Digital Magna Carta time?

Recently I seem unable to avoid reading material on security risks associated with the use of technology.  It is certainly a good thing that the topic has a growing profile as that can positively drive upward awareness of the risks.  However, I do worry that many articles only tend to articulate the risks and remain silent on the potential benefits arising from technology enabling our lives.  Writing about the dangerous downsides of how easily Internet of Things (IoT) context devices can be hacked will definitely get attention.  This is fine if we also gain the value of people being more aware and then engaging on an informed basis with technology and related information security risks.

I noticed recently that the New York Stock Exchange (NYSE) had sponsored and circulated a publication called Navigating The Digital Age: The Definitive Cybersecurity Guide (for Directors & Officers) to every NYSE listed company board member.  This was produced in partnership with Palo Alto Networks and a wide and impressive range of contributing writers and organisations.  I found it an excellent read.  What I particularly liked was the recognition clearly conveyed that people as much as technology (or process) are at the heart of both the information security threat and the defences.   The need to educate both the consumers of technology enabled solutions and those operating and defending them was well articulated.

The criticality of all of us being aware of the risks to our data and the steps we can take to mitigate them is becoming clearer to most people.  The publicity around corporate hacks like Sony and the recent press around the cyber “front” in the current challenging situation in the Middle East are hard to avoid.  However, in recent weeks the questions I have been asked most often around information security have been related to stories on many and various IoT devices that have allegedly proved vulnerable to hacking.  People have raised many concerns with me on a wide range of devices from connected car systems to house alarms to healthcare wearables to pacemakers.   I remember reading, but annoyingly cannot now find, an article which used the term “Internet of Nosey Things” in its discussion of the type and value of data involved.

Digital Law - shutterstock_120641284 (2)

Indeed the ISACA 2015 Risk Reward Barometer declared that its 7000+ contributors saw IoT as being the prime area of information security concern.  The survey reported that over 70% of respondents saw a medium to high likelihood of attack via such devices either in the consumer or in corporate context as they become more common in the workplace.  This concern is then compounded by the (ISC)2 Global Information Security Workforce Study 2015  which forecasts that we will simply not have enough security skilled people in the workforce to provide adequate defences.  They see the gap being as many as 1.5 million security workers too few by 2020.

If that forecast proves true then we need to have placed information security at the centre our technology design process.  In fact if you look at the automation and machine to machine implications of IoT then we clearly have to ensure our defences are not operator dependent.  The imperative to automate defences is nicely highlighted by the HP Cyber Security Report 2015.  This is a sobering read of results from interviewing 252 companies in 7 countries.   What particularly stood out in the material is that the time to recover from a cyber-attack has risen from 14 days in 2010 to 46 days in 2015; that the number of successful attacks reported has risen by 46% since 2012; and that the average cost of cybercrime per participating company was $7.7m.

So having started saying I was wary of scare mongering articles on information security I have now drifted towards the negative perspective.  It is quite hard to avoid when considering this topic I fear.  As the benefit delivered by technology is huge and alluring so does it comes risk and as ever some people don’t see a problem with acting illegally to make money.  In that sense this challenge is nothing new and we have a good track record across many societies of working out how to protect ourselves (eventually?!) from such threats.

Magna Carta - shutterstock_287752943 (2)

Perhaps we do indeed need a digital age Magna Carta or its mirror incarnations across the globe.  The content of this updated Magna Carta was built on the input of over 30,000 people having begun as an initiative focused on school children.  The British Library site hosting the debate has lots of other excellent material worth reviewing.  The good news is that the debate is still open as to what this digital age Magna Carta should state. Why don’t you go and place your vote?

Images via Shutterstock,com.

Transformation by any other name?

The world of IT is often a tribal one where people frequently have strongly held views which they love to outline on competing technologies, product vendors, service providers and anything else you care to mention.  There are some subjects which can always be relied upon to spark the euphemistic “free and frank exchange of views”.  So it was no surprise recently when I found myself in a group of CIOs with decades of experience (and the associated scars!) that the topic of IT transformation proved somewhat provocative.

The discussion started with the usual tussle over defining the term and distinguishing a technology upgrade/deployment from a business change enabled by technology programme.  The group reassuringly quickly reached agreement that the term implied an undue focus on technology.  The group preference was for the term “IT enabled business transformation”.  There was also rapid agreement on the key characteristics conveyed by that term.  These included the delivery of material business benefits gained by a tightly managed and closely measured technology enabled process change which is implemented with a clear focus on the people change requirements.

However, the debate restarted when it was suggested that the term “digital transformation” was a far better label.   The discussion also covered the term “two speed IT function” used by some analysts or “bimodal IT” as coined by Gartner to recognise the digital age facets.  All agreed that the digital age was driving a far higher focus on people within technology deployments, both in terms of the expectations created by consumerisation of IT services and the technical competence of the people consuming them.

I quite like the concept of “bimodal IT” as I do think it helps describe the duality corporate IT functions now face, namely the incessant demand for innovation at speed balanced against need to ensure appropriate data security and integrity.  We certainly must retain the disciplines of a well-defined, managed and executed business transformation enabled by technology painfully learned over many decades!  However, we do need to find risk managed ways to combine those virtues with that of rapid development, deployment and evolution of products and services.  The mantra of “measure carefully and if you are going to fail, fail early” is a good one in my view.

The importance of ensuring that the delivery remains current, valuable and aligned to requirements is not new.  However, what is new is the speed at which these programmes are now expected to deliver and so the imperative of ensuring relevance becomes more key.  That said if you leverage the right communication tools it is possible to address that requirement by harnessing the power of the population your delivery is to serve.  Doing so requires a high level of agility in every aspect of the transformation programme not to mention in its senior management sponsors.

It has always been tempting for people to label IT initiatives as transformational.  Arguably the inherent characteristics of what is truly an IT transformation programme have not changed over the years.  However, it seems very clear that some of those characteristics have evolved and gained importance in the digital age.  The people engagement imperative has become unavoidable and truly central in every sense.  This collaboration expectation combines with the relentlessly increasing pace at which delivery is demanded to create a new sense of excitement.  Successfully delivering an IT enabled business transformation programme has never been easy and we continue to improve our ability to get them right.

I think using the term digital transformation is helpful.  I much prefer it to IT transformation and it is less cumbersome than the more wordy IT enabled business transformation.  I think the word digital encapsulates business, information and technology.  It recognises for me that it is increasingly hard to distinguish between the “business” and the “IT” in the digital age.

This post was previously published on the Business Value Exchange.

Customer Experience – Digital Imperatives? (Part 2)

Customer experience is fundamentally about the quality of the interaction between the consumer and the company offering the service.  Companies are very keen to ensure that their declared brand values are seen as represented within their delivery experience.  A company called Havas Media publishes annually a report called “Meaningful Brands®” which seeks to measure that customer assessment of the overall experience.   It is fundamentally a report focused on measuring and understanding the dynamics around brand strength.  However, it adds the context of looking at how our quality of life and wellbeing connects with those corporate brands, i.e. the value judgements we make as we experience the service.  The research scale is impressive, 1,000 brands, 300,000 people, 34 countries and covering 12 industries. The report states that it “covers all aspects of people’s lives, including the impact on our collective wellbeing (the role brands play in our communities and the communities we care about), in our personal wellbeing (self-esteem, healthy lifestyles, connectivity with friends and family, making our lives easier, fitness and happiness) and marketplace factors, which relate to product performance such as quality and price”.

The Meaningful Brands® 2015 research shows that customer experiences that are felt to contribute significantly to the consumer’s individual quality of life or that of their society are rewarded with stronger business results.   In hard commercial terms the research claims that well rated Meaningful Brands outperform the stock market by some 133% and on average gain 46% more “Share of Wallet” than less well perceived players.  This analysis appears to support the assertions that many analysts have made that the transparency implicit in the digital age (reviews/referrals being examples) makes the integrity of the brand and the reality of the customer experience critical.   Interestingly as a technologist there are 5 technology companies in the top ten global performers and 3 in the top five; Samsung, Google and Sony. Geographic variations are also interesting, only 31% of brands are trusted in Western Europe and only 22% in America.  The percentage of brands that are perceived to contribute positively to quality of life are only 7% and 3% respectively.  In Latin America that measure is reported at 38% and even higher in developing countries in Asia at 75%.   Maria Garrido, Global Head of Data & Consumer Insights at Havas Media is reported as saying:  “Brands that enhance the wellbeing of people, communities and societies are more meaningful. In the West, we have a more functional relationship with brands so continuous innovation and product delivery is key. In high growth markets, the relationship between people and brands is one that focuses more on personal benefits. In these regions people look to brands to help them achieve economic status, better experiences and every-day inspiration”.   There is a wealth of information and analysis to be found on the Meaningful Brands website and it repays the time spent reviewing.

Business Ethics - shutterstock_292372004

I would argue that customer experience is not just about the quality of the interaction during the purchase transaction.  It is about the values of the brand and how they are felt by the customer as they experience the service and the degree to which they feel connected to that company.  The integrity of relationship and the ease with which disappointment can be widely shared are key factors in providing a compelling customer experience.  Digital technologies are enabling more direct interactions for companies with their customers.  The cost of direct engagement with customers relative to the recent past has dropped and is continuing to do so.   Equally at the same time digitalization makes information to assess service quality easily accessible and is enabling ever more transparency.   This complex relationship is explored in an excellent article in The Drum by Tash Whitmey entitled “Creating Experiences Customers Actually Value”.

Delivering highly valued customer experiences certainly includes the quality of the product offered and the qualitative nature of consuming it.  However, it also seems to be increasingly about how that consumption experience relates to the declared brand values and whether they are consistently lived by the company.   Indeed we have seen over the last year or so the impact on corporate reputations which have been tarnished by perceptions over their entirely legal but not admired tax optimisation strategies.  At the heart of this dynamics is a complex relationship between consumer and vendor.  How that relationship is valued by either party and how the integrity of the interaction is defined has become far more holistic and interesting in the digital age.

This post was previously published on the Business Value Exchange.
Image courtesy of

Customer Experience – Digital Imperatives? (Part 1)

I recently need to make changes to some mobile phone contracts for family members.  Our contracts were with two different mobile phone providers and one performed far better than the other.   The positive experience was with O2.  The website was clear and easy to use, the “instant messaging chat to advisor” service was quick and convenient, the human looking after me was engaging, efficient and extremely helpful.  A truly positive customer experience.  The other provider who I think should remain nameless provided an experience that had none of those attributes.  Customer experience in the digital age is often characterised as our demanding ever more flexibility in how we engage, ever more efficient and enjoyable transactions,  ever more rapid delivery and the truism of everything being immediately available at all times.   I held my engagement with O2 late on a Sunday night so I think I ticked a few of those characteristics!

The view of the consumer has arguably never been more important or more easily shared.  Over recent years the value of a referral or positive review has become increasingly important with access to many different sources at our fingertips.

I realised recently that I now automatically use reviews on sites like prior to booking any accommodation, sorting the available options by customer review scores.   Many market analysts assert that 75% of all purchase decisions are now preceded by a review, even if the review is online but the purchase is made in-store.   Of course in this context the trust in the review source and it offering the collation at sufficient scale for the scores to be meaningful is critical to creating trust in the data integrity.

At the heart of these enhanced customer experiences is the dynamic combination of mobile devices and cloud computing.  It is clear that the pace of change is stressing the capability and indeed budget of many IT organisations.   Someone recently pointed me at some excellent Forrester material on this challenge.  They use the term “Business Technology” and argue that successful CIOs need to lead their organisations from traditional style operating models to managing business technology outcomes and not IT assets.  Given a deal of this useful information is behind the Forrester paywall this Computer Weekly article is an excellent articulation of their argument, “Forrester – Manage Business Technology Outcomes Not IT Assets“.    At the same time I also recently came across an excellent article entitled 5 Metrics for Digital Success by Aaron Rudger.  I particularly liked his suggested five key metrics for the digital age: responsiveness, latency, third party app impact, load testing metrics and finally competitor benchmarking.  I will not do justice to the article here but it is well worth a read.

Digtial Service - shutterstock_203618407 (2)

Regardless of what you measure the challenges and the opportunities for IT teams is going to continue to evolve at pace.   A common message from analyst articles is that over the next five years the combination of the Internet of Things, pervasive cloud computing and big data will enable organizations to offer services which are able to learn and evolve, are contextually aware and able to react in real time to change.  So your strategy needs to ensure that the design is user-centric, that it provides for a high degree of personalisation and contextualisation and that you are able to rapid iterate to innovate.

Customer experience is fundamentally about the quality of the interaction between the consumer and the company offering the service.  The intent is to build a relationship of trust and value with the consumer so they are both a repeat buyer but more important an advocate for you.  There is as deal of research you can find that explores what transforms a buyer into a brand advocate.  The quality of the product or service is clearly key but is it sufficient?  Are there other factors being assessed by your customers when they decide whether to post that glowing review on your service?   I would argue that there are a range of criteria explicitly and implicitly being assessed every time someone experiences your service.  It would seem to me that the value judgements being made are becoming more sophisticated and perhaps based on some interesting research I recently read far more holistic that we might expect?

This post was previously published on the Business Value Exchange.
Image via

Far Too Few!

Like many of us I tend to notice articles flagging up the next big skills set demand wave.  Recently an article caught my eye proclaiming that now is the time to have cyber security skills.  A recent study called Global Information Security Workforce 2015 released by (ISC)2  reports that there will be an estimated 1.5 million people too few with skills in this key area.  The study has been conducted annually since 2004 reporting a workforce shortage at each time, however it seems that the supply to demand gap is now accelerating.

The importance of this workforce aspect in relation to cyber security demands is also highlighted in a report I recently read by Accenture entitled “Intelligent Security: Defending The Digital Business“.  In it they summarise the most common issues challenging organisations in having an effective response to cyber security, namely:

  • Linking security and business.Tie security programs to business goals and engage stakeholders in the security conversation.
  • Thinking outside the compliance (check) box.Go beyond control- or audit-centred approaches and align with two key elements: the business itself and the nature of the threats the enterprise faces.
  • Governing the extended enterprise.Establish appropriate frameworks, policies and controls to protect extended IT environments.
  • Keeping pace with persistent threats.Adopt a dynamic approach including intelligence, analytics and response to deal with a widening variety of attacks.
  • Addressing the security supply/demand imbalance.Develop and retain staff experienced in security architecture planning and design, tools and integration to increase the likelihood of successful outcomes.

Supporting the report they also have a very good infographic that is worth a visit “Take A Security Leap Forwards“.

The point Accenture make that compliance to a given industry’s cyber security regulations is only a good starting point particularly resonates.  This is a discussion I have had many times over recent months with colleagues.  Meeting compliance requirements is only the minimum level to achieve.  It also often tends to be associated with relatively static time based audits rather than  real-time monitoring and indeed adaptation.  It is pretty clear that the sophistication of externally originated cyber-attacks evolves extremely rapidly.  The points attacked are those where defences are strongest and in the hyper-connected digital world securing the perimeter or specific “citadels” within that perimeter is challenging.   The defenses need to be real-time, automated, holistic and appropriately funded to both meet the risk and reflect the asset value.

It seems to me that the last year or so has seen a growing understanding of the importance of the Chief Information Security Officer (CISO) role. Based on hearsay it seems that they are having an easier task in obtaining adequate funding for their function.  Of course the tooling needs to match the sophistication and evolutionary pace of the cyber attackers.  The CISO needs to be enabled to engage with new and disruptive technologies as their emerge so they can define a layer defensive strategy that does not become perceived as a blocker but rather adding value and an absolute necessity.  Constructive, frequent and open access to the senior leadership team of any business is critical for a CISO that is empowered to bring real value to their organisation.  Often the decision points will be difficult as concepts such as innovation, agility and pace are confronted directly by valid concerns on information integrity and protection appropriate to the value it represents.

cyber security - shutterstock_204844114 (2)

As ever in the world of technology there is money to be made by vendors providing tooling that enables appropriate levels of security in the digital world.  A recent Financial Times article by Hannah Kuchler highlighted that the cyber security market is now estimated as a $15bn-$20bn over the next three years.  The article reports that venture capital funding flowing into this area exceed $1bn for the first time in the first quarter of 2015.  Apparently the venture capital funding for the whole of 2014 for cyber security was $2.3bn, itself an increase of 33% over 2013.  The money is certainly flowing into the cyber security space.  Given the recent experiences of Sony and the publication of information the hackers extracted by WikiLeaks it does start to seem rather unsurprising.

All that said I do think many organisations face their biggest cyber security risk from threats that are far from new to us.  The first is the often depressing factor of your own company’s people doing something that in hindsight they would fully accept as being dim.  This is often despite the act exposing the corporate information being heavily and frequently communicated as unacceptable.  However, in my career to date the threat that has caused me most issues has been obsolete software.  Obsolete software that is not listed in the IT asset database and might be lurking under a desk or part of the “shadow IT” world procured on a credit card and forgotten.  This software is no longer being actively patched for security vulnerabilities by the vendor.  It is so easily missed and the first time you become aware of its existence might well be a very unfortunate moment.  Sounds trivial compared to the sophisticated cyber attacker but it does represent an easy access point for them.  There are many examples of obsolete software that has been around long enough to be very well embedded.  The next one I think might create a few issues for many of us is MS Windows Server 2003 which goes out of support in mid July 2015.  Might be worth another check to be sure you will have no surprises in late July?

Image via

Just Connect?

Is 2015 the year in which the much discussed Internet of Things (IoT) is becoming mainstream?  I was prompted to muse on this question by watching a friend remotely check and then reset the temperature of his home via their smartphone from our restaurant table.  Also that same evening saw me extolling the benefits of my health wearable device and demonstrating how to review my statistics via an app on my smartphone.  This is certainly different from the initial smart sensors on goods and within warehouses that help track stock levels and triggered replenishment orders.  My first encounter with IoT was in the smart meter space in the energy sector.  This is where meters enhanced with sensors are deployed to enable the providers to remotely monitor energy usage real-time and use that feedback to optimise their delivery model.

IoT 2 - shutterstock_254834209 (2)Indeed defining the term IoT can be problematic.  I like this definition from a McKinsey article, that it is “the networking of physical objects through the use of embedded sensors, actuators, and other devices that can collect or transmit information about the objects. The data amassed from these devices can then be analysed to optimize products, services, and operations”.   In 2011 when IoT first hit my radar I remember many articles from analysts predicting that by 2020 the market for connected devices would have reached somewhere between 50 billion and 100 billion units.  Generally analysts today seem to be talking about a reduced but still material 20 billion or 30 billion units by that date.

To enable that scale to be reached we need to look beyond the “Things” and indeed even the connectivity aspect.  Ultimately the old mantra of “it is all about the data” is at the heart of the key ingredients required.  It is not just about getting the data to a store in the cloud.  It is about doing so in a way that reflects the information privacy and security dimension within a framework of enabling technology standards.  I don’t think we will realise the promise if we end up with an IoT that is more the “Internet of Proprietary Things”.

I picked up on the proprietary angle in an article by Matt Honan in the magazine Wired:  “Apple is building a world in which there is a computer in your every interaction, waking and sleeping.  A computer in your pocket.  A computer on your body.  A computer paying for all your purchases.  A computer opening your hotel room door.  A computer monitoring your movements as you walk through the mall.   A computer watching you sleep.   A computer controlling the devices in your home.  A computer that tells you where you parked.  A computer taking your pulse, telling you how many steps you took, how high you climbed and how many calories you burned – and sharing it all with your friends…. The ecosystem may be lush, but it will be, by design, limited.  Call it the Internet of Proprietary Things.”

Many see a darker side to the IoT vision.   They see a world where you are constantly tracked, monitored and the data about you monetised without your permission on a massive scale.  Indeed some go as far as seeing the IoT as enabling a far more effective and efficient surveillance by the state, yet with the added twist that we seem to be volunteering to have it.

Cyber Surveillance - shutterstock_95308294 (2)

The threat seen is that we end up being monitoring by every device in our lives from our cars, to our household white goods, to a massive range of smartphone or wearable type apps and to the more understood spend trail we leave with credit and debit cards.  This set of data points will then be correlated, analysed and without the relevant protections on privacy sold on to businesses without you being explicitly aware and agreeing.

There are a number of articles around that counter this point by making a link from IoT in this regard to social media.  I think the point they miss in doing so is that social media is for those that are suitably wary about presenting a curated view of yourself.  As the world becomes ever more digitized and people tracked by a growing myriad of devices it will almost certainly leave fewer and fewer opportunities to decide not to participate.   It’s one thing to curate the view of yourself that is broadcast on social media.  It would seem to me to be quite another to see how much curated content will exist in the world IoT might create.  I think it is vital that the IoT promise is achieved by having an appropriate model of regulation to ensure privacy remains an option.

Images sourced from Shutterstock.
This blog post was previous published on the Business Value Exchange.

Digital Zoom – Part 2

It seems clear that cloud computing in public, private and/or hybrid guise will become the norm for corporate IT over the course of 2015.  However, to deliver the promised pricing and supply elasticity it will be critical for suppliers to have achieved scale.   As a result it seems very likely that suppliers sometimes called the “hyper scale cloud players” will become an even more material presence in the corporate sector.  The key three players of the “hyper scale cloud” club would seem to be AWS, Azure and Google.

However, scale alone will be insufficient as it will not just be all about lower cost per unit consumed.  During 2014 it has become increasingly clear that management of cloud services, particularly integrated management of multiple cloud platforms is going to be a key differentiator for suppliers.  The recent collaboration announcement by Accenture and Microsoft on their Hybrid Cloud Platform initiative is arguably recognition of this point.  Many analysts are also rightly seeing the management imperative as being tightly linked to one of automation.  Automation will be critical to deliver the essential real time monitoring and self-healing facilities as well as enabling the required cost economics to operate shared platforms at scale.  Responding successfully to these imperatives will require bold investment strategies and the associated financial means to invest and await the returns in future years.  To help manage the investment implications I also think we will see more partnerships announced as well as a willingness to enter into joint ventures.

Digital Zoom - shutterstock_96758821 (2)

In the software arena I think 2015 will see big winners in those with analytic tooling that can enable access to digital stores, increasingly across multiple data silos.  The software architectures will have to accommodate the mobile device favoured by data consumers and deliver a highly contextualised interaction model.  The key challenge is going to be how to make money quickly enough to fund the required software development in a way that matches the flexibility and fragmentation of the demand.

Pace will be a critical factor and it will continue to be one of the key threats to the enabling infrastructure both in terms of meeting the function demand but also in being able to iterate rapidly to remain current.  This last point brings me to my first New Year’s resolution scarily early.  At a recent CIO webinar the topic of DevOps came up as one of the key tactics technology providers will need to adopt to achieve the required flexibility and speed of action and reaction.  My resolution is to address my feckless knowledge gap and educate myself on DevOps as I was somewhat embarrassed on the call to be largely uninformed on this topic.  I will return to this topic to update on my progress or lack thereof in early 2015, but if useful to you too here is an excellent DevOps focused site!

Post was original made on the Business Value Exchange site.
Image is via Shutterstock.

Getting personal with the cloud

If there’s one thing the IT industry is spectacularly good at, it is producing buzzwords. Marketing executives – even management gurus – look enviously over their shoulders at our industry’s propensity to churn out a seemingly inexhaustible supply of new acronyms and expressions.  We over use them in PowerPoint, extolling the virtues of the latest X and how it will mean Y to Z and to all of Z’s customers.  Meanwhile our audiences wearily roll their eyes upwards at each new piece of jargon!

So, after an endless diatribe of Private Clouds, Public Clouds and Hybrid Clouds, does anybody have the energy for Personal Clouds?  And when we learn it is rooted in consumer IT – itself the most crowded territory for industry jargon (think ‘Mobile’, ‘Post PC’, ‘BYOD’, ‘User Experience’ – it never stops) – we’re reaching for the off switch.  Why should we care?  Perhaps more to the point, why should I risk antagonising you by writing a blog on the subject?

I could start by explaining the idea of the Personal Cloud is gaining traction across the IT industry.  Gartner, for example, were predicting last month that Personal Cloud would replace the PC by 2014.   Or that a cursory search of Google Trends shows the term first appearing in web searches as recently as June 2011, and growing rapidly ever since.  But hype of course is no justification of something’s worth in itself. Worse, it’s so often accompanied by the array of contradictory definitions that seem to meet every new piece of IT terminology.  The important thing is to look at what is actually happening out there.  Because whatever words we want to use, whatever charts we want to draw, an important development is taking place.

For me there are two parts to this.

One is that we now have an unprecedented range of consumer utilities at our disposal to enable our – for want of a better phrase – personal productivity. All the things that you need to do in your daily life – communicate, write, find things out, calculate, plan and schedule, collaborate and share – are enabled by software.  And these days you are quite likely to go online for your software because, let’s face it, apps are as cheap as chips and very often they are free.  When consumed in this way, the set of utilities starts to resemble a virtual space which exists somewhere ‘out there’. This is where the term Personal Cloud may start to seem relevant.  Moreover, this is perhaps the first truly consumerized set of software with real consumer product DNA. It is pure B2C, whereas MS Office and its ilk have their heritage in B2B – even when they have been sold to the C.

Second is to consider this in the context of mobile devices. It is fair to say that if you use a PC you are probably happy to use a workspace that is fixed and licensed to that machine. Traditionally, that has been provided for you by your company. More than likely you have created a similar environment on a home PC – maybe the software was cheaper than the corporate version but nonetheless what you bought came in a cardboard box wrapped in cellophane.  Its code is now firmly attached to the hard disk – as is the information you have created from it.  Mobile changes everything.  You probably don’t need me to argue that with a mobile device, online, consumer software makes the most sense. But here’s the thing. The real value of Personal Cloud is not about your first mobile device, it’s about your second, and your third.  As you add more devices – a smartphone here, a media tablet there, so it becomes more beneficial to you that your software and personal information are virtualised and accessible.   DropBox and Apple’s iCloud are enjoying huge popularity as people realise how much easier it is to have a consistent experience across their devices.  Of course you also have come to realise you need – and expect – the same experience across all of your computers – home and work.

Lurking behind all this, like a troublesome and unwelcome party guest, is a profound implication for the way that businesses deliver end user computing to their employees.  Because now you’ve got your personal devices synced, isn’t it time you also synced your work stuff?  And if you already have a virtual workspace, which by the way you can access at work, why would you need your employer to provide you with an alternative, possibly inferior one?  And would you use it?

There is already strong impetus in the enterprise for Bring Your Own Device (BYOD) and no doubt you will be familiar with the arguments.  The use of mobile in the workplace is a disruptive force and is being viewed by the enterprise, albeit with suspicion, as mostly harmless.  But the argument for Personal Cloud is slightly different. Devices are as varied as they are disposable.  Their useful life expectancy is falling. No one device will define what’s personal to us.  It will be our own personal experience – the set of information and applications that we use – that will become the footprint that defines us and persists with us.  This is what Personal Cloud has the potential to deliver.

Personal Cloud is therefore likely to overtake mobile as the number one headache for CIOs.  Consumer technology has a Trojan Horse feel about it.  It sits outside the enterprise walls, gathering a lot of attention, as suspicious IT functions ready themselves to accept the seemingly harmless gift.  But as we all know, it wasn’t a big hollow wooden horse that did for the Trojans.  It was its payload of Greek warriors, led by Odysseus, who crept out in the dead of night and opened up all the city gates to break a ten year deadlock.  Likewise, Personal Cloud will be carried into the enterprise on mobile devices.  It will change the way enterprises deliver end-user computing for good.

A look back on 2010, and a view forward to 2011

New Year 2011 pushing 2010 downAt this time of year there are many articles and posts that provide insightful, amusing and thought provoking summaries of the year nearly completed.  The fact that I have read a number of excellent reviews of 2010 has helpfully discouraged me from trying to compete.  That said I cannot resist some personal observations on how I experienced 2010.

2010 was the year where we went from talking about the potential of cloud computing to seeing that future state take shape in the market.  Regardless of your position on solution maturity I doubt many would argue that cloud computing has not arrived and has had no impact on corporate IT strategy.  However, it is not cloud computing that stands as my key inflection point in 2010; that is reserved for the moment that the penny dropped for me on the closely related force of IT consumerisation.

My moment of clarity arrived during Fujitsu’s VISIT 2010 event held in Munich during November.  I’d just walked around the exhibition hall with three client CIOs and moved through the whole range of Fujitsu activities from our endpoint products to our server and storage technologies to cloud computing offerings, our extensive partner ecosystem, right through to our research activities under the strategic intent of human centric computing to enable an intelligent networked society.

I was asked by one of the CIOs which of the areas we’d just seen were having the most impact on my internal IT strategy; after some thought and the sound of a penny dropping I replied none of those as such but rather the change in expectations of my IT delivery.   Two of the CIOs looked at me as if I were slightly deranged whilst (luckily!) the third nodded and agreed with me.  Over a coffee we convinced ourselves that the key challenge is not technology aspects such as device proliferation, or the shadow IT landscape funded by credit cards, nor even social media finding a way into the enterprise.  We decided that the key disruptor is actually the one of expecting choice and an increasing demand to apply the market dynamics of the consumer marketplace to the corporate world.  This brings with it an expectation that using corporate IT should be “pleasurable”, “exciting”, “immediate” and dare I say “cool”; a customer experience as opposed to user experience.

At the start of the year many people including me were using the term “Generation Y” to encapsulate a set of behaviours and expectations that we asserted were generational.  Today I still argue that the characteristics attributed to Generation Y exist but now believe that that many of them are not restricted to a given generation.   Indeed if I look at my weekly barometer of demand (see my earlier post about IT consumerisation) I know enough of the names in my mailbox demanding iPad connectivity, Android access to corporate systems, adoption of services like DropBox, access to social media sites to know that the majority are actually Baby Boomers or Generation X.

The tension created the moment you attempt to reflect consumer arena expectations and demands in your corporate IT strategy is perplexing.  You rapidly find yourself becoming at best the voice of caution, at worst the voice listing all the reasons why not, despite the benefit that could accrue to the organisation.  Balancing risk against benefit is a key part of the CIO role but unsurprisingly I find the role much more rewarding when able to operate as the Chief Innovation Officer.  There is a strong temptation in the face of escalating demand for which you lack funding, quite apart from the information assurance implications or indeed those relating to the operational cost management, to simply say “no, because” and forget all of your consultative customer centric training in how to respond to challenging demands!

I think 2011 is going to be a challenging year for CIOs as I don’t think the economic climate has suppressed the demand for technology solutions arising from the consumer sector centric expectations.  Those of us fortunate to be in CIO roles are certainly not going to be bored. I say fortunate as with those challenges come change and if we don’t like change then IT is the wrong career choice!  So have a good rest over the festive period and recharge those batteries – 2011 is going to be interesting.

Image credit: © VBar –

Harnessing the cloud: balancing business benefit and risk

This week I attended the Symantec Vision conference in Barcelona and also took part in a panel discussion on cloud computing at their CIO Engage event.  The content I heard at both events resonated strongly with me.  It was relevant to both my internal role at Fujitsu as Chief Information Officer (CIO) and also my market facing guise as Chief Technology Officer (CTO) trying to ensure that our market offerings are relevant and evolving aligned to the demands from our clients and the market in general.  Indeed it was at the Symantec CIO Engage that I was also effectively “outed” in responding to a question put to the panel as having a third role within the organisation, that of Chief Security Officer (CSO).  The intertwining of all three role perspectives I guess in retrospective was inevitable given the breadth and nature of Symantec’s product range, combined with the pervasive market dynamic force of cloud computing.

The question with which every CIO I met during the week was grappling can be summed up as “how do I access the business benefit promised by cloud computing at an acceptable level of risk and return to my company”.  My proposition on the panel was that CIOs fundamentally know how to manage this market inflection point and that the disciplined approach was far from new and scary.  The crux of the matter being what corporate IPR should be exposed to obtain the desired business outcomes to an appropriate level of risk and financial return whilst ensuring that all the data implications were guided by the trinity of security, privacy and residency.

A group of CIOs with extensive off-shoring experience ended up concluding over a drink or two one night that we knew how to handle this challenge.  Our conclusion was that our experience of managing the arrival and maturation of the off-shoring dynamic which is common place in the market today placed us in a good position to do navigate our companies through the cloud.

One area where there was universal agreement, was that we need to evolve new solutions, technology, process and procedure around updating our data management capabilities to reflect the flexibility and associated risks of cloud computing.  There was specific focus from all on how we ensure that data is appropriately processed, stored and transmitted as part of the move (at a rate on which none of us could agree!) towards business process orchestration in the cloud and its far reaching implications.  There was agreement that some of our existing strategies in the security arena of creating layered defences from different vendor toolsets to avoid the “too many eggs in one basket” management of risk were probably not sustainable moving forwards.  The example I raised with the group (in case someone had a neat solution for me!) was my having an estate of endpoints all nicely encrypted with one vendor’s toolset represented a barrier to my implementing a sophisticated Data Leakage Protection (DLP) solution provided by another; the DLP toolset cannot interrogated my encryption solution and if it could well arguably that would see me with a different immediate challenge entirely! To me it is clear that the technology company that can help us manage data as it is processed/transits multiple clouds whilst providing the many levels of assurance required depending on the data entity value is going to have a queue of customers; you’ll not be at all surprised wearing my CTO hat that I am actively engaged in the Fujitsu Group response to that challenge and opportunity!