what I need to do and what not to do to protect myself, my devices and the company’s data while I’m on the road and traveling for work? [awkward silence, crickets chirping]
S&R pros, how would employees and executives at your firm answer that last question? It’s an increasingly important one. Items like socks and toothbrushes can be replaced if lost or forgotten; the same can’t be said for your company’s intellectual property and sensitive information. As employees travel around the world for business and traverse through hostile countries (this includes the USA!), they present an additional point of vulnerability for your organization. Devices can be lost, stolen, or physically compromised. Employees can unwittingly connect to hostile networks, be subject to eavesdropping or wandering eyes in public areas. Employees can be targeted because they are an employee of your organization, or simply because they are a foreign business traveler.
So what to do? Rick Holland and I are conducting research now to produce a guide to security while traveling abroad. It’s going to provide guidance for S&R pros to better prepare your executives and employees for travel, including actions to take before, during, and after a trip. We’ll be looking at considerations for things like:
OPSEC. How to determine if employees are being targeted, the pros/cons of using burner equipment, the use of privacy screens on laptops, etc.
It's no surprise that our recent survey data shows that customers of all ages are increasingly using self-service channels (web, mobile, IVR) for a first point of contact for customer service. In fact, for the first time in the history of our survey, respondents reported using the FAQ pages on a company's website more often than speaking with an agent over the phone. Self-service gives you that "pain-free" experience that consumers want. Customers escalate the harder questions to a live agent - whether its chat, email or a phone agent - and these calls become opportunities to help build stronger relationships with your customers to garner their long-term loyalty.
What is comforting is that the 2015 survey results from Dimension Data is saying the same thing too. This report is based on responses from over 900 global contact center decision makers covering 12 industry verticals. Some of their key findings say that "Customers want a frictionless, easy, and immediate journey on channels of their choice. They want a connected omnichannel journey across channels. Complexity levels are intensifying as contact centers evolve into channel resolution hubs."
The majority of large enterprises are using cloud platforms now but few have shifted this use from their DevOps team over to central IT — but will in the next 1-2 years. When you do, you should quickly get your networking team involved as most of the Dev-to-Cloud connections that have been put in place by your developers may not meet your corporate security or WAN performance standards. This is a key finding in the latest report from myself and Andre Kindness that is now available to clients at Forrester.com.
As you no doubt know by now, from reading our research, cloud use is not an isolated activity. Most applications built in the cloud are native hybrid, meaning they connect to something outside the cloud. Most commonly these applications reach back into your corporate data center to talk to systems of record, such as databases, CRM or ERP systems or other key corporate resources. The connections established most often by these developers are public links secured with SSL or VPN constructs. These are easy to establish by the developers but are often set up without the QoS or security controls your networking teams have established for other corporate WAN links. So if you want consistency in your WAN policies, it’s time to get the networking experts involved.
I recently joined Forrester as a senior analyst on the infrastructure and operations (I&O) team based out of New Delhi, India. I’m delighted to be a part of Forrester and have begun work on my first report, which will focus on cloud trends in Asia Pacific and put a regional spin on a report my colleague Lauren E. Nelson published in February titled Adoption Profile: Private Cloud in North America, Q3 2014. My new role will enable me to continue pursuing my passion for next-generation solutions like cloud computing, automation, and customer experience management and their ability to support business objectives.
As I reviewed data from Forrester’s Business Technographics® Global Infrastructure Survey, 2014 of business technology decision-makers in Australia, China, and India, I found causes to be concerned about the private cloud initiatives of the region’s large enterprises. A finer-grained analysis of the most senior executives from large enterprises (companies with 1,000 or more employees) in the survey found that nearly half (43%) of the private cloud deployments in AP will fail to meet business objectives, for the following reasons:
26% of private clouds will not offer self-service to developers.
17% of firms will discourage their developers from using public cloud.
I would like to welcome you to the "Modern Service Delivery" playbook. In this playbook, we are researching how you can take your tech operations team and transform it into a modern operations team. You know already that in the age of the customer, I&O must transform to support businesses by accelerating the speed of service delivery, enabling capacity when and where needed and improving customers and employee experience. You must buddy up with your application development team! Get used to a new way of working. That gets me to the point of this blog – CALMSS! Yes – you are reading this right. CALMSS is not just a scramble of words – it is a fine assessment of characteristics with the purpose of describing a methodology. The first acronym - CAMS (Culture, Automation, Measurement, Sharing) was coined by John Willis and Damon Edwards in 2010 in the first US based Devopsdays in Mountain View, California. Later on the “L” for lean was added by Jez Humble. We at Forrester have added an additional “S” for sourcing as we believe that DevOps must be supported with a solid sourcing strategy to extend the ecosystem. This then brings us to the arcronym of CALMSS.
After a great conversation with Patrick Debois – godfather of DevOps – we are working on a Forrester CALMSS research report (publishing April 2015) where we list what we think are the characteristics of each letter that supports measurement at individual, project, intra-company and inter-company levels. We will be focusing in our playbook on the project level so that you can measure and benchmark yourselves.
In the Tony Award-winning musical “Fiddler on the Roof,” Tevye, the father of five daughters, bemoaned the erosion of tradition where his daughters wanted to marry for love instead of cultural preservation. The cultural norm was to make use of a matchmaker to seek out mates that satisfied familial desires and goals on both sides. In similar fashion, more traditional queuing and routing schemes used in contact centers may get a customer to a qualified agent, but their style and approach may not produce the “magic moment” of a highly satisfying interaction.
Today, advances in processing power, software algorithms, and availability of consumer information have come together to allow for a more advanced method of matching agents with callers. Behavioral analytics applies models of behavioral styles, tracks successful matches that drive better interaction outcomes, and provides an ongoing feedback loop to tune the model for each enterprise. Case studies from Mattersight and Satmap, two vendors who specialize in this software, have demonstrated uplifts in revenues and positive impacts on handle time and customer satisfaction.
Satmap helped one of the largest telecommunications carriers in the United States boost sales conversion rates by 6%, driving $100 million in incremental revenue over a two-year period. The trial included alternating periods of turning Satmap on, and then off, to provide outcome comparisons.
CVS Caremark adopted Mattersight Predictive Behavioral Routing and was able to drive an 8.4% reduction in average talk time during their proof of concept trial. CVS is also using the data to better target training and coaching to agents.
On February 25, 2015, Google publicly announced its latest functionality and updates to the Android OS, titled "Android for Work" (AFW). Some of the new functionalities include secure work profiles, secure personal information management, and an enterprise app store through "Google Play for Work." These new changes in AFW will impact the businesses, the Android ecosystem, and the overall market in a far-reaching way. EMM vendors and enterprise EMM buyers must review these technology changes and understand how they will influence future product direction before making any purchases. It took just a few years for core MDM functionality to commoditize to a $0 price tag. I wonder how long until the advanced security components being folded into Android via AFW are also essentially free?
Cloud Data Protection (protecting data in SaaS, IaaS and PaaS workloads with a centralized and industrial strenght solution) remains a key priority of CIOs, CISOs and architects.
In this market overview report, we identified 17 key vendors in the CDP space (see the figure below) that provide data protection in SaaS, IaaS and PaaS environments. This report details trends and predictions in CDP and also our findings about how each vendor is approaching CDP and to help security and risk (S&R) professionals select the right partner for CDP.