Ed Amoroso, chief security officer at AT&T, knows how to work up a crowd. Speaking at the recent Landmark CIO Summit in New York, Amoroso told an audience packed with financial sector CIOs to run, not walk, to get their data to the cloud. “If you’re not doing it now, run back to your security team and ask, ‘What’re our plans to move to the cloud?’” This was not some sales pitch from a cloud vendor, Amoroso said, raising his voice in emphasis. “I am here as a CSO and that is what I am doing. I am rushing to move things out to a much better model and a much more flexible model — and one that users love.”
Many people would disagree, said security expert Samuel Visner, the panel’s moderator, referring to cloud security, not to the observation that users love cloud. Visner is the general manager of global cybersecurity at Computer Sciences Corp., the IT services (including cloud) provider.
Agree or not, Amoroso said, the status quo no longer holds. Think about it. “Every person in the room is associated with some organization that created security architecture in the mid-1990s — and hasn’t changed it since,” he said. Ignorance in the name of compliance is partly to blame.
“The only reason the perimeter defense is still there, is that we have compliance requirements and we have regulators and auditors who are about 10 years behind everybody in understanding how bad the perimeter is at stopping attacks,” Amoroso said.
Best practices in cloud security?
Cybercriminals (and high schools hackers) can learn the best practices published by the regulators as easily as enterprise security teams can, he pointed out. “We’re talking sophomore year, midterm exam question: ‘How do you break into such-and-such an organization?’”
The perimeter defense still favored by many companies not only doesn’t work, it invites cyber-attacks — from a class of criminal that is smart, vigilant and unnervingly patient. Modern-day adversaries have been known to set up camp in a company’s network for the long haul — months or more — and can end up knowing more about the enterprise architecture than IT folks do. They look for R&D and the labs where it takes place. They pay attention to acquisitions and study the acquired company’s network as another way in to steal valuable data.
So if the cloud is the answer to the modern-day cybercriminal, what then passes for best security practices in the cloud? Amoroso offered up a handful, from encrypting your data to using containers for mobile data to using run-time virtualization to duplicate the data protections you have on premises in the cloud.
“You’re way better off with these kinds of modern protections,” Amoroso argued, because they are not the kinds of things any kid in a sophomore computer class could easily untangle. We’ll dig into that.
Security as competitive advantage
By the way, Amoroso isn’t the only one arguing that the perimeter defense no longer holds. This week on SearchCIO, we have two pieces saying much the same thing. “Block the cyberhacks, play cyberoffense” by columnist Harvey Koeppel, former CIO at Citigroup’s Global Consumer Group, advises any CIO who still relies on a strong perimeter defense for protecting the enterprise to “awaken from your nap.” Of course, the rub for CIOs and CSOs, is how to drum up the money to pay for investing in new security architectures. One way might be to argue that security is actually a competitive differentiator. Our editorial director, Tina Torode, interviewed IT leaders who are trying to do just that. Read their tips here.
Let us know what you think; email Linda Tucci, executive editor.
Hospital emergency personnel and other first responders were — rightfully — heralded as heroes during last year’s Boston Marathon bombing. Their valiant performance aside, there were still valuable IT lessons learned, detailed in this week’s Searchlight.
This year, Boston’s hospitals have noticeably improved their crisis management processes. Along with a new, centralized single-page disaster tracking system, which all Boston hospitals can access, social media and its by-the-minute updates will play an even bigger role for crisis responders. Hospitals will closely follow social posts, particularly Twitter, and use them as an early warning system to better prepare medical response teams.
Mining social data isn’t a boon just for crisis teams – law enforcement agencies are making interesting finds because of it as well. Turns out, criminal networks and our very own social and business networks look kind of similar. By applying social network theory to mobile phone data, police agents are getting a unique look into what really makes up the social side of crime.
Also this week: Install the Windows 8.1 update or bust!; (soft) robots of the future; bid on Bill Clinton’s ’90s laptop; and more.
Check out the week’s highlights over at our Searchlight column!
Looking for a competitive advantage? Look no further than your own data.
“Every organization has information that’s worth more [by] sharing [it] than keeping it for itself,” Frank Buytendijk, an analyst at Gartner, said at the recent Gartner Enterprise Information and Master Data Management Summit.
An easy-to-point-to example is General Electric and its sensor-driven, money-making industrial Internet. But even for companies that aren’t dealing with industrial-grade jet engines, MRI machines and wind turbines, the concept of data as an asset can open new doors, Buytendijk said.
Take, for example, John West, a U.K. canned-seafood manufacturer. The company tags each tuna it catches with a unique number, which follows the fish from the boat to the grocery-store shelf. Customers can punch that number into the company’s website and learn when and where the fish was caught and the boat that caught it.
Providing visibility into the fishing process adds consumer confidence, according to Buytendijk. “Every company can do something like this within six months,” he said. But every company won’t. By 2016, Gartner predicts only 30% of companies will have figured out ways to exploit their own data, a figure small enough to suggest that businesses that successfully find new roles for company data will have a leg up on the competition.
That’s if the data is used ethically and doesn’t exploit the customer. Amsterdam-based TomTom International, a manufacturer of automated navigation systems, found that out the hard way. A pioneer in geolocation systems, TomTom was the first to introduce bi-directional traffic information, Buytendijk said. For a monthly fee, customers’ traffic information was pushed to the TomTom servers, and consolidated traffic information more reliable than they’d find on the radio was provided to them.
Buytendijk called it a “fantastic business model,” driving revenue and creating customer value. TomTom also disclosed that it would anonymize customer data and sell it. And the company did — to the government. Selling to the agency in charge of roadwork made sense and provided even more value to the customer. But TomTom also sold data to police, who used the information to set up speed traps.
“It’s an efficient use of taxpayer money,” Buytendijk said. “But it got slaughtered in the papers.”
The negative publicity might have been prevented if TomTom had only followed a basic data privacy/ethics rule of thumb. “The more the analytical use of data is removed from your original intention of measurement, the bigger the potential issue,” Buytendijk said.
Show, don’t tell, is a lesson we all learned in high school English class. (The only spell Macbeth is under is his unseemly ambition….Evidence?!!? C-) At the Landmark CIO Summit in New York last week, CTO Abe Cytryn of Time Inc. and CTO Rajiv Pant of The New York Times suggested the schoolroom lesson also applies to communicating the value of IT.
“Show don’t tell. It means getting real visual, taking them through the experience,” said Time’s Cytryn. “Make a little video if that’s what it takes.” He employs his own design team to help with such presentations.
And don’t make it only your idea, he added. “Make it a shared idea.” Give the business side a kernel, let it marinate and check back the next week to “suss them out” on the idea.
Picking up on the “suss” perhaps, moderator Anthony Juliano, CTO of summit organizer Landmark Ventures, raised the issue of office politics. With today’s tight budgets and the perennially large egos generally associated with big companies like Time, persuading the business of the value of IT must call for political savvy.
But Cytryn was not taking the bait. “If you’re persuading it’s not their idea,” he said, sounding a little like my 11th grade English teacher. As for political savvy, “I don’t use the term politics; I use relationships.”
“That’s very political of you,” Juliano said, to laughs.
Rajiv Pant, The New York Times CTO, backed up his Time counterpart. “In particular, people like us who come from engineering background shouldn’t try to persuade, because we tend to persuade with a very mathematical, logical argument,” he said. “And that really drives stakeholders and business people away.”
What Pant has found useful over the years is to think of himself not as the CTO of a venerable institution but as a business owner, and of his colleagues as his customers. “What do I need to do to keep their business?” he said. “The moment I start to think I have a monopoly on IT for the business, I would tend perhaps to act in arrogant ways that turn off my customers.”
The first thing he does in honing his IT strategy is ask himself what he needs to do to make his business side colleagues successful. “And the best way is to ask them,” he said. “Just the act of asking somebody — whether they are the head of marketing or sales or editorial — ‘What are your goals and how can I make you successful?’ really takes people off guard,” he said, and makes them less likely to argue against your idea. (If only Macbeth had remained the good soldier — the great soldier! — he was and continued fighting for the larger cause.)
Let me know what you think about the blog post; email Linda Tucci, Executive Editor.
This post was written by Fran Sales, SearchCIO’s associate editor.
This week, media outlets (and all my friends and coworkers) have been abuzz with news and speculation about the so-called Heartbleed bug, an OpenSSL security flaw that has existed in as many as two-thirds of (the loooong list of) websites we use and in our consumer devices — from cable boxes and Internet routers to IT equipment and networking hardware — for almost two years.
To add insult to injury, security experts’ advice varies depending on whether you’re a consumer or an IT leader. If you’re in the latter party, they say, assume that your company’s systems have been infected, and put Internet-facing systems at the top of your priority list. But don’t throw yourself into a tizzy just yet: Check out our coverage in this week’s Searchlight and see what resources you can provide your consumers — and check out yourselves — to still your hearts over Heartbleed.
Also this week: It ain’t easy for CIOs at technology firms; is everyone really all that GaGa for Twitter’s new Facebook-esque profile pages?; a bid for one Swiss team’s solar plane to fly around the world — without fuel; and more.
Head over to SearchCIO’s Searchlight column!
What skills do CIOs and IT leaders either need to develop or bring in-house to take on big data and advanced analytics? According to Carol Rozwell, that question isn’t necessarily the best place to start.
“We should begin with the problems we’re trying to solve,” said Rozwell, an analyst for the Stamford, Conn.-based consultancy Gartner Inc., at the recent Gartner Business Intelligence and Analytics Summit.
Phrasing initial questions from a business perspective — such as, “How will the analysis be used once it’s completed?” — can shine a light on both specific skills and soft skills that can help round out a candidate profile. That, in itself, could be a differentiator because, Rozwell said, most companies look for a candidate who can fill vague requirements such as excellent communications skills or works well with others. “Will those types of general statements bring us the people we’ll need?” she asked.
After speaking with vendors, consultants and businesses, Rozwell created a list of seven not-so-obvious roles analytics pros and data scientists will have to play within the enterprise. CIOs looking to draft up a job description might want to take note. They are:
1. Storytellers. The ability to explain analytics to different constituencies across the organization is essential and will “help the business person understand exactly what the information is and … how the analysis can be applied,” Rozwell said.
2. Artisans. Vendors are forging new ground in the world of visual analysis, but they’re also creating what Rozwell called “a blind spot.” Visualizations, she said, aren’t necessarily self-explanatory, and an employee’s ability to consume a visualization “will vary based on the experience and background of the decision maker,” Rozwell said. CIOs and IT leaders should find someone who can bridge the gap.
3. Behaviorists or social anthropologists. People are idiosyncratic, so an analytics pro who is aware that employees do and will react to new information in ways that may not be logical or rational will go a long way. “Regardless of geographic orientation, background, any other dimensions you might cut, we all have instinctive reactions to situations,” Rozwell said.
4. Detectives. Seek out nosiness and someone who is interested in “searching through and ferreting out information that may not be intuitively evident,” she said. Also, find candidates with a passion for finding the truth because, Rozwell said, any data set is inherently biased. CIOs and IT leaders will want to find people who know when “there is enough information, enough analysis, enough modeling to ensure they’re representing at least a facsimile of the truth,” she said.
5. Philosophers. “This was my best label for the person who needs to deal with ambiguity,” Rozwell said. New information, such as unstructured data, will change as the situation does. Analytics pros should take that into consideration and be aware they’re only analyzing “a snapshot of a point in time,” she said.
6. Jazz musicians and improv actors. Find someone who is creative and can build off of others on the team (like a jazz musician). Improv adds another dimension: When improv actors are on stage, rejection is not an option. and they mix every on-the-fly idea into the skit. Rozwell believes the same concept should hold true for analytics professionals. “We’re all contributing,” she said. “We need to keep testing out [ideas] to make sure we’re poking at the right issues for the business.”
7. Conductors. Find someone with the ability to bring different kinds of people together and “help them focus on a single business outcome,” Rozwell said.
If you ask me, some of the best moments of Jon Stewart’s The Daily Show are his interviews with journalists. In his unofficial role as a media critic for the millennial set, Stewart usually draws out the best in reporters looking to tell the stories behind the stories — and his interview last week with financial journalist Michael Lewis was so incisive that the show dedicated two full segments to it.
Lewis, who was promoting his latest book, Flash Boys: A Wall Street Revolt, discussed the rise of high frequency trading (HFT) on Wall Street — and the longer he spoke, the more clear it became that some traders — ahem, I mean their computers — have a competitive advantage over the rest of the market. Pay heed, DiCaprio: These new wolves of Wall Street are using technology in ways we couldn’t have fathomed 20 years ago.
Stock-trading computers have come a long way, Leo.
LAS VEGAS — Analytics and big data will soon transition from a supporting role to the center stage. Together, according to more than one speaker at the Gartner Business Intelligence and Analytics Summit this week, they’ll become the heartbeat of the enterprise, underpinning just about every process, customer interaction and business activity.
Thinking in such broad terms “opens up your mind as to where analytics can be used,” John Hagerty, program director for big data and analytics category marketing at IBM, said during his presentation. But making the actual leap is easier said than done. To help CIOs and IT organizations make the transition, he presented five key pragmatic decisions to make on big data and analytics.
1. Build a culture that infuses analytics into everything you do
Not everything associated with big data requires plunking down a fistful of dollars. Establishing a successful big data program also requires a change in mindset, which costs the business practically nothing. “This is about people,” Hagerty said. And it’s about curiosity by supporting people to figure out what works, what doesn’t and why.
It also means making big data and analytics a core competency — a part of what everyone does, embedded into the way the company operates. That shift in mindset will help the organization “move from the select few to the empowered many” and put “statistics and predictions and prescriptions into the hands of individuals and processes,” he said.
2. Find the right use cases
For the folks building an architecture, looking for use cases before investing in technology might not come naturally. In many cases, Hagerty said, they’re looking “for all of the pieces that may be used in order to solve any potential problem.” But going that route leaves the company open to poor or, even worse, useless investments. So start with the problem first and “look at it from the outside in,” Hagerty said.
It’s also not a bad idea to brainstorm ideas by looking at what other businesses are doing. As a little food for thought, Hagerty provided six types of use cases:
- Attract, grow and retain customers.
- Optimize operations and reduce fraud.
- Manage risk, especially for financial institutions and insurance companies.
- Transform financial and management processes in HR, balance sheets, profit and loss, and so on.
- Build a nimble architecture to support the business.
- Figure out ways to create new business models.
3. Invest in the technology to support your use cases.
You knew investment had to be on the list somewhere. But part of the goal here involves becoming fluent in all forms of data and analytics. Those two terms overlap to a degree but shouldn’t be seen as the same thing.
From a data perspective, ask yourself if you’re getting all of the data you need. Answering that question means considering the world beyond the data warehouse. Think, for example, about the streaming data and dirty data in which data scientists like to poke around, and the loads of third-party or external data sources. From an analytics perspective, consider the full spectrum — data discovery, text analytics, predictive and, yes, even prescriptive analytics.
4. Be proactive about privacy, security and governance
“If you don’t take a proactive approach, you’re going to get bit in the butt at some point,” Hagerty said. He should know: He’s had his financial information exposed due to company breaches. That’s why he recommends securing the data used for big data analytics as you would “your most trusted, internal financial information,” he said.
Building in security, privacy and governance strategies will help to establish a high level of trust in the data for internal customers, but it will also create company value in the eyes of your external customers, Hagerty said.
5. Understand the levers you can pull to differentiate your programs
Start with use cases but think big. Once a big data analytics program is operational, it will need to be cared for, attended to and, hopefully, stretched beyond its original intent. Based on research published by IBM’s Institute for Business Value, here are three tips to help you establish a successful program:
- Be aware and understand what’s valuable, what your measurement practices are and what your platform is to support analytics going forward.
- Drive better performance from these programs by making sure you’ve got the right data and establishing trust.
- Amplify the program by incorporating such areas as sponsorship, funding and new or additional expertise.
BONUS: Understand your deployment options. Consider the following: “You now have choices: Do you want it to run on premises, in the cloud, as a service or take a combination of that approach?” Hagerty said.
Yesterday Microsoft officially launched Office for iPad, making its familiar superheroes of the office productivity suite — Word! Excel! PowerPoint! — available on Apple’s iPad. When the news broke, I was in Boston’s Back Bay at the Harvard Club at the 2014 Chief Information Officer Leadership Forum, gearing up along with the rest of post-prandial audience for the next panel discussion — “Balancing new innovations and keeping the business secure.”
To be honest, I didn’t ask the CIOs sitting at my table what they thought of Microsoft’s finally deciding to make its flagship applications — apps designed exclusively for the operating system that launched a gazillion PCs — available on a competitor’s mobile device. I didn’t need to. The enterprise shift to mobile consumer technology is an agony they’ve been living since 2007, the year the iPhone debuted. And it never ends. That much was evident from the numbingly familiar list of questions typed out for the upcoming panel discussion:
- Which new mobile devices will remain viable tools for business users?
- How does your organization choose which mobile devices and platforms to support?
- What security issues do mobile devices present and how are IT departments responding to them?
- What new technologies will have the biggest impact on business in the year ahead?
When I got home, I watched Microsoft CEO Satya Nadella talk about Office for iPad. “It’s not a tradeoff, because it’s about going where our customers are going,” he said. “What motivates us is the reality of our customers.”
Many have remarked that Nadella’s measured tone is a refreshing change from the bombastic cheerleading of former CEO Steve Ballmer, but manner aside, Nadella’s vision for where Microsoft needs to be heading with cloud and mobile also sounds fresh.
As I know from our coverage of social media, mobile computing, analytics and cloud, however, going where your customers are going is both excruciatingly difficult for large organizations and shockingly possible. Difficult, because it is hard for CIOs at large legacy-laden organizations to keep up with consumer product cycles, and easy because there are analytics out there now that can track and predict with startling accuracy what people want.
Sitting at my table was a CIO of a privately owned regional food business, not too large, that is working with Google on personalizing its advertising. The hybrid analytics program leverages Google’s tremendous ability to track what people think they want, based on their browsing habits. When an item this retailer sells matches up with something a person located near one of its stores is looking for, an offer is pushed out. The process will not only personalize the retailer’s marketing but at some point negate the need for traditional advertising.
But I digress. Check out the lead item in our Searchlight news roundup this week: “With Office for iPad, a recognition that a genius idea has a shelf life.” Sound off in our Comments section. And while you’re there, feel free to browse our front page. We’ll be watching out for you.
According to Gartner Inc. analyst Tom Austin, there are three classes of smart machines: The doers, the movers and the sage. It’s that last category CIOs will need to pay attention to, which includes both virtual personal assistants and smart advisors, such as IBM’s Watson. Virtual personal assistants will learn what you do, who you work with and what you’re working on. Smart advisors, on the other hand, are subject-matter experts that will, say, help a doctor recommend medical treatment. Both are poised to push their way into the enterprise in the next two years, according to Austin.
In advance of the Gartner Business Intelligence and Analytics Summit, where he’ll be delivering a keynote on the subject, Austin sat down with SearchCIO to talk about what may very well become a “bring your own smart machine” environment and how CIOs can help the enterprise get started.
What will be the biggest pain point for CIOs when it comes to embracing the technology Gartner calls “smart machines”?
Tom Austin: Three words: security, privacy and innovation are at odds here. To really take advantage of these technologies, the CIO needs to find a way to let users use a range of these technologies rather than bet that any one vendor is going to have the right answer or a perfect answer. And it creates all of the problems you’re thinking of — from regulatory to security.
Every year, we publish the Cool Vendors special report. We are often focused on the big guys, and we’ve used this as opportunity to shine a light on smaller companies. And they represent things we think CIOs and CEOs should be looking at. We have one coming out on smart machines, and we’re surfacing five different technologies, all from little companies, that have a shot at revolutionizing how people work. We don’t know who is going to win, but we think the CIO needs to figure out how to allow diversity and slow natural selection to occur.
Can you give tangible tips on how the CIO can do that?
Austin: One of the things the CIO should be doing around virtual personal assistants is setting up some initial sandboxes wherein employees can come and play with any one of a dozen different personal assistants that will be out in the market by 2017. (By 2015, there are going to be two or three reasonably powerful ones, and the number will just continue to expand.)
But this becomes an opportunity for IT to figure out how far they can let these things loose. What do they have to manage versus what can they allow or rely on users to manage. I don’t know what the right answers for this are, but I know companies that wait and limit themselves to a single vendor take a significant risk of falling behind their competition.
Is that something CIOs and IT departments will easily be able to do?
Austin: I worry about the nature of the sandbox because, for [virtual personal assistants] to be effective, they have to have maximum access to everything the employee does. There was an article in today’s Wall Street Journal on figuring out what size phone best fits you, and you could put your hand down next to three different diagrams that would help you pick. This is not of that ilk, if you will. So the sandbox has to be one with a much broader perimeter. It may be setting up pilots and allowing various groups of users to individually use two or three of these. Again, it’s really important that people have the ability to choose more than one and then argue among themselves as to which one is better and learn from the process.
So will this turn into a — borrowing your term here — “bring your own smart machine” environment or are businesses going to invest and provide virtual personal assistants to their employees?
Austin: It’s going to be both. Microsoft, by the end of 2016, will have a virtual personal assistant that’s part of the Office 365 package. They’re already introducing some aspects or elements of it, but it’s not really enough to pass our threshold for a virtual personal assistant, not yet. Google will have this inside Google Apps for Business by the end of 2015 — that’s another Gartner prediction. Does that mean if you’re standardized on Microsoft, the only one you should look at is from Microsoft? I think it’s OK for companies to say, “We’re going to use Microsoft because we’re an Office 365 shop.” But they’ve got to figure out how to let people also use other ones. An organization called HighSpot is building out a direct competitor to the Microsoft product, but it will know what you’re doing not just inside the Microsoft tools — it will watch and provide advice and assistance when you’re working inside Workday and Salesforce.
If I were a Microsoft-oriented shop, I sure as heck would want to be using HighSpot to see how well it worked. Maybe let all of the sales people who are spending all of their time in Salesforce rather than Office major in that and minor in using the Microsoft product.
You consider virtual personal assistants to be one example of a class of smart machines you call “sage,” and you point to these as being the class CIOs should become familiar with. What’s another example, and how can CIOs exploit the technology?
Austin: I would look right now at Watson and at smart advisors. These are narrow but deep [content matter experts]. I would ask myself, “Is there a body of knowledge that we have inside our organization that we could exploit using a Watson-based smart advisor? Is there one we could sell to others? Is there a body of knowledge where we wouldn’t provide our knowledge but we’d advise off of that body of knowledge? How much would it cost to build that? Or are there others who’ve built applications like that?” There are several hundred companies today rumored to be building smart machines on top of IBM Watson. I don’t know how many will come out with a product this year, but I think the number is going to be scores and not a handful.
If you had to say where CIOs should get started — virtual personal assistants or exploiting Watson — which would it be?
Austin: Start with Watson. My recommendations are, 1) Watson is here and now and companies are building Watson-based applications today, so get in there and understand what businesses could you get into as a company based upon your assets and other people’s assets that would exploit Watson because it’s a new paradigm. And 2) [Understand] how other Watson solutions being built by others can help your business. That’s 2014. Be ready in 2015 for virtual personal assistants.