Oh I See! Getting CIOs to view their jobs from a different angle


May 31, 2010  6:39 AM

Online customer service in a connected world

Arun Gupta Arun Gupta Profile: Arun Gupta

In the last few weeks, I attempted to reach out to various service providers—organizations whose services I had availed in the past via their websites. The objective was to seek help with unsubscribing from their mailing lists, as well as for assistance in resolving problems I faced with a few purchased goods, respectively. While I thoroughly enjoyed the services and products, when it came to problem resolution, the process fell through the gaps (with no resolution).

We know that every business selling services or merchandise has had online aspirations since the Internet and World Wide Web came into existence. These aspirations skyrocketed with the mobile market growing at a fast pace and phones becoming smarter. Today, every business irrespective of size, geography and market potential, has a Website providing information. In many cases, these Websites even provide transactional capability, as they experiment with mobile based engagement models.

Customers have lapped up these offerings, as they have offered convenience (apart from discounts) over conventional modes of buying in many cases, or facilitated anytime anywhere commerce. Information enabled customers are also making smart choices by comparing offerings from various retailers. The industry has grown faster than conventional retailing in developed markets, and in the developing world, growth via non-brick-and-mortar model is higher by multiples.

Now, here are a few examples of my experiences with these organizations:

Case 1: Tried to reach a portal offering match making services to unsubscribe after my nephew found his match. However, the email ID for unsubscribing from the newsletters was incorrect. With trial and error, found the right id, and guess what? The mailbox was full, so the message bounced back. Not giving up, I wrote to the Webmaster and feedback email ids. Three weeks later, I still continue to receive offers to get married!

Case 2: Bought a leading brand’s stereo Bluetooth speaker from a store. All was well for 2 years, until I wanted to install the device on another computer. Unable to find the driver, I found that the website was not helpful. Emails to customer service, the CEO, and Web-forms have gone unanswered for a month now.

Case 3: Used the services of a large domain registrar. The payment gateway failed four times, prompting me to reach out to customer services, which helped me with the process. On the payment gateway screen after providing my credit card details, I get an error! Customer service says in an online chat session that the transaction is successful, and disconnects. I am left wondering if that last the unsuccessful attempts were also charged. Email sent to them evinces no response.

What do you deduce from these incidents? Technology can enable processes, but people have to execute them. If staff does not recognize that a customer is to be served through the Website, email or chats as well as they are served in the offline world, the customer can choose to take the business elsewhere. I am reasonably certain that I would do business with these sites or their associate sites only if I had absolutely no other options. Do they care about the outcome? I don’t know. Can CIOs and IT do anything to improve such a situation?

For starters, CIOs could be the process’ co-owners in the virtual world. The CIO can use his network of friends to periodically test efficacy, provide feedback, or fine-tune the process to achieve desired outcomes. Technology enabled blackholes (such as the outlined cases) are a negative reflection on the organization’s brand value and customer perception. Every customer counts—more so in a connected world when social computing influences consumer behavior; the ripple effect needs to be addressed before it becomes a big wave rushing down.

So, do you know what are consumers tweeting or blogging about your company?

May 25, 2010  2:22 AM

Are you “Open Sourcing”?

Arun Gupta Arun Gupta Profile: Arun Gupta

Last week, I had the privilege to meet international thought leaders from different parts of the world. A large number of them worked with ministries, governments, or educational institutes after having spent decades with the industry churning patents for the companies they invested their time in. As the discussion progressed through a myriad of technologies, it was seen that for almost every commercially available technology solution, they had explored, experimented, and in many cases deployed “open source” solutions. Amazed at their ability to implement these solutions, I started digging deeper to understand how I could leverage from their experiences.

Across countries, almost every government function and government funded organization has made bold statements and commitments towards the open source movement. They believe in not promoting or getting tied down to proprietary and expensive solutions to enable processes, citizens and overall functioning of the government. The belief is that tax-payers’ money should be saved to give the biggest bang for the buck. So forget the hugely popular operating systems, office productivity tools, virtualization, management solutions, and almost everything in between, that does not have the open tag. This is a topic that has taken a lot of vendor and system integrator stress levels north in the past.

The luminaries interacting with me had a lot of experience with a variety of open source solutions. We discussed open versions of office productivity tools, open source virtualization, learning management systems, database solutions, operating systems, and many more. They advised that most open source solutions had been adopted by quite a few large IT companies to create their version, and bundled them with charged support services. Thus, corporate entities should not have concerns around support. They work equally well as compared to commercial solutions; maybe in a few cases, the user interface may not be as user friendly—but that should not deter the strong hearted to push its case through.

There were too many questions in my head, so I started what appeared to be an interrogation. Can such solutions still be called “open source”, or should the nomenclature be “originated from open source”? How does the ROI or TCO model change from pure open source to adopted open source? Are these deployed for critical or core functions as well or they are still around the fringes? What is the level and quality of support from either the open source community or the vendors? Did they struggle with or face any interoperability issues? How did they manage the infrastructure and applications? Were there any performance or scalability issues? And so on I kept on rambling (to the group’s embarrassment), which started looking uncomfortable with most answers having a “conditions apply”.

The big realization was that the criticality of applications, infrastructure, service levels, performance parameters, expected resilience, and turnaround times were all dissimilar to what the enterprise CIO is typically expected to deliver. Even in such scenarios, it was evident that critical applications were procured from, and deployed on, commercially available environments—though not always discussed in gatherings. Quiet acknowledgements were also provided on the ROI and TCO cases—as not been significantly attractive for open source solutions.

The reality is that for almost every enterprise solution, there exists an open source alternative. The adoption and usage of these has been to typically support non-core or non-critical activities depending on the industry segment (including government departments and public sector enterprises).

When business depends on any technology, the risk appetite is low to negligible. Is this likely to change as the numbers increasingly inch up for open source solutions being deployed?

Well, my belief is that we will continue to see this divide for a long time. Everyone will talk about it—some will deploy in non-core functions, and the rest will debate.


May 18, 2010  1:38 AM

What enables Business-IT alignment (BITA)?

Arun Gupta Arun Gupta Profile: Arun Gupta

Recently, an international event management company approached me to conduct a workshop on Business-IT Alignment. It made me wonder whether CIOs are really interested in one more presentation on this subject unless these CIOs lived off another planet (or have just been born), and needed to be seasoned with a dose of the much discussed subject. I think, maybe apart from the subject of CIO reporting into the CFO/CEO as well as what next for the CIO (role of the CIO), the most oft discussed topic in the IT industry is definitely IT’s alignment to business.

No event or seminar is ever complete without a reference to the wonderful BITA. Most presentations assume that BITA is indeed an issue for CIOs, and the CIO requires help. In fact, many vendors and consultants project their products or solutions as the key ingredients towards achieving BITA. Now I can’t claim to be an expert on this hallowed subject, but have had my share of contributing to the discussion based on some experience and observation. Based on these, I have a hypothesis on what enables BITA, and where it is a challenge.

Let me first list out the standard assumptions (or ‘Conditions Apply’). A CIO understands the business, and is able to conduct a dialogue where he is understood across the organizational layers. He has good verbal as well as written communication skills, and is able to use these in internal and external meetings. He has the confidence required to debate a business or IT issue without getting so frustrated that others do not understand him. He has a reasonable track record of creating value from projects undertaken which meet (or exceed) expectations most of the time. He has a good network of vendors and partners who provide the CIO with technology advisory based on the domain. Finally, he is a good leader of people, as well as able to motivate and lead large cross-functional teams.

As I wrote the above paragraph, I wondered—if a CIO has all the skills listed above, can he still be challenged with BITA? Many might say yes, that is, if he did not report to the CEO. So let’s assume that a CIO does not report to the CFO. Will all these factors contribute to BITA? My analysis indicates a high probability of success, but I will still give it an even chance, i.e. 5/10 for the combination to lead to BITA. Have we not considered all factors? One might argue that if the CEO is technology friendly, the probability would go up to 6/10. So what can nudge the figure higher to 8/10 or 9/10 ?

My ‘Oh I See’ moment happened in a chance conversation with a CFO. When is an enterprise willing to invest in new initiatives? When are budgets relatively easier to get? When do justifications not get into the realm of fiction? The simple answer is that when a company is profitable. Not just simple profitable, but with good cash flow and available money. If the company is meeting analyst or shareholder expectations, is growing faster than the industry, and has higher margins than competitors, it’s not possible to deny BITA. So every opportunity gets the budget, as well as every employee is charged and amenable to change, as they all understand the dimensions contributing to success.

Unprofitable or marginally profitable companies always struggle to cut costs, reduce (or defer) new projects, and challenge every investment, looking for the lowest cost option. All these challenge the CIO, and keep the focus on business as usual rather than innovation. There will be exceptions to this too, but then they will be the 1/10 or 2/10 driven by the force of the leader or CIO, as compared to the higher propensity of success for a profitable company.

CIOs in business roles or add-on responsibilities are likely to have higher appreciation of the hypothesis. The new normal post 2009’s slowdown may have contributed to a shift in a few cases—in profitable as well as profit-challenged companies—based on the role played by the CIO during difficult times. If the CIO was a key player, the alignment pendulum would have shifted right, if he was not, then it may have shifted left.


May 11, 2010  7:10 AM

The power of CRM

Arun Gupta Arun Gupta Profile: Arun Gupta

Last week, I was subjected to five calls in a day from an insurance company wanting to sell me a new improved high return insurance cover. The first time round, I listened to the caller, and politely advised her that I already subscribed to the said policy. I interrupted half way through the second time and told the lady I already had the policy. The third caller was not fortunate enough, and as soon as he announced the company name, I told him I had no interest in their products. The fourth could not get beyond the first line, and had to answer questions on how the CRM worked. And the last cut the phone when I advised him that I had taken a policy a few weeks back, and now wanted to cancel it.  These were different sales agents armed with a database trying to “sell” insurance.

How many times do we wish that CRM solutions work the way they are sold to companies by the vendors? Why can’t the stupid CRM tell sales and marketing teams that the customer has already been contacted five times in the last week, and that the last interaction resulted in the customer calling the caller unsavory names for repeatedly calling him? This is despite the customer saying that he is not interested in one more credit card, insurance policy, new personal loans, or whatever the company offers. The problem compounds itself when the harried customer is already a receiver of the service.

Every customer facing enterprise seeks to implement a CRM solution to service the customer effectively, as well as to understand the customer requirements and behavior for tailoring the product or service based on customer preferences. All such initiatives start with big expectations; the processes are sometimes complex and time consuming. In a few cases, these initiatives are not aligned to reality at the front office, thereby rendering usage ineffective.

When data entry ends up being outsourced, the quality of customer information suffers. So when it’s not possible to find the customer quickly, adding one more record is an easy solution. Buy databases, simply upload, and in no time, rest assured that you will figure a dozen times. Attempts to scrub and de-duplicate may bring some efficiency, but as the number of records increase exponentially, the effort starts losing its efficacy.

Successfully operational CRM solutions have little relevance to the technology deployed, but are built on the foundation of strong processes, buy-in from every function which will interact with the customer, technology sizing that can address peaks in capacity, and a simple design that is effectively implemented and executed across the enterprise. The IT organization diligently reviews data quality with the marketing and sales organizations to ensure uniqueness of the customer records. Data quality is never an accident; it requires significant planning and discipline of execution. Despite the best efforts of men and women, we still end up with some challenges when integrating with external data. These are as yet being addressed through innovative strategies, but are not fool-proof. Maybe the unique identification number (UID) initiative will help solve this issue, but that is a long way off for now.

Coming back to my “friendly” insurance company, I called my insurance advisor with the promise of canceling all policies, should I get one more call from his company or their sales agents. He profusely apologized and promised to fix the issue. I am hopeful until the next bought database gets uploaded or a new agency is appointed or the pressure to acquire customers based on month end, quarter end, or yearend pressure begins, and the calling starts again. Sometimes I pity them the barrage they face every day for no fault of theirs, but then companies don’t appear to care beyond a point, as the universe of customers is still probably 1-2% of the addressable market. So who cares!


May 4, 2010  2:21 AM

How to become a CIO – Part 2 (or The business of IT is business)

Arun Gupta Arun Gupta Profile: Arun Gupta

Every time I meet a set of people aspiring to become a CIO, they are interested in the 101 of how to become a CIO. So a long time back, I wrote on my blog highlighting my viewpoint on how can one become a CIO. In recent times, the discussion has come back with renewed vigor, which includes various themes including succession planning, on which I commented last month. However, the moot point is about how one can indeed become a CIO in the new normal—when everyone is now discussing about whether the CIO role as it exists today will disappear in the next five years.

Almost all the CIOs I know understand business (process, results, metrics, and influencers) as well as other CXOs. They are no longer enamored by technology, but are always asking the business benefit and ROI questions to vendors as well as partners. Most of them are able to hold a conversation on broad business subjects with management, and challenge the CEOs on why they should be engaging the Board. Their soft skills are well honed, and the CIOs are taking on additional responsibilities within their enterprises. A few CIOs (based on their interests) are seeking lateral movement or even nudging the CEO chair.

Now, that’s indeed a reflection of how the CIO’s role has evolved, and continues to break new barriers. So what should aspirant CIOs be working on? Should they adopt a role model from amongst CIOs, or look up checklists that many paper and web publications offer? If only transformation to a CXO role was as easy as ticking off an objective question list!

There are no training programs for someone to become a CIO, nor any specific qualifications that are inherent to a CIO. Like any CXO, the CIO is an integral part of the decision makers who influence the business’ direction. However, technology enablement of the business (process, results and metrics) is one of the key contributions expected from the CIO. To successfully execute this, I reiterate that the CIO’s focus is on par with others; evidently, the key ingredient for an aspiring CIO is the understanding that the business of IT is business, and not technology. This is the key tenet on which the CIO role is evolving, and success will largely depend on the (aspirant) CIO’s ability to further the business with, or without help from technology. The remaining traits can be developed with training, coaching and/or mentoring. Look around, and you will observe that the successful CIOs are indeed business leaders—not technologists.

So no 101s on how to become a CIO, or a checklist that you can use; did I not meet your expectations? I would rather do that, than give anyone a false sense of hope!


April 26, 2010  6:33 AM

Data center driven business agility: Food for thought, or snack for the CIO?

Arun Gupta Arun Gupta Profile: Arun Gupta

In the recent past, I attended a few seminars conducted by large IT solution providers with a tantalizing subject line, “How to achieve business agility” (or something on similar lines). The invite’s text appeared to offer a ready-to-eat snack with all the good tidings of fruits, fresh vegetables, salads, and everything that’s healthy. Since it sounded like the formula for fitness in a week so, CIOs obviously turned up in large numbers—only to realize the old adage that if it’s too good to be true, it probably is.

Almost all the organizers wanted to focus on how to improve data center efficiency, utilization, management and agility in provisioning new servers. According to all of them (without exception), the delay in provisioning a new server can lead to compromises in business agility, thereby adversely impacting the outcomes. Each vendor’s formula for success revolved around their solution for virtualization and (or) management tools, which allow quicker provisioning of virtual machines—allowing the IT organization to bring up a new application within hours, as compared to the days when physical servers were in vogue.

I find this unpalatable, as it presupposes that everyone in the IT organization is only focusing on the infrastructure, with no communication with the team members who create or buy applications. Or that we have a scenario where the applications team does not tell the infrastructure team until the last minute that they require some compute and storage resources to deploy their test, development, or production environments. The assumption is that the two factions are not on the same page on projects or timelines, which results in delay. 

Agreed that virtual machines can be provisioned quicker than physical machines—CIOs will also agree with this, but that’s only part of the story. If not enabled with policy, it can also lead to innumerable virtual machines (with limited or no use), thereby blocking resources and creating inefficiency. Virtualization continues to remain at the periphery of deployment, with core and large package providers as yet to certify their applications on virtual servers.

Typically, IT organizations are more organized in nature, with visibility of planned deployments and requirements of licenses or hardware. Dependencies are well known, and irrespective of the physical or virtual environment that the enterprise may prefer, this is rarely a cause of delay (or lack of agility).

In my observation, project delays are more to do with scope creep, signoffs or even indifference from business. It’s a subject that deserves a longer discussion on another day.

So has the data center become the cause of business angst? Well, I’ve never heard of such a scenario in the recent (nor the distant) past!

Coming back to the event under discussion, presenters sheepishly agreed to counterviews from the attending CIOs, and attempted to justify their stance by stating that their global research data had indeed given them such insights. Talk about assumptions!

My view is that vendors should refrain from such titillating titles to attract the audience. At the end of the day, vendors end up with the realization that most participants badly want to leave. The CIOs stay back only out of sheer decency and respect. As a result, vendors run the risk of alienating their key customers by continuing this play of words.

Coming back to the ready-to-eat snack, it was stale, oily and very unhealthy—causing heartburn and acidity. Most of the CIOs required gallons of liquor to drown the symptoms of disbelief and utter boredom.


April 19, 2010  6:28 AM

Social media (aka Web 2.0) and the CIO

Arun Gupta Arun Gupta Profile: Arun Gupta

There are two camps out there, which hype the perils and advantages of social media for an enterprise—both are gaining ground and visibility. The CXO suite is confused, and this leads to pendulum like actions (moving from one end to the other) on how they react to these prophesies and theories. In many cases, it also results in total inaction, as they understand, and are comfortable with status quo. This leaves the employees in disarray—they act in an uncontrolled manner, thereby adding to the uncertainty.

Confusing? Well, that’s the moot point, so let me elaborate.

There are enough consultants, research papers, anecdotal references and general hype—that every business (irrespective of industry, geographical presence, market share and multi-channel presence) should leverage social media by connecting to consumers. This connection is deemed so important that businesses are creating presence across almost every social networking site—trying to gather the consumer around this space. A few have been able to get there with some degree of success, while others are struggling to find the meaning of being there. As organizations understand this social media revolution bit by bit, the general feeling is that it might translate to real money in the bank.

The same enterprises are paranoid, when it comes to opening access to social networking sites for their employees. One extreme is to mandate the CIO to block access to social networking sites (as the management believes that it results in precious time being frittered away). On the other hand, the balancers are defining policy for staff on the dos and don’ts of how to engage on social networking sites. These policies are expected to act as deterrents towards moderating use. However, IT organizations tend to bypass these policies for their own kin, thereby rendering the effectiveness suspect. I have not come across any organization having an open access policy with no restrictions on content, or the way it is used.

The two stances detailed above are divergent from each other. In the first case, the organization seeks to leverage social networking towards creating a business benefit, while on the other hand it restricts its own staff from participating. Every staff member is also a consumer of merchandise and services; companies would like to leverage the insights that can be created by understanding behavior. So if a similar stance is adopted by every business unit, the end result will be akin to companies creating retail stores, but preventing their employees from shopping.

Is the CXO’s disconnect due to the inability to understand the impact or control the behavior of the consumers? Or is it a generation gap between the digital natives (the new workforce) and digital immigrants (the policy makers)?

Under the guise of corporate security, the restrictions constrain natural desire to reach out in the digital world. CIOs should recognize these trends within the enterprise based on demographic undercurrents, and leverage the internal consumer’s voice before reaching out to external consumers using the digital media. These same employees will help you find ways to tap this latent source if aligned to the initiative. Else they are likely to be disruptive, since they want the freedom—because they can!


April 12, 2010  8:25 AM

How to overcome a recalcitrant staff member or Wally like behavior?

Arun Gupta Arun Gupta Profile: Arun Gupta

CIOs often come across situations where they realize that certain individual(s) in their team are unable to deliver even basic results. Typically, such individuals may have survived multiple bosses, or been in the company for a very long time like Wally (from the famous Dilbert series).  All efforts to bring about change may have yielded microscopic results. Let me use a couple of examples to illustrate such cases.

You go into a management meeting along with some of your team members; the expectation is to gain consensus on the way forward on a difficult project. All is going well, till silence falls with uncomfortable stares. Or the meeting is halted because one of your team members blundered and lost all gained ground.

Another case is a review meeting with the CEO on what IT is doing. You get started, and then get hit on the head—one of your staff members has not kept promise despite reminders and follow-ups. It was something that you did not focus on, considering the task’s facile nature (which any idiot would find difficult to go wrong on). But then, you are now at the receiving end.

In both cases, you may feel like strangling the person. But, that’s not the corporate way of dealing with frustration!

So the first response seems to indicate that you “fire” the person. That’s an easy solution, but should be the last resort. Instead, here are some other alternatives that you could review:

1. Assign a coach to the person with daily/weekly feedback without holding anything back. Give the truth as it is, along with advice for improvement.

2. It could be professional arrogance (“I am better than others”) that translates into negative attitude. Introduce him to others who are better and show him the reality.

3. Put him on a PIP (Performance Improvement Plan). Make it clear why he is on PIP—that it’s not because of work, but attitude.

4. Assign him away from the “critical” nature of the work, which works at times to demonstrate that he is not irreplaceable. It may moderate his behavior.

5. It could also be a genuine case of incompetence. Try training.

If all these steps don’t work, then the choice is obvious. But that’s also a difficult act to execute!

It’s important to take action sooner than later, as you may risk polluting the contributors and good staff. Delay will encourage the person to continue his (mis)contributions to the department. I have observed procrastination becoming the nemesis of many CIOs, so all I can say is, ACT NOW!


April 4, 2010  4:48 AM

Third degree CIO (Or, do degrees matter to become a successful CIO)?

Arun Gupta Arun Gupta Profile: Arun Gupta

During my lunch with a group of CIOs, a question was suddenly raised, “Which college did you acquire your MBA degree from?” To this query, a CIO answered that he did not have a MBA degree. The second CIO echoed the same answer. Yet another CIO mentioned that he was better off without an MBA—not that he despised that tribe, but he believed that typically MBA types were removed from reality, or had unrealistic expectations. In another gathering, a similar question was doing the rounds. “Are you an engineer?” Guess what? A large number of those present weren’t. Does that imply that educational qualifications and formal business education are not critical towards being successful as a CIO?

There have been many discussions on this subject, specifically around whether a management degree is important for the CIO to be successful towards the holy grail of “IT business alignment”. Most concluded with attributing higher probability of success when the CIO is equipped with management qualifications. It is generally accepted that an MBA is likely to get higher visibility. The same set of people also agrees that success is defined by deliverables and outcomes. So if a non-MBA performs better, he will find growth over the management graduate.

If we look around us at successful first generation entrepreneurs, the landscape is filled with an equal share of drop-outs and post graduate degree holders. In fact, the technology world shows us a higher success rate with the former. However, when we look within an enterprise, the same entrepreneurs want to hire from Ivy League schools—as if to make up for their unflattering educational qualifications. One can also argue that the talent they induct creates the fabric for success. But as I see it, they bring in the machinery to run the operations; the vision, direction and opportunity is created by the owner.

Someone had asked a question a long time back. “What is the measure of an effective leader?” The answer after many attempts was “results”. For the CIO to be visibly successful, he has to deliver results that matter to the enterprise. There is no debate on whether IT matters, or if it’s essential to run day-to-day operations. Positive or adverse impact due to technology is typically acknowledged, and the IT leader gets credit. Now, there may be cases where the CIO may not get the due benefit. This may be due to the CIO’s inability to communicate, or the CEO’s ability to understand how IT makes a difference within his enterprise.

Time to get back to the question: Is there a third degree that makes a successful CIO?

I believe that it’s the passion to make the difference, balanced with business acumen and enabled by sound technology that matters. A good leader chooses the right balance of skills within the team, which can work together to deliver results that matter. Initial qualifications provide the platform for launch; the person’s drive gets them to the checkered flag. So I would acknowledge that the engineering or MBA degree could provide a foundation that may enable the CIO to explore alternative decision points which elude others.


March 30, 2010  1:14 AM

Security and the CIO

Arun Gupta Arun Gupta Profile: Arun Gupta

Last month, many CIOs (including me) were subject to a barrage of security events—as if the world suddenly needed a lot more protection than it had in the past! CEOs, senior vice presidents and thought leaders suddenly seem to have descended upon the CIO, challenging the security postures of enterprises.

Questions challenging the efficacy of currently deployed solutions were very similar across almost all vendors. Many data points from a multitude of surveys were bandied around in an attempt to make CIOs succumb to the FUD (fear, uncertainty, and doubt) factor.

A typical session begins with “Top 5 technology priorities”, and since the presentation was being made by security vendors, IT security figured prominently in these lists. To the hapless CIO, statistics reveal a scary world full of crackers and nefarious elements (who want to take away customer data, send spam, phish users, attack end computing devices, and sniff network traffic). It did not matter if the audience agrees with these or not. Irrespective of whether the displayed data is from the same geography or industry, the ground is set for discourses on why your enterprise is not secure if it hasn’t deployed the specific vendors’ solutions.

Almost all cases are built upon the premise that data is only stored electronically, and leakage can only happen in electronic forms. The exercise of data classification is touted as the starting point—except that beyond a point, this classification becomes irrelevant, as the imposed controls make conducting business a painful task. Mobile workers appear as the villains who will lose a laptop or connect to unsecured wireless networks compromising valuable data.

Yet another cry is a ban on social media. This does not acknowledge the fact that business also uses these channels for connecting with customers. The mantra is “you cannot trust these gullible ignorant employees, they are the weakest link”.

Yes, people are indeed the weakest link in security compromises; but they can also be the strongest. The biggest tenet of any business operation is trust. If the enterprise cannot trust its employees to be prudent in their usage of various communication modes or protect the data that matters, then I don’t believe that a technology solution is the answer.

Information security can be effective with help of education, continuous reinforcement by the management, a “zero tolerance” policy towards adverse incidents, periodic reviews, and finally the technology stack which is dependent on the business operations. Exception management is fraught with danger, and should be aggressively discouraged. Many mature organizations have found that making an example of truant employees enhances levels of security, and builds trust with customers in the long run. Attempts to hush such cases, or not taking strict action which may already be defined in the policy sends a message of tolerance, which can significantly compromise the enterprise.

Vendors need to listen as they engage (see Irrelevance of vendor presentations) the CIO in discussions on how they can help their customers in sustaining and improving their information security postures. This has to be based on an assessment, and not based on inane survey data that may be far removed from reality for the audience. Else, they face the risk of alienation from their prime customer, the CIO.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: