“If you’re bringing a chief digital officer inside the company to make the company work more effectively, more productive — that’s the role of the CIO,” said Jim Fowler, vice president and CIO at GE. He was speaking at the MIT Sloan CIO Symposium in Cambridge, Mass., on Wednesday.
The chief digital officer, which shares the initialism CDO with the chief data officer, should be focused on commercial products, Fowler said — “software and analytics that you want to sell outside to your customers” — and how to develop and market those products. “That’s the value,” he said.
Peter Weill, chairman of MIT’s Center for Information Systems Research, said companies that offer innovative digital products and have data connections across services, making internal and customer operations seamless, see a significantly higher net margin than competitors do. “So that’s high stakes,” Weill said in a keynote address at the symposium.
As director of IT, the CIO plays a critical part as organizations make the shift from solely physical products and services to digital ones. But the chief digital officer role has drawn lots of attention, too, with some predicting that many CDOs would eventually replace CIOs in their organizations.
But Fowler’s comments affirm the view that gives the CIO and CDO discrete job descriptions, with data governance, IT security and cost-effectiveness the purview of the CIO and product design and marketing strategy the CDO’s. Celso Mello, CIO at Canadian home heating and cooling company Reliance Home Comfort, analyzed the roles in an article on SearchCIO’s sister site, SearchCRM.
“CIOs have focused on maintaining, improving and sometimes replacing IT infrastructure and legacy systems.” Mello wrote. “CDOs, on the other hand, are about breaking legacy paradigms and using new technology in new ways.”
Distinct — but linked
Fowler spoke about the CIO and CDO in the context of massive changes at his 125-year-old company. At the center of those changes is the “customer experience.” So companies in the market for industrial equipment like gas or steam turbines get machines that “run better, run longer, run more efficiently,” he said.
For Fowler, as head of IT, that means building “digital twins” of those physical assets and hooking them to data and analytics, connecting that with processes running in-house and externally in customers’ facilities.
“The CIO is focused on GE for GE. We have a billion-dollar target of productivity that we have to drive,” he said. “The CDO is focused on turning us into a $10 billion software business.”
Fowler admits that “underneath the covers, there’s a ton of overlap” between the CIO role and the chief digital officer role, and he even reports to GE’s CDO, William Ruh.
“But they are two very distinct roles,” he said. “I think if you’ve got a CDO that’s doing the role of a CIO and there’s a CIO there, a discussion needs to happen.”
For more insights on digital transformation from CIOs at the MIT Sloan CIO Symposium, read this SearchCIO report.
U.S. companies eager to implement robotic process automation — software that automates how humans interact with software — are often fixated on seeing a proof of concept, said RPA technology expert David Brain. And that’s not good.
“I feel bad going to clients and proving what’s been proven several times over,” Brain said. People will automate a simple process that might require one employee and half a spreadsheet and declare success.
“‘Yes, we’ve proved the concept!’ But all they’ve proved is that the technology works. What they haven’t proved is whether there is a business case for automation and will it deliver the scale of improvements the company wants to achieve,” he said. Rather than a POC, companies should insist on POV — proof of value — before embarking on RPA. “That’s the bigger challenge.”
Brain is co-founder and COO of Symphony Ventures Ltd., a consulting, implementation and managed services firm specializing in what the firm dubs “future of work technologies”– RPA technology among them. Founded three years ago, the firm has worked on RPA projects across a broad range of industries and geographies. “We’ve done deployments in five continents so far,” he said.
All work is local
The firm’s projects have also covered a diverse set of business processes. That’s because RPA is not a “process-specific solution,” Brain stressed, but rather the automation of rules-based, manual work not covered by a company’s process-specific technology systems. And that work necessarily varies from company to company.
“You can have five organizations and they each could be running the same ERP system, but the way in which these systems are configured depends on the particular company’s rules and that means there is different work that falls out manually,” Brain said.
At some companies, Symphony experts are called upon to automate the current manual process, using RPA technology to automate the work the same way employees do it. Other companies will want help on optimizing the process first before automating it.
“It really depends on what is driving the business decision,” Brain said. The nature of the work Symphony automates is always rules-based, but those rules can be extremely complex. (The firm has done projects in which it’s taken several months to capture and learn the processes that are eventually automated.)
Proof of value: Five steps
But, whether the RPA work is of the “lift-automate-shift” or “lift-shift-automate” variety, or involves simple or complex rules, companies need to follow certain steps in order to get a “proof of value.” Here is a synopsis of Brain’s five steps for deploying RPA technology:
- Scope the transformation
“RPA is a transformational tool, not a desktop macro builder. Look for pain points within the organization and identify what needs to change. This isn’t just a cost play; rather, it has to do with mitigating the challenges of growing in a linear fashion by increasing the number of full-time employees. For some, it is about improving speed and quality to differentiate in the market. Others are attracted by the insight and analytics that come from consolidating all transactional data into one database for real-time visibility.”
- Capture, map, measure
“The next step is to analyze the business and map processes at keystroke level. To do so, use experts in RPA, as it is important to drill into the areas where configuration will be complex. Standard operating procedures, training materials and system manuals will be great inputs, but not enough by themselves. Have the RPA experts sit with the process experts to map what really happens; afterwards, it will be easier to plot costs and service levels to the processes as a baseline.”
- Analyze and design
“With the scope defined and mapped, identify processes and parts of processes most suitable for automation. Then calculate the time and cost to implement these, as well as the benefits of doing so. Design a target operating model (TOM), which is a graphical depiction of the business structure and processes affected by the RPA implementation; it should detail everything from stakeholders to the applications/systems used by the automation. It’s important to map not just the RPA portions but also the scope of the business to determine how to redeploy resources to drive greater business value.”
- Plan and forecast the journey
“Consider all that is involved in the transformation and don’t underestimate the time required for change management and benefits realization. Create the implementation plan and financial model by looking at the savings and the cost avoidance that this transformation will bring over an estimated three years. Consider the cost of not only implementing RPA but maintaining the solution and updating it to take on additional tasks as needed.”
- Gain sponsorship
“Use the business case, TOM and strategy to get support for prioritizing this transformation. The business case will justify that, usually predicting ROIs of 300% or more.”
Eric Daimler, former White House presidential fellow at the Office of Science and Technology Policy, was surprised that no one at the recent MassIntelligence conference in Boston had heard of Cozmo, a miniature robot that by the looks of it could be the offspring of the two main characters in Pixar’s WALL-E.
Or at least no one admitted to hearing of it. “Come on, it’s on Amazon, for goodness sakes,” Daimler said to attendees. “You need to go out and buy this guy right away.”
Price point won’t be much of a barrier to purchase. At less than $200 a pop, Cozmo is pretty inexpensive — as far as robots go.
But Daimler’s bigger reason for talking up the robot had less to do with the actual technology and more to do with what the technology is teaching roboticists. Cozmo, created by the startup Anki, plays games and pushes miniature boxes around. And, Daimler said, “it’s on the leading edge of robot-human interaction.”
One of the keys to Cozmo’s success is its personality, which Daimler said will be a “useful tool in developing technology.” Cozmo, for example, “learns you and it learns your face and it will, in some really crazy way, try to pronounce your name,” he said. Its eyes help to convey emotion like happiness, confusion and even boredom, accompanied by a distinct sound (think BB-8) and sometimes even movement.
In the next two to four years, Daimler said home technology will have similar components such as face recognition technology and, yes, personality. “If Cozmo misses a block, what it does is it expresses disappointment,” he said. “Imagine if your dishwasher did that.”
Another lesson learned in robot-human interaction is how robots should approach humans. When Cozmo moves toward someone it recognizes, it never turns away from the person. Daimler said moving in a straight line, turning 90 degrees and then moving in a straight line might make sense from a computational perspective, but it doesn’t make sense in practice. “What they found is that people get freaked out if the robot turns away. It’s unpredictable behavior.” Instead, Cozmo “kind of waddles toward you,” he said.
Finally, size, apparently, matters. Cozmo is tiny, the size of a couple of fists. “When it makes mistakes, and it will make mistakes, we’re more forgiving of it,” Daimler said. When the robot is bigger, the stakes in robot-human interaction are higher, and the machine is expected to operate perfectly, he said.
“You can imagine the reaction would be a little different if Cozmo was seven-feet tall,” he said.
Jeff Haskill, the IT security chief at AstraZeneca, is, according to his boss, “a very technical CISO.” Dave Smoley, CIO at the U.K.-based pharmaceutical manufacturer, praised Haskill for his technological background, which includes nitty-gritty IT work and cybersecurity.
While reporting on the collaboration between CIO and CISO and its impact on AstraZeneca’s efforts to move huge tracts of its IT operations to the cloud, I asked Haskill whether he agreed with Smoley. Were his CISO skills technical skills?
“I’ve done about all on the IT side,” said Haskill, who also runs the IT infrastructure team. He was a software developer, worked on servers and installed large networks. He’s also grounded in forensics and many IT security areas.
“The thing is that you can’t stop there,” he said. “You’ve got to go ahead and understand what the business wants.”
Understanding that is key to an IT strategy designed to encourage scientific innovation and business growth at AstraZeneca, Haskill said. It’s also part of a larger trend: Business skills like communication and policymaking are becoming essential CISO skills.
Candy Alexander, a former CISO and independent consultant, said there are still more technical CISOs out there than business-minded ones, but the role in general is “morphing more into a business partner,” much like the CIO role.
The challenge for CISOs today, Alexander said, is they “have to keep feet in both worlds” — understanding deeply technical issues regarding cybersecurity and IT architecture and the often political and contractual language of business.
Haskill faces the challenge by handing a lot of the technical aspects he oversees over to “people that are obviously a lot smarter than I am” — namely, his security operations, networks and infrastructure teams — so he can focus on business needs.
But having solid knowledge of those issues, however — knowing how cybersecurity fits into the company’s compliance with industry regulations, for example — makes him “more well-rounded” and allows him to relay critical messages to business leaders.
“My ultimate goal is to be able to go in and show complex items, especially in the cyber world, to board members, to our senior leadership, so they understand,” he said. “So they can go ahead and make the appropriate decisions for the business.”
BOSTON – Sam Madden, professor of electrical engineering and computer science at MIT, is hoping to help advance the field of machine learning from dark art to principled science with an open source project. ModelDB, available on GitHub, is essentially a database system designed to help organize and manage machine learning models.
“These models are the engines of machine learning,” Madden said at the MassIntelligence conference, hosted by MassTLC and MIT’s Computer Science and Artificial Intelligence Laboratory. “They are the things that take the data and extract the insight out of it.”
When researchers build machine learning models, the process is highly iterative. Models are built using training data, and, if they’re supervised models, they are tested, evaluated and then tweaked (i.e. new features are added, new parameters are added) to improve their performance. That process is repeated — sometimes hundreds of thousands of times, according to Madden — until the models perform at an acceptable level.
But there is no way to manage the process. “You go through thousands of these models, you update the models all of the time, and there’s no sort of standardized way to track the history of the modeling process,” he said.
Madden likened it to the way people organize personal documents on their computers, which is to say not at all. “People are terrible at it,” he said. “And they don’t promote carefully organized data.”
ModelDB is a database system that acts as a central repository for machine learning models — all iterations — and is searchable, creating a system of record for researchers. “People can look at see what’s been done in the past and continue work that’s been partially completed,” Madden said.
Features include “experiment tracking,” so that models in the pipeline can be logged; “versioning,” or the ability to compare model performance; and “reproducibility,” so that any model can be rerun an any input data set.
“This isn’t a deep or radically complicated idea,” he said. “But it’s one of the things that I think is needed in order for us to go from where we are now, which is sort of this [dark] art, to a much more principled scientific approach.”
We finally know which two big tech companies were conned millions by an email phishing scam, as reported last month, and you might recognize them.
The culprit — a Lithuanian man being charged with fraud, aggravated identity theft, and money laundering by the Department of Justice — swindled Google and Facebook out of $100 million collectively by pretending to be a popular Taiwanese electronics manufacturer.
The man allegedly forged emails from employees, invoices and contracts and asked the tech giants to send payments to his bank accounts in Latvia and Cyprus, instead of the real company’s actual bank accounts — and it was enough to convince employees at Google and Facebook.
“Humans are the most vulnerable point of any information system; even the world’s biggest tech companies aren’t immune to this,” said Neil Wynne, CISSP and Gartner analyst. “The vast majority of cyberattacks use social engineering, such as phishing, to trick employees into taking actions detrimental to the company. Many large and high-profile breaches have started with successful phishing attacks.”
A recent report from threat management provider PhishMe found that 91% of cyberattacks start with a phish. The top reasons that people fell for the emails: curiosity, fear and urgency. These are the things that attackers pray on — and upping technology-based defenses can’t address those kinds of vulnerabilities, said Wynne.
“There tends to be an over reliance on a technology-based approach,” he said. “Instead, CIOs should take a multipronged approach that spans technical, procedural and educational controls to effectively mitigate these attacks. The education aspect is a critical component because it increases employee resilience to social engineering.”
“I think the big takeaway from this incident is, first and foremost, that a cybersecurity awareness program is critical to all companies regardless of size — big or small,” said Austin. “Many of these fraudsters will try to get employees to break standard process and procedure by saying ‘this is very confidential’ or ‘this is related to some new merger or acquisition’ or something like that.”
Austin said the size of the scam suggests that the Lithuanian scammer got employees at Google and Facebook to break process and procedure by convincing them to do it through believable documentation and credentials and/or by finding someone who wasn’t trained on what the process and procedure was.
In other words, the major takeaway for CIOs to avoid similar phishing scams: educate, educate, educate employees on their role in data protection.
Time will tell if ReadyRefresh — Nestlé’s makeover of its century-old bottled water delivery business — becomes the UPS, Amazon or Uber of its industry. But these are the companies that have created the “digital ecosystems” Nestlé needs to master in order to meet changing customer expectations, said Aymeric Le Page, vice president for business strategy and transformation at Nestlé Waters North America.
“Customers are not just comparing us with other delivery companies; we are now being compared to everything you have on your phone. We are compared to Seamless,” Le Page said at the recent Digital Strategy Innovation Summit. Seamless is the online food ordering service that merged with GrubHub three years ago.
“It’s all about convenience,” Le Page said. Making sure a customer never ran out of water before the next company-determined delivery date was the old Nestlé’s service model. Digital titans like Amazon and UPS have raised the bar. “Now it’s, ‘Make sure you deliver what I want when I want it.'”
‘Your health, your home, your way’
Nestlé S.A. is the world’s largest producer of bottled water. Until recently, its bottled water unit has functioned as a business-to-business supplier, delivering 5-gallon bottles to large enterprises on a set schedule. Two years into its “digital transformation journey,” Le Page said Nestlé is using digital technologies — cloud, mobile, analytics, geolocation, the internet of things — to customize its business service and build a direct-to-consumer “healthy hydration” service targeted at households.
“Your health, your home, your way is the slogan” for the consumer side of ReadyRefresh, Le Page said. “That represents a different way of doing business from, ‘I’ll come whenever I can to change your water bottles.'”
Thus, a new, user-friendly website — “Just Click and Quench,” is part of the logo — aims to make it easy for customers to order and personalize deliveries: They can reschedule or add a delivery 24/7. The ReadyRefresh website also exposes customers to Nestlé’s full portfolio of bottled beverages, from Poland Spring and Perrier to Pellegrino and Pure Life, among others. Meanwhile, the company’s 2,100 trucks, which literally drive brand visibility while en route, use the latest in telematics to optimize those routes.
Le Page said the new business model connects Nestlé to three digital ecosystems — e-commerce, where Amazon leads the pack; logistics, where UPS dominates, and the lifestyle digital ecosystem, where he claimed there is “no current winner.”
Digital ecosystems change the operating model
“It’s a big change for a company that has been in business for 100 years with a very linear, simple operating model,” Le Page said. A big change in customer focus, and a big change for Nestlé’s some 300,000 employees. “You have to change the culture, the ways of working, change the mindset.”
LePage was talking to an audience of mainly digital strategists and mobile app developers, but it struck me that much of what he was saying was extremely relevant to CIOs — and not just because Nestlé is replacing its 30-year old legacy system with a new ERP to support these new digital ecosystems. Or, as Le Page said, because the company is adopting Agile to keep up with the 20 strategic initiatives underpinning its digital transformation and the more than 500 projects under way.
Information technology — the business of CIOs — has fundamentally changed customer expectations. Forward-looking CIOs have long recognized that IT can no longer be delivered on IT’s schedule. Today, as Le Page said, it’s all about make sure you deliver what I want when I want it. Like the nearly $100-billion Nestlé company, IT organizations everywhere should be thinking hard about how to do that.
If there was one message drilled into the heads of attendees at the Business of Blockchain event co-hosted by the MIT Technology Review and the MIT Media Lab it’s this: Blockchain looks like it could follow the same mind-blowing, world-altering trajectory of the internet.
The only problem is, presenters at the Business of Blockchain event couldn’t quite agree on just where blockchain technology is on the internet timeline. “We’re investing like it’s 1998,” said Joi Ito, director at the MIT Media Lab, which houses the Digital Currency Initiative. “But I think it’s like 1989 in terms of the level of standardizations we have.”
Amber Baldet, who is heading up the blockchain effort at JP Morgan, said Ito’s 1989 marker was actually optimistic and suggested we rewind the clock another 20 years.
“The joke I make is that we’re actually in ARPANET 1969,” she said, referring to a time when the early packet switching network was barely a network at all — it was just four university computers connected together. “I keep a diagram of ARPANET from 1969 behind my desk because it looks remarkably like the [blockchain] proof of concept and pilot diagram that I have where we’re connecting two banks and one market infrastructure provider.”
Plus, there are key differences between the two technologies — one of the biggest is, to use the conference’s wording, the business of blockchain.
“With the internet, we had a couple of decades where people basically left us alone,” Ito said. “And we could make very non-commercial decisions like the idea of carrying packets for each other. That’s a very hippie move.”
That isn’t the case for blockchain developers. Corporations and venture capitalists are pouring money into blockchain technology and demanding a return on investment. The demand is unprecedented, according to Baldet, and developers have to work at a pace that poses inherent risk. “With what other technology would we consider taking something to production with real money that’s never been tested in a real-world environment before? I mean, nobody picked up databases or relational databases without having seen them in plenty of other contexts first,” she said.
But the internet-blockchain comparison is not without merit. And, as middle school students no doubt learn in their civics and government classes: History has a tendency to repeat itself.
Indeed, one of Ito’s takeaway messages was that attendees consider the lessons learned from the development of the internet. The internet protocols that won the day were often affiliated with academic and government funding, he said. Companies that survived the booms and busts of the World Wide Web kept a pulse on the conversations happening in nonprofit developer communities (such as academia, which often creates the open standards for the private sector) and remained flexible enough to transition as the technology changed.
“So, my advice, if I had it: It’s a long game; you should build expertise, you should spend strategically in building models and ideas, but I think you have to be prepared for quite a bit of change and disruption,” Ito said. “I would pay attention to the open standards and layers where [there are] communities of expertise.”
The question of who’s the CISO‘s boss is an old one, and there’s still no single answer. I reported on it a year ago. Some say the IT security chief should not report to the overseer of IT initiatives, the CIO, because cybersecurity could come into conflict with technology innovation. Others say the CISO should report directly to a business-side executive to “translate infosec risk into business risk,” said Nemertes Research founder Johna Till Johnson.
So when I spoke recently to Scott Weller, co-founder of Boston cloud startup SessionM, about a new IT security role he’s designing there, I thought it was a good occasion to reopen the debate. He’s a good one to ask. He’s the CTO — as well as the acting CISO — at the nearly six-year-old company.
“Your CISO needs to report directly to the CEO,” Weller said. “The CISO has to be very transparent around building an apparatus that can report issues and challenges and exposure to certain security issues.”
Hail to the new chief
SessionM sells a cloud platform that helps companies personalize marketing messages. The company is writing the job description for a CISO-like position it’s calling a chief cloud security officer. Weller described the role as an IT security person familiar with “the old world” of physical servers who also knows cloud computing inside and out and can identify cloud-specific security problems. Unlike a typical CISO, though, the executive won’t aim to protect just the immediate computing environment from threats — he or she will help the provider’s customers guard against them as well.
It’s a new IT security role, but it will likely fit into the CISO reporting structure SessionM already has in place: The boss is the chief executive, and the CTO and CISO are linked, of course, because Weller holds both positions. When the new hire is in place, Weller will be linked to the position through a dotted line. That means “their roadmaps are aligned,” and they will both be held accountable by the CEO to manage security problems as they emerge.
“Ultimately, it’s the role of CTO and that organization that executes technology implementation to actually take what the chief security officer is recommending and that strategy and build that apparatus into the organization,” Weller said.
‘Potential for ignorance’
He’s been in organizations in which IT security was the purview of engineering or technology execs — and sometimes less-than-ideal decisions regarding security were made.
“There is a potential for ignorance to emerge around, ‘What are our threats? What are our core priorities? How do we address those?'”
It’s important, Weller said, for a CISO — and the new IT security role — to keep the CEO and even the board of directors informed on what the risks are and what security incidents happen when they happen. They should know about attempted breaches, for example, or ransomware attacks, and how to fend off future offensives. That way, “the team together can make a collective decision on how they respond to those types of things.”
The chief cloud security officer position started at cloud providers such as Amazon and Microsoft. Learn more about it in this SearchCIO report.
The news that companies like Tesla, Google and Apple are in a race to develop Level 5 autonomous cars is stale by now. But when Intel bought Mobileye earlier this month, it re-fueled the self-driving car hype.
The Society of Automotive Engineers defines Level 5 automation as “full-time performance by an Automated Driving System of all aspects of the dynamic driving task under all roadway and environmental conditions that can be managed by a human driver.”
That means that even in the middle of a blizzard, Level 5 autonomous cars need to get people to work, said Bryan Reimer, research scientist at MIT AgeLab and associate director at New England University Transportation Center.
“Robots have to be far, far better than humans under all situations for that to happen,” Reimer said.
While Level 5 autonomous cars are a long way off, there has been accelerated progress in the autonomous space as more cars are fitted with the technologies, experts said.
As self-driving cars become the norm, they could potentially transform into mobile offices in the future, said Mike Ramsey, analyst at Gartner’s CIO research group.
It opens up a lot of productivity time for the people in the vehicle, and suppliers like Harman are working on integrating Microsoft Office 365 into its infotainment systems, he said. “If that’s enabled by an autonomous vehicle then you can work in the car, do video conferencing and other enterprise actions in the vehicle.”
Alan Lepofsky, vice president and principal analyst at Constellation Research, said the possibilities are endless.
“Is this just my individual vehicle, or if there are ten people that are driving to the same area, will our cars link up and drive to the same location and will we be able to have meetings while we are in those autonomous vehicles?”
If these “mobile offices” become the norm, CIOs would also have to think about how it’s going to improve productivity if employees are able to get more work done in their cars on the way to work, Lepofsky said.
They would also have to ensure that communication inside such vehicles is secure, he added, and there are also considerations from an HR standpoint.
“What are the expectations from employees going to be like?” Lepofsky said. “Is it too much to ask your employees to work during travel time that used to be personal? If you and I have the same job and you spend an extra hour working, then am I considered a worse employee because I want to FaceTime with my family?”
Employers and employees will need to figure out how they use this technology to make the most of their work day and still maintain a work-life balance, David Keith, assistant professor of system dynamics at MIT, said. How drivers react to vehicle autonomy is also yet to be seen, he added.
“Self-driving vehicles and autonomous technologies have emerged very quickly, but how soon we get to the more advanced level of autonomy that will change the game is hard to know,” he said.