Apple has chosen a side when it comes to consumer privacy.
With the new iOS 8 now encrypting data stored on iPhones, Apple has signaled it’s on the side of consumer privacy. The decision makes sense for Apple, as it moves from being a device company to big time collector of consumer data with its Apple Pay and HealthKit products.
As these and other wearable products take hold in the consumer market, they will make their way into the enterprise and up the ante on the CIO’s challenge: protecting corporate assets and protecting employee privacy.
Given the recent celebrity selfie leak, I’m not sure how much work Apple has in store before it can bank on consumer trust. But CIOs, it seems, are facing an uphill battle. As Associate Site Editor Fran Sales reports in her Searchlight column this week, the results of a survey by MobileIron, a mobile solutions provider, show that there is a trust gap between the employer and employees; and it is by no means small.
Some advice? Ojas Rege, vice president of strategy at MobileIron, suggests revising privacy policies and communication, and to simply assume that every mobile device, whether corporate-liable or employee-owned, is used for both personal and corporate reasons.
In other news this week, Home Depot’s lack of security oversight may have facilitated the hack that happened earlier this month, IBM is launching a cognitive tool using Watson supercomputer, Jolt is looking to launch a clip-on wearable fitness monitoring tool and more in this week’s Searchlight
When it comes to figuring out the value of using the cloud, Forrester Research analyst James Staten advises doing the analyses around the business problem you are trying to address — not around the cloud service you are thinking of using. Makes sense. At SearchCIO we often hear from IT and business readers that the value of technology can’t be toted up in a vacuum but in the context of the business — its market, its customers, its competitors. But how easy is it for CIOs to do that? Not easy at all, according to Staten. That’s true even for what might seem like simple scenarios.
Consider the cost analysis for going with a SaaS application for mobile devices versus developing the app in-house, Staten said. “SaaS applications typically support the latest mobile devices within three weeks of the mobile device coming out.”
The CIO could start by determining how fast the IT organization could deliver the same applications. Let’s say it would take the IT department nine months to develop the apps.
If the business has a good understanding of its financial model, then it would be relatively straightforward to figure out how much money the business would make by being ready for a mobile device in three weeks versus being ready in nine months. But what if the internal IT department wants to be a contender for that app business by changing its delivery mode?
“If you have to do the analysis of ‘Ok well let’s say that we can speed up our internal process by moving to agile [software] development’, now we’re probably talking about an incredibly tough financial analysis,” Staten said, referring to the methodology of developing software in iterative, good-enough chunks.
Staten explains that this analysis requires an IT organization to know what the move to agile development would entail in process and people costs. I imagine the CIO would also want to calculate the long-term benefit of moving to this methodology, in addition to the immediate costs.
But there’s another problem. Turns out, it is not so straightforward to calculate the value of being early to market. “A lot of the costs here are soft, meaning they don’t have bottom line financials behind them. Few companies know how much it costs them to be slow to market,” Staten said.
Indeed, Staten said that cloud analyses of this ilk are often one-offs. In other words, the analyses are customized to the particular application or use-case for an enterprise.
“If you have an application that is highly elastic like a webpage that’s going to change all the time, that’s a very different analysis from ‘We moved our ERP system to the cloud.’ You would get a very different outcome,” Staten said.
And guess what? “[The] people that tend to be the best at this work are the global system integrators and global consultancies,” such as McKessan, McKinsey and IBM Global Services, Staten said. So much for saving money.
Let us know what you think about the story; email Kristen Lee, features writer, or find her on Twitter @Kristen_Lee_34.
You might think the big news this week is Apple’s unveiling of the iPhone 6 and Apple Watch. And you’d be right. Almost.
For CIOs, the news is not about the devices, per se, but what these (by most reports) wonderful new gadgets portend for enterprise IT. As SearchCIO Associate Site Editor Fran Sales reports this week, experts believe the devices will force CIOs to upgrade their mobile strategies.
Take the Apple Watch. JP Gownder, a Forrester analyst who focuses on wearable technology, thinks the device’s health and fitness tracking features paired with its retailers and healthcare providers makes it “a value proposition that’s different from simply pulling a phone out of one’s pocket.”
But here’s the really interesting point. Gownder thinks the market for wearable devices in the enterprise might eventually overshadow the consumer market. Astounding, if true.
The iPhone 6 will make its own waves within the enterprise world. CIOs will have to think about apps for iPhones with larger screens; they will also have to contend with the fact that Apple’s expanded ecosystem of partners brings a more seamless experience to users.
As Sales put it, Apple is reducing the friction between between technology and humans — again.
In other news this week, AT&T has a new CIO; experts say Home Depot’s payment card breach may have exceeded Target’s breach; 5 million Gmail addresses and passwords have been leaked, and more in this week’s Searchlight.
As director of information security at Western Union, in charge of emerging technology and cloud security, David Levin has a deep appreciation of the risks attendant to cloud applications. He also recognizes that workers are under tremendous pressure to deliver results, and if a cloud application helps get the job done, they don’t hesitate to deploy it. The security organization at Western Union, headed by CISO Mike Kalac, didn’t want to play the heavy when it came to the cloud computing habits of the company’s 9,000-plus employees. “We understand that people want to get access to certain information to do their jobs,” Levin said. The challenge was how to help business users take advantage of the cloud without putting the wire transfer giant at undue risk.
First steps: cloud discovery
To get the word out to departments that Infosec was prepared to help the business leverage cloud services, the security team created the WISE program — Western Union Information Security Enablement. “The program is geared toward implementing solutions that make people’s lives better and more productive,” Levin said — in a wise, not reckless, manner. That required ferreting out the cloud applications that could potentially put Western Union at risk. “Part of the WISE program was to identify what cloud applications people were using and how they were sharing Western Union data.”
To that end, he turned to Skyhigh Networks, one of a new crop of cloud-based security and analytics startups. These tools help companies discover and monitor internal usage of cloud services (sanctioned and unsanctioned), assess the risks posed by the cloud services, and enforce policies that mitigate the risks. Rather than simply blocking usage, however, corporate enforcers — in this case, the security team working closely with Western Union IT — use the security tool to assess safer, (and here’s the hard part) equally effective alternatives for users.
Use case: MFT
Levin declined to specify how many rogue cloud applications the Skyhigh tool discovered, except to say that it was in line with the vendor’s widely publicized number (700 to 800 on average for enterprises). The first rogue cloud service Levin’s team tackled was managed file transfer— or rather, unmanaged file transfer. The number of vendors out there providing this service was “shocking,” he said. As the Skyhigh tool showed, many of those software as a service vendors operate with no terms and conditions and have data centers in countries that pose a security risk. Levin leaned on IT to help find and test an application that was as painless to use as, for example, a Dropbox, and that integrated well with other enterprise applications; security ultimately chose Accellion as its file-sharing platform and identity and access management vendor Okta for a single sign-on solution that gave users access to all corporate-sanctioned cloud applications.
“We didn’t make it challenging for them; we gave them solutions we really thought were next-generation and they took to that,” Levin said. “In a few months, we had several thousand users using it.”
IT roadmap: room for improvement
The Accellion platform, combined with the Okta interface, had another positive effect, besides more secure file transfer. “People don’t have to call the help desk and ask, ‘How do I send a file that is bigger than such-and-such?’” Levin said, referring to those employees who were not sidestepping IT.
Skyhigh’s ability to identify risky rogue cloud applications has also given security and IT a roadmap for improvement.
“We have learned how most of the organization is using infrastructure as a service, where they are leveraging some of the collaboration suites and project management [platforms]. These are all areas where, if we could do a better job of supplying them with next-generation technologies, they wouldn’t have to go out and find something else,” Levin said.
In addition to using the analytics tool to ferret out and assess shadow IT, the security team is using the tool to help vet its current vendor contracts, Levin said, including whether certifications are up to date and service levels are being met. “Some of that data feeds into our risk management program, which is world class, and then we don’t have to send them a 20-page questionnaire because we already have the information.”
Next-gen security tools
The data analysis delivered by the tools also helps with building a case for next-generation security tools, Levin said. Western Union suffered a breach in 2007 and again in 2013 when its website was down for maintenance. After each incident security gained “visibility at the board level,” Levin said, and his team has a seat at the table when the lines of business make important decisions that involve information technology. “We try to embed ourselves from the beginning whenever possible, so that when decisions are made, we are guiding the along.”
That said, the security threat keeps growing, fueled in part by the employees’ need to use whatever technology they can to get the job done faster. Plus today’s malware is “very effective, and it is evading a lot of older technologies,” he said.
“Five years ago, it was all about prevention,” he said, “Now the new security tools are moving more toward better reactive systems, because there is no silver bullet; you just have to be well prepared.”
Do you know why Germany won the 2014 World Cup?
According to Qazar Hassonjee, VP of Innovation at Adidas Wearable Sports, the victory is due in part to Adidas’ miCoach Elite Team System.
The miCoach Elite Team System is an ecosystem of various technologies that includes a smart shirt with sensors, a heart rate monitor, GPS, speed cell, a smart ball and more. These devices collect and analyze data about players and the team, allowing coaches to see where their players are on the field, who may be tired and need a rest, who could push it harder, and how training is affecting their players’ bodies.
In order to win, Hassonjee said, it’s not about training harder or longer or faster or stronger anymore. It’s about understanding players’ strengths and weaknesses and tailoring game day strategy to those data points.
But, as Hassonjee said during his presentation at this summer’s Gartner’s Catalyst Conference, before any of that could happen, he and his team at Adidas Wearables first needed to understand the needs of soccer coaches and their players. And the needs were seemingly endless, from obvious conundrums such as how to gauge fatigue to more arcane questions.
“Some of it was like ‘I want to increase the length of athletes’ career’ right? Or ‘I want to bring a rookie in and bring them up to speed much faster,’ right? Or ‘I want to prevent injury’,” Hassonjee said. “So there are a lot of different applications.”
Right. But ultimately everyone wanted to win more games. So the next step for Hassonjee’s team was to probe, “What does winning a game mean?” he said.
In order to figure out the answer to that question, Hassonjee said the back and forth with coaches and teams was essential.
“There was this iterative process in understanding what they really want,” he said. Hassonjee and his team would create a prototype, bring it to the teams to use, receive feedback, and then tweak the product.
One concern many players and coaches had was that the miCoach system would just dump more data on them, causing them to spend precious time figuring out what the data was saying instead of training their teams.
“In each and every case, nobody wanted to make their life more complicated,” Hassonjee said. It was up to Hassonjee and his team to create a system that devised a way to break down the data so that the coaches would be able to understand it right away. “You’re delivering the insight, not the data. Nobody wants more data.”
How exactly the Adidas Wearbles team uncovered those insights is another story.
So how did Germany win the World Cup?
“It’s not about how hard you train, it’s about how smart you train. How do you do that? You do that by bringing a whole suite of systems together where you’ve got things that capture data,” Hassonjee said. “You have the analysis of the data, you’ve got the insights of the data.” Right.
Let us know what you think about the story; email Kristen Lee, features writer, or find her on Twitter @Kristen_Lee_34.
What is there for CIOs to learn from the hack of the celebrity nude selfies and the global exposure of these private naked images? I wish I knew. In this week’s Searchlight news roundup, Associate Site Editor Francesca Sales interviews one business expert who advises CIOs and their companies to strike while public outrage is high (if not universal). They should use this media moment to shake up a cloud culture that puts expediency before data security.
That means putting pressure on Apple and other cloud companies to do a better job of protecting customer data. “It will take companies, especially the bigger ones that have large purchasing power, to say, ‘If you don’t get this fixed, we will not use your products and services,'” Kevin Paul Scott told Sales. Who knows? The ugly publicity around this ugly event might actually put some teeth into the threat of a boycott.
The celebrity nude selfie hack also offers CIOs a not-to-be-squandered opportunity to sell employees on the value of information security, Scott said. “When you’re casting vision internally,” he advises, “you have to connect things that you’re asking employees to do with something bigger.” (What could be bigger than, oh never mind.) The incident is without question an object lesson in the value of making up better passwords. And, now it’s not just the old CI-“No” saying so but the likes of Jennifer Lawrence wishing so. Data privacy takes vigilance in the digital age. Between the data we generate and the eyes this data is intended for is the world wide web. That goes for both intimate photos and sensitive corporate data.
So there you have two teachable moments to come out of this online exploitation. Heck, I’d suggest there’s even a third corporate campaign worth waging. If the multi-million dollar business of stealing, trading and selling intimate celebrity digital images tells us nothing else, it’s that certain kinds of digital information are extremely valuable — e.g. images of the beautiful bodies of famous females. It is the responsibility of CIOs and the other chiefs in charge — and their boards of directors — to make it explicit to their employees which types of corporate information are extremely valuable (or embarrassing if leaked), as well as to take the time to spell out the precautions required to protect that information. (Read our stories on the fledgling field of Infonomics — the economics of information — here and here for more on valuing information.)
To be honest, however, I suspect the significance of this high profile breach for CIOs and for their businesses may turn out to be less about “cloud culture” than it is about culture, period. In particular, the incident indicates the complex relationship a younger demographic, my adult children included, has with technology — a nuanced relationship that most of us non-digital natives can’t begin to understand.
The actors involved in this high-profile breach point up just how confusing and mysterious this relationship is. They understand of course that their physical embodiment is a big part of their worth — a commodity to be showcased in performances, exhibited on Red Carpets, used in ads to push products. Professionals who make a living by how they look know that the minute people stop looking at them their careers are over. But why spend your off time capturing even more images of yourself?
Perhaps for them, the physical and digital commodity exhibited in public — sometimes completely naked — is a public self that is less about them as a person than the private self exposed in the virtual images they choose to capture by their phones. And if so, is that true for all the people in this age demographic who take intimate virtual selfies and also store intimate details of their views and life histories in the cloud?
As I said, I wish I knew how to parse this new technology-driven public/private divide. And I’m betting the oldsters running companies these days wish they knew too.
Have you joined the wearables race yet? If you’re a CIO and you haven’t yet, you might want to get on it. Apple, Nike, Ralph Lauren, Under Armour, LG, and Samsung certainly have.
CIOs should be jumping on board too. And Gartner’s prediction that wearable devices will be a $10 billion dollar market by 2016 only backs that point up, Associate Site Editor Fran Sales reports.
Scot Koegler, an independent tech writer, said in a blog post: “There are initiatives that companies need to consider as they prepare for the wearable onslaught — whether that means proactively planning for their integration in organizational practices or actively restricting their use (at least for the time being).”
But, don’t go it alone, Sales said. She adds that the business needs you and you need the business when it comes to figuring out this next wave of mobile technology in the workplace. So be ever-present at the IoT table.
In other news, there’s been another high profile hack. Didn’t I tell you hackers are persistent? This time, it’s JP Morgan and other US banks who have taken the hit and many suspect the Russians. The FBI is on the case. Also, Jawbone’s UP fitness trackers picked up on the recent 6.0 magnitude quake that hit Napa and showed how the quake affected UP users’ sleep patterns; plus, Dropbox and other online storage sites are scrambling to change their business models as rivals like Google and Amazon drive their costs down and ever closer to zero. That, and more in this week’s Searchlight.
If you want to know what the next few years will bring in mobile computing, look to the Vatican, Alan Murray said to a roomful of Boston techies. Up on the screen was an image of St. Peter’s Square during the inauguration of Pope Benedict XVI in 2005, packed with people. Eight years later at the inauguration of Pope Francis, the same scene is emblazoned by mobile devices held overhead to record the event — a testament to the rapid and widespread adoption of mobile technology, if nothing else.
“By the year 2020, almost all of your revenue will come from a product that doesn’t exist now,” Murray boldly predicted. “Mobile is becoming transformative for most people and the way people do business.”
Murray, who heads up the product roadmap at Apperian, a mobile application management vendor, knows how to make an impression. A picture is worth 1000 words; so is a good sound bite. He was speaking at this summer’s Mass TLC Mobile Summit, along with the Jim Whalen, the longtime CIO at Boston Properties, the REIT founded by mogul Mort Zuckerman.
The topic of the session was “Developing an enterprise mobile strategy to deliver innovation and accelerate opportunity.” And the high-level message from both Whalen and Murray was pretty straightforward: Figure out mobile economics now or risk being harmed by a competitor that has.
Murray didn’t just mouth off about mobile disruption. Like the excellent salesman he no doubt is, he came armed with examples of companies that are essentially disrupting their own business models by exploring how they can exploit mobile computing. For example:
- Netflix clawed its way back from near-extinction in its DVD-only days by “embracing new surfaces” compatible with mobile computing, namely streaming; it’s also creating digital content to build customer loyalty and as a hedge against rising licensing fees. (PS: IMHO, the fact that Netflix was shut out of last night’s Emmys doesn’t mean TV and cable don’t view the online model as a threat.)
- Barclays Plc, the British multinational banking and finance company, has taken the radical step of not offering a corporate email address to any employees under the age of 24, unless they request one. The fact that those employees may all end up asking for email accounts doesn’t matter, according to Murray. “They’ve done it to force themselves to think about new ways to engage in a post-email world,” he said.
- Cisco rolled out a mobile app that shortened its sales approval cycle from days to hours.
Whether Cisco’s mobilized sales approval process actually improves the velocity of sales; or streaming content turns Netflix into an entertainment powerhouse; or a no-email policy ingratiates Barclays to millenials, of course, is another matter. At least the business process is not the rate limiter.
Mobile technology trumps human touch
Probably the most vivid example Murray gave was about the skincare brand Clinique, which got a nearly instantaneous benefit from using mobile to disrupt its business model. As its name suggests, the brand, which is owned by Estee Lauder, trades on the notion that its products are therapeutic. The white lab coat worn by the sales people behind its store counters reinforces the brand identity.
The shtick, however, was not playing well with the digital natives, so (with the help of Apperian, naturally) Clinique developed a point-of-sale app called Blue Ocean that interacts with customers by initially asking them to take a survey related to skincare. As the customer answers questions about her skin type and skin care regimen, the back end maps to relevant Clinique products. At the end of the survey, which takes about 90 seconds, the app makes some recommendations on what products to buy.
“Turns out, people buy three times as much product from an iPad as they do from a person,” Murray said.
Technology trumps the human touch? I can understand that. It’s natural to feel the salesperson behind the counter has ulterior motives for recommending certain products. Or maybe we lied to the salesperson, so in turn know that any advice we get is suspect. That the iPad sells more than the human being behind the counter just shows how much we’ve come to trust technology, at least for now.
“Clinique hasn’t gotten everyone in the world to buy through iPads, but it has seen an increase in counter revenue of about 30% and this year rolled out 17,000 iPads across 1300 locations,” Murray said.
Clinique’s counter-side iPad is not just keeping its salespeople busy ringing up orders; IT had to put in a brand new content management system to handle the app on the back-end.
Email me at Linda Tucci, executive editor, or find me on Twitter at @ltucci.
I’m about to tell you something you’ve probably heard over and over: addressing a security breach right away is the best way to mitigate the threat.
Why am I telling you this? Because Heartbleed has struck again. This time stealing 4.5 million patients’ personal data including names, birth dates, and social security numbers from Community Health Systems (CHS), a Tennessee health network.
And CHS is not alone. UPS has reported that their customer’s credit and debit data may have been stolen at 51 of its franchises, with malware being uncovered in the registers at those locations.
Despite the great strides in security and improved defenses, there are still gaps in many organizations’ security systems, Associate Site Editor Fran Sales reports.
Constant vigilance is key, especially since it’s clear hackers are persistent and won’t be letting up anytime soon.
In other news, Microsoft’s former CEO Steve Ballmer is stepping down from its board citing his purchase of the LA Clippers as his motive; many Twitter users are unenthused by the companies experiment of injecting tweets into their timelines from users they don’t follow but are deemed “popular or relevant”; Facebook is taking a stand against fake-news by labeling parody news sites such as the Onion and The Daily Currant so there is no confusion — and more in this week’s Searchlight.
I’m going to go out on a limb here and say nobody likes to be unknowingly spied on. So when Edward Snowden broke the news that the National Security Agency was looking at and collecting people’s private information, the public at large was not happy. But data privacy is an issue that poses a particularly sticky challenge for CIOs.
As CTO Niel Nickolaisen asks in his piece on the digital footprint and whether it’s a boon or bane to business, “How do we each manage the two sides of digital tracking? Do we prefer privacy over the clear economic value of customer intimacy?”
It seems some vendors like SpiderOak, a service that allows users to privately store, sync and share their files, are coming down on the side of protecting customer data. The service encrypts stored information, Associate Site Editor Fran Sales reports in this week’s Searchlight column, and even unleashes a “warrant canary” to subtly notify users that the government has come calling for their info.
For CIOs, however, the decision not to mine customer data is not always so easy: As Sales notes, CIOs are often asked to take their customer’s data and turn that into new revenue streams. But Nickolaisen also predicts there will be regulations in the future that may force companies to choose privacy over profit; as such, he encourages CIOs to start experimenting with potential solutions.
In other news: Cisco plans to cut 6,000 jobs, Google released a diversity report that showed, not so surprisingly, that its workforce (particularly its tech sector) is overwhelmingly white and male, and more in this week’s Searchlight.