All posts by MSS Staff

Disruptive Innovation and Predictive Analytics are the Next Big Wave

Just like the rise of Uber disrupting the traditional taxi business by completely changing people’s commute behavior – disruptive innovation are also happening in the data and predictive analytics realm today. “Disruptive Innovation” is defined as technologies that emerge to challenge established incumbent businesses, i.e., the traditional way of people doing things. It is not a marginal improvement to make things a little better, but a fundamental change that make the old things obsolete.

The first wave of disruption in data and analytics arrived about 10 years
ago, when coding-based data analytics platform is transformed into visual-based platforms. And with that comes the era of modern Business Intelligence, where data are visualized in an interactive and code-free environment and have since then been realizing true business values.

Now we are sitting on the horizon of another market disruption – “Augmented Analytics” where predictive analytics is combined with the power of artificial intelligence (AI). When the power of predictive analytics is enhanced by booming development in machine learning and AI, it will be capable to drive real business value at scale and speed that precedents our wildest imagination. 10 years ago, we struggled to find a handful of machine learning/AI enabled business applications. In 10 years, we will struggle to find any that don’t.

future of augmented analytics

Disruptive Innovations are happening in the data and Predictive Analytics market

Disruptive innovation is happening in the data and predictive analytics market, starting with the emergence of Business Intelligence – a new way for data visualization.

As someone who has been conducting data science research and predictive analytics for a while, I have lived through the time where all analysis was done through hardcore coding. To conduct an accurate business intelligence analysis and understand the patterns in the data, I need to write codes to slice-and-dice the data in different ways, and then write codes to visualize the results from the segmentations. To conduct predictive analytics and uncover hidden insights from the data, I need to write codes to formulate the regression model and test different variables to discover which are the significant ones and quantify the impact. With all the potential variables that might have significance, it usually takes weeks, or even months, combined with good luck, to achieve a statistically meaningful and business sense-making discovery from the data.

These deficiencies: the lack of scale, speed and application are indeed the factors that have been stopping traditional business intelligence and predictive analytics from driving real business value. The current business world is discovering bigger and more complex data and is in need for strategic analytics that demands faster time to reach actionable insights. The gap between business needs and reality is the reason that data analytics still has limited applications in the business world despite the length of time it has been around.

But the bright side is on the horizon. With the increasing computing capability and the power of AI, analytics will see enormous improvements on scale, speed and application. And along with these innovative changes, there comes the disruption in the data and analytics market. The first wave of disruption happened about 10 years ago, where coding-based data analysis platforms start shifting towards visual-based data discovery platforms. With that, tools like Tableau, Qlik and Microsoft Power BI emerged to disrupt the market and completely change the way analysts visualize and present their data. Because of this disruption, we officially entered the world of widely implemented modern Business Intelligence.

Of course, there is a learning curve to these new tools but after basic use, the return is enormous. The visualization enabled by these tools exceeds the wildest imagination of coding-based platforms. Being code-free, fast, and interactive – this disruptive innovation brought data visualization and BI to another level. With this power, firms start to realize the benefit of BI and you would be pressed to find a large enterprise who does not have a business intelligence group, crunching data and developing dashboards to help the business. In Gartner’s 2017 survey for “Magic Quadrant for Business Intelligence and Analytics Platforms” more than 65.4% mid-size enterprises reported ‘excellent/good’ when answering how well various business benefits were achieved from implementation of analytics and BI adoption.

Disruptive Innovation does not stop at Business Intelligence

The next wave of disruption is going to be in the next level: Predictive Analytics. Although the breakthrough in BI has been proved to be great in helping companies understand the question “What is happening?” with their data, the journey does not stop here. Since there are so much more can be done with data, especially through predictive analytics. Using predictive analytics, we would be able to answer much deeper questions beyond “what happened?” into questions like “Why it happened?” or “What could happen?” and “How can I improve it?” – In other words, predictive analytics looks into the future and provides actionable insights to directly drive business values.

The lack of speed and scale is again the roadblocks keeping predictive analytics from being practical and driving real value. It usually takes weeks, if not months, to run millions of regression models with different combinations to identify key influencers and develop hypothetical scenarios to predict the impact. This is again where AI can come in and help. Compared to the BI breakthrough, we are now at a point where we are expecting another market disruption with “Augmented Analytics” where predictive analytics is combined with the power of AI. Gartner uses the term “Augmented Analytics” to address that the idea is not to eliminate human from the analytics loop, but to provide deeper information to the person designing the analytics methodology, therefor to assist better decision making.

So, what does this next wave look like, and how is it different? The augmented analytics means an augmentation in all the key elements in the data and predictive analytics workflow: data preparation, data modeling to find insights, and the sharing of the insights to make it actionable.

  • Data Preparation. The old process of manual data preparation, investing heavily on human effort to format data, detect data error and irregularity will be eliminated. Under the scheme of augmented analytics, algorithms will automatically detect data quality issues, catalog and recommend enrichment, and build data lineage and metadata.
  • Data Modeling. The old way to conduct data modeling and extract insights is through manual exploration of data using interactive visualization, or through manual engineering and model building to find patterns in the data. Augmented analytics introduces the concept of “Natural-Language Query”, where algorithms find all relevant patterns in data and bring it to you. The proper models are auto-selected and validated to find the best way to depict the data, and code is auto-generated.
  • Sharing and Operationalizing Findings. In the world of BI and traditional predictive analytics, dashboards, and interpreted storytelling are the way to go. It heavily depends on users to interpret results, and it further requires users to build scenarios and forecast to make actionable recommendations. With augmented analytics, insights are narrated in natural language or visualizations to focus user on what is important and actionable. It also automatically builds scenarios to make predictions, and then provide concrete recommendations with measurable outcomes.

Early adopters of Augmented Analytics seeing ROI

Pioneering vendors are eagerly building augmented analytics (AI + Predictive Analytics) into their capability; and early adopters are seeing real return of investments in their businesses.

In the next 2 to 5 years, augmented analytics would bring yet another transformation in the data and analytics market. Some vendors are already on the forefront of this wave. A few examples include Salesforce Einstein Discovery (a $1.1 million acquisition of the startup Beyondcore), ThoughtSpot, Microsoft Power BI (Quick Insight feature), IBM Watson analytics, SAP Cloud analytics, and much more, infusing AI and machine learning to automate data science modeling. It’s not only the Tech-giants in the data analytics market that are innovating their tool, there are also numerous start-ups in this young and uprising arena, such as SparkBeyond, DataRobot, H2O, and Tellius. This indicates that augmented analytics has vibrancy and promising future. These cutting-edge analytics platforms are already being used by Fortune 500 companies in the Finance, Manufacturing, Life-Sciences, Energy, e-Commerce, Internet and Healthcare industries.

These early adopters are seeing real returns from using “Augmented Analytics” in their business. A large US bank has partnered with one of the AI analytics platform to transform into a more customer-centric organization. With a large customer base, bankers and financial advisors knew they could work better together if they had a more complete picture of customer interactions. With the predictive tool, it has been able to reduce data siloes and better understand their customers. In the wealth management business, for example, analyzing client flows can be complex. Cash movement inside and outside the company could be completely normal between a customer’s accounts, or it could be an indicator that a client is broadening a relationship with another wealth provider. The partnership with augmented analytics helped U.S. Bank cut through the clutter and understand client flows more completely, so they could act on them appropriately.

The tool also provides the U.S. Bank team with more information and insights about all their customers and present opportunities to deepen relationships using customized approaches. As the 5th-largest commercial bank, the company wanted to better understand the overlap between their retail banking clients and their wealth management clients. They began by analyzing which retail banking customers are most likely to become new wealth management clients. They found that wealthy young clients between the ages of 20-35 are more likely to transition into wealth management. This was a surprising insight as it was previously believed that more mature clients were more likely to pursue wealth management. The US Bank team can now use this insight instead of long-believed intuition to develop more targeted marketing strategy to convert retail banking clients into wealth management.

Ten years ago we struggled to find a handful of machine learning/AI enabled business applications. Ten years from now we will struggle to find any that don’t. Disruptive innovations can be intimidating at first, but it won’t stop because you choose to ignore its approaching. The best strategy is to prepare and get ready for it – starting with baby steps. In the next article we will talk about how to evaluate your business’s maturity for augmented analytics, how to prepare your business for it, and how to strategize your analytics practice to take advantage of this technology of the future.

This article was originally published in March 2018, by contributing author Lou Hao, PhD.

Do You Know Your Business Solution Requirements?


We all have a love/hate relationship with buying big ticket items – the excitement of having something new that hopefully solves a problem we are experiencing, against the anxiety of going through the procurement process. Procurement people think this is the exciting part, not so much for the rest of us. There are several tools available to communicate your business solution requirements and desires to vendors, each one able to generate a specific outcome along the purchasing path.

The tools are:

Request for Information (RFI)
Request for Qualifications (RFQ)
Request for Proposal (RFP)

Each has its place in the process, depending on what you want to achieve and the amount of knowledge you have about the item or service you are looking for.

Let’s start with the most familiar – the Request for Proposal or RFP

Depending on the business you are in, you may have been involved in generating a RFP for a product or service or perhaps been on the other side of the table providing a response to a RFP. Typically, a Request for Proposal is specific in what it is asking for. It will have a specific set of service requirements. These tend to be more specific than high level business solution requirements but not as detailed as technical requirements – in other words, the level of detail required to ensure you get what you are asking for. It may also include specific contract requirements that the vendor will need to comply with. The vendor typically responds indicating how they will satisfy the requirements stated in the document, agree to the contract requirements, and provide specific pricing for the product or service you are looking for.

What if you don’t really know what your business solution requirements are?

Perhaps the Request for Information (RFI) or Request for Qualifications (RFQ) would better suit your needs. These two tools are generally thought of as predecessors to the RFP.

The Request for Information is a useful tool when you may not know exactly what you want – you’re looking for vendors with products or services that can solve a particular issue you have. While less burdensome than a RFP, there is still a level of effort required on your part. You need to be able to articulate what you are looking for either through a detailed statement of the issue or a high level set of business solution requirements for the vendor to review and respond to. If your organization has particular contract requirements, this is a good spot to introduce them. If you need budget cost numbers, this is a good time to ask for them.

Understand that you are not guaranteeing you will purchase the goods or services identified and at the same time the vendor is not providing actual pricing. The end goal of this document is not to get a vendor on board or a contract in place, rather, the objective is to find a pool of vendors offering a solution that can work for you. The RFI or RFQ process is typically followed up with an RFP sent to the vendors you have identified as qualified from the RFI / RFQ process. Having gathered information from a variety of vendors, you are now better prepared to write your RFP.

Level the playing field with Scoring

All of these processes, the RFI, RFQ, or RFP, will require some sort of scoring process for the responses. Typically, the scoring framework is developed in conjunction with the end user of the item or service. The scoring should be based, at least initially, on the vendor’s response to your solution requirements – do they say their product or service can do what you need it to do? Is their solution acceptable to the user of the product or service? This is the first phase in determining who you would like to have further discussions with.

In the case of the RFI or RFQ, you are looking to reduce the number of vendors you will have involved in the RFP process so you are only reviewing proposals from vendors that can provide you with the product or service you need. In the case of the RFP, you are determining who you want to work with further on purchasing a solution.

There are follow up activities for each of the processes that will help you better understand the vendor’s product or service. We will cover these in the second part on this topic.

If you are looking to begin a purchase that will require a RFP or RFI, check with your company’s Procurement organization. They may have templates and guidance that can help you in creating these documents. If your organization does not have a structured purchasing process and you feel a RFI or RFP is required, there are outside resources that can assist you. These resources bring a level of expertise in developing business solution requirements and documentation as well as working with vendors to assist you in the procurement. You can find organizations that are “vendor agnostic” – they have no association with a specific vendor and are focused on getting you the best product or service. Engaging these resources can help you streamline the process and get a better result – often is a shorter time frame.



Mature Innovation is Possible in Complex Organizations

Mature Innovation | By David William Lee, Change Management Expert and Contributing Writer


Understanding Mature Innovation

My family can tell you that I consider myself one of the great armchair innovators. Among the many things I believe I invented before they were actually invented is the Keurig coffee dispenser, Netflix (streaming AND original content), and the Amazing Race. The problem I always told myself was that I never had access to the resources required to put my ideas into the market. So when I secured a position managing innovation at a global mega-company, I was excited. Here, I would finally have the opportunity to launch my great ideas, become massively famous, and change the world. Boy, did I have a lot to learn.

What soon became clear was that managing innovation for a mega-organization is not about creating great ideas. Of course we had our chance to develop some ideas, but mostly our role was to capture the ideas of leadership, cut through the noise, politics, and disruptions, and push them forward.

From the get-go, I was surprised to find that this 150+ year old company did not have any systematic approach to innovation, mature or otherwise. As a result, the innovation team would shift priorities on a dime and often waste tons of time driving ideas that were clearly wrong for the company, had no foreseeable positive return, or had no internal political support. Meanwhile, many good concepts would go unnoticed, remain on hold, or be shelved. After several bouts with minimal results, I was concerned that my career was slowly wasting away with superfluous efforts; I was converted from a proud, creative, non-linear thinker to a champion of centralized, systematic innovation processes.

When the ground shifted, as it will in big companies, I ended up in a new leadership structure and had the chance to implement my systematic approach. I was given four very talented people, and we decided that we would create a methodology to collect, rate, prioritize, and track innovation efforts, thus the infancy of mature innovation. It was going to be beautiful! We spent the better part of a year creating a steering committee, outlining our plans, and developing a system for tracking and sharing information. We gained approvals up the ladder for the approach and agreements from senior management to follow the discipline.

Unfortunately, we did not launch any more great products or services as a result of this approach. What we did do was find a great way to identify and track all of our failures. We now knew that we had a pipeline of literally hundreds of ideas, we knew where the ideas ranked based on the predetermined parameters, and we had high-level business plans for a small percentage of the top ranking ideas. Unfortunately, our cycle time from ideation to product launch still approached 18 months to 2 years on the very few ideas that actually made it to market. We were not what one might consider an innovative powerhouse.

The problem was that we had four people spending most of their time ensuring the process was working but spending little time actually innovating. We became so bogged down that people who had great ideas avoided our process for fear of falling into a black hole, and we were specifically excluded from the strategic innovation going on at the top of the organization because we were, “Too busy.” On top of this, we experienced all of the major roadblocks that are common when innovating in a hierarchical environment. Some of these include:

Defining Innovation: Say the word “innovation” to a room of 100 people and you will get 100 different takes on what it means. Some see it as the big new idea. Others are looking for enhancements or improvements across the board. Sometimes innovation is used as an excuse for the strategic flavor of the moment.

Separating Thinkers from Doers: Often, the mindset in traditional companies is that there are thinkers who have the capacity and capability to innovate and doers who are either too busy or the wrong personalities. This is Taylorism stuck in our collective psyche and a killer for innovation.

Failing to Set Aside Resources: The deadliest phrase in innovation, “Prove the case for it and then we will give you the budget,” is, frankly, just a cop out. Seeding and cultivating innovation requires continuous investment and experimentation. Still, budgeting for the future when managers throughout the organization are competing for resources takes the kind of courage that is often lacking.

The Middle Management Filter: Frequently innovation is given to middle management as one of their tasks. It is often part of Marketing, IT, or (God forbid) Finance. Unless middle managers are exceptional, they are rarely in a good position to lead innovation. They live on eggshells, are unwilling or unable to take risks, and are often punished for failure. As a result, they become the bane of the innovation team’s existence defaulting to the safe choices, watering down ideas, and making knee-jerk decisions.

Short-term vs. Long-term Thinking: Connected to #4, management is more interested in short term impacts rather than long term evolution. They are measured by what they accomplish in a quarter or, at best, a year. The long term is not part of their mandate. As a result, if the innovations don’t come fast and furious, they can lose support and focus.

Searching for the Silver Bullet: More often than not, the innovation team is pressured to find the big idea that pays off quickly for the boss. The problem is that innovation, especially in mature organizations, rarely happens that way.

So, what to do? Our approach had failed to produce results, and we were stuck. This is when an understanding of complex systems kicked in (though I did not know what it was called then) and we began to apply adaptive thinking.

The root of our problem was that the company was simply too complex for a small, centralized team to drive innovation for the entire organization. This was a company with nearly 60,000 employees, a GDP bigger than the country of Colombia, global operations in almost every country, a massive partner network and more Vice Presidents than we could count.

Viewing Innovation through a Complexity Lens

By utilizing a Complexity Lens, we stopped thinking of innovation as a centralized activity for a few people and began thinking of innovation as everyone’s role. We started to consider the idea that everyone can innovate and opening innovation to the entire organization was an absolute must.

The concept was bit humbling. We wanted to be the creative geniuses who launched the organization into a new era but this was clearly impossible. In a way, we felt we were passing the buck. It was like saying that we were not smart enough, we were not working hard enough, or we simply could not produce. Pushing this concept up the chain of leadership was even more difficult because the bosses had similar feelings. In the end, though, it became clear that this was the way to go. So our role as the innovation team changed from controlling innovation to fostering mature innovation.

It could not happen all at once. We had begun to mature as an organization, but we still needed to take steps. Our first step was to create a system that allowed everyone to generate ideas while we provided the tools allowing them to pursue those ideas, facilitating the process of turning ideas into opportunities, and creating the means for them to share their ideas among each other. Over the next few years, we took the methodology and systems that we had built for ourselves and opened it up to everyone by turning it into a framework that people could adapt for their own use. We walked around, figuratively and literally, looking at what people were working on and wherever possible promoting ourselves as a service to train and educate groups on how to move their ideas forward. While we did not have the technology at hand at the time to create total transparency, we did our best to create forums for people to share what they were working on and draw on each other’s ideas and approaches.

This approach did not mean that systematic innovation methods were tossed out the window. Rather, we created a tool set of approaches for people to utilize and added to this tool set as we learned more. We recognized though that not every approach worked for every situation, so we allowed experimentation.

In this sense, each group made their own pizza (read Change & the Pizza Principle) and after several iterations, the ones that worked best in this culture emerged as the norm.

The impact was soon clear. In less than a year, the organization was launching more new innovations more rapidly, about one a quarter, than in all the previous five years combined. But while there were more launches, they were generally smaller ideas. Some were simply enhancements to existing products, while others were efficiency gains, and still others were products that were adapted from our internal operations that we repurposed for our clients. None were the big silver bullet ideas that management hoped for, but out of these small ideas two ended up producing $30 million between them in the first year and the risk was very limited. Failures were equally small and isolated and the wins more than offset any losses.

I did not hang out to see this system in full implementation as I had received a new assignment overseas. When I returned after three years abroad, I found that the innovation team had continued to launch more and more products and enhancements. What was even more interesting was that these smaller innovations eventually enabled a big evolutionary leap. During this period, the internal and external circumstances aligned for the development of a new business that incorporated many of the innovations into a packaged offering. This business quickly became a nearly $200 million a year operation. The silver bullet emerged as a result of the cumulative innovation.

There are a number of very innovative companies that have discovered variants of this approach. Legos extended innovation by inviting customers to create ideas and participate in the financial success while Pixar has documented its highly successful approach in “Innovate the Pixar Way, Business Lessons from the World’s Most Creative Corporate Playground.” Of course the approach is unique in each organization, but they have a principle of a centralized framework and quality assurance coupled with distributed innovation. I have since learned that this fits well with the theory surrounding complex adaptive systems. Generally speaking, evolution does not usually happen in a single great leap. Complex organisms produce and experiment with small adaptations. Some work, some fail. What eventually happens is that they accumulate over time and eventually a tipping point is reached and an evolutionary event changes the system forever. By letting go of the centralized systematic approach and enabling mature innovation to occur across the organization, evolutionary transformation is made possible.


Being CyberAware is More Than Compliance for SMBs

Dr. Romeo Farinacci, Cybersecurity Expert, Contributing Writer

Cyber warfare is real, is here, and America is losing. Military personnel, law enforcement, and private security use bulletproof vests to protect themselves in hostile zones. These vests minimize injury and provide a means of security and safety of life. Additionally, they use intensive training, mindfulness, and combat skills to defend successfully against an enemy. This combination enables them to be effective in combat. Make no mistake, the Internet is a hostile zone and in a state of cyber warfare. Being compliant is simply the bulletproof vest, and needs a cybersecurity program to provide the training, visibility, and techniques to combat cyber threats.

Several small to medium -sized businesses (SMBs) use insurance (compliance and reduced liability), ignorance (too small of a business to be hacked), or inappropriate justifications (cybersecurity cost too much to carry out; pay for incidents when they occur) to manage cyber risks to the business, resulting in a false sense of security. These uninformed actions lead to lack of common sense measures. Military personnel, law enforcement, and private security do not rely on vests to prevent incoming bullets (insurance), place bulletproof vests on after they are shot (ignorance), or not buy one because the cost is too high (inappropriate justifications). Businesses should move beyond compliance and become CyberAware by understanding the ever-growing dangers throughout the enterprise.

According to the 2018 Verizon Data Breach Investigation Report, 58% of breaches hit small businesses. The report identified 30 percent more incidents than the previous year associated with Point of Sale (POS) breaches targeted at hotels and restaurants (most are small businesses). Many SMB companies do not have trained security staff, trusting heavily on their PCI certification to manage threats, which results in several unmanaged vulnerabilities.

“Compliance is not the end of cybersecurity but a part of it.”

Dr. Romeo Farinacci

Only using controls defined by compliances such as HIPAA, PCI, and ISO are not efficient methods to manage cybersecurity threats against the attacks today or forecast for tomorrow. Especially for small businesses that identify themselves as too small to attack, or simply do not have suitable funds to build a cybersecurity program. Compliance is not the end of cybersecurity but a part of it. If SMBs do not begin using cybersecurity best practices, they will be susceptible to hacks and breaches resulting in steep fines, damaged reputation, or loss of business.

CyberAware – Because it’s the Law

In just 20 years since introducing ecommerce and SSL encryption, some of the largest businesses are mostly virtual. The past five years have shown an exponential increase of businesses that depend on Internet-enabled services to include ecommerce, the cloud, online marketing, etc. However, cyber threats and hackers bent on exploiting a business’ weaknesses have also exponentially increased. Conducting malicious acts as they try to compromise business operations, reveal intellectual property to reduce competitive advantage, or simply breach customer data.

The U.S. and abroad have begun integrating Cybersecurity into law and changing how companies approach business practices with electronic data. The many proposals of Bills, Policies, and Laws by states, governments, and nations have surged in the last couple of years. According to the National Conference of State Legislatures, more than 36 states are introducing more than 265 bills around cybersecurity. This includes providing funds for cybersecurity initiatives, increasing penalties for cybercrimes, promoting security awareness and training programs, or enforcing security best practices and controls on critical infrastructures. Also, several laws such as the NYCRR and GDPR are setting directives enforcing businesses to complete cybersecurity programs to manage enterprise risks while achieving industry-wide cybersecurity objectives.

For instance, the NYCRR enforces businesses to develop a Cybersecurity Program to include assigning a CISO, completing periodic risk assessments, conducting a security awareness and training program, and applying suitable controls to safeguard nonpublic information and information. GDPR wants businesses to define policies and procedures to comply with an EU Citizen’s Right to Erasure, to impose security measures to ensure minimal personal data is used for each specific business process, and to record and preserve all user data processing.

SMBs Must be CyberAware Too

Small to medium -sized businesses (SMBs) are critical to the nation’s economy. According to the Small Business Association, SMBs provide 66 percent of the nation’s net new jobs and employ 47.5 percent of the private workforce. It’s time to take Cybersecurity Awareness seriously, and each year introduces more CyberAware methods to aid businesses. Most recently, the government has passed into law Bill S.770 “To require the Director of the National Institute of Standards and Technology to disseminate guidance to help reduce small business cybersecurity risks….” Also, the bill will update the National Institute of Standards and Technology Act to incorporate small businesses and provide resources to lessen cybersecurity risks.

SMBs provide 66% of the nation’s net new jobs and employ 47.5% of the private workforce.

Small Business Association

The NIST has published a guide for small businesses entitled: Small Business Information Security: The Fundamentals, which provides guidelines using the NIST Cybersecurity Framework (CSF) for basic security of information, systems and networks. This guide contains programmatic information on setting up an information security program, and includes nine key practices to begin strengthening the safety and security of data that drives the business:

  • Pay attention to the people you work with and around;
  • Be careful of email attachments and web links;
  • Use separate personal and business computers, mobile devices, and accounts;
  • Do not connect personal or untrusted storage devices or hardware into your computer, mobile device, or network;
  • Be careful downloading software;
  • Do not give out personal or business information;
  • Watch for harmful pop-ups;
  • Use strong passwords; and
  • Conduct online business more securely.

The increase in cybersecurity awareness across the globe should drive all organizations to adopting basic standards and principles to combat the threats currently attacking our way of life. However, many businesses are still falling victim to the ignorance, mind-set of insurance, or inappropriate justifications to not set up healthy cybersecurity programs. Large businesses such as Verizon, Target, SONY, and Experian have the resources in place to bounce back and continue business operations, customer base, incomes, and image after experiencing a cybersecurity incident. Murphy’s Law suggests that what can happen will happen. A breach is unavoidable and small to medium sized businesses must be CyberAware and prepare for when an instance occurs.

What To Do

Focusing on defining people, processes, and technology within the organization is the first step in becoming #CyberAware. This leads to identifying what drives the business, what risks pose a threat to revenue, and suitable steps to building a strategy for tracking and managing incidents when they occur. Gartner’s Six Principles of Resilience highlights these ideas.

Principle No. 1: Stop Focusing on Check Box Compliance, and Shift to Risk-Based Decision Making

Principle No. 2: Stop Solely Protecting Infrastructure, and Begin Supporting Business Outcomes

Principle No. 3: Stop Being a Defender, and Become a Facilitator

Principle No. 4: Stop Trying to Control Information; Instead, Determine How It Flows

Principle No. 5: Accept the Limits of Technology and Become People-Centric

Principle No. 6: Stop Trying to Perfectly Protect Your Organization, and Invest in Detection and Response

Consider Principle No.1 “Stop Focusing on Check Box Compliance and Shift to Risk-Based Decision Making.” This principle implies an understanding of business risks associated with the people, processes, and technologies that enable the business to function, and not exclusively IT risk. Simply put, examine ‘what do we do and why,’ identify business risk profile, then apply appropriate protections that enable the organization to meet customer expectations (product quality, company trust, service confidence, etc.). Remember, compliance is not sufficient protection, it is only a tool, a bulletproof vest.

Each of these Principles are used to change an organization’s culture and approach to managing their digital footprint. One of the key elements within the six principles is the determination of how data within the enterprise flows, a concept many organizations have trouble documenting. Obtaining visibility into network infrastructure, end-user interaction with data, and how data is printed, emailed, transferred, and modified should be identified to begin establishing appropriate protection mechanisms.

Security Assessment services can provide visibility into data movement and guidance in developing a strategy and roadmap for implementing cybersecurity within an organization. These services can demonstrate how to combine compliance requirements with other cybersecurity program elements. These program elements include frameworks, threat intelligence, security awareness, vulnerability assessments, log management, audit reviews, hardening techniques, change control, forensics, policy development, etc. Such a cybersecurity program will increase productivity, align with compliance requirements, enhance security posture, and combat cyber threats. With an understanding of how to implement a cost-effective cybersecurity program SMBs can become CyberAware and turn tide on cyber warfare for America.

Cloud Technology Emerges from its Foggy Veil

Cloud technology appeared as a buzz word more that a decade ago, ever since Amazon started selling their in-house, web-based service platform that was used to support their own internet sales site. They were able to package the technology, market it and turned it into a profitable solution. This allowed companies to take advantage of large scale technologies without the upfront costs to build their own datacenters. Since then, cloud technology has evolved quickly as a mainstay in our ever-evolving technological world.

New, billion-dollar companies such as AirBnB and Uber have capitalized from this trend by utilizing cloud-based infrastructure to increase reliability while decreasing costs. In April of 2018, GoDaddy announced it was moving a vast majority of their current infrastructure to AWS.¹

Top 5 Cloud Technology Trends

As companies are evolving to stay ahead in the new technology world, here are five trends that are emerging with cloud computing:

  1. Growth in Cloud Services and Solutions – We are in the digital age where cloud services are now common place and businesses look to a cloud solution first before an on premises solution. 56% percent of CIOs in Gartner’s CIO survey indicate they are adopting cloud as either an option or as part of a “cloud first” approach, while 71% look to SaaS either first or as an option.

    Gartner predicted that by 2020, businesses without cloud capabilities will be as uncommon as businesses without Internet are today. Most businesses use some sort of cloud offering or online application such as Microsoft Office 365 or Salesforce. Few businesses are completely 100% cloud based nor are there businesses that are completely 100% cloud free.

  2. Serverless Computing – A relatively new cloud service that has come into the marketplace is serverless computing which allows developers to deploy their applications without the need to provision servers or backend infrastructure to support and run their applications. Developers can release their code and run it as a service without the need to build backend infrastructure such as servers, network, databases and backend applications to support the application. This creates simplicity and agility in the marketplace to turn out applications much more quickly than run at greater speed. This also allows companies to go global by replicating their applications to run around the world as if the local datacenter is right next door.

  3. Multi-cloud – The rise of pure play cloud platforms like Microsoft Office 365, Salesforce, ServiceNow, and Workday show that most businesses already utilize a multi-cloud cloud technology environment. Multi-cloud is the use of multiple public cloud computing and storage services in a single heterogeneous architecture not to be mistaken for hybrid cloud which is a mixture of public and private resources. Some cloud technology companies are changing their application architecture to force companies into a multi-cloud environment even if they are not willing to give up the hold on local resources.

    Microsoft began to remove Skype for Business and OneDrive for non-365 users in 2020 to force them into using Office 365.²

  4. Disaster Recovery – As businesses move toward a virtualized and constantly evolving IT ecosystem old DR approaches become much more expensive and complex to maintain. Software based DR at the hypervisor level allows a company to prioritize applications and provides automated testing to ensure and validate a company’s DR strategy. I can remember a year after the 9-11 disaster, the company I worked for at the time invested in a 3rd party disaster recovery site and solution. A few times a year would be spent on building out our servers and clients from backup tapes to perform drills to ensure our DR solution was adequate. This time-consuming ordeal would take 48 hours to build and test but would only ensure our most business-critical applications would be recovered. Now, with the use of cloud technology, recovery can be completed and tested within minutes.

  5. Security – Last but certainly not least is security. The glaring question from anyone thinking of moving to the cloud “Is my information in the cloud secure?”. Contrary to the myth that you will lose security when you move to the public cloud because you cannot physically touch the device, in most cases you are increasing security by moving data to the cloud by utilizing the provider’s hardened datacenters with many more security resources. This all depends on your current state of security. The cloud provider is responsible for the security of the cloud (datacenters, access, security tools, etc.) while the consumer is responsible for the security in the cloud (data access policy, authentication, authorization, etc.). Security must be built into every step of product development or migration strategy rather than at the end.

Businesses demand more as technology increases and legacy systems become less sustainable. The goal for business is to reduce risk by ensuring that crucial applications are always available. The cloud has become a tool to satisfy this business demand while reducing risk. What needs to change is the IT mindset of being a support model into being an enabler. That means rethinking IT infrastructure and services that support the business which is not always an easy task. It takes resources that understand what and how to move business applications and infrastructure to the cloud to ensure businesses do not become extinct.

Cloud evolution continues to emerge in the technology world. If you aren’t willing to adapt, you’ll dissipate like fog.


Podcast – Cyber Security: Not a Technology Issue – A Transformational Business Strategy

Airing on December 5, 2017, this podcast provides C-level perspective on building a transformational cyber security strategy that creates value for the organization while protecting its most valuable – nonhuman – asset; its data. Our expert panelists address the ubiquitous nature of the cyber security issue, how to set and achieve expectations from your cyber security strategy, what to expect from a Chief Information Security Officer, and how cyber security adds value in business terms.

Dr. Roméo Farinacci is a senior security consultant with Terra Verde Services, specializing in security program development, risk management, security architectures, and risk assessments. He brings over 20 years dedicated IT/Security experience and 5 years consultation of complex enterprise infrastructures in public, private, and government sectors. Roméo’s passion in cyber security enables him to effectively develop and communicate change strategies for improving the security posture of organizations. His education portfolio includes a Doctorate in Management with an emphasis in Information Systems Technology, an MBA in International Business and an MS in Information Technology. He also has the following professional certifications: CISSP, CISM, PMP, GSLC, and Six Sigma Green Belt / Lean.

Kim L. Jones is a 31-year intelligence, security, and risk management professional with expertise in information security strategy; governance & compliance; security operations; and risk management. Professor Jones is a former Chief Security Officer who has built, operated, and/or managed information security programs within the financial services, defense, healthcare, manufacturing, and business outsourcing industries. Jones holds a Bachelors Degree in Computer Science from the United States Military Academy at West Point, and a Masters Degree in Information Assurance from Norwich University.  He also holds the CISM and CISSP certifications.

Download the podcast

10 Ways Leaders Can Sabotage Their Own Transformation Programs

By David William Lee, Change Management Expert and Contributing Writer


One of the hardest things to manage when working with clients on transformation efforts is that the people who hire you are often the root cause of why it is so difficult.

“If we don’t change, our business will continue to decline, but our people resist,” or “We are facing a disruption and we need to change, but our culture does not permit it,” or “Our people are not inclined to change, so you will have to teach them that it is necessary.”

These types of statements are fairly common in first interviews with potential clients when they are frustrated that they are trying to make change but have not succeeded. I am now very wary of these viewpoints. More often, the truth is just the opposite.

When I hear this from a leader, the question I pose is, “What are YOU prepared to do?” This will come as a shock because they think they are change makers. They feel they have been doing all they can to drive change and are up against insurmountable odds. Why will they need to do more? But, in fact, there are several ways that leaders encumber change and, dare I say it, cause it to fail.

In a not uncommon example, I was brought into a company where the leader stated from the get-go that she believed their model had about five years of lifespan remaining. The company’s position in the value chain was threatened by cost pressures and disruptive technology, and they needed to explore new territories, structures, and models to survive. The leader specifically wanted a new strategy and new direction. She warned me though, that the people had a static mentality and were unable or unwilling to operate outside their comfort zone. I was going to have to train them and drive them to change. This situation was very exciting to my naïve self. I would have a real chance to make a difference working directly with the CEO, but I now see so many red flags in this conversation. If I had the same conversation today, I would spend many more meetings quizzing the CEO on her strengths and weaknesses, her capabilities as a leader, and her inclinations to be an effective change leader.

Over the course of the next few years, I worked with the managers in the company on multiple proposals and approaches to the organization. I found that most of the people in the organization were not only willing to try new things, they had a pretty strong idea of what needed to be done. While there was much trepidation because they had been successful doing the same things for 30+ years, there was also passion for the business and willingness to explore new ideas.

The real problem came down to the CEO herself. Her capability to make decisions or embrace those of her leadership, the ability to trust others, and the fortitude to hold the course were all lacking. Given choices, she would consistently call for more analysis pushing choices out months if not years. Faced with the least amount of resistance or a road bump, she would revert to what she felt had been successful in the past. Put into a situation of investing in the business or harvesting through cost reduction and layoffs, she chose the latter.

Moreover, she was not willing to be the sponsor of transformation, often pushing that responsibility onto a junior member of the executive team, giving herself the opportunity to separate herself from the results. Challenged by staff, she would often not only fail to support the change, but undermine it. Finally, while there was a preponderance of communication, the focus was often wrong. She concentrated on why it was good for the organization without driving it to what was the benefit for the people. In this particular organization, this was a death knell because the trust between the central organization and the field was a major weakness.

Eventually, we were able to get to the point of driving some incremental changes, but we never achieved the level of transformation necessary to secure the organization for the future and, worse, the culture that was left behind was more inclined to resist future change due to this history. The energy it took exhausted everyone involved, spoiled the working environment, and resulted in a huge turnover rate of the team members who favored transformation.

Some might read this and question, “But as the transformation manager, wasn’t it your responsibility to coach the leader? Aren’t the leader’s failures yours as well?” To this I would agree wholeheartedly. I learned as much from these types of experiences about leading transformational change as from the experiences that were successful. I believe it has made me a much better advisor in that I have the scars. It is very clear that the difference between success and failure almost always starts with the leadership approach. As a result, I better understand the behaviors of those who are prepared and those who may actually sabotage their own efforts. I no longer mince words or guard them from the truth of their own behavior and I insist on direct access and transparency.

So, I thought I would share some of the caveats for leaders – the things I have learned to test for in interviews or in the early stages of a program. Of course, these are not MECE (mutually exclusive and collectively exhaustive) examples. Many are interrelated and some may even be, seemingly, contradictory as they are drawn by multiple examples.

1. Unwillingness to Transformation Themselves
In a Harvard Business Review Article (Oct 2016), Ron Carucci says:

A leader’s ability to affect transformation across the organization depends on their ability to affect transformation within themselves. Accepting this will fundamentally shift how one leads. Such introspection is an active process.

This is absolutely the top criteria. What has worked in the past may not necessarily work in the future. This is especially true if the organization is experiencing high growth or disruption. The approach to leadership will require a transformation. If the leadership is not willing to look within themselves, if they fail to see that they need to change and be the champion of change, they are likely to create barriers to transformation.

2. Lack of Vision
So many times as an advisor, I have walked into situations where the transformation process is underway but the vision of the future state is unknown or merely a compilation of ideas. To a degree this is OK. We want to leave room for adaptation and experimentation along the way, particularly in complex environments. But, if the leader is unable to formulate and communicate a vision of the future state, how would they be able to make choices or expect anyone else to be on board and be supportive of the transformation? It is the difference between setting a course to the new world and adjusting to the currents to get you there and just randomly navigating without a destination in mind. Many leaders are not visionaries and often reacting to other influences (competition, new technologies, shareholder demands, etc.) but transformation requires a vision of a better future to build momentum and make decisions. I even advocate that the vision can be one that is intentionally hazy if the future is uncertain, but this needs to be a strategy, not a default position.

3. Treating Transformation as a Second Job
When I do transformation management workshops, I am often asked, “How can the leader be expected to do all of this AND get their job done?” My response is “What is their other job?” The leader’s role is to move the organization into the future state. If someone feels that doing this is secondary to their “real role,” they need to wake up or abdicate. As a shareholder, employee or partner, I would be concerned if the organization leader is so into the daily operations and firefighting that they don’t feel that driving transformation is their primary and, really, only role.

4. Not Understanding Individual Change
“They will do it because it is their job!” This is a common phrase from a leader with a command and control mentality. It is a lazy comment and shows a complete lack of understanding of why and how people and organizations change. Change happens at the individual level. The leader’s role is to get everyone pointed in the same direction. If they feel this will happen without understanding the “why?” of the situation or how they will benefit from the change, the leader has already created a wall of resistance that will be tough get over.

5. Failure to Support the Change
A death knell to any change is when the leader is faced with resistance and is unwilling to support the direction of the change. This is not to say that they should combat resistance on all levels. They need to get feedback and adapt. But ultimately the intention needs to be moving forward and if they cave or undermine the decisions once the course is determined, they might as well end the effort there. Incorporating feedback while keeping the course is an art that is central to leading transformation. Further, if the leader is seen not abiding by their own decisions, walking the walk, then they are undermining the change in a different way. Leaders cannot be above the change they are sponsoring.

Download 10 Ways to Sabotage Your Transformation and How to Avoid Doing Them

6. Delegating Responsibility
Prosci, the transformation management training and research organization, states that the #1 success factor for transformation is active and visible sponsorship, but that the majority of the time sponsors are either unaware or unwilling to perform as necessary. I have seen this close up. For whatever reason, leaders want to delegate their responsibility to others. Perhaps they don’t feel the need to be out in front, perhaps they are introverts and find it difficult to interact, or perhaps, more nefariously, they want to distance themselves in case of failure. Whatever the case, many ‘leaders’ are happy to just set the goals (often arbitrarily or unreasonably), and then expect it to happen. From this point, they push and push their teams, who fail to achieve results and then point to them. I have witnessed many a tirade at corporate meetings where the CEO is ranting about their team’s failure to execute without any real involvement on their side. This is different, by the way, than distributing decision making, which is a must.

7. Analysis, Analysis, Analysis
Planning for transformation is necessary. Good planning can accelerate the process if it is the right type – creating the vision, focusing communications and awareness, understanding the transformation and impact to stakeholders, creating ways of developing feedback, and incorporating adaptive and agile approaches, etc. More often though, planning is focused on finding the one answer, the silver bullet, or the right mountain to climb. This will happen behind closed doors with a few people looking at charts and data and holding long meetings talking about running more models and analyzing every aspect of the transformation. When this is going on it is an indication that they don’t have a proper vision and are actually looking for reason not to change.

8. Centralizing Authority
Driving transformation across an organization requires all individuals in the organization to be able to affect transformation. Leaders with a strong command and control complex have a difficult time understanding this. They will feel it is the responsibility of the people and stakeholders to bow to their authority. But real transformation requires authority to be distributed. Organizations are not machines where we are simply changing out parts. We are dealing with individuals and their emotions and this means that managers, supervisors, and colleagues need to have the information, connectedness, and authority to help coach each other. Moreover, they will need to deal with an untold number of issues, challenges, and opportunities that the central authority will never be able to anticipate in their plans. Insisting on a centralized approach shows mistrust of the people and an inability to provide the information necessary to make the transformation valid. Leadership creates the framework and provides the tools for change, then enables the people to change.

9. “Need to Know” Communications
The biggest red flag in my book is the leader who feels that information is so precious that their people cannot be trusted to learn of it. This is signified by a reluctance to communicate openly whether in group settings or face-to-face. They fear that if the people impacted by the transformation knew about the details, they would create barriers or resist, making life difficult. But what does this tell us? This says that either the leader does not trust their people, or they expect resistance because the transformation is not going to benefit the people impacted. Either way, there is a problem here. Leadership is unwilling to involve the people impacted in a transformation that clearly is important enough for them to react strongly, and they don’t want their people’s feedback. Either the environment of the organization is pretty toxic and/or the transformation is highly flawed (both are big issues).

10. Knee Jerk Reversion
Related to all the above, but hardest to test, is a leader’s willingness to revert to past models and behaviors when faced with challenges. This shows a lack of confidence in themselves and the transformation and points to other issues of character. One way to anticipate this are the issues of delegation of responsibility and failure to support the change discussed above. The leader may be setting up scapegoats, or at the very least, trying to leave the door open. One of my favorite lines from a movie was from Captain Ramius (Sean Connery) in Hunt for the Red October when he said, “When he reached the New World, Cortes burned his ships. As a result his men were well motivated.” While this is a bit harsh (and historically questionable), it shows great confidence in the endeavor. Too many leaders fold at the first sign of trouble, reverting to old behaviors when, in fact, the rest of the organization believed in the course. Fortitude and courage go right along with empathy and flexibility in my humble opinion.

This seems like a lot to think about when looking at taking on a transformation program. As a consultant/advisor or as the leader of transformation, you only need to ask one question though, “What are YOU prepared to do?” If the answer does not include:

  1. Start with changing myself
  2. Have a strong vision to communicate
  3. Treat the transformation as your primary/only role
  4. Understand how change is individual
  5. Support the change when faced with challenges
  6. Be visible and responsible for the transformation
  7. Take action without full information
  8. Distribute authority
  9. Be transparent and communicative, and
  10. Hold fast through challenges

…then you are likely already behind the eight ball and have some work to do.