December 12, 2014  10:04 PM

Sony breach: The new front in corporate cyber warfare?

Kristen Lee Kristen Lee Profile: Kristen Lee

Data breaches have unfortunately become the norm. But the now infamous Sony breach has opened the eyes of the IT world to the fact that we haven’t seen the end of what cyber attacks have in store for enterprises.

Breaches can be more than just exposing sensitive information; as the Sony hack shows, they can be personally malicious. The attack, which used “wiper” malware to steal and delete corporate data, sought to harm Sony employees, Associate Site Editor Fran Sales reports. The attack was also highly sophisticated, according to experts — sophisticated enough to get by the security defenses of 90% of the private industry, according to the FBI cyber division’s Joseph Demarest Jr.

In addition to laying out how the Sony hack was different from other corporate attacks, Sales provides tips on how to protect yourself and your company from breaches like this. Good luck.

In other news this week, IBM and Apple have released 10 of the anticipated 100 apps in the IBM MobileFirst suite; Microsoft now accepts virtual currency, The Washington Post details the demise of Pirate Bay, and more in this week’s Searchlight.


December 10, 2014  10:38 PM

Walmart Asia CIO on finding your ‘unique value’

Nicole Laskowski Nicole Laskowski Profile: Nicole Laskowski

Fumbi Chima

A fundamental piece of advice that CIO Fumbi Chima gives to anyone who asks for professional help: Learn how to take risks. “You have to come out of your comfort zone,” she said during the recent Gartner Symposium CIO panel. She speaks from experience. The CIO at Walmart Asia, Chima didn’t start her career in IT — or retail, or Asia, for that matter.

Chima was first an accountant before wading into management consulting and then IT, working for companies like TXU Energy and American Express. The leap from accounting to IT meant she “had to teach myself how to be a business architect, to understand the physical and logical architecture — what it is and how do I map my business skills back to technology,” she said.

Five years ago, she took another leap of faith and changed industries, leaving financial services for retail. Of course, she was not just learning the retail business at any company, but at Walmart, one of the world’s largest retailers.

When considering a leap of faith — or when looking for a general change in career, Chima said to answer this question: What is the unique value you’ll bring to the position? Understanding that she had only a sliver of retail experience compared to some of her Walmart colleagues with 20-plus years in the industry, she thought strategically about what value she could add to the group and company, as well as what best practices from previous roles she could borrow “to help move the business further.”

It’s a kind of intellectual curiosity, what Chima called “being a student of innovation,” that continues to push her today. Earlier this year, she took another leap of faith when she accepted a position and moved her family to Hong Kong. No doubt, she’ll soon find a way to lend her unique value to that new community.

December 8, 2014  9:45 PM

How to hire like a wildly successful startup company

Kristen Lee Kristen Lee Profile: Kristen Lee

FilmYou may not have heard of the startup Paydiant, but chances are good that you’ll use its technology pretty soon. Paydiant
has built the technology behind the mobile payments platform underlying CurrentC, the mobile pay app that  is competing against Apple Pay for leadership in the mobile payment space.

Paydiant, started in 2010 in the proverbial basement  (in this case, co-founder’s Kevin Laracey’s), has partnered with the Merchant Customer Exchange, or MCX, the consortium formed by many of the biggest retail brands in the US including Target, Walmart, CVS, Best Buy and Rite Aid to develop CurrentC.

When I visited Paydiant to film for my Startup Spotlight series, I asked co-founder Chris Gardner how Paydiant got from a small, scrappy company to where it is today.

In addition to no sleep, Gardner said a large part of the Boston-based startup’s success is due to  hiring the right people. Here are the highlights:

Install an executive team well-versed in startups

While startups are often seen as the sole province of young people, experience does matter, according to Gardner.

final chris gardner pic“As you can tell I’m an old guy. We’re not 20-somethings in a garage and so I think that helps,” Gardner said. “On the executive team, a lot of us have been doing really only startups. Speaking just for me, I’ve only kind of done… technology startups in the Boston area.”

In fact, this is Gardner’s third payments startup. In his opinion, the collective startup experience among the executives at Paydiant really contributed to the success of the company. So does having leadership with expertise in multiple areas, said Paydiant CFO Melinda Smith, who has been with the company since its founding.

“When you’re early in a startup company as a CFO you need to wear a lot of hats; it’s not just about finance” she said.”[Financial expertise] is an important component when you’re reporting to investors that have invested in the company, but you also need to have experience in human resources and some of the legal aspects of the company.”

Like Gardner, Smith’s background is replete with startup experience, Paydiant being her fourth startup.

Develop an instinct for who will fit in and advance

In addition to finding experienced people to fill the executive positions, Gardner said the hardest part of building a company is hiring the right people for the other levels of the company.

“It’s probably our single most important job,” Gardner said. “And you have to be right [about the person you’re hiring], you know, 95% of the time.”

Gardner said over the years the company has developed an instinct for hiring people who will be good team members and who will be able to “grow and scale with the company,”  including taking on management roles.

“Find those diamonds in the rough,” Gardner said.

It’s not just about the ‘ultimate nerds’

At Paydiant, that doesn’t just mean finding smart, tech-savvy people, Gardner said. In addition to having those qualities, Paydiant employees also need to be articulate and represent the company well in front of customers and partners, Gardner said.

“Some people just look to go out and hire the most brilliant software developers they possibly can. We actually place a very high value not just on… technical chops, [making] the bits and bytes fit together, but also on people that can talk,” Gardner said.

And this is one aspect of Paydiant that sets them apart, Gardner said. “We very much value the articulate, charismatic types not just the ultimate nerds.”

Stay tuned for my upcoming Startup Spotlight video on Paydiant.

Let us know what you think about the story; email Kristen Lee, features writer, or find her on Twitter @Kristen_Lee_34.

December 5, 2014  10:52 PM

IDC prediction for IoT 2015: It’s a doozy

Kristen Lee Kristen Lee Profile: Kristen Lee

Market research firm IDC presented its 2015 predictions for the IoT this week, and my first reaction was, “This one’s a doozy!” To put it another way: CIOs and CISOs, prepare for a massive flood of data and information from a slew of sensorized things, along with a lot more responsibility for IT professionals.

According to IDC, here are three  important points you need to know about the IoT in 2015.

IoT and the cloud

IDC predicts that within the next five years, over 90% of all IoT data will be processed by cloud service providers. “We believe IoT data will be created from a wide range of sources and data formats,” said Vernon Turner, senior vice president at IDC. “As such, the better IoT solutions that have greater business values will have to integrate and process data from different repositories. Cloud computing providers will be better suited to this activity, rather than IT attempting to run it on premise or in a private enterprise environment.”

This will drive IT organizations to establish robust chargeback services, Turner said. This is because people will only want to pay for appropriate “data blending” services — data blending, in IDC parlance, meaning, taking the data, finding the value, and using it to benefit the business. Turner said establishing these chargeback services will become more important because IT will now be responsible for the original IoT data sources, as well as the “data blending” done by the cloud computing providers.

“The data blending process is not a simple aggregation or mash-up of data sources but rather an intelligent rules-based process that will require careful IT management and support,” Turner said.

Turner suggests IT organizations invest in automation services to manage real-time interactions, and to make sure there is a chief compliance officer involved because these interactions will require a heightened level of governance.

IoT and security

IDC predicts that within two years, 90% of all IT networks will have an IoT-based security breach. Though IDC says many of these will be considered “inconveniences,” CISOs will be forced to adopt new IoT security policies.

“The big challenges for security officers will be security and ensuring the privacy of information shared across so many so-called ‘smart devices’, whether they be televisions, automobiles, appliances,” Turner said. And because users may want access to all this data, it will create a huge compliance challenge, he added.

In addition, creating technology architectures around the IoT while ensuring platform inter-operability will be a challenge. Turner said data transfer through the corporate network must be encrypted, multiple methods of authenticating persons and devices must be implemented, and IT should be required to identify security and privacy-related technologies to support industry standards.

So, CISOs, “need to think of a strong governance framework to tackle data leakage and privacy issues,” Turner said. “With so much data being created and handed off at many more touch points than before, this framework needs to be endorsed by the CEO.”

CISOs should also collaborate with their peers in order to get greater insights and situational awareness into areas vulnerable to breaches. Turner predicts this may be hard for CISOs to do but “the IoT will define a new level of openness where everything and everyone will be transparent,” he said.

Though it may be tough to do, Turner warns that those organizations or individuals who don’t accept transparency will be “almost impossible” to trust.

IoT and network capacity

IDC predicts that within three years, 50% of IT networks will go from having excess capacity to handle the addition of IoT devices, to being network-constrained  — 10% of sites will be overwhelmed by the data from these devices.

“This seems hard to believe but when you think of the billions of endpoints pinging or streaming data through networks, capacity is going to be challenged,” Carrie MacGillivray, program vice president at IDC, said.

MacGillivray predicts that by 2020, 10,000 devices will be connected to corporate networks every minute –not every day or week but every 60 seconds.

“And therefore there will be the potential to impact that overall performance of the network if it’s not properly managed,” MacGillivray said. “Enterprise IT is going to be given the mandate to protect company data and its… end points.”

This will be a huge job for IT but it seems, right now, IT organizations are more concerned about the devices being brought into the enterprise, like tablets and smartphones and even some PCs, MacGillivray said. They are not paying attention to the potential IoT connections or the data that the company is supporting and they need to be.

But all that will change.

“We expect that by 2018 IoT network management is going to become a top five initiative along with business analytics, cloud computing and mobility projects,” MacGillivray said. “There’s going to be a need to support sensor-created content and outcomes.”

MacGillivray said that IT will have to set network access policies for these “things” or endpoints; there will need to be an access control and automation system in place to make sure the IT team isn’t overwhelmed, and, she said, it’s important to work to get IT a seat at the table early in the IoT planning process, before buying decisions are made.

Let us know what you think about the story; email Kristen Lee, features writer, or find her on Twitter @Kristen_Lee_34.

December 5, 2014  10:34 PM

Why CIOs need to think like venture capitalists

Kristen Lee Kristen Lee Profile: Kristen Lee

If you had the opportunity to be the next Uber would you take it?

An innovative technology could mean a company’s big break or, as in the case of Uber, disrupt an entire industry.

Nowadays, businesses have to adopt and adapt to new technologies that might give them a competitive edge — and CIOs are in the position to help. But how do you know which new technology will pay off for the business and which will peter out — or worse, inflict damage.

One way for CIOs to get in the technology innovation/disruption game, according to a new report out by Deloitte, is to start thinking like a venture capitalist. As Associate Site Editor Fran Sales reports in this week’s Searchlight column, venture capitalists accept that some investments will be successful and others will fail — and hedge their bets accordingly. Of course, that’s a tall order for CIOs whose job, after all, is to ensure the reliability of IT operations.

Need some encouragement? Read about how Charles Weston, the former CIO of Bloomin’ Brands, took a flyer on cloud early on despite his teams’ concerns.

In other news this week, is Cyber Monday the new Black Friday? Also, read about the rise of the chief data officer, how Apple is under fire for deleting music that some of its iPod users downloaded from rivals, and more in this week’s Searchlight.


December 3, 2014  10:22 PM

Happy or not? A tale of non-financial KPIs

Linda Tucci Linda Tucci Profile: Linda Tucci

Not all key performance indicators (KPIs) are effective. Some are barely understood by the people instrumental to the outcome being measured. To help employees understand the meaning of KPIs, Dorvin Lively, CFO at Planet Fitness, developed a Financials 101 class.

“I make everybody in the company go through it,” said Lively, a panelist at the recent MIT Sloan CFO Summit in a session focusing on identifying, interpreting and acting on KPIs.

In addition to financial measures, the club also uses a number of non-financial KPIs, said Lively — the wear and tear on machines being one. At fitness clubs, the treadmill closest to the locker room, for example, typically gets used most, so machines are rotated based on usage minutes.

Outside competition has an impact on business results, so Lively measures the lead time on new clubs coming into a market by researching pending and signed leases.

Customer satisfaction, of course, is another critical non-financial KPI, Lively said. The clubs recently added a gadget that asks patrons whether they are happy or not. “It’s wireless so it can be put anywhere in the club — at the front desk, in the restroom,” Lively said.

The rating, transmitted in real time, is taken seriously. “We incent our club managers on only three things: Say hello, say goodbye, and keep it clean,” Lively said. At one of the clubs that was consistently scoring on the low end of happy, the company tutored front desk managers on their obligatory hellos and goodbyes.

“We came up with a script,” Lively said. Instead of just hello, clients were greeted by name when they checked in. The front desk manager was instructed to tell the client to “have a good workout” on the way in and to “have a good day” on the way out.

Pretty basic stuff, but according to Lively,  the customer happiness score at this club quickly went from the 70th percentile to the 90th percentile. “So, there is a metric that is not financial but is using today’s technology to see how a club is performing pre and post changes,” he said.

For more on the MIT panel on KPIs, check out my article, “Finding KPIs that matter to the business.”

Email Linda Tucci, executive editor, or find her on Twitter at @ltucci.

November 26, 2014  9:24 PM

The key to startup culture: ‘Work hard, play hard’

Kristen Lee Kristen Lee Profile: Kristen Lee

Film After visiting startups for the past few months to gather footage for my Startup Spotlight series, a few cultural commonalities stand out to me: a fun and relaxed atmosphere, the willingness to take a risk and passion.

Granted, when I visit and film people, the camera could have something to do with the level of excitement employees display. Still, all four startups faking it in the same way? I don’t buy it.

Besides, as a Millennial, I know that the drive to find a job that you’re passionate about, that allows you try something new and different, and, heck, even save the world, is a real thing. Naïve? Maybe.

But I see that drive in the people — young and old — who work at these startups. That’s why I think startup culture works and why larger companies want to implement it into their own culture.

One of the things startups seem to do well: Find a balance between hard work and fun.

I’ve walked around startup offices and seen employees talking on personal cellphones, lounging on bean bag chairs, riding a scooter, and even playing ping pong and foosball — all during “work hours.” I’ve also seen people bounce around on yoga balls right in front of the CEO. It didn’t faze him.

Sometimes I wonder how they get their work done. And my hypothesis is this: You how when you’re working and it becomes hard to concentrate? For most of us, it would look bad to take a 30-minute break and stare into space or surf Facebook or play games on your phone. Startups, on the other hand, seem to embrace the idea that inspiration and creativity come when they come. You can’t force it. But when lightning strikes, people work their butts off. If they’ve hit a roadblock, they take a break to get the creative juices flowing again.

Startups are also unafraid to experiment. They are willing to put everything on the line and fail. Because who knows? The idea or project could just work, and could be revolutionary. But they’re also willing to cut their losses either.

Patrick Surry, chief data scientist at the startup Hopper, a search engine that helps people get the best deals on flights, explained it best. For our CIO and IT readers, it’s worth quoting him in full:

“A lot of what we do at Hopper is figure out what the right way to position and deliver the solution to the problem is. It’s challenging — we build stuff, we throw stuff away, and then we build new stuff.

“It requires a certain kind of attitude I think among the developers. You have stuff you’ve worked on for three months and then we decide to throw it away and do something different. That can be frustrating for some people. And I think for others that’s part of  [the attraction].

“I think a lot of companies get bogged down because you’ve created something that sort of works and you have to continue to maintain it forever. I think as a startup you have the luxury of saying ‘Hey, that doesn’t work. Let’s try something else, both from a kind of business point of view but also from an infrastructure point of view.”

Startups may have more freedom to experiment than established companies, but the attitude is worth modeling at any company hoping to keep up in a rapidly evolving market.

The willingness to take risks and employee passion are the traits that stand out at the startups I’ve visited. Whether those traits result in a viable business, time will tell. In the meantime, those working at startups are excited about what they’re doing. They believe they are working toward changing the world. (And maybe they are.)

And I think that’s what dictates the startup culture. It’s not the bean bags, foosball, ping pong, or freedom to goof around. It’s that employees believe they’re working to make a difference.

Alan Berrey, CEO and founder of Scratch Wireless, a “Wi-Fi First” mobile provider, summed it up during my interview with him: “Look, Scratch Wireless is a blast. I can’t imagine doing anything else. I love it here, I love the people that work here, we’re having a great time together, we make a lot of fun of each other, we take a lot of things very lightly but we take also the things that are important or serious very seriously as well. And we really hope to change the model for the cell phone services throughout the world.”

Let us know what you think about the story; email Kristen Lee, features writer, or find her on Twitter @Kristen_Lee_34.

November 26, 2014  7:47 PM

Be a mobile governance kingpin, not an anarchist

Rachel Lebeaux Rachel Lebeaux Profile: Rachel Lebeaux
BYOD, CIO, Governance, Mobile

I’m writing this note on my company-issued laptop while working at home after “regular” business hours. When I’m done, I might Netflix an episode or two of Breaking Bad on the same laptop. I’ll probably keep checking my work email on my personal smartphone to make sure I’m not missing any crucial communiqué while watching chemistry-teacher-turned-drug-kingpin Walter White and his exploits. Personal device, private device — is there really a difference anymore?

Welcome to the wild world of bring your own device (BYOD) and consumerization, where company devices occasionally double as vehicles for entertainment, personal devices sometimes allow for better productivity than company devices do, and the CIO must always be on top of their company’s mobile governance policies to prevent slipping into BYOD anarchy.

“Similar to the cultural and social impacts of telecommuting, the lines between our business and personal lives become blurred even further,” writes CIO expert Harvey Koppel in our SearchCIO handbook on mobile governance, which looks at some of the finer points of a comprehensive bring your own anything (BYOx) strategy. “These cultural and social changes must be managed well beyond the scope of the IT department’s reach and therefore be viewed as an enterprise responsibility.”

Keeping tabs on the mobile devices — as well as applications — employees are using for work and play entails making appropriate network upgrades and considering an alphabet soup of new security products, writes Bryan Barringer, who headed up FedEx Services’ Office of Mobility and Collaboration, but they’re all for naught without an overarching governance policy. In our second piece, Barringer lays out the fundamentals of forming a mobility governance team. And CTO Niel Nickolaisen acknowledges that he was reticent to adopt a BYOx mindset and earned a reputation as a barrier to enterprise progress as a result. In our final piece in this handbook, Nickolaisen describes how he got on board with BYOD and offers some survival tips for similarly spooked CIOs.

Walter White’s life devolved  into chaos. Read our handbook, and your mobile governance strategy doesn’t have to do the same.


Let us know: What BYOx strategies are working for you?

November 25, 2014  9:03 PM

Are you considering a hosted private cloud? Read this first

Kristen Lee Kristen Lee Profile: Kristen Lee

When evaluating hosted private cloud providers, be ready for substantial variability in the offerings, a Forrester Wave report says.

Vendors in this emerging and growing market tend to align with one of two tracks of thinking, said Lauren Nelson, Forrester analyst and coauthor of the report.

“Some hosted private cloud vendors are highly customized and view hosted private as an outsourced private cloud. And then there’s a whole other set of vendors in this evaluation that view hosted private as a more dedicated public cloud,” Nelson said. “With those two different approaches to the same space you have drastically different products and what to expect from them is very different.”

Here are the four basic areas in which hosted cloud providers vary, according to the report:

  • Inconsistent management of solution layers. With infrastructure-as-a-service (IaaS), according to NIST, the “consumer does not manage or control the underlying infrastructure but has control over operating systems, storage, and deployed applications.” But it’s common for cloud providers — a traditional cloud provider or the cloud administrator in an internal private environment — to manage layers above the infrastructure layer. This varies greatly within the hosted private cloud market today.
  • Inconsistent tenancy of infrastructure components. Supposedly, hosted private and virtual private clouds primarily differentiate themselves by complete isolation versus virtual separation of the underlying infrastructure components (e.g., compute is most common, followed by storage, then network). When evaluating providers, make sure you understand how resources are separated so that the security, compliance, and licensing implications are clear from the start.
  • Inconsistent nomenclature. Today there are many names for the same or similar products. You’re probably working through the long list of terms already. Forrester has thus far seen the following referred to as hosted private solutions: private cloud, dedicated public cloud, dedicated enterprise cloud, enterprise cloud, private-cloud-as-a-service, managed private cloud, and virtual private cloud. Many of these same terms translate to entirely different products for other vendors. Don’t take the name at face value; you’ll need to do some vetting.
  • Inconsistent customization. Cloud by definition should be a standardized set of IT resources. Although public clouds standardize resources across all customers, this is not a safe assumption for hosted private. Some hosted private cloud providers center their business on creating private cloud environments built on custom hardware with custom contracts for their users, thus becoming more of a private cloud that is managed and hosted by a third party, rather than a standardized cloud service with segmentation between users. Pricing, contract length, and time to delivery are largely tied to the level of customization available for customers. Customers that view hosted private as an alternative to private cloud like additional customizations, whereas those focused on a more secure public cloud option should look to the more standardized offerings.”

The Wave evaluated vendors based on the strength of each vendor’s offering, their go-to-market strategy, and their market presence.

The result was that Virtustream and Datapipe led the pack due to their “strong services supporting customer experience, top security and monitoring capabilities, and an intuitive self-services portal.”

Following closely behind are the hosted private cloud solutions provided by CSC, HP, Dell, Blue Box, and Joyent. The latter group, the report said, are “composed of existing hosting providers looking to extend their services” that are “no stranger to the cloud world but [are] still working on refining how best to target this space.”

Let us know what you think about the story; email Kristen Lee, features writer, or find her on Twitter @Kristen_Lee_34.

November 25, 2014  2:48 PM

Companies still on the move to cloud, but security remains the No. 1 obstacle

Kristen Lee Kristen Lee Profile: Kristen Lee

Overall, 2014 has been a positive year for cloud computing, according to a survey done by IDG Enterprise.

Companies and IT executives continue to plan what they should put in the cloud in order to reap the benefits of the three main cloud platforms: SaaS, PaaS, IaaS.

Over half (56%) of companies that took the survey are still experimenting with IT operations that they can move to the cloud. And, 61% of companies are looking to invest in emerging technology, such as software defined networksto capitalize on cloud investments.

Another interesting survey result, given the prevalence of shadow cloud applications: IT leaders say they are still in charge of most aspects of the purchasing process of cloud. That includes determining the business need (78%), determining the requirements (75%), evaluation (80%), recommending and selecting vendors (75%), selling internally/outside of the IT team (48%), and approving and authorizing cloud deployments (64%).

The top three objectives driving companies to move to the cloud are:  speed of deployment (39%), lower total cost of ownership (39%) and replacing on-premise legacy technologies (35%).  Only a relatively small percentage of the 1,672 respondents — 75% of which were executive or mid-level IT leaders — expect an immediate payoff from their cloud investments. “Faster return on investment” was at the bottom of the list of objectives for implementing cloud computing, cited by only 11% of respondents. ,

That’s not to say that IT organizations aren’t reaping many benefits from the cloud. When asked the impact cloud computing technology was having on their organizations, 63% of respondents cited IT agility, up from 54% of respondents in 2013. That was followed by: IT innovation (61%), access to critical business data and applications (58%), need for specialized It skills (56%) and employee collaboration (56%).

The view was not all rosy. The number one obstacle in 2014? Security.

Cloud computing security was cited by 61% of respondents as top challenge keeping them from implementing a cloud strategy. Companies said they were concerned about the risk of unauthorized access, data integrity, and protection. Second to security, 46% of respondents said integration was an obstacle to adopting cloud.

Let us know what you think about the story; email Kristen Lee, features writer, or find her on Twitter @Kristen_Lee_34.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: