About 20 years ago, Bill Gates at Microsoft, Steve Jobs at Apple and Larry Ellison at Oracle formed a fairly exclusive club — CEOs who knew a thing or two about technology. Of course, they led tech companies, so they had little choice but to immerse themselves in their companies’ business. But typically, chief execs were known more for MBAs than for advanced degrees in computing, the ability to assemble a team rather than a database, corporate over tech know-how.
That was then. Today the CEO’s job exists in a very different, digitally focused business world. A working knowledge of technology and how it can advance business is practically required of most chief execs today. Lisa Pearson, CEO of Umbel, which sells data management and analytics tools to sports teams, needs to live and breathe tech to collect a paycheck. But she also sees technology as having seeped into the CEO role in any organization as a matter of necessity.
“I don’t see how you can fund a company without a basic mastery of technology,” Pearson said. If cybercriminals hack into a company’s systems, for example, it’s the CEO’s job that’s on the line. “You see the stock price plummet when there’s a security breach, so I think that has been a way of calling attention to older-school CEOs that they have to become tech-literate.”
It’s not all about cybersecurity; it’s about growth, too. In the world of sports, where Umbel operates, CEOs have not always been the most tech-savvy group, Pearson said.
One CEO of a sports team told her that he used to look out in the arena where the team was playing and glower at a sea of heads looking down at glowing smartphones. “‘It just made me so mad,'” she recalled him saying. “‘How could you disrespect the team by not watching them play?'”
But chief executives in sports are realizing that Millennial and Gen Z fans don’t engage in sports the same way older generations do, Pearson said. They often don’t even buy tickets and go to stadiums, and many aren’t watching games on the tube either, because “they’re not watching appointment television.”
So teams are starting to look at digital technologies for whole new ways to “activate fans,” Pearson said. Take the NBA. A 2017 Fast Company article described a tool the basketball league is using that automates the production of game highlights — just seconds after a slam dunk or a three-pointer — and pushes them out to phones of fans at the game.
The NBA has committed to pushing the limits of tech in sports, forging partnerships with companies peddling the latest innovations.
“As a whole, I would say the NBA is probably the most tech-savvy amongst the leagues,” said Courtney Brunious, the associate director of the USC Sports Institute, in the article.
CEO’s job: Reaching the ‘superpower consumer’
Enthusiasm for tech has reached other sports as well, with football, baseball and soccer all experimenting with new ways of reaching fans. Golf, not so much.
“Golf is doing very little to cultivate a young consumer — same thing for tennis,” Pearson said.
They’d better start swinging. According to a 2017 Nielsen report, Millennials and Gen Zers make up 48% of the media audience — that’s TV, radio and digital. Together they constitute a “superpower consumer,” Pearson said, and it’s the CEO’s job — in sports and elsewhere — to make them customers.
“Anytime a business owner has the realization that their business is not going to be relevant to the consumer who will pay for it, they better shift gears pretty quickly.”
One of the more memorable conversations I had this year was with Tony Arcadi, associate CIO for enterprise infrastructure at the U.S. Department of the Treasury. I met him at Gartner’s annual gathering of IT leaders, Symposium/ITxpo, at Walt Disney World in October. We had a long discussion about new technologies such as blockchain, the cultural changes brought on by cloud computing and how plain exhausting it is to hike from one far-flung Disney resort to another in the Florida heat.
Arcadi served up the baked confection as a metaphor for the cybersecurity approach organizations should be taking in an age marked by increasingly sophisticated attacks. Cybersecurity should be present from the start of any tech initiative.
“It’s not an ingredient you can add to the top; it’s not frosting on top of the cake,” Arcadi said. “It’s got to be an ingredient that you put in a cake and mixes in with all the other ingredients.”
Cybersecurity should be blended into an organization’s operations — like an egg stirred into cake batter, Arcadi said — and everyone, not just the CISO and the IT security team, should work to maintain it. “I think that’s where we need to move our cyber to versus the current approach.”
(Arcadi stressed that his remarks did not represent the views of his employer, the Treasury Department.)
I spoke to Arcadi barely a month after credit-reporting agency Equifax announced it was the victim of a data breach that exposed the personal information of 143 million Americans — a “catastrophic event,” he said. And yet are we as a society the wiser for it? Have we changed our cybersecurity approach?
“I don’t know that we’re doing anything any differently today than we were when that happened — or have any plans to do anything differently.”
Some may look at the Equifax breach and countless others in 2017 as justification for bringing on cutting-edge technologies. Arcadi cited artificial intelligence (AI) as an all-the-rage foil to cybercriminal treachery.
Indeed, it’s the tack taken by major tech companies, as Nick Coleman, global head of cybersecurity intelligence at IBM, says in an article by SearchCIO’s sister publication, Computerweekly.com: “The threats are becoming so serious that we need to embed AI and automation into security processes so that we can be more intelligent and efficient in our response.”
AI may very well bolster cybersecurity, Arcadi acknowledged, but the larger problem is AI will be available to the bad guys, too.
“Their AI is going to hit my AI; my AI is going to their AI. What levels this off and causes this to decline?” he said. “Somebody much smarter than me needs to come up with the answer, and I will be happy to implement it.”
In his role as CIO at the Treasury Department, Arcadi is doing his part, helping craft a cybersecurity approach that’s “more integrated and less layered.” That layered opened the oven door on the cake metaphor once again. Cybersecurity needs to be baked in — again, it’s the eggs, not the frosting.
“That’s what I’m working toward — trying to bring it into integration,” he said. “Let’s not produce this thing and then send it for cyber review. You know, ‘Hey, cake’s done.'”
The race is on to support conversational technologies and make AI virtual assistants that we trust to do things for us, said Julie Ask, principal analyst at Forrester Research, during a keynote presentation at the research firm’s recent New Tech Forum in Boston.
But the only real contenders in the race — at least right now — are the tech giants of the world, according to Ask. Google, Facebook, Amazon and Apple already broker a lot of consumer interactions, but they’re far from done. Each of them wants to become the platform of the future that completely “owns consumers’ moments” by having an AI virtual assistant that can “do everything,” Ask said.
Some of the conversational technologies needed to support that ambition are ready today, but others are going to take time, she said. Intelligent assistants, as they’re also referred to, do a fine job at telling you the weather or ordering you more paper towels, but those interactions are far from true conversations.
“For these services to really be valuable and fundamentally more convenient than just picking up a phone to talk to someone or opening up an app to get something done, these conversations really need to evolve,” Ask said.
The good news is that consumers are ready for conversational technologies. There are already three times as many people using voice assistants on their phones and smart speakers than a couple of years ago, said Ask. There are also 15 million smart speakers — which include Amazon Echo and Google Home — in U.S. households today, she added.
There’s a lot that goes into natural language generation, or the ability for machines to speak and sound like a human being. It takes human babies years of failure, success, repetition and refinement to develop language skills, Ask pointed out. She believes it will take as long, if not longer, for machines to hone their speaking skills.
“It’s going to take years — if not tens of years — to incorporate all of the data [necessary] to really begin to generate [human-like] language, sentences that have inflection and so forth,” said Ask.
The second conversational technology that Ask said needs to evolve in order to make way for AI virtual assistants that can “do everything” is image recognition, which she said will dramatically improve conversational abilities.
“When you think about having a conversation with a friend or even with a brand, we’re not just talking,” Ask said. “A lot of times we’re pointing and saying ‘What about that?,’ ‘Let’s go there for dinner,’ ‘Let’s make that.’ Conversations aren’t just about text; there’s a much richer experience that goes with that.”
Plus, it is exhausting to try to describe everything with just words, Ask added. Image recognition needs to provide more context; it must go beyond just identifying objects in photos, and be able to identify what people are doing and the emotions behind a look, a task or a stance.
Ask said the accuracy and the breadth of this technology is indeed growing, but, once again, maturation is a matter of data. Massive amounts are needed to feed these AI conversational technologies. Whereas it might take a human two visual examples to process different cursive sentences, for example, it might take a machine tens of thousands or hundreds of thousands of examples to be able to comprehensively read handwritten words and sentences.
“It’s going to take a lot of time for all of these moving pieces to come together and really deliver these experiences that we consider to be magical,” Ask said.
Parenting an AI virtual assistant is harder than you’d think.
If there’s one thing that CIO’s have learned in recent years, it is that digital transformation is more than a buzzword. Embracing digital technologies has now become essential to successful business processes.
“A key element of transformation programs is that strategies need to evolve with market conditions, customer expectations, maturity of new technologies, and many other factors,” Isaac Sacolick, president and CIO of StarCIO and author of Driving Digital: The Leader’s Guide to Business Transformation Through Technology, said.
One strategy that needs to evolve to facilitate this digital transformation evolution is agile practices, Sacolick highlights in Chapter 2 of his book. The chapter, titled Agile Transformation Practices, explains agile concepts, agile planning and estimation, and best practices to embrace agile techniques.
Businesses that want to compete in a digital world need flexible practices that enable frequent prioritization while driving collaboration between business and technology, Sacolick said in an email interview.
This is where embracing agile practices comes into play. “Agile practices, when executed with a defined planning and execution process, enable teams to focus execution on the short term, plan for longer roadmaps, and adjust strategies based on multiple feedback mechanisms,” he said.
In the excerpt below, he explains why embracing agile is a key digital transformation practice and the need to continue evolving agile techniques.
When you sign up to lead transformation, the implication is that you are going to review existing products, business processes, and capabilities and realign to a new vision. Transformation is a change management practice, so the organization must enable a culture, philosophy, governance, and practice to manage the change.
Unfortunately, we no longer live in a static world. We can’t portray our digital business future with certainty since so many market forces are transforming in parallel. So thinking that you can manage transformation the same way we construct buildings, bridges, and rockets in the past is outdated thinking. In fact, construction projects are now leveraging elements of agile and lean to enable greater flexibility.
For some organizations, just adopting basic agile practices is good enough to achieve a higher level of execution. These organizations will define their sprint and release schedule, practice standups, and use tools to document user stories. Even at larger scales, just adopting these basic practices provides value as it aligns business stakeholders and provides flexibility to adjust priorities.
But to transform organizations, you need to evolve agile beyond these basic practices into a disciplined scalable process, a practice that connects other functional areas such as marketing and operations, and organizational change to drive to an agile culture.
Driving Digital: The Leader’s Guide to Business Transformation Through Technology by Isaac Sacolick © 2017 Isaac Sacolick All rights reserved. Published by AMACOM Books a Division of American Management Association, 1601 Broadway, New York, NY 10019
Machine learning algorithms require training data — and a lot of it — to get the models working correctly. But more training data alone doesn’t necessarily make for smarter algorithms, according to Tolga Kurtoglu, CEO at PARC, a research and development company spun out Xerox in 2002.
If companies want to tune their models correctly, Kurtoglu said they need to gather the right training data. He provided a vivid example of the importance of this requirement at the recent AI World event in Boston.
When PARC engineers looked at how to get more performance out of lithium ion batteries for electric cars, they realized the data they needed didn’t exist. “The current battery cells are manufactured in a way that have sensors outside of the cell structure,” Kurtoglu explained. The sensor data included temperature and voltage, and it was used as a proxy for what was happening inside the cell structure.
But proxy data wasn’t good enough. PARC engineers wanted internal monitoring capabilities to measure the battery’s health, gathering data points on the cell’s pH balance and its chemical decomposition, for example. So they built a fiber optic sensor and fitted it into the battery cell to provide a window into the unseen space.
The data gave way to critical insights for improving a lithium ion battery’s life, enabling engineers to “build analytics capabilities in a very different way” by combining traditional data sources together with the new data generated by the fiber optics sensor, Kurtoglu said.
Is it the end of the world (wide web) as we know it?
The Federal Communications Commission voted this week to end the net neutrality regulations that required equal treatment for all internet traffic and prohibited internet service providers from blocking websites, throttling bandwidth or charging more for higher-quality service or content.
The FCC’s new net neutrality ruling was met with opposition from members of Congress, advocacy organizations, internet experts and the American public. Many expressed fear the internet will be ruled by the AT&Ts, Comcasts and Verizons of the world. Some are calling the ruling a kind of internet apocalypse.
Sounds scary, right? Well Glenn O’Donnell, VP and research director at Forrester, has some advice for CIOs: “Don’t freak out.”
“This move has been a magnet for political debate by those on both extremes,” O’Donnell wrote in a blog post. “Ignore those people. If you become spellbound by the media circus, your competitors will be busy doing something about it — and beating you. Don’t get despondent and don’t get too overjoyed — just roll up your sleeves and develop a plan to work around the new rules.”
Next steps for CIOs
O’Donnell said that much of the ruling seems to impact consumer services, not large businesses. But most big companies depend on small, remote offices, so leaders at these companies have a vested interest in this ruling — as do those pursuing IoT projects.
In developing a plan in the wake of the net neutrality ruling, CIOs should, according to O’Donnell and a “Quick Take” Forrester report, do the following:
- Educate yourself on how the various carriers will alter their pricing and what you will get for certain pricing models and bundles.
- Re-evaluate whether home and remote offices should use consumer-grade internet. In a world of tiered delivery, your provider may throttle the internet service for your home workers.
- Start talking to your carriers about low-latency needs for your IoT applications. “You’ll need more assurances for time-sensitive use cases like IoT devices and applications,” according to the Forrester report. The research firm expects carriers to offer a variety of plans to support IoT and related operations — but businesses should expect to pay more for better, more refined service level agreements, said O’Donnell.
- Renew your focus on network engineering. Forrester suggests companies never assume that network performance is guaranteed, unless you engineer it in. O’Donnell does note that business applications and IoT devices that transmit data across private networks aren’t affected by the end of net neutrality, but more of these apps and devices touch the public internet.
- “Don’t expect 5G wireless to save the day. We are still years away from that being a widespread reality,” said O’Donnell.
It’s not the internet apocalypse
While it’s critical for CIOs to understand how these new rules will affect their business and to incorporate the death of net neutrality into their strategies, O’Donnell still believes that telecom giants won’t — or can’t — behave too badly.
“The paranoia about unfettered telecom monopolies is overblown, but not fiction,” O’Donnell said. “Pressure by government watchdogs, industry groups, and new competitors will keep the giants in line.”
R. “Ray” Wang, principal analyst at Constellation Research, echoed those thoughts on the net neutrality ruling.
“I don’t think [the internet] will be deregulated. I think that’s overblown hype,” Wang said.
Wang admitted he is a proponent of net neutrality but said he has faith in the Federal Trade Commission, which FCC Chairman Ajit Pai has said will step in to protect consumers from any nefarious acts that Internet providers might commit in the future.
“The FTC will be regulating the business, which I have more faith in as they are better equipped to do this,” said Wang. “The question is, ‘what policies will the FTC put in place to spur competition on price, and innovation in service?'”
Time will tell what an internet without net neutrality will look like, but that shouldn’t stop IT leaders from fulfilling their most important business need.
“The only thing that matters is that you serve your customers,” O’Donnell wrote. “This impacts your competitors as much as it does you. Those that refocus on network engineering and clever economic models will have the happy customers — and their money!”
Whose concern is it whether your customers derive a business benefit from using your product or service? At Signavio, a vendor of business process management software, it’s the customer success manager’s.
You might be thinking, Who’s that now? Jim Smith, senior customer success manager at Signavio, has an answer. He spoke at the Argyle 2017 Information Technology and Security Forum in Boston on Thursday.
The goal of a customer success program, Smith said, is to make sure “customers hit the ground running and really get the most success from products and services.”
Now you might be thinking, What does a customer success manager have to do with IT? Smith didn’t explicitly say, but he didn’t really have to. Being “customer-obsessed” has become almost as much a part of CIO job requirements as a degree in computer science or even IT experience. A customer success manager could be that vital link in the IT-business chain that connects to customers, determines their needs — and keeps them coming back.
In his role, Smith said, he becomes the main point of contact for customers. He works to understand what their business is and how it works, what their goals are and what roadblocks they have.
“We want to make sure that they’re constantly getting as much value as possible from our services, and that ultimately we’re hitting the mark, we’re meeting those goals,” Smith said.
To get a deeper understanding of what customers want to accomplish in their business, the customer success manager works closely with sales, “because they’re that first point of contact,” Smith said, and have information such as why customers bought a certain product or service, what problems they’re struggling with, what their needs are.
After the sales handoff, a customer success program begins simply: with interaction, Smith said — a kickoff meeting marks the start of a business-customer relationship. In it, the customer success manager explains what exactly it is that the company will provide — be it software or services — what the installation process will be like and how long it will take.
At Signavio, Smith gives customers guided tours of its software and services and provides best practices for using them. He evaluates how well customers are using software and services, answers questions and gives informed recommendations on how to improve their experience and handle problems that come up.
“It’s all very important that they get a good feeling from the word go about our services, so we reduce that churn, so they stay customers, they stay subscribers — this is a critical piece,” Smith said.
Dressed for success
The job description for customer success managers covers a lot of ground, Smith said. They have to learn about the company’s products and services and gather stories about customers’ experiences “because those are useful for sales, for marketing,” Smith said. And they have to know enough about software and services to help configure them. They have to understand contract terms, review customer accounts and listen for feedback — “how are they liking our products and services, and what would they like to see that we can incorporate in future releases?”
What type of people should customer success managers be? They should have diverse backgrounds, Smith said — “people who can do a lot of different things, who have seen a lot of different things, who might be both technical and customer-facing.”
They need to be versatile because of the many relationships they have to maintain — relationships with customers, of course, but also with sales, with marketing and with the product team, so they can get a good sense of the company’s product roadmap. That way, customer success managers can relay that information to customers and also relay customer feedback to the product team.
And one important thing to keep in mind when hiring for a customer success manager, Smith said — “Pay them well. They do a lot of stuff.”
There’s no doubt that job automation will disrupt the labor market. But while most of us talk about when, Iyad Rahwan is focused on a different question: Where?
Rahwan, associate professor of media arts and sciences at the MIT Media Lab, started digging into that question by constructing a geographic map of how automation will impact the job market. He used data from a controversial study from Oxford University on current jobs that are susceptible to technological advances. “We don’t take those numbers as a kind of absolute prediction, but we use them as a relative comparison,” Rahwan said in his talk on AI and the future of work at the recent EmTech Conference in Cambridge, Mass.
The data enabled him to look at how the job market, say, on the East Coast will be impacted compared to the job market in the Midwest. Perhaps more importantly to CIOs, it provided a launching off point for Rahwan to construct a different kind of map — a “skill-skill network” where the specific skills and tasks making up job titles are compared for similarities. The map is a window into where the labor market is and where it’s going.
Big cities vs. small cities
In general, Rahwan’s findings indicate bigger cities will be more resilient to job automation than smaller ones. That may seem a little like a no-brainer, but he said the conclusion “wasn’t a priori” at the outset. Bigger cities tend to be better than smaller cities at attracting talent with a range of skills, but bigger cities are also better at breaking down complex jobs into explicit tasks, making them ripe for automation, he said. The findings gave credence to what many might assume — and it provided a jumping off point to ask another question: What is it that makes bigger cities more resilient to job automation?
Rahwan used bottom-up clustering to categorize job titles, creating five buckets. One bucket contains of network administrators, engineers and so on. Another bucket includes telemarketers, cashiers and so on. He compared job types in the largest 50 cities to the smallest 50 cities in the United States and found that bigger cities have more positions such as graphic designers and financial analysts than smaller cities and fewer retail or cashier-type positions.
Indeed, jobs like these that require creativity or the ability to manage people or machines grow disproportionately to city size unlike other job types, a finding Rahwan called “striking.”
“That was the first sort of finding,” he said. “Now we want to understand, within a city, what is the structure of this problem.”
Job skills vs. job titles
Specifically, Rahwan was interested in digging into the “hallowing out of middle class jobs,” which are stagnant.
Rather than talk about high-skill jobs versus low-skill jobs, Rahwan wanted to pinpoint specific job skills and find the overlap between job titles. He mapped jobs into a skill-skill network, where jobs are linked based on similarities — the more similar the skillset, the stronger the link.
“For instance an accountant needs to know math and also needs to know a bit of programming and a whole bunch of other things,” he said. “An insurance underwriter probably also needs both. So accountants and insurance underwriters are probably more similar because they rely on similar skills.”
His findings suggest that job skills can be mapped into two core groups connected by a bridge. One core group includes skills such as physical skills, sensory skills, multi-limb coordination, finger dexterity. Skills in this grouping are more susceptible to automation, are less cognitive in nature and tend to correlate with a lower education level and lower wages.
A second core group includes skills such as social skills, managerial skills, negotiation and persuasion. Skills in this category are less susceptible to automation, are more cognitive in nature and are correlated with higher education levels and higher wages. The bridge is a set of common skills such as basic memorization and basic numeracy.
If employees want to move from one grouping to another, they may struggle because the job title they have and the job title they’re pursuing may lack complimentary skills. Indeed, based on his findings, there appears to be a group of people who are “stuck,” who have gained some cognitive skills but not enough to make the transition from one group to the other or to see a median wage increase.
Helping employees make the transition “is where the real challenge is going to be,” Rahwan said. Next, he’s planning to look at how the skill-skill network changes over time, which he’s hoping will help determine what skills come into demand and what skills will be automated out of the network completely.
In a recent talk at Harvard University, Bob Rogers, Intel’s chief data scientist, explained what he looks for when hiring data scientists. CIOs well-versed in the must-have traits of a business intelligence expert but with limited exposure to data scientists might want to take note.
“When I think about what makes a great data scientist, I start with a definition of data scientist and how I would contrast that with analysts from days of yore — say three or four years ago,” Rogers said, with a nod to the blistering pace of change in analytics.
Analysts — those hotshots of yore — query data and craft reports to the exact specifications of a business owner or manager, to wit: Create a report on the number of widgets sold last quarter. “It’s a very directed activity and very specific to creating reports,” he said.
Data science, in contrast, is “a conversation” between the users of the analytics, the data they’re probing and the technology required to create the analytics, Rogers said.
“So a great data scientist understands the limitations of the algorithms and understands, at least intuitively, statistics. But [he or she] can also communicate with the stakeholders who are going to use those results,” said Rogers, who came to Intel two-and-half years ago after a glittering career in analytics on Wall Street and in the health care sector.
The conversation between the data scientist and the stakeholder — in Rogers’ world, that’s often a business unit leader — needs to get specific, pretty quickly. Data lakes, for example, can be great, but you can’t expect insights “to just bubble to the surface,” he said.
“The best data scientists are the ones who can have that conversation, convert the goals of the organization into very specific questions, which can be answered by a combination of the algorithms and the data,” Rogers explained.
Hiring data scientists only part of the job
Rogers’ talk, entitled “Adventures in Analytics” and given to an audience of mainly Harvard faculty and students — was a homecoming for the Intel executive. It was at Harvard as a PhD candidate and post-doctoral student where Rogers embarked in earnest on his adventures in analytics, probing how computational models could solve problems in astrophysics. There, he became interested in artificial neural networks — an early version of what today we call deep learning.
One of Rogers’ side projects on neural nets was helping a bored and unhappy lab mate complete a mundane summer project that involved circling images on a map. Using a machine learning model and two weeks of training data compiled by the disaffected student, Rogers created a neural network that “ripped through his entire summer’s work in eight hours.” The work resulted in an academic paper that drew interest from Wall Street traders — and a lifelong friend in lab mate Adam Riess, who won the Nobel Prize in physics in 2011.
Beyond hiring data scientists at Intel, Rogers acts as part evangelist, part enterprise explorer for the chipmaker.
“One of the roles that I have is to understand what everyone out in the real world is trying to do and map what Intel hardware can do to what they’re trying to do” Rogers said. “A simple example is you can encrypt data on the fly with the hardware with almost no computing overhead. Hardly anybody knows that.”
He also goes outside the Intel orbit to discover what’s coming next and to pinpoint the challenges faced by people working on the cutting edge, including scientists doing basic research. “If I can bring forward-looking problems into Intel design, the next generation of chips will be more effective at what you’re trying to do,” he said.
What’s coming next includes the driverless cars, drones and myriad other next-gen computers that have a hardware component but require “a very robust software ecosystem” to work. That’s a big reason why the chipmaker now has a chief data scientist, he said. “At the end of the day, I was hired more or less because of this idea from our CEO,” Rogers said, clicking to a slide with Brian Krzanich’s oft-quoted observation that data is the new oil.
But data, like oil, requires some refining to extract value. Which is why knowing what to look for when hiring data scientists matters at Intel, as the chipmaker moves from being PC-centric to data-centric. “You don’t pull oil straight out of the earth — you need to convert it into something valuable,” Rogers said.
Waltham, Mass., tech company Sonian offers a cloud-based email archiving and analytics platform to companies and government agencies. The 10-year-old startup was acquired earlier this month by computer security vendor Barracuda Networks (which private equity company Thoma Bravo agreed to buy for $1.6 billion).
Greg Arnette, Sonian’s co-founder and CTO and now director of data protection platform strategy at Barracuda, spoke to SearchCIO before the acquisition. A wide-ranging discussion about the role of the CISO and improving cybersecurity also included topics such as the company’s founding, in 2007; its years of growth alongside cloud giants Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform and IBM SoftLayer; and the utility of IT security frameworks published by the Payment Card Industry Security Council and the National Institute of Standards and Technology (NIST).
Over the years, as cloud computing gained in popularity, the company gained business – with more than 29,000 customers today. Improving cybersecurity became a guiding principle, Arnette said, including in its own offerings, which now include tools that can determine whether data from emails is leaking out of an organization.
“We’re looking to provide evidence-based results that can help businesses make better decisions,” Arnette said.
Following are excerpts of that conversation.
You started Sonian a decade ago. What led to its founding?
Greg Arnette: The original idea that sparked Sonian was around this notion that the combination of the rise of public cloud would be a game changer in IT. Ten years ago that was an early thought that I think has been proven out with where we are today with the rapid rise of AWS and Azure and Google and SoftLayer.
So [Sonian’s emergence reflects] the rise of public cloud, the need for modern, newly architected information management services to be offered as software as a service (so it can be consumed by businesses, monthly, pay as you go) — and the need to solve a problem with enterprise scale but by using consumer-design-like web UIs, so it’s easy, intuitive.
Tell me a little about your services.
Arnette: What Sonian provides is a web service powered by public clouds that helps a business retain, search and analyze their employee-generated content like emails, files, docs and discussions and do it in a cloud-like way. So it’s subscriptions and about making it simple — nothing to install, up and running within 15 minutes. Over our 10 years, we’re now servicing 29,000 customers around the world.
And we have about 60 go-to-market partners. Our partners typically bundle what they get from us as a white label alongside other things they’re selling to their customers. Examples of partners include companies like IBM, which services the very large enterprises of the world; GoDaddy, which services millions of small businesses around the globe; and Rackspace and Intermedia, which are serving the midmarket.
How are you improving cybersecurity for your customers?
Through our tens of thousands of customers and our go-to-market relationships we’re amassing a huge amount of data that’s rich in content, and that drives into the next wave of features that we’re making available to our partners, which are around security insights.
[The feature set is] along the lines of, preserve the data, in case you get sued or you need to do discovery on it or want to put it on legal hold — you want to preserve it for search and recovery. And now analyze the data, looking for trends that can help the IT department understand how these collaboration systems are being used in terms of information leaking out of the organization, or could employees be potentially violating the acceptable use policy that governs how they should be using the e-mail system internally? We’re looking to provide evidence-based results that can help businesses make better decisions.
So your product is cloud. How about your IT and business operations? Are they all cloud?
Arnette: Yeah, we’re 99.9% cloud. The finance team has a very small on-site file server for some file sharing — sensitive content and so forth. Our internal company email’s all cloud-based. We’re using Salesforce; we’re using ZenDesk, It’s a typical back office system you see these days that is becoming popular — a cloud-first approach everything.
Where we host our software, that is, the feature set that we sell to customers, that is also multi-cloud-capable. We’re on Amazon, and we’re on IBM SoftLayer and other public clouds that we host our software on, because some of our partners prefer us to be on a certain environment over another one.
What role do IT security frameworks like the PCI Data Security Standard and NIST Special Publication 800-53 play in maintaining and improving cybersecurity?
Arnette: Those are very important. They become benchmark reference standards for how we position what we offer to our customers and also how we evaluate new technologies that we want to use. The NIST 800-53 framework has I think over 400 different controls that describe how technology should be operated securely.
And it goes very wide — it gets into, How do you respond to a security breach? How do you do change management? How do you notify customers of new updates? So it’s just not technology; it’s process, too. [NIST guidelines] are the frameworks that government researchers put out to public domain, and then the public can use them because we can all point to them and say, This is how we know we’re all secure in a transparent way.
A SearchCIO two-part interview with Sonian co-founder Greg Arnette focuses on the CISO role at the cloud provider and how it’s improving cybersecurity and the skills and experience needed to be a CISO today.