June 30, 2010 12:22 PM
Posted by: David Scott
, IT culture
, organizational culture
, success culture
The opposite of a Success Culture is not necessarily an “Unsuccess Culture” or a completely failing culture. We’re all largely in organizations that are succeeding somehow, moving forward in time, achieving results with some measure of control.
The opposite of the Success Culture is really “The Excuse Factory” – it’s where the default attitude is one of negative griping and excuse making, instead of a managed and properly reinforced attitude of positivity, contribution, and forward momentum.
There can be swirls of both cultures, and everything in between, throughout the organization, throughout projects, and throughout planning, etc. – there usually is. But time spent in the Excuse Factory is time spent away from the job. In fact, people who inhabit the Excuse Factory are AWOL. Excuses presented without ideas, gripes presented without solutions, engagements that do not move business forward, are empty time. Now, we can recognize that everyone needs to gripe once in awhile. But let people complain about the coffee, the weather, even about the size of their offices, desks or cubicles. But so far as tasks and projects are concerned, the energy should be directed toward positive results and ultimate returns.
We’re not trying to produce Pollyannas, nor are we attempting to put a political bias in place whereby we’re complimenting the bartender of the Titanic because we have plenty of ice for our drinks. We want to reinforce prudent, positive, people and culture so as to support efficiency and effectiveness. As you work to emplace a Success Culture, realize that this culture becomes easier to achieve, and easier to maintain, as you reach a “tipping point” – that is, as more and more people get it, there will be fewer people to make excuses, as their attention and time is taken up by the seek of solutions. As more and more people operate according to the ethics of success, your culture begins to reinforce and attract all of the elements for success: Best personnel, best behavior, best practices, and best results.
A Success Culture is managed. Success starts with a desire, and then a will, to succeed – supported by appropriate missions, values, beliefs and standards. It is the organization that must show itself as being committed to success. No one can be expected to believe in something that the organization doesn’t evidence itself as believing in. Therefore, the organization must close any divides between diminished expectations for success, and success itself.
The organization must formally recognize success with real encouragement, reward, and promotion. The organization, from the top on down, must identify and communicate its commitment to the values, beliefs, and standards that it holds as being necessary to best outcomes. Too, those things and people that inhibit success must be managed and corrected – or removed.
The expectation of success is self-reinforcing. Create the culture that ennobles and enhances your mission. People, within and with-out the organization, will know that excellence is the bar. People will self-regulate in concert with your organization’s guides, emphasis and practices. Thus, in rare instances where activity or expectations are cloudy, people will presume excellence as the bar, based on the entirety of your success culture’s known expectations.
Your organization is already a Business-Technology Weave; now weave excellence and ultimate success into the whole of the enterprise.
June 30th: On this day in 1953, the first Corvette rolled off the Chevrolet assembly line in Flint, MI. It sold for $3,250.
June 30, 2010 7:46 AM
Posted by: David Scott
, business culture
, business mission
, business standards
, business values
, IT culture
, organizational culture
, success culture
, the business-technology weave
How do we create a success culture? How do we sustain the successful organization and make it ever more successful?
First, we must maximize and make fully understandable these existing fundamentals in your organization:
It is not our intent here to create a business plan, to write sample mission statements, or to provide a primer about values, etc. Your organization, and the reader, understands these things and their importance in defining and sustaining the organization and its conduct of business. Rather, it is our duty here to re-examine the “obvious” – what reflection is there in these areas regarding success? For, in looking at the loose standards of some of those around us, in looking at the mistake-prone organizations, or the hierarchies with their ethically challenged reputations, we realize that we have to make a conscious decision to be different.
Those others certainly have missions, values, beliefs, and standards. But if they see value in cutting corners, if they have a belief that inflating profits will yield positive business outcomes, if their standards are ill-defined or deliberately loose, then there is no service to the mission. There is no true accommodation for the idea of success. Sustained, long-term success (the only kind that counts) is achieved by being honest and in matching actions to realities. The success culture starts with this honesty, which inspires trust, cooperation, and good faith activity. This is critically important when Business and IT engage within the organization. We therefore need to groom (mentor, coach, train) so that no one has to assume anything regarding the culture – they will know. As things stand now, how many people can you scratch in your organization – querying them on matters of business culture – to yield a response with some semblance of: “We have a culture of success”? Try it. If your leadership is not biasing the organization for success – what is it doing?
Further, our stated mission, values, beliefs and standards will ensure that, if and when a gray area leads someone to wonder what a standard is, or be left to ponder what they “might get away with,” we have in place a culture that will groom them to know that excellence is the bar. That the job, large or small, is to be done right. They will disabuse themselves – and they will dissuade others – of any notion of entertaining an impropriety. This is where you achieve true strength: From the bottom up as individuals self-regulate; from the top down as example-setting, ethical leaders manage, mentor and train; and across the organization – or across organizations – as departments and agencies engage in good faith activity by virtue of solid reputations and trust. Let’s look at some supports to this:
Supporting Success: Mission; Values; Beliefs; Standards
Mission: The idea of a mission would seem to be pretty obvious. However, if you ask people on a random basis to articulate their organization’s mission, you may be surprised at the result. There will be a degree of struggle in expressing the mission with accuracy and brevity. Forget about any degree of comprehensiveness. Even Business people can have trouble – but for support elements such as IT, there may be many people who fail to understand, or even care about, the overarching business mission.
Every organization has a mission, and every reader’s organization has a mission statement. The mission provides the answer as to why the organization is here. An organization’s stated mission should include primary products and services, your service model (such as the importance of excellence, creativity, results, success, etc.), and markets. Everyone in an organization should know what the organization’s mission is, understand it, and support it. Remember that the mission statement is a ready handle in defining who you are – after the organization’s name, it is often the first exposure someone has to anything about your organization. It communicates essential information to people, beginning with the people right in the organization – the employees. It is the definition of your organization seen by clients, customers, members, prospects, potential employees, vendors, contractors, business partners, and any other interested party.
Ensure your people know, understand, and support the mission.
Values: A value is a belief, a principle, a quality, or a philosophy that has meaning and worth to the organization. It also must have meaning and worth to the individual. It is important to note that any organization will have formally defined values – but it will also have informal values.
In recent surveys of business, the identification and implementation of values has been cited as the one of the greatest keys in the success of those organizations that thrive. Values lead to direct action, quality of action, and appropriate treatment of people. When looking at most successful organizations, we find that values are directly linked to their success. For example, Sears places a high value on customer trust – in the 19th Century, customers in rural areas enjoyed a money-back guarantee on any returned product. Can you imagine the comfort that that sort of trust engendered when ordering from a remote organization through a catalog in those days? Sears, unlike many companies from that era, continues to exist and thrive today…
The Marriott’s value of standardization enabled it to efficiently duplicate its standard model hotel all across the country. People on the road experienced a welcome familiarity.
Coca-Cola’s value of their customers’ opinion and satisfaction allowed it to quickly recover from the wrong turn that “New Coke” represented.
Your organization has a set of values in place – make certain that those values are effective, known, and understood. The trick is not in “having” values: the trick is to make certain they expand and occupy every corner and crevice of your operations, your supports, your management, your products, and your services. In the case of our Weave, we can see that business values occupy the upper, overarching agenda. IT values need to support and help fulfill business objectives. One of the most obvious values today is the sustaining of continuous improvement. Generally, the identification of an important value leads to discovery, and discussion, of other supporting values: innovation, reliability, trust, confidence, truthfulness, and so forth. At the same time, a discussion of values needs to identify gaps, or divides, between stated organizational values, and the full employ of those values in leveraging them to the ultimate mission.
Beliefs: Beliefs support values. If your organization wants to value excellence, for example, people need to believe that excellence is worth striving for, is recognized, and is rewarded. Further, it will be believed that excellence is appreciated by the customer, client, member, etc. Vendors will acclimate quickly to your culture of excellence, and they will partner according to their natural sense of your expectation for excellence. Beliefs yield confidence and trust (desirable values in and of themselves). When people believe that others engage in good faith, and that the organization itself behaves in, and supports, good faith, we build value. We begin to build a collective mental acceptance of truths, and conviction in them. Again, think about defining your culture through mission, values, beliefs and standards: don’t let it default to something you don’t want. Beliefs directly support your mission.
An important belief is that an organization is a team, rather than a collected set of competing silos; each complete with their own selfish agendas, competition for resources, negative belief-set, and poor expectations of the other “silos.” By extension, allied organizations that have been tasked with a common mission must acquire the belief that they are a team in order to be at their united best. Consider what your organization believes – truly believes. Is your organization’s belief-set acceptable to you? Consider the beliefs that you would like to instill in your organization, and the reality necessary to emplace and sustain those beliefs.
Standards: A standard is a requirement, a level, or a degree of something. Standards define and guide conduct. They set benchmarks in the performance of systems and people. They help to provide comparisons and measures in order to evaluate levels of things that lead to success. Standards help to measure ‘success’ itself.
Harboring a respect for standards is a value. You value a degree, or level, of performance from employees – and from yourself. You must meet and hopefully exceed a standard in order to certify the value of that performance. Overall, your organization has a requirement of conduct – the level of conduct you require is a standard. We manage and perform according to standards.
Standards should be a clear expression of our expectations: We should know how our organization expects us to behave and interact with each other. We should know how to resolve conflict. We should have standards that support growth and progression for the right people. Proper standards help us to leverage “human capital” to competitive advantage.
Standards also help us to establish commonly accepted guides to productivity and quality. A review of standard “best practices” in any field of endeavor will present essential standards for success. A success culture both yields, and depends on, productivity. Efficient and effective (quality) production of anything represents success: whether it is production of new designs, production of output goods, producing better service, producing more satisfied customers, producing more accurate performance appraisals – these all represent success.
In-turn, success (successful productivity) yields pride in the organization, pride in what you do, confidence in a job well done, and it yields a positive model for future success. Consider the business traveler’s laptop as an example: the true standard is not to issue the laptop in a timely fashion (important enough, but easily done), it is not to vet the laptop as functional (also important), but rather the standard is to meet the business traveler’s need to access the organization’s network in order to successfully accomplish online work. If you meet the true standard, the others are met. The ultimate standard pulls everything else up. This is why you have to solidify in your mind, and the minds of your staff, the ultimate, true standards to be met (and as necessary, exceeded) in each task, project, and endeavor.
The identification of ultimate business standards does not mean that you don’t need checklists or interim qualifiers/standards. Indeed true standards support and lead to the establishment of those things: “Hmm, if BusTraveler ‘A’ has ultimate need to work from City ‘Z’, then I need to test a laptop, issue it, and certify that BusTraveler ‘A’ knows how to use it.” Recognize here that standards beget success.
All of these things in your success culture help you develop a winning “people strategy” – which in turn helps your organization develop an overall competitive advantage.
In your Business-Technology Weave, maker certain that both the Business and IT folks have a clear articulation of Mission, Values, Standards and Beliefs.
June 30th: On this day in 1936 Gone with the Wind was published.
June 28, 2010 3:46 PM
Posted by: David Scott
, the business-technology weave
It is no use saying, “We are doing our best.” You have got to succeed in doing what is necessary.
A Success Culture happens by design, not default. Success starts with a desire, and then a will, to succeed: a specific attitude. When the will is strong, either in the individual or organization, then there is a belief in success – and success will be the outcome. In building a culture of success, it is fundamental to build teams of people who know how to succeed, and thereby organizations that can succeed.
We’re not talking about success alone – for we can succeed in spite of costly mistakes; we can achieve an ultimate success after many preventable failures; we can often succeed where dumb luck plays as big a role as anything else. We can succeed in spite of a poor culture; we can “beat the odds.” But the odds catch up with us – and why take chances anyway?
The Business-Technology Weave is dependent on success: Your organization deserves a proper foundational culture and the right collective attitude to maintain and advance success against the challenges of a changing world. So – we need to succeed on an intelligently designed basis – we must commit to succeeding on the most effective and continuous basis. We will have a lock on success. That lock will be for anything we do: analysis, proper fits, implementations, progressions for the future, programming, reports, policies and plans, etc. Name it: Anything and everything.
Define. Or Be Defined: When we commit to success and a culture of success, that doesn’t mean we can’t have some failures, and that we can’t make allowance for mistakes. There is always the unforeseen, and there are always human mistakes to contend with. What we mean here is that we don’t tolerate sloppiness, empty excuse, and ineptitude. We tailor and maximize known practices, best practices, and emerging practices, in managing business and its supports. We pair these practices with the kinds of people who have the will to succeed: the strength of character (possession of ethics and sense of responsibility); the care for what’s required (knowledge, preparedness, teamwork); and the desire to put forth the effort in doing what’s to be done (a willingness to work).
Unless we shape our environment, circumstances will shape it for us. Unless we define our culture, it will be defined for us. Unless we make it our goal to retain positive, qualified people, we will find ourselves wafting down to lesser qualified, and less positive people. We must plan and carefully maintain the culture as we would anything else, in order to leverage it for best business outcomes.
Nothing manages itself and, like people, your culture deserves managing. We must craft the Business-Technology Weave with positivity. The success culture-positive is an enormous lever in moving things to successful conclusions – its influence and power cannot be overstated. Why would any organization not bias everything it could toward success?
Most importantly, when you set a bias for success, you have a primed system in place for taking on the emerging burdens, seen and unforeseen, in the Business-Technology Weave. Rather than blinking, stumbling, or choking in the face of some challenge, your organization’s wheels go into motion. Whether faced with exciting new challenges, or discovery of bad, you have people, teams, and methods that are identified, in place, and possessed of knowledge and confidence in doing what needs to be done. Further, what’s done is done prudently, efficiently, and with accuracy.
Getting there always starts with attitude… Where is your organization’s attitude?
June 28th: On this day in 1942 the Dumont television network begins (WABD, NY).
June 24, 2010 1:49 PM
Posted by: David Scott
acceptable use policy
, business security
, disaster recovery
, IT security
, security policy
On June 24th, Cisco released survey results regarding use of social networking sites and the use of personal devices in the workplace. (Conducted by InsightExpress).
The survey is illuminating and very good, but I didn’t need it to know the extent of the problem. I see it every day, and I see the security breaches that result. Employees – users – are working around policy and security postures to access and utilize social networking, collaborative, and peer-to-peer sites – even obvious no-nos such as porn sites or sites with highly inflammatory content. And, employees are also installing their own apps and devices, using them indiscriminately.
Here again the enterprise has the challenge of defining what’s allowed, how, how much, and when. Often these liberties with as-yet unapproved methods and means happen within the vacuum of lagging or outdated policy that doesn’t even define, much less address, the challenges.
Workarounds have their place, but so does policy, process and sanction. Don’t let your environment turn into a Wild West of split and scattered chains of communication; or, imagine new critical contact information that exists only in spurious realms. Avoid having vital and reinforcing content that’s fractured across, and stripes through, various domains – domains and mechanisms that may be “here today and gone tomorrow” endeavors.
June 24th: On this day in 1314 was the Battle of Bannockburn; Scotland regains independence from England.
June 23, 2010 11:57 AM
Posted by: David Scott
2010 Global SMB Information Protection Survey
, business security
, IT security
, medium business
, security policy
, small and medium business
, small business
, symantec press release
Symantec Corporation has released a very interesting (annual) survey, the 2010 Global SMB Information Protection Survey. (Note: Small and medium sized businesses are defined as comprising 10 to 499 employees). Have a look for yourself – the hard stats are all here: Symantec Survey Reveals Information Protection is the Highest IT Priority for SMBs (Press Release).
It’s interesting to note the enormous lag for a large percentage of organizations in terms of their data security awareness, the associated needs, their answering measures of protection and what has been a lagging priority. The resultant level of loss, for both electronic data and hard assets, speaks for itself. SMBs are late to the party regarding protection of data, equipment, and reputation for that matter. Not that larger enterprises are all that tight… we’ve discussed The Chronology of Data Breaches here before (source: The Privacy Rights Clearinghouse), and I’m sure this readership is well-aware of recent, ongoing, breaches.
It’s understandable, somewhat, that the Business side of the Weave is often remiss regarding security and protection – but what of IT? IT has to be the standard bearer: make sure security protocols are in place and write policy to current standards – and watch for breaking practices that can be utilized to your environment’s best advantage. If Business falls down and suffers a breach due to its own remiss (perhaps foiling IT’s recommendation for more training, or more penalty, etc., in instituting greater care, for example), then the Business half of the equation can go frown in a mirror. But to IT I say: Be on the responsible forward edge, and apprise Business in a timely fashion. Document what you counsel and do.
Most breaches and loss are due to simple human error, which includes negligence and lack of standards and education – don’t make the error of having an uninformed, untrained, and uncaring staff.
Have a look at Symantec’s recommendations at the end of their Press Release.
June 23rd: On this day in 1931 Wiley Post and Harold Catty took off for their flight around the world.
June 20, 2010 1:24 PM
Posted by: David Scott
acceptable use policy
, business security
, business-technology weave
, content management
, IT security
, social networking
, social networks
Increasingly I see articles about “young” employees lobbying managers and senior executives about using social networking sites for work-related activity. These sites generally comprise (perhaps compromise?) a mash of party pics, all manner of stream-of-consciousness ruminations, drunken escapades, perhaps a little business/quasi-business.
Ah yes… when it comes to heads-down, empirical, meritorious and measurable Fortune 500 business results… I think… Facebook!
It’s not just Facebook, but also some measure of other sites, the Top 5 being: Facebook, MySpace, bebo, Friendster, and hi5 (source: toptenreviews.com).
The argument is that this class of employee – the young, the hip, and the connected – considers social networking to be an integral, perhaps inseparable, part of their lives. I haven’t yet heard whether this class considers their workplaces’ archaic e-mail systems and telephones to be so unreliable so as to require the steady fallback of Facebook.
I hate to use a dirty word here, but it fits: That word is “discipline.” I see no real harm in allowing employees to take a break and pop over to a social networking site during the day, from time-to-time. This is quite similar to people surfing the web at work, and checking their personal e-mail accounts. Speaking of personal e-mail accounts, no one 5 or 10 years ago would have argued – would they? – that it would be more efficient to conduct work business through personal e-mails, as a twin-track to the company e-mail system, merely because you happened to be in your personal e-mail account at any given moment. You’d have some extremely broken e-mail chains – and should the company have to assemble a coherent, chronological, sequence of communications in order to settle something with a customer or client, it would be that much more difficult.
Consider social networking sites: How easy to make an exposure on a wall, or even to lose important information: After all, the company isn’t making a comprehensive backup of Facebook communications for each employee, regarding company business. However, the e-mail system is backed up each evening. And by funneling corporate communication through a common system, legal and other issues of contention are well documented and managed as content within the control of the company (Content = that which your organization contains and controls. Your organization does not contain Facebook, etc., data – nor control it!). Let’s make life easier, shall we? I’m not even particularly concerned about malware, which is the usual straw argument mounted, so that it can be shot down with Facebook’s and other’s “new and improved” spam guards and virus and breach protections.
Who cares about that if the argument doesn’t even get that far when we examine the question from a simple content management point of view, and where the efficiencies of communication (and protection) really are? And trust me: If you have just one employee make the wrong communication to an important client, while brain-toggling between “friending” and “businessing” if you know what I mean, you will be very sorry you didn’t take heed here. In the realm of risk, unmanaged possibilities become probabilities. Common sense, discipline, and adherence to best practices do have their place.
Advertising and Marketing
What about advertising and marketing? Social networking can provide some exciting possibilities here – and yet… social networking is all about “seat of the pants,” ad hoc, timely, edgy, shoot from the hip communication. It’s real time, too. How do you protect branding? Reputation? A certain… business gravitas? Who the heck is doing what? Again: “What is being done in the name of your domain?” There may be far more peril and pain, than gain. Be wary.
To me, using social networking sites (emphasis on “social”) for business is kinda like texting while driving. Is it possible? Sure… Is it wise? No. Period. When driving, focus your eyes on the road. When conducting business, focus your eyes on business.
That is best done in the securtiy wrapper of authorized systems: e-mail, business phones, company websites, sanctioned and company-supported blogs, and any other means and methods that are in the exlusive domain of the company’s control, or the control of sponsored and proper outside players such as contractors and service providers. Oh, I guarantee there will be companies that go the social networking route – and if you think data breaches and bad judgments regarding communications are a problem now, just wait. I think in a few years’ time we’ll see an entirely new focus regarding social networking and business: It will be considered to have been a serious wrong turn… a crash through a guardrail while answering a text, if you will.
Review your company’s Acceptable Use and other pertinent policies. If they do not now accommodate social networking sites, make them address that now.
Even if you do allow social networking to be part of your arsenal of communications and collaboration, you need to detail exactly how and when that can be used.
June 20th: Today is Father’s Day of course. Also on this day in 1819, the Savannah becomes the first steamship to cross any ocean (the Atlantic).
June 17, 2010 3:02 PM
Posted by: David Scott
BP oil spill
, business recovery
, disaster awareness preparedness and recovery
, disaster recovery
, electro-magnetic pulse
, gulf oil spill
, risk management
We’ve touched on the disaster of what’s happening in the Gulf of Mexico and with the ongoing tragedy of BP’s oil spill. We can understand that technology is enabling: For both good and ill.
On a smaller scale, many local organization’s have had sad yields of data breach, crashes of systems, and implementations that deliver the wrong products to business. The latter result in poor fit, unreliability, or flat-out delivery of products and services that are unusable. “Finished” projects are torn back open for a new (and expensive) stab at success. Technology makes deliveries of good and bad to the local organization.
Today, business challenges and demands are such that projects no longer meander to conclusion, with adjustments along the way. There’s almost a command to craft a timeline the length of an arrow’s shaft, and to shoot that arrow into an ever closer target to today’s date – for ultimate delivery of working, serving, solutions.
Certainly in large-scale projects this is happening: How else to explain a project to drill in a mile of water, in order to capture oil for use, only to have a disaster for which there is presently no recovery? There is not even a vetted plan.
Large projects with large deliveries need matching, LARGER, postures for prevention of bad outcomes, and pre-defined, tested, and extremely robust recovery means for the truly unforeseen. In scaling this idea to the local organization, all implementations and plans deserve adequate attention to possible pitfalls, so-called “unforeseeables” that become foreseens with proper imagination and attention – and thus valid preventions for bad outcomes.
In examining large scale yields of the extremely bad variety, there is one that delivers catastrophe to the local organization – that is, yours – and in fact all local organizations. It is Electro-magnetic Pulse (EMP). While we may consider it’s manifestation as a small likelihood – consider that no one thought the Gulf situation would manifest in the first place, and even when it did, in its earliest days people minimized the outcome. Further, in considering EMP and its likelihood, you might wish to consider that the U.S. Congress has had an EMP Commission for quite some time. (Sources: www.empcommission.org - www.senate.gov – www.house.gov )
By examining EMP, it can help us to think critically within smaller, more routine, and even blasé projects. Fresh thinking will help you deliver with accuracy, safety, and surety. The CIO, CTO, IT Director, Network Manager, Programmer, etc., who can deliver with swift accuracy is a hero to business. Well, they should be in my humble opinion.
THE THREAT OF ELECTRO-MAGNETIC PULSE
Our concept of Unrecoverability (from IDRU, as referenced in a couple posts prior to this one) aligns with some realities that have already emerged: existing means of accomplishment; the will of those who wish to accomplish it; and inadequate recognition of threat. Hence, there is no real definition, plan, project, and solution to thwart those who are working at this moment to deliver Unrecoverability. This lack of recognition, and the risk associated with it, falls not only on “government,” but also on each of us. So too will responsibility.
The easiest means of defeating a modern country – a country that relies on a Business-Technology Weave at the highest, lowest, and broadest levels – is through an EMP attack. This sort of attack could be something as simple as a scud missile carrying a single nuclear warhead. This missile need not be accurate for any specific target. It need only be detonated at a suitable altitude: the weapon would produce an electro-magnetic pulse that would knock out power in a region – all power.
Not only would some measure of a nation’s power grid be out, but also generators and batteries would not work. There would be no evacuation of affected areas: Cars would not work, and all public transportation would be inoperable. Even if trains, planes, and other mass transit were operable, the computers that enable their safe use would not be. This would be due to the loss of all electronic data, rendering all computers useless. There would be no banking, no stock market, no fiscal activity of any kind, and there would be no economy.
Hospitals would fail without power. There would be no electronic communications: no mobile phones, no land phones, no e-mail, no television transmission, nor even radio. There would be no refrigeration of food, which would quickly rot to become inconsumable. Potable drinking water would quickly be expended, and the means to create more would not exist. Fires would rage, since the ability to deliver and pump water would be virtually nonexistent.
No Federal Government would be able to govern – nor would any State or local government command any control over events. No police department could be able to know where events were happening requiring response. Priorities would be non-existent. The only actionable situations would be those in a direct line of sight. The Military would not be able to communicate. Hence, there would be no chain-of-command; no control. Scattered commands and units would soon begin operating autonomously in the vacuum.
The affected society, on all levels, would be sliced and diced into small groups and factions hell-bent on survival – the situation would be an almost immediate chaos. As we’ve seen during New Orleans and other disasters, breakdown of the social order is rapid and deadly. In this circumstance, it would also be prolonged, and possibly permanent – until the arrival of an enemy control. Imagine, if you will, a peak, sustained, Katrina/New Orleans disaster, coast-to-coast.
Ah, but there is hope for all of us. Let’s hope that the government, with this BP oil spill as a serving example for lack of plans and pre-defined assets, will learn and mount proper preventions.
Now that we understand what true “Unrecoverability” means, are there any “EMP”s or “oil spills” lurking in your organization? That is, something that – in scale – looms so large and comprehensive as a risk that, should it actualize, it would whisk away your business’ reputation?… your business’ ability to conduct and continue? It can happen and has to others.
DAPR: It’s time has come: Disaster Awareness, Preparedness, and Recovery. Last century’s “Disaster Recovery” is outdated; indeed its very name is reactionary. I often wonder if there should be regional Business Security roundtables with local government. After all, plenty of IT and business people are being affected in the gulf at the moment. Shouldn’t they have had a keen awareness for mile-deep drilling, its risks, and potential consequences? And… wouldn’t business and IT people have the best handle on risk, its management, and whether proceeding under those conditions, given the unprecedented nature of things, was prudent? They certainly would with DAPR as their overriding guidance.
Come on along – we’ll continue to prepare as we meander through many topics in the coming days and months.
We’ll lighten up in the next post. Senior executives are being pressured to let younger workers utilize social networking sites not only at work, but for work. Good idea? Bad? I have an opinion…
June 17th: On this day in 1837 Charles Goodyear obtains his 1st rubber patent
June 14, 2010 9:57 AM
Posted by: David Scott
BP gulf oil spill
, disaster recovery
In our last discussion, we talked about new scales of harm – weighted outcomes that are so great, as delivered by disaster, that holding them in abeyance through prevention wasn’t some part of a plan; it is the goal and the whole of it.
Disaster Recovery is old-school, outdated, and dangerous. An almost provocative awareness for potential disasters must now hold sway, with attendant protections for outright prevention of bad outcomes – being that we are in an era whereby technology is not only enabling good things; we must realize that technology’s mismanagement is enabling extraordinarily bad things.
As discussed previously, the oil spill in the Gulf is a timely example of an extremely bad (and ongoing) outcome as delivered by technology. Technology allowed us out there, down there, and caused the opening of the oil field to the ocean.
To appreciate why DAPR is necessary, and to fully appreciate what it is, we must first completely understand it’s counterpart: IDRU – Inadequacy, Disaster, Runaway, and Unrecoverability. We debuted that term in the last post – let’s examine it in more detail and also provide an example that any person, whether “IT” or “Business,” can readily understand. This may help you examine and discuss your environment and potentials with your counterparts. IDRU is:
Inadequacy: Inadequacy is manifested as lack of awareness, lack of planning, lack of action, lack of results, and dire consequence. On a local scale, we’re aware of inefficient, ineffective, and inadequate attention, inadequate business, and inadequate technology (or use of it), leading to poor business outcomes.
We needn’t belabor inadequacy’s national influence: in America, we’ve achieved a large yield from inadequacies. Ready examples exist from both natural and man-made harm: the loss of New Orleans (through Katrina and neglected levees), and 9/11, respectively. The Gulf oil spill is the latest disaster. On an organizational level, the news is full of data breaches and harm to business…
Disaster: Today, disaster can manifest itself as a relatively new phenomenon: an individual, or small group of individuals, can dispense catastrophic harm through the actualization of Nuclear, Biological, or Chemical elements (NBC). Because relatively small groups now can possess a formerly disproportionate amount of power to harm, already possess the will to harm, and can exploit inadequacy on the part of those they desire to harm, we have a prevailing threat of disaster.
Beyond NBC, there are new threats of disaster so monumental, that their prevention is not just some measure of abeyance in the style of a 9/11; their prevention is necessary to deny a state of total Unrecoverability. A massive, generalized state of Unrecoverability has to be of overriding concern to the collective Business-Technology Weave, of any Nation, group, endeavor and person. Consider IDRU from the perspective of EMP: Electro-Magnetic Pulse. We will discuss that in some detail in an upcoming post.
Runaway: A simple analogy will serve: You are the driver of a car. You are speeding on a wet and winding road. There are signs, and they are warning: one gives the Speed Limit. One indicates Slippery When Wet. One indicates Dangerous Curve Ahead. Given the nature and conditions of the road, you should have an adequate awareness of danger, and you should have enough information to take action: to slow down, to drive with care, to prevent a bad outcome.
However, you fail to do these things. Your attention, concern, and actions are inadequate. You fail to imagine and plan for the contingency that soon happens: you cannot make the dangerous curve; you break through a guardrail; and you begin a plummet down a cliff. Your predicament was preventable, but now this, for you, is disaster.
But – you yet have ‘systems’ at your disposal. You mash the brake. There is no effect. You turn the wheel to the left, to the right – again, your action has no effect. In fact, your fall accelerates. You pull the emergency brake. You are in an emergency and beyond: You are in a condition of Runaway. You, and any action you take, are irrelevant to an inevitable outcome. It is, simply, too late.
Here, prevention wasn’t some part of a disaster plan – it was all of it. Once you begin Runaway, there is no meaningful action to be taken, and – regardless of remaining plan – no executable part of a plan that contains any meaning.
Unrecoverability: Once you’re in the zone of an inevitable bad outcome, you are in a position of Unrecoverability. Our car is in a Runaway condition, and the car and its occupant are now Unrecoverable – they will be smashed and killed, respectively.
Today’s Business-Technology Weave, and any measure of it, is susceptible to unrecoverable situations. Many companies mount expensive core business applications, platforms – so-called “solutions” - only to find them to be poor fits; often it’s an extremely expensive “wrong turn” and you’re through the guard rail heading for a business crash. I would imagine that any reader here has an example.
Ah, but there is hope. Stay tuned…
June 14th: On this day in 1834, Sandpaper was patented by Isaac Fischer Jr. of Springfield, Vermont
June 10, 2010 6:35 AM
Posted by: David Scott
BP gulf oil spill
, BP oil spill
, business continuity
, contingency plans
, disaster recovery
, gulf oil spill
, IT plans
, IT policy
, risk analysis
Let’s examine new scales of risk, weighted outcomes, and what must be done in the face of escalating catastrophes – as delivered by ever more powerful technology. Over the course of this post and the next two, we’ll fold an examination of BP’s crisis (and ours) back down to the local organization, and what you can learn and do in preventing bad outcomes and in making fast, efficient, recoveries from the truly unforeseen. To help us, let’s consider the biggest news item of the day – indeed the past month and a half.
This week, the Administration in Washington decided to allow more drilling in shallow water (500 feet or less). New regulations are in effect, and newly require:
The CEO of the company must certify that a rig and anything happening with it meet all Federal standards. A professional engineer must be hired by the company to certify that the blow-out preventer works [DS – a blow-out preventer is a device to stop a leak once one begins; details did not include whether the “professional engineer” had to be an independent consultant, or merely someone who might be an insider; the next requirement would seem to indicate the latter]. Requirements also include third-party verification for the status of all blow-out prevention mechanisms. (Source: Fox News, The Fox Report with Shepard Smith, Major Garrett reporting, June 8th,2010).
Almost two months late and a few dollars short.
In seeing the recently released high-resolution video of the leak, James Carville said, “…this is a matter of national security; the Louisiana coast is being invaded right now… literally we’re under invasion from this oil. And I’m waitin’ for somebody to say, ‘Hey, we’re gonna fight ‘em in the estuaries, we’re gonna fight ‘em on the beaches, we’re gonna fight ‘em in the bayous, we’re gonna fight ‘em in the bays’… I mean, I’m with the Governor here [DS – Louisiana Gov. Jindal], let’s get this thing cranked up here.” (Source: CNN, Anderson Cooper 360, James Carville, June 8th, 2010).
I believe Carville has been on the leading edge of truly understanding and expressing just how dire the situation is in the Gulf. And at present, the condition is one of Runaway. The leak is in a runaway condition, whereby one of two things is happening:
- No one knows how to stop the leak – or –
- A method of stopping it is known (or at least suspected), but no one has managed to assemble the resources and team(s) that can deploy the method for stoppage.
Either way, BP’s own estimates now are that they’re capturing 15,000 barrels of oil a day from the leak. This leaves as much as 10,000 gallons yet flowing into the Gulf. This is a factor of 10 in terms of the original estimate for the leak (1,000 barrels/day) – after a nearly two month effort of containment. The situation is a catastrophe and its true scope and future impact are yet unknown.
What can Business and IT learn from this? In looking at certain outcomes from disasters, we can recognize that prevention is not some part of a Disaster Recovery Plan, or Business Continuity Plan – it is the goal and the whole of it. To further illustrate what we mean: During the Cold War between the old Soviet Union and the U.S., a defacto policy of MAD – Mutually Assured Destruction – held a nuclear exchange and total destruction at bay. There’s not likely much of a recovery plan post-apocalypse. Prevention was the goal and indeed whole of the plan – the great driving motivator that influenced all subsequent activity. An extreme example, to be sure, but a potent one nonetheless.
I’d like to introduce two concepts at this point that serve the local organization (and would have served BP) quite well: IDRU (id-roo) and DAPR (dapper).
IDRU is Inadequacy, Disaster, Runaway and Unrecoverability.
DAPR is Disaster Awareness, Preparedness and Recovery.
In the case of the BP Gulf oil spill (which is a yield of a failed weave of business and technology), IDRU is presently at play. There was an Inadequacy of awareness and respect for true risk and condition (given the present outcome, and well-reported disagreements on the rig concerning conditions and risk, there can be no argument regarding inadequacy here). We have Disaster (again, no argument). We have Runaway; certainly a runaway condition of spillage is occurring – when humans desire a stoppage of oil leaking into the Gulf, and the flow remains to any degree, we have a runaway condition.
That brings us to a very scary prospect: Unrecoverability.
The Gulf will be “cleaned.” At what cost? To what degree of “recovery”? How, and how long, will fish and wildlife be contaminated – and to what intensity? Will anyone eat seafood caught in the Gulf in the next two years? Five? 20? I don’t think anyone can say with certainty at present. It is truly frightening for anyone who examines the core problem and the tangential effects.
Disaster Recovery – even if perfectly mounted according to human capacities and limits – and associated concepts is not really sufficient here. DR must be supplanted with DAPR. Disaster Awareness – true appreciation for the scope of a potential disaster – and preparedness in the sense of prevention (where and as truly possible) is now necessary in an increasing number of arenas. Yes, there remains a recovery posture for the truly unforeseen; whether accident or deliberate events of harm. But a new standard of awareness and preparedness in terms of prevention is absolutely essential, given business’ reliance on technology and technology’s vulnerabilities in an imperfect world. Humans can’t be perfect either, but their record had better improve fast given the realities of The Business-Technology Weave.
It’s easy to look backward and make a couple suggestions: BP could have shrouded the whole mile-long pipe, blow-out preventer, and well-head in another outer pipe and dome. Why didn’t they? Expense. However, as my father would have said, “Cheap at twice the price,” given what BP will end up paying. Why not an automatic simultaneous relief well (presently being mounted) for deep water drilling? Again, cheap at twice the price. In these cases, it’s not just risk that must be evaluated against the bottom line – the scale of an outcome must weigh into measures of protection and prevention.
Again, a tenet of The Weave is paramount: In the realm of risk, unmanaged possibilities become probabilities. (Note: We’re not taking issue with deep water drilling vs. shallow drilling that is often prohibited due to environmental regulation. Our examination is based on the empirical, the observable and meritorious argument; not politics or preferences. Deep water drilling happens; preventions must be ultimate; lessons must be learned and applied).
For those at the local organization, you must think anew and bring fresh perspectives to assessment for potentials, scales of outcomes, and cost-benefit for outright preventions. IT folks are going to bear the burden for making these examinations – they naturally lead business counterparts in assessing vulnerabilities to The Weave from technical perspectives – and even from the human perspective (in terms of errors, inadvertent or deliberate harm to content, process, systems, etc.).
I actually sympathize with BP a bit. They are in the middle of an extreme catastrophe – as are the affected people in the Gulf. I believe IDRU and DAPR would serve BP, and other “potential BPs”, quite well. If the concepts serve you, that is good.
And this brings us to the next post… stay tuned.
June 10th: On this day in 1910 Howlin’ Wolf (Chester Arthur Burnett) was born.