Security Forum 2010 is upon us, and the stage has been set. After my welcome remarks this morning, Forrester’s own VP & Principal Analyst Khalid Kark kicked us off with a fantastic keynote: “Maturing The Security Organization.” Next up, Malcolm Harkins, CISO of Intel, spoke about the misperception of risk as “The Most Significant Vulnerability We Face." After Malcolm, Forrester was happy to welcome a quartet of IBM security experts and customers for a panel discussion on “Smart Security." Daniel Barriuso, CISO of Credit Suisse, finished up our morning keynotes with a presentation outlining the essential steps to build a “Holistic IT Security Management organization”.
Even though each of these presentations addressed different security challenges, in the end they delivered many common recommendations. For example, the need for strong governance and oversight and the ability to objectively identify and assess future risks. There were a few other key points that I want to highlight:
Over the past few months I’ve been interviewing companies that have successfully applied social to their BPM initiatives. As part of this research, we’re identifying best practices for combining social with BPM and identifying specific patterns on how BPM and social are coming together. The patterns identified thus far include:
Collaborative Discovery – Extending process discovery and design to include interactive real-time involvement of business users, customers, and partners.
Shared Development – Extending process development methodology and tools to support development collaboration between business and IT roles.
Process Guidance – Provide real-time suggestions and guidance for completing a particular activity based on real-time analytics and/or social network analysis (e.g., crowdsourcing techniques).
Your service processes must be the same across all communication channels – traditional and social – in order to deliver a consistent experience and value proposition to your customer base. At the moment, this is downright hard to do, as almost no company offers a solution that tightly integrates the social and traditional communication channels. RightNow saw this need and has delivered a solution that allows customer support agents to engage with customers on Facebook.
Facebook has 500 million registered users that spend more than 3 billion hours a month on their site, says Nielsen. It’s a veritable interaction hub, where many businesses have a significant presence. Some have hundreds of thousands of fans. Other businesses have smaller, yet very loyal followings.
RightNow’s CX for Facebook product, to be released in November, will allow companies to install an app that creates a “Support” tab on their wall. Once a user (customer or prospect) clicks on this tab, they will be able to find answers from community content or from the corporate knowledgebase, ask the community questions, follow, participate and track discussions, propose an idea, ask an agent (either in a public or a private conversation), and more without leaving the Facebook site. Agents as well will be able to monitor and respond to wall posts: RightNow’s SmartSense sentiment analysis will be able to detect the tone of posts and flags high-priority comments for immediate follow-up.
The other day I was just reminiscing with a friend who works at HP about all the good times I had there with my ProCurve family. When I left for a once in lifetime opportunity, I had so much hope for HP’s networking division. Like many of my inquiries from global customers looking for a Cisco alternative, I’m concerned about the division and its long-term viability. I’m not worried if HP will continue to exist without Mark Hurd. Companies are more than a single leader. There is plenty of research, books, and online debates about the effect of a single person: Jack Welch, Steve Jobs, John Chambers, etc. The issue at hand is the existence of product lines within enormous companies, like networking within HP. One of my mentors always said, “If you look at networking over the last twenty years, no major IT company or voice vendor has been able to pull off being a serious networking vendor if networking wasn’t its first priority.” Fundamentally networking is one of the few technologies where a vendor has to be all in. The networking graveyard is full of headstones: Nortel fell off the face of earth, IBM sold off its assets, and Dell hobbles along.
Ah, you might say, what about HP? That brings me to my three observations that every IT manager should consider when including HP in their network architecture:
Rarely does vendor consolidation reflect such fragmentation of a market.
Picking up on the recent acquisition trend of independent market leaders, IBM today announced plans to acquire long-time GRC heavyweight OpenPages to strengthen its business analytics offerings, including Cognos and SPSS. It's a good fit for both companies and certainly won't surprise anyone who has been following the space... the OpenPages platform leans on Cognos for its reporting capabilities, so they already have a head start on product integration. The two have also proven successful in the past by combining forces on large risk management implementations, so there are already established use cases to reference.
This deal is most interesting, however, when you consider the other acquisitions of top GRC vendors. Less than two years ago, Paisley was acquired by Thomson Reuters to strengthen its tax and accounting business and content delivery, while EMC acquired Archer Technologies earlier this year as a dashboard (at least initially) to pull together IT risk data and processes as part of its RSA security offerings. While OpenPages has historically competed with Paisley in financial controls management and has recently been moving more into Archer's core IT risk and compliance domain, this acquisition will likely turn the company more toward higher-level corporate performance and enterprise risk management. The GRC vendors will still compete regularly, but their unique selling propositions are starting to look more and more unique all the time.
I will be joining Forrester's Tweet Jam on Cloud Computing today to add some commentary on the differences we're seeing in attitudes toward "cloud" as a delivery model and in adoption across countries. Interest and adoption differs significantly across countries. While in most countries the primary drivers of both Infrastructure-as-a-Service (IaaS) and Software-as-a-Service (SaaS) are around speed and flexibility, in others the primary drivers are cost. Interestingly, in India and Russia, the No. 1 driver for IaaS is "improving disaster recovery and business continuity." IT decision-makers in those markets prefer to rely on those focused on delivering infrastructure than on their own datacenter, for certain projects.
As for inhibitors, the main concerns are pretty common across countries: security and privacy issues, integration with existing infrastructure and applications, and uncertainty around to total cost of ownership. While many are driven by the desire to move from fixed cost to rotating costs (capex to opex), they remain concerned about the total costs in the long-run.
Just when you were getting your mind around Social Computing, Forrester has concluded that Social Computing is a steppingstone along the path to the empowered era. At least that’s one of the findings you’ll discover in the new book Empowered, co-authored by Groundswell author Josh Bernoff and Ted Schadler, published today by Harvard Business Review Press.
It’s not that Social Computing has ceased to be relevant, far from it — it’s just that we are now evolving rapidly into a new era of commerce, the empowered era. A perfect storm of evolving technologies — smart mobile devices, pervasive video, cloud computing, and social technology — has kick-started this new era to empower customers and employees. Empowered is more than a claim to a new technology paradigm. In the empowered era, customers and employees are tapping into technology in new ways and learning how to deliver value (and demand service) with game-changing potential. Forrester identifies these innovative employees as HEROes: highly empowered and resourceful operatives.
From an IT perspective, CIOs are firmly in the driver's seat at one of the three corners of what Forrester defines as the HERO compact. In this role CIOs must build an empowered IT strategy to pursue business opportunities and solve business and customer problems. CIOs and the IT team can find HEROes, help HEROes, and be HEROes.
There were certainly some compelling arguments made in favor of this approach — not the least being that it's a highly cost-effective way to provide improved services to taxpayers who ultimately foot the bill for government IT efforts. As an investor in government IT (I pay taxes), I'm fully supportive of anything that improves services and reduces costs!
One of the most memorable quotes came early on from Carl Malamoud when, in his opening keynote, he suggested, "If we can put a man on the moon, surely we can launch the Library of Congress into cyberspace." (See his keynote below).
I had the chance to sit down with Credit Suisse’s CISO and Head of IT Risk, Daniel Barriuso, to ask him a few questions about his role at Credit Suisse and his approach to security. Daniel will be keynoting this week at Forrester’s Security Forum, which kicks off this Thursday, September 16th. Here’s a sample of our Q&A below:
Why is a more holistic approach to IT security so important today?
[Barriuso]: Given the complex and fast changing IT security landscape, a holistic approach is key to being able to effectively understand the end-to-end threat landscape and manage it proactively. This entails planning for both current and emerging threats, identifying future trends, and making conscious decisions on the security investments required.
What were some of the most important lessons that you learned over the last several years?
[Barriuso]: A key lesson that I have learned through my career is that governance is the foundation for a strong IT security organization. Often organizations focus on technology and technical controls as the main driver to secure data. Instead, a top-down approach is required, beginning with the policy, governance bodies, and risk management framework.
What advice would you give to other senior security leaders who want to move to this more holistic approach?