Business is increasingly sophisticated.  Business is routinely conducted twenty-four hours a day, seven days a week.  Organizations are increasing their global outreach.  Travel no longer means that people are “out-of-the-loop.”  As people can stay connected to their work they often find, or at least feel, that they must stay connected.  The requirement for effective business and information systems, their proper utilization, and the pressure for the most return possible has never been greater. 

As we consider the increasing requirements for immediate access to data, the security of data, the management of data’s content (that is, the treatment of business information as a leveraged advantage), and the growing demand for time in maintaining the highly technical “back-end” of business information systems, we realize that we face an increasing risk to a most important asset.  At risk is business information itself – or business intelligence – and its effective management and use.  In addition to the business reliance on steady information, we must realize too – whether factory, farm, hospital, distribution point, port, Fortune500 endeavor, volunteer group, sole-proprietorship, etc. – that operations, process, production and delivery are increasingly or completely dependent on technology. 

Everyone must gain a thorough understanding for managing the combination of business and technology now, and for what is coming in future burdens.  To illumine the problem another way – without a remedy to current inefficiencies, the divides of communication and understanding will compound exponentially during the coming demands of any business-technology environment.  With accumulating vulnerabilities, not always readily seen, you can face a very real danger to your continued business existence.

At the same time, whether it be core mission-critical business applications, association management systems, accounting systems, e-mail systems, content management systems, shelf applications, etc., all organizations are challenged to implement, upgrade, or change outright these systems on a periodic basis.  There is an ongoing requirement to expand systems’ capabilities for services and deliverables while sustaining support of daily business operations. 

The “fruits” of this technology, for example the ability to mine, analyze, and deliver data in providing useful information to Business with accuracy, speed, and efficiency, is not only desirable, it is an absolute necessity.  In tandem, you need an attendant, informed, user class that can leverage technical business tools and their output for maximum effect.  For organizations of today it is now your business to jump, perform, and deliver with an immediacy that wasn’t necessary ten years ago – or even five. 

Organizations also must anticipate and build accommodation for whatever the future of business holds:  Changing markets; new products; faster deliveries; improved services, increased competition; and rising security challenges.  In the case of governments and aligned agencies (with mutually reinforcing and united missions) there are new and emerging requirements to work together.  Their objectives and success in achieving them affect safety and security of entire nations.  We can fairly ask:  Will government achieve the necessary agility in responding to the accelerative change of threats? 

For all of these reasons, we realize that we must emplace a culture that supports ultimate outcomes.  In your organization, craft a culture that fosters and encourages open discussion regarding business and technology. 

As possible, leave the normal “box” of your routine day, your desktop… step back from the day-to-day and near-term focus:  Solicit ideas, listen, speak, and contribute – in maximizing your own, and your organization’s, present use of systems.  Be a contributor in securing them, and in progressing them to the best future possible.

NP:  Unit 7, Wynton Kelly Trio, jazz24.org

Not to sound too forward-thinking, but McAfee just released an interesting report:  In the Dark:  Crucial Industries Confront Cyberattacks.

It’s rather amazing that whole industries, as well as the entities that populate those industries – large, medium and small business – are lagging in the face of crucial threats.

Those threats not only comprise cyber war, cyber attack, and even “inside jobs” mounted by dissatisfied employees, or preventable breaching incidents manifested through human error, but also enterprises face peril from large-scale threats to infrastructure as manifested by terror attack or destructive weather events.

Consider a pre-Katrina business in New Orleans.  Yep – be sure to lock those doors, set the nightly backup, and while we’re at it, let’s minimize all the single-points-of-failure elements we can…  In the meantime, all that care and concern – and business –  washed away in the comprehensibility of a flood  because no one heeded the warnings about under-spec’d levies.

What of sole-proprietorships?  Given all the tornados in the mid-West at the moment, what is a prudent plan for business continuity if the house blows away?  Life does go on… and so must business.

I felt the gap between awareness for potential of large-scale bad events (both internally sourced, and external), and solid security postures, even in Fortune100 environments.  Here, you might expect best awareness and allied practices, but no:  Often, the business element, IT’s governance, would be unwilling to engage, and then only grudgingly make budget available for the thinnest of security standings for recoveries.  It was a vulnerable feeling, I must tell you.

I like to think that I’m a little ahead of the pack.  In the last chapter of I.T. Wars:  Managing the Business-Technology Weave in the New Millennium (Ch:  What’s at Stake) I discuss large perils to enterprises, and what the “local” organization (that is, yours) should begin to think about doing.  I propose regional BizSec teams (business security), comprised of leading minds from a variety of regional organizations.  Solutions always start with discussion by proactive people…

It’s something to think about doing in this, still, new millennium.  Stay safe!

NP:  Blue Rondo à la Turk.  Jazz24.org.  Brubeck – ‘nuff said.

Back in the days of my misspent youth, as CIO in a Fortune100 environment, one of my more favored positions was leading IT for a “perception management” company.

Perception Management was this firm’s rebranding and widening of the established Public Relations schema.  I rather enjoyed it and found it quite interesting.

Perception Management is extraordinarily important in this age of social networking:  Both in terms of personal SN and business:  Many businesses, particularly small and medium business (SMB) are utilizing SN because it is efficient, inexpensive, and readily available – easy access; easy setup.

We discussed a particular case of personal peril a couple posts ago, and – if you scroll through the history of this blog – a fair number of other SN perils and outcomes… essentially involving people saying embarrassing things about themselves or others, and being outed for it.

But now there are perils involving livelihoods and professional standing.                         

Courts personnel, lawyers, and other associates are now perusing jury pools’ members for biases or relationships that may taint and jeopardize the outcome of trials.  In some cases, attorneys have found actual relationships between seated jurors and defendants on trial!  This is solid grounds for dismissal and retrial – and that has happened.

Further, reviews of SN pages by folks with legal standing have uncovered information about illegal activities – sometimes resulting in arrest and prison. 

But of perhaps a more mundane concern to the professional readership here:  Hiring authorities are now perusing SN sites, simply taking names from resumes and Googling, Facebooking, and YouTubing around, and seeing what comes up.  And often, what comes up is… well, interesting.

You can certainly glean an assessment for someone’s maturity, their gravitas, and likely their overall suitability for any specific job from their SN postings, their friendships, their hobbies, and whatever else occupies their time and fancy.  And do you know what?  There ain’t a thing you can do about it.  Should you be screened from a job for something a potential employer saw online – you’d never know.

You could even be competing for a promotion at a present place of employment; it will become increasingly likely that HR and the manager up the line will review your online standing and presence along with internal performance reviews and documentation.

For the aforementioned SMB:  If you are using the ready-network of SN – with its undeniable enablement of business – ensure your folks are not blending “friending” with “businessing.”   That is, bleeding the jocularity and questionable taste of interactions between friends, and bringing that informality to the realm of business.  It’s easy enough to do when switching back and forth.

Perception Management:  Manage how you want to be perceived.  More importantly, be the person you want to be understood as being. 

Make certain your business adheres to proper protocols and styles of communication too.  Survey what is being done in the name of your domain.

Have that accurately reflected in all that you do online – in controlling perceptions.

March 31^st:  On this day in 1963, Los Angeles ended streetcar service after 90 years.

I don’t do this too often, but I’d like to recommend a specific whitepaper from ArcSight (Full disclosure:  I have no reciprocity with them whatsoever).

It’s available here, and requires registration.  The paper is  World-class protection for the mid-size organization.

The paper makes valid, timely, points that in a networked world, we suffer threat – if not outright breaches – from malware, viruses, etc.  I can throw in malicious botnets, human error, mistakes in judgment, and so forth; all the while, organizations face increasing regulation and associated penalties.  The vulnerabilities mount – and will continue to mount.  Velocity of risk, anyone?

The article mentions, likely accurately, that most SMB (small-and-medium-business) do not have large dedicated security staffs – and what security staff does exist, is declining.  And yet, the SMB enterprise has the same security burdens as their “larger brethren” – the securing of financial information, private customer data, intellectual property… et al., with the same legal and compliancy responsibilities.

I agree with all of that, but I offer something a bit unique (and have done so in the past, and will continue to do so).  Make everyone in the organization a security officer.  Technically, not an actual Security Officer, but rather people with an elevated awareness of security in general, and with specific knowledge of your organization’s security expectations, practices, regulatory burdens, and so on…

Can you do that?  Is it possible to train employees to elevated standards of security?:  To the focus, activity, care and results of strict security practices and measures?

The answer is not only “Yes” – the answer is  “You have no choice.”

For small business – where money is tight, tight, and also oftentimes tight – find a smart, dedicated and ambitious employee to take on Security as an Additional Duty.  Have that person develop a training plan, for awareness and prudent activity, as a start.  Then, begin delivering Security Awareness Training – find your “affordable” schedule… monthy?  Quarterly?  Semi-annually?  When and how often can you spare people for training attendance?

For medium business, you really need a dedicated security person, or personnel, with the attendant training and awareness.  Larger enterprises already have an infrastructure of a department and associated activity – or you’d better, if you have any clue at all.

But for SMB and large enterprises, the most provocative idea is to make everyone a security officer:  It becomes second nature for employees to screen every activity through a security prism:  “I’m about to send information:  To whom am I addressing it?  Are all authorized to see it?  Is my conduit for transmission secure enough?”  Just as one qualifier of one activity…

Train every employee to have this regularized assessment going on for all activity, all handling of data, every customer touch, every vendor interaction, etc.

Today, the more complex and comprehensive the enablement, the larger any vulnerability’s window and subsequent impact.  With new velocity of risk, scales of harm, and delivery of harm, whether deliberate or through human error, problems manifest with much more wide-spread impact. 

Vulnerabilities must be managed, in providing protection from harm:  In the realm of risk, unmanaged possibilities become probabilities.  Probabilities always manifest.

Today’s total business reliance on comprehensive technical enablements requires provocative protection.

NP:  Swinghouse – Gerry Mulligan / Chet Baker – Jazz24.org

[Please read a couple posts just prior to this one for context]

When examining these definitions and considering the people you work with remember that, from IT’s vantage, there will be circumstances whereby individuals will occupy, or shift into, a different class at times.  For example, I was once tasked to provide someone to our company president for computer training.  He wanted to “get more out of his PC.”  In this circumstance the president became a WorkOn for IT (since we ‘worked on’ him by training him to standards we set), as well as remaining our WorkFor (in that we still ‘worked for’ him in the larger sense). 

Because all training requires challenge, we had to be aware of our limitations in challenging him– because of his primary occupancy in our WorkFor class.  Remember too that people in positions of power frequently feel vulnerable when they confess an ignorance or need.  Being mindful of these things in this circumstance, whereby the trainer has knowledge (and therefore a small power advantage) over the president, allows us to be mindful of special sensibilities and discretions.   

Next, we’ll employ the “power prism” whereby we’ll view the circumstances and shifts that bring individuals into other classes.  We’ll see how this understanding is necessary for a true optimization of relationships and performance.  These shifts are ongoing in the change continuum – and therefore their influence and required management is continual. 

Let’s provide the definitions for the classes of folks we talked about in the prior post (please refer to that if you haven’t yet read):  There are three classes of people the successful IT leader must manage – in the organization at-large:

     Those you work on:  The first group is those people in the IT department reporting to you, an IT leader.  This is the group of people that you formally manage, appraise, mentor, coach, reward, and discipline.  This group also includes vendors and contractors, for while they don’t report directly to you as their employer, they are subordinate to you.  They do report to you within the scope of a project or service agreement.  You indeed rate their work as feedback to their employer, and you even hire and fire these people for and from whatever endeavor they are supporting.  From here on, let’s indicate everyone in this group as WorkOns.

     Those you work with:  The second group is IT’s fellow managers and business staff – co-workers with whom IT has no direct formal control from a management standpoint.  In keeping with our syntax, these folks are WorkWiths.  

     Those you work for:  The third group is those people who occupy hierarchy in the organization above IT; those who directly and indirectly manage IT.  These are IT’s direct supervision, the governance team, the senior executive class/directors/managers, boards, and any other authorities with influence.  Hereafter referred to as WorkFors.

Given these recognitions, how do we leverage them?…

Spike Jones may have said it best:  People are funnier than anybody.

People are our biggest challenge, and we should know this.  Let’s help everyone – Business and IT alike – understand the special nature of the IT challenge when managing people.  Not just their management of “IT people,” but the effective management of IT’s relationship to everyone around them.  We’ll also get around to looking at the special challenge from a Business perspective.  For now, let’s talk about the IT leader’s challenge – be that person a vice president, chief technology officer, chief information officer, director, helpdesk manager, network manager with administrators, etc. – any IT leader will benefit from this discussion.  Just as importantly, each Business person will benefit from the awareness we establish here. 

Any organization and each supervisor requires proper management of those around them to achieve ultimate success.  Let’s look at that in a little detail.  Here, we’re going to propose that IT manages three classes of people – of equal contribution, of equal importance:  These are people that IT works on, those they work with, and those they work for.  Classifying people this way will yield some interesting relationships.  We’ll also talk about a “power-prism” – a device we can look through and rotate.  The prism will have facets that expose how different issues or circumstances appear to change the class occupancy for any given individual – by exposing the dynamic of their power and ability, or lack thereof, in each of those circumstances.  In the continuum of change, this prism is a powerful, virtual, “device.”  The resulting awareness (that regardless of an individual’s formal standing, circumstances can cause the individual to shift class on an informal basis) will allow us to recognize a person’s behavior, reasons for it, and any negative influence on engagement. 

Behaviors can be influenced by feelings of fear, vulnerability, or power, for example.  If we can recognize these feelings and their cause, we can then adjust our treatment of persons for ultimate outcomes.  Too, we can assess ourselves for these shifts and protect ourselves from imprudent behavior or action.  Recognition of these shifts can be a powerful tool in managing your relationships in the Business-Technology Weave. 

Upcoming, we’ll classify people for you, the IT manager, so as to match their formal standing in the organization’s hierarchy:  The WorkOns, the WorkWiths, and the WorkFors.