Strategic planning enables an organization to determine how its vision and objectives will be met through its resources and capabilities. Ultimately, the goal of strategic planning and road mapping is to determine how the business will win, what capabilities are needed and how the leadership will prioritize initiatives and make technology investments.
Look for these 3 warning signs that your IT strategy is lacking technology investments for future success:
1. You are not seeing your IT strategy as a competitive advantage.
Your IT strategy is no longer just a tool for back office operations, it is a key enabler to your business growth strategy and core to creating your competitive advantage. With today’s environment of rapid and exponential change, a well-defined, business-owned, adaptive strategy is what will enable your organization to stay ahead of disruption and win in the market. Many companies are struggling to balance emerging technologies, their technology investments, and rapidly changing business needs meaning systems such as ERP, CRM, etc. must be flexible and agile to support increasingly dynamic requirements as digital business models evolve.
2. You don’t understand the impact emerging technology investments can have on your immediate future.
There is a tsunami coming in advanced technology and innovation for business in the next few years. Emerging technologies like Internet of Things/Edge, Artificial Intelligence, Blockchain, 5G, microservice, micro satellites, robotics and automation, and many others are simultaneously maturing into practical applications. While their individual impact on business operations is hard to measure, what is clear is that their convergence will accelerate change and disruption at levels yet unseen. If you are not adapting your infrastructure strategies to prepare for this rapid change you are already behind.
3. Your leadership does not have the skills necessary to take on the digital future.
Leaders of technology now have to be strategic business thinkers. They have to demonstrate the ability to integrate Information and Technology (I&T) operating models from IT-centric to business-centric and define core I&T capabilities to execute to business strategy. They must be able to anticipate how key technological trends will translate into business opportunity and success. For example: Does your Information and Technology investments strategy consider the business capabilities offered by artificial intelligence? AI opens up a new frontier for digital business because virtually every application or service incorporates intelligence to automate or augment application processes and human activities. If your plans are not incorporating this type of thinking, if your leaders are not anticipating change, or if your leaders are not identifying business opportunities; you may want to consider skilling up your team.
Your digital transformation begins with a digital strategy and technology roadmap. Here are some resources to help you start on your journey:
A digital transformation is a long and complex journey – one you shouldn’t start alone because it is fraught with hazards that can detour your business or bring it to a halt. At MSS, we work with our customers to develop a digital transformation strategy based on their unique needs. The strategy will include a shared vision and a leadership roadmap to give them a competitive advantage, prepare for emerging technologies, and recognize the skills needed to be ready for the digital future.
Just like the rise of Uber disrupting the traditional taxi business by completely changing people’s commute behavior – disruptive innovation are also happening in the data and predictive analytics realm today. “Disruptive Innovation” is defined as technologies that emerge to challenge established incumbent businesses, i.e., the traditional way of people doing things. It is not a marginal improvement to make things a little better, but a fundamental change that make the old things obsolete.
The first wave of disruption in data and analytics arrived about 10 years ago, when coding-based data analytics platform is transformed into visual-based platforms. And with that comes the era of modern Business Intelligence, where data are visualized in an interactive and code-free environment and have since then been realizing true business values.
Now we are sitting on the horizon of another market disruption – “Augmented Analytics” where predictive analytics is combined with the power of artificial intelligence (AI). When the power of predictive analytics is enhanced by booming development in machine learning and AI, it will be capable to drive real business value at scale and speed that precedents our wildest imagination. 10 years ago, we struggled to find a handful of machine learning/AI enabled business applications. In 10 years, we will struggle to find any that don’t.
Disruptive Innovations are happening in the data and Predictive Analytics market
Disruptive innovation is happening in the data and predictive analytics market, starting with the emergence of Business Intelligence – a new way for data visualization.
As someone who has been conducting data science research and predictive analytics for a while, I have lived through the time where all analysis was done through hardcore coding. To conduct an accurate business intelligence analysis and understand the patterns in the data, I need to write codes to slice-and-dice the data in different ways, and then write codes to visualize the results from the segmentations. To conduct predictive analytics and uncover hidden insights from the data, I need to write codes to formulate the regression model and test different variables to discover which are the significant ones and quantify the impact. With all the potential variables that might have significance, it usually takes weeks, or even months, combined with good luck, to achieve a statistically meaningful and business sense-making discovery from the data.
These deficiencies: the lack of scale, speed and application are indeed the factors that have been stopping traditional business intelligence and predictive analytics from driving real business value. The current business world is discovering bigger and more complex data and is in need for strategic analytics that demands faster time to reach actionable insights. The gap between business needs and reality is the reason that data analytics still has limited applications in the business world despite the length of time it has been around.
But the bright side is on the horizon. With the increasing computing capability and the power of AI, analytics will see enormous improvements on scale, speed and application. And along with these innovative changes, there comes the disruption in the data and analytics market. The first wave of disruption happened about 10 years ago, where coding-based data analysis platforms start shifting towards visual-based data discovery platforms. With that, tools like Tableau, Qlik and Microsoft Power BI emerged to disrupt the market and completely change the way analysts visualize and present their data. Because of this disruption, we officially entered the world of widely implemented modern Business Intelligence.
Of course, there is a learning curve to these new tools but after basic use, the return is enormous. The visualization enabled by these tools exceeds the wildest imagination of coding-based platforms. Being code-free, fast, and interactive – this disruptive innovation brought data visualization and BI to another level. With this power, firms start to realize the benefit of BI and you would be pressed to find a large enterprise who does not have a business intelligence group, crunching data and developing dashboards to help the business. In Gartner’s 2017 survey for “Magic Quadrant for Business Intelligence and Analytics Platforms” more than 65.4% mid-size enterprises reported ‘excellent/good’ when answering how well various business benefits were achieved from implementation of analytics and BI adoption.
Disruptive Innovation does not stop at Business Intelligence
The next wave of disruption is going to be in the next level: Predictive Analytics. Although the breakthrough in BI has been proved to be great in helping companies understand the question “What is happening?” with their data, the journey does not stop here. Since there are so much more can be done with data, especially through predictive analytics. Using predictive analytics, we would be able to answer much deeper questions beyond “what happened?” into questions like “Why it happened?” or “What could happen?” and “How can I improve it?” – In other words, predictive analytics looks into the future and provides actionable insights to directly drive business values.
The lack of speed and scale is again the roadblocks keeping predictive analytics from being practical and driving real value. It usually takes weeks, if not months, to run millions of regression models with different combinations to identify key influencers and develop hypothetical scenarios to predict the impact. This is again where AI can come in and help. Compared to the BI breakthrough, we are now at a point where we are expecting another market disruption with “Augmented Analytics” where predictive analytics is combined with the power of AI. Gartner uses the term “Augmented Analytics” to address that the idea is not to eliminate human from the analytics loop, but to provide deeper information to the person designing the analytics methodology, therefor to assist better decision making.
So, what does this next wave look like, and how is it different? The augmented analytics means an augmentation in all the key elements in the data and predictive analytics workflow: data preparation, data modeling to find insights, and the sharing of the insights to make it actionable.
Data Preparation. The old process of manual data preparation, investing heavily on human effort to format data, detect data error and irregularity will be eliminated. Under the scheme of augmented analytics, algorithms will automatically detect data quality issues, catalog and recommend enrichment, and build data lineage and metadata.
Data Modeling. The old way to conduct data modeling and extract insights is through manual exploration of data using interactive visualization, or through manual engineering and model building to find patterns in the data. Augmented analytics introduces the concept of “Natural-Language Query”, where algorithms find all relevant patterns in data and bring it to you. The proper models are auto-selected and validated to find the best way to depict the data, and code is auto-generated.
Sharing and Operationalizing Findings. In the world of BI and traditional predictive analytics, dashboards, and interpreted storytelling are the way to go. It heavily depends on users to interpret results, and it further requires users to build scenarios and forecast to make actionable recommendations. With augmented analytics, insights are narrated in natural language or visualizations to focus user on what is important and actionable. It also automatically builds scenarios to make predictions, and then provide concrete recommendations with measurable outcomes.
Early adopters of Augmented Analytics seeing ROI
Pioneering vendors are eagerly building augmented analytics (AI + Predictive Analytics) into their capability; and early adopters are seeing real return of investments in their businesses.
In the next 2 to 5 years, augmented analytics would bring yet another transformation in the data and analytics market. Some vendors are already on the forefront of this wave. A few examples include Salesforce Einstein Discovery (a $1.1 million acquisition of the startup Beyondcore), ThoughtSpot, Microsoft Power BI (Quick Insight feature), IBM Watson analytics, SAP Cloud analytics, and much more, infusing AI and machine learning to automate data science modeling. It’s not only the Tech-giants in the data analytics market that are innovating their tool, there are also numerous start-ups in this young and uprising arena, such as SparkBeyond, DataRobot, H2O, and Tellius. This indicates that augmented analytics has vibrancy and promising future. These cutting-edge analytics platforms are already being used by Fortune 500 companies in the Finance, Manufacturing, Life-Sciences, Energy, e-Commerce, Internet and Healthcare industries.
These early adopters are seeing real returns from using “Augmented Analytics” in their business. A large US bank has partnered with one of the AI analytics platform to transform into a more customer-centric organization. With a large customer base, bankers and financial advisors knew they could work better together if they had a more complete picture of customer interactions. With the predictive tool, it has been able to reduce data siloes and better understand their customers. In the wealth management business, for example, analyzing client flows can be complex. Cash movement inside and outside the company could be completely normal between a customer’s accounts, or it could be an indicator that a client is broadening a relationship with another wealth provider. The partnership with augmented analytics helped U.S. Bank cut through the clutter and understand client flows more completely, so they could act on them appropriately.
The tool also provides the U.S. Bank team with more information and insights about all their customers and present opportunities to deepen relationships using customized approaches. As the 5th-largest commercial bank, the company wanted to better understand the overlap between their retail banking clients and their wealth management clients. They began by analyzing which retail banking customers are most likely to become new wealth management clients. They found that wealthy young clients between the ages of 20-35 are more likely to transition into wealth management. This was a surprising insight as it was previously believed that more mature clients were more likely to pursue wealth management. The US Bank team can now use this insight instead of long-believed intuition to develop more targeted marketing strategy to convert retail banking clients into wealth management.
Ten years ago we struggled to find a handful of machine learning/AI enabled business applications. Ten years from now we will struggle to find any that don’t. Disruptive innovations can be intimidating at first, but it won’t stop because you choose to ignore its approaching. The best strategy is to prepare and get ready for it – starting with baby steps. In the next article we will talk about how to evaluate your business’s maturity for augmented analytics, how to prepare your business for it, and how to strategize your analytics practice to take advantage of this technology of the future.
This article was originally published in March 2018, by contributing author Lou Hao, PhD.
By Dr. Romeo Farinacci, Cyber Security Expert and Contributing Writer
Keeping your business safe with Cybersecurity investments
Getting pulled over and found without auto insurance can cost you hundreds, but getting caught without cybersecurity can cost you millions.
Cybersecurity is more than meeting compliance, regulations, laws, and standards, it is about sustaining your business in this competitive landscape. Without effective cybersecurity tools and best practices in place (i.e. appropriate patches, periodic scans, or hardened network devices) the likelihood of data loss or intellectual property leaks as result of hacks, ransomware, viruses, or simple human errors in data management increases substantially, thereby reducing an organization’s profitability, market value, trustworthiness, and ability to be competitive.
Understanding that data is a product, service, or good, and efficient management of such data can provide profit in the billions of dollars, companies will begin to grasp the importance of data protection that cybersecurity standards and controls provide.
How do you measure the return on investment (ROI) for Cybersecurity initiatives?
How can an organization balance the costs of sophisticated security technologies and communicate the benefits they provide? Some simply state, “Potential cyber breaches and their consequences justify the upfront and ongoing expense required to prevent its occurrence.”
Many large enterprises use a risk assessment approach and current research among like organizations who have been compromised to identify the likelihood, impact, and threats associated with various risks. These values provide a what-if scenario and cost analysis for not implementing or controlling the data flow appropriately. However, small and midsized businesses (SMBs) with limited resources face challenges in obtaining, applying, and managing cybersecurity standards and controls and have bigger challenges and understanding and communicating the investment of cybersecurity. In many cases, they also lack the research to compare potential impacts of data loss for their organization.
Most executive leaders have a good grasp of market risk, financial risk, operational risk and so on, but lack the knowledge of cyber risk, especially for new businesses who have yet to gather metrics to identify potential threats. Executives and board members need reliable data to make informed strategic decisions. Using language such as ‘could,’ ‘may,’ and ‘most likely’ provide sound insight but lack confidence and true justification. “…many key decision makers still insist on seeing real, measurable results in order to justify the value of having an established, solid threat detection plan in place.” All things considered, trying to calculate and communicate a return on investment for cybersecurity is a poor and in many cases unrealistic approach.
How much are you willing to spend, to save?
This is perhaps the foundational question in balancing cost and benefits (or potential benefits) for cybersecurity strategies. Security professionals love to use scenarios, case studies, or simple metaphors to express the meaning and justification for various tools and technologies used to secure and manage enterprise intellectual property and consumer data. For example, why purchase locks and security monitoring systems on a home? What if during the lifetime in a residence no one ever tries to enter the home unannounced; does this still justify the expense accrued over the years for the lock and security system? When relinquishing the residence, is there truly a return on investment? Americans spend thousands of dollars a year on home security systems for peace of mind, because let’s face it, if a bad guy wants in, they will get in. This follows true in cybersecurity as malicious actors will find a way regardless of the measures put in place, but for some organizations (very few) a breach may never occur. However, the role of cybersecurity is not necessarily to keep bad guys out, but to limit what they can access or exploit, to reduce reaction time or mean time to resolution (MTTR), to demonstrate the organization’s diligence, competency, and trustworthiness with consumer data, and ultimately to train and educate internal employees on proper use of data.
Investing in cybersecurity improves productivity and saves money. One could argue that it also increases profitability as it communicates to consumers trust and reliability. It not only saves money from what could happen, but from what does happen. According to a recent article “…the major sources of cyber threats aren’t technological. They’re found in the human brain, in the form of curiosity, ignorance, apathy, and hubris. These human forms of malware can be present in any organization and are every bit as dangerous as threats delivered through malicious code.” Security awareness training for employees on how to properly manage, store, and transmit data provides data proficiency and control that positivity impacts productivity. Data is available and reliable at critical moments, is transmitted securely with integrity to persons of interest, and is stored and backed-up for quick recovery. Investing in the right cybersecurity tools and technologies provides business leaders a peace of mind in operations and management of digital information or revenue streams.
According to Murphy’s Law, bad things can and do happen. Whether external or internal a compromise of intellectual property may occur. With the right cybersecurity investments, the root cause can be identified, data can be tracked, and recovery operations can be underway in minutes. Companies have spent hours, weeks, months, or years trying to determine how an incident occurred, what data was compromised, and how to prevent or reduce the reoccurrence of the incident. “It is estimated that about 60 percent of MTTR is spent determining the root-cause of the actual problem.” Cybersecurity tools can save thousands of man hours by reducing the MTTR and getting operations back into production. A key strategy to investing in cybersecurity is to consider the most impactful cyberthreats that are likely to occur and apply appropriate measures to not simply deter but recover quickly and with little disruption to business. This is where cost savings really shines!
Your key takeaway
Treat cybersecurity as an investment in meeting business strategies with little friction from the ongoing cyberwar. It is not to be treated as an insurance policy or broken down in such a way that a hypothetical ROI can be established. These misconceptions for building a cybersecurity program can lead to disappointment from employees, loss of support from leadership, and misrepresentation of the true value cybersecurity is bringing to the workforce. Executing cybersecurity programs and strategies is a valuable investment opportunity that will improve productivity and increase profitability for the business; by saving money, saving time, and integrating efficiencies in operations.
Business-IT Alignment, Vamshi Barla, MSSBTA Senior Engagement Manager, July 2020
What is Business-IT Alignment?
As you can imagine, there is no universal blueprint for businesses that successfully fulfill their purpose and achieve their mission. However, most leaders agree that Strategic Alignment is one of the critical contributing factors. When all elements of a business, much like rowers on a boat working in unison, are in sync the result is Strategic Alignment. They work together with the sole purpose of fulfilling the business objectives. While the concept sounds simple, achieving alignment can be a complicated and evolutionary process. A company’s purpose generally does not change, but department level strategies and organizational structures do, which can make chasing alignment feel like rowing in circles! With a robust framework and governance structure in place this process can be simplified, and its results sustained.
Faced with limited resources, Agency leaders should prioritize business components with higher potential for transformation, such as Information Technology (IT). Nobody can challenge the power that IT has to transform businesses and indeed entire industries. To do so, however, IT must evolve beyond its traditional role of a cost center that supports the business and become an innovator that provides competitive advantage for the business.
One critical enabler of effective and long-lasting Business-IT Alignment is a well-crafted and continuously fine-tuned IT Strategy along with the IT operational capabilities needed to achieve the IT Strategy. Business stakeholders usually lack the technology perspective and knowledge to translate business objectives into IT initiatives that can help achieve them. IT leaders need to work together with the business to define the IT Strategy.
A good IT Strategy:
Clearly links IT initiatives to business goals and objectives,
Optimizes IT capabilities to realize them, and
Adds additional IT capabilities to leverage new or previously unused technologies in support of achieving business goals and objectives
Do you think your Agency has an IT Strategy that is designed to support the goals and objectives of your business? Does your IT organization have the capabilities needed to support your IT Strategy? Are your Business and IT well aligned?
At the end of the survey, you will receive a score and a brief commentary. If your survey returns a near perfect score, congratulations! your organization is aligned in most of the assessed areas. For most of us though, the reality is that IT works mostly independent of the Business, and a list of IT projects is sometimes all that constitutes an IT Strategy.
Why it Matters
The velocity and magnitude of technology changes today have increased dramatically compared to anything we have seen before. If we are to realize the business value through the adoption of emerging technologies, CIOs and CEOs must address significant challenges. It is time for IT to evolve into a trusted partner, empowering business through innovation and efficiency. The time to act is now!
Optimize Business-IT Alignment
MSSBTA can help. Contact us to perform an in-depth, full Business-IT Alignment Assessment to uncover areas which could use some improvement. Once current state alignment is understood, we can help you develop a roadmap that identifies opportunities for enhancing the harmonious relationship of business and IT.
MSSBTA utilizes a comprehensive methodology that walks you step-by-step through the activities that enable IT Strategy development and Business-IT Alignment. Our methodology uncovers shortcomings between the current state of the IT organization and the ideal target state. It helps develop a roadmap of critical initiatives to achieve the organization’s goals.
Contact MSSBTA to enhance your organization’s Business-IT Alignment and craft an effective IT Strategy. Advisory@mssbta.com or 602-387-2100
By Alyssa Moniuszko, MSSBTA Director of Operations
A few summers ago, my family and I went on a backpacking trip in the Olympic National Forest in Washington state. The trip started as a potential idea, then we did a large amount of research to determine the most interesting trails to hike, and we mapped out a path. We created a packing list and determined what backpacking and camping gear we already owned and what we needed to buy or rent. We planned our route and the distance we would travel each day, so we could plan where we would stay. As the trip grew closer, we had to change direction and find another location to hike, due to weather and a problem with bears becoming too comfortable around humans. We had two objectives for our trip: have a great time as a family and hike two days along the Hoh River trail and then head back out for the remaining two days. This ensured we were able to stop and camp at specific locations along the way. Because we planned ahead it paid off and we had an awesome family vacation.
Planning, including planning for a business transformation, does not guarantee success. An example of failed transformation is the American automobile manufacturer. They were unable to distinguish their brand during a highly competitive environment against foreign car companies who forced cost and fuel efficiency battles. Their transformation methodology focused on cutting costs but resulted in brand confusion.
In summary, enterprise transformation is no longer only about changing or improving offerings. Delivering new offerings is only one level of change. Balancing offerings to adapt to market perceptions and economic/market changes is a more important strategic imperative.
Similarly, when your company embarks on a major transformation journey, you will want to plan for the ultimate change that will take place, and the impact to the employees. The steps are very similar:
Decide to begin a transformation journey
Plan the steps to complete the transformation journey
Ensure you have the right tools to succeed & plan for contingencies
Bring the employees along on the transformation journey so they will want to be a part of the ultimate accomplishment
Decide to begin a Transformation Journey
Similar to the decision to embark on a family adventure, your company may be contemplating a transformation. What drives change? Your organization may be facing competition, a need to comply with regulations, customers who demand a more efficient/effective user experience, or several other motivations to initiate a transformation in your organizational processes: both internal, and/or external. When making this decision, there are several factors to consider to ensure success, and it is best to take a structured approach when attempting something of this magnitude.
Plan the steps to complete the Transformation Journey
Comparable to the preparation of our backpacking journey, you must plan for an organizational transformation journey. Prior to planning the steps to complete transformation, you need to set objectives. It is critical to understand your organization’s objectives, define the milestones, and recognize when you have achieved these objectives. This phase is key to reinforcing and sustaining the transformation itself. You need to determine the outcome you are trying to achieve. If you don’t know where you are going, you can get into trouble. Similarly, during our trip, if we didn’t follow the map and reach our daily destinations, we would not have had a place to setup camp. There is a difference between hike lasting a few days in Washington State, and climbing Mount Everest. If want to see a more extreme example of how a Mount Everest summit journey compares to business transformation, please see a related article Surviving the Business Transformation Death Zone.
Once you have set your objectives, you need to plan the steps to meet them. To do this, you will need to anticipate the upcoming change, facilitate the steps needed to complete the change, and create an ‘agenda for action’ (per Samuel Bacharach, Professor, School of Industrial Labor Relations, Cornell University (McKelvey-Grant Professor in the department of Organizational Behavior at Cornell University’s ILR School)).
When creating the agenda, determine the path you want to take, like mapping out the trail in our family backpacking adventure. Determine the changes, priorities and path to transformation. As part of that plan, you need to become aware of your organization landscape, and if there are any potential roadblocks or resistance throughout the organization. It is helpful to provide communication throughout the process so people at all levels of the organization feel they are a part of the change, and understand their associated role.
When planning your journey to transformation, you will need to include steps for all levels of the organization. It is important to consider the impact on your peers, at the executive level, as well as your strategic vision. You and your executive peer group are a key part of the plan, driving the change from the top, down. In addition, you will need to be aware of the effect the change will have on the mid-level and low-level personnel in your organization. Based on this, your plan should include tactical and functional aspects, so people in those roles in the company, feel included and see the value of the change.
Ensure you have the right tools to succeed & plan for contingencies
As you need to ensure you have the appropriate items in your packing list and know the route you will follow on an outdoor expedition, you need to plan for this transition, including potential options in case the path diverges from the original idea. Once you have developed your agenda and plan of action, you want to be sure you have the correct tools to lead this transformation. Plan for your desired route from the current to future state, but ensure you have included contingencies for opposition, and how to gain the trust and acceptance of those who may not be initially on board with the changes. Survey your organization to determine if there is any potential resistance to the transformation. Based on the results, plan for these potential roadblocks along the way.
Prosci® conducted a survey in 2015, to determine the most prevalent reasons for resistance to change by employees. They include:
Lack of Awareness
Change-specific Resistance – additional work anticipated, lack of incentives, etc.
Change Saturation – too many changes at once and past failures
Fear – fear of losing their job, and fear of the unknown
Lack of Support from management or leadership
Develop a communication and resistance plan at the beginning of the project, and constantly revisit that plan to adjust it as needed. Become acutely aware of your surroundings to develop a first-hand view of how people are reacting to the changes, as the project progresses. This way you will be able to identify and address any resistance as it arises.
Plan to bring the employees along on the Transformation Journey
As we researched and planned for our trip, we found pictures of the beautiful landscape we would be exploring along the way. This helped to pique our interest and build our enthusiasm for the adventure. In this same manner, to improve your chances for success, you will need to get your team excited about the transformation and its benefits. Shaul Oreg (associate professor of organizational behavior at the School of Business Administration of The Hebrew University of Jerusalem, currently on Sabbatical at Cornell University) has done a lot of research on dispositional resistance to change. He has determined people react differently to change based on their personality. Some people are more comfortable with routines, and others shy away from the daily habits. They may also react favorably or unfavorably, based on their comfort level. Per Shaul, “Another aspect is about people’s cognitive rigidity or a form of stubbornness…explains why some people are more resistant to change than others.” These characteristics of dispositional resistance to change determine if people will be receptive or oppositional to change. It is critical to keep this in mind when embarking on a change initiative.
Once people realize you are considering the impact of the change on them, and you work to inform them, give them the tools to succeed, and address their concerns in different ways, they should be more willing to actively participate in the change activities.
With all our pre-planning for our backpacking trip, we were prepared for all types of weather, and had a great time in beautiful surroundings, growing closer as a family. Similarly, when you are planning the steps to complete a transformation in your organization, you should use a similar plan of action. It is important to keep in mind same approach we used when planning our family trip:
Plan the steps to complete the transformation journey
Ensure you have the right tools to succeed & plan for contingencies
Plan to bring the employees along on the transformation journey so they will want to be a part of the ultimate accomplishment
If you follow these guidelines, you will increase your chances of success and reduce the chances of being another failed statistic.
Post ERP implementation blues are problematic for a number of reasons not the least of which is the decline of the collaborative and empowered culture that the implementation tends to create. A common cause for ERP sub-optimization is that most companies do not plan sufficiently to sustain the culture required to achieve the full benefits if the system. While leaders often consider the need for ongoing technology development and maintenance, it is just as important that they plan for cultural sustainability.
Generally, leaders will make a false assumption that an ERP implementation will be plug-and- play, that performance will come naturally, and that the culture will adapt as a result of the technology. But the research is clear. Having a great company culture is no longer optional for companies who want to compete.
“If you ask a group of CIOs what their biggest barrier to change is in their organization or indeed the wider enterprise, the most common response is almost always culture or some variant thereof. In the 2018 CIO Survey, 46% of respondents named culture as the biggest barrier to scaling digital transformation. This answer isn’t surprising. But it’s also not very useful, since culture is amorphous — hard to pin down and hard to change.”
– Gartner, The Art of Culture Hacking
ERP is the backbone of an organization’s operational structure, and exists to improve information flow, reduce costs, optimize processes, link with suppliers, and reduce response times. But, to accomplish all of this, it is must also help breakdown silos, enable transparency, and ensure better cooperation. In other words, the ultimate result of a successful ERP is empowered employees and a collaborative culture. ERP implementation is just part of the complex journey. Organizations often underestimate just how much cultural heavy lifting is required to make sure the business benefits are realized post-implementation.
The good news is that an ERP refresh presents a perfect opportunity to enact real cultural transformation as well. To renew and sustain the value and achieve the benefits of your ERP, we adhere to 9 tenants of ERP cultural transformation:
Develop a shared vision of the desired outcomes across all units.
Hinge all decisions, roadmaps, and plans on achieving the business outcomes and realizing the business strategy.
Make breaking down functional silos a primary goal for the program.
Make development and sustainability of the culture part of the ERP strategy from the beginning.
Take a top-down, holistic approach to designing and improving business processes through the system.
Appoint a business lead as the executive sponsor and treat the implementation as a long-term business transformation initiative.
Create a cross functional program sponsorship structure with the task of driving organizational change.
Implement a robust, structured change management process that focuses on individual change at all levels.
Facilitate candid, open discussions and clarity regarding cross organizational dependencies.
At MSS, we work with our customers to develop a transformation plan for their ERP implementation. The plan will include a shared vision, a leadership roadmap and a sponsorship coalition, a cultural implementation plan, a cross functional change strategy, and a robust sustainability plan. All of these tenets ensure a result that is more than the sum of its parts delivering high value for your transformation.
Dr. Romeo Farinacci, Cybersecurity Expert, Contributing Writer
Cyber warfare is real, is here, and America is losing. Military personnel, law enforcement, and private security use bulletproof vests to protect themselves in hostile zones. These vests minimize injury and provide a means of security and safety of life. Additionally, they use intensive training, mindfulness, and combat skills to defend successfully against an enemy. This combination enables them to be effective in combat. Make no mistake, the Internet is a hostile zone and in a state of cyber warfare. Being compliant is simply the bulletproof vest, and needs a cybersecurity program to provide the training, visibility, and techniques to combat cyber threats.
Several small to medium -sized businesses (SMBs) use insurance (compliance and reduced liability), ignorance (too small of a business to be hacked), or inappropriate justifications (cybersecurity cost too much to carry out; pay for incidents when they occur) to manage cyber risks to the business, resulting in a false sense of security. These uninformed actions lead to lack of common sense measures. Military personnel, law enforcement, and private security do not rely on vests to prevent incoming bullets (insurance), place bulletproof vests on after they are shot (ignorance), or not buy one because the cost is too high (inappropriate justifications). Businesses should move beyond compliance and become CyberAware by understanding the ever-growing dangers throughout the enterprise.
According to the 2018 Verizon Data Breach Investigation Report, 58% of breaches hit small businesses. The report identified 30 percent more incidents than the previous year associated with Point of Sale (POS) breaches targeted at hotels and restaurants (most are small businesses). Many SMB companies do not have trained security staff, trusting heavily on their PCI certification to manage threats, which results in several unmanaged vulnerabilities.
Only using controls defined by compliances such as HIPAA, PCI, and ISO are not efficient methods to manage cybersecurity threats against the attacks today or forecast for tomorrow. Especially for small businesses that identify themselves as too small to attack, or simply do not have suitable funds to build a cybersecurity program. Compliance is not the end of cybersecurity but a part of it. If SMBs do not begin using cybersecurity best practices, they will be susceptible to hacks and breaches resulting in steep fines, damaged reputation, or loss of business.
CyberAware – Because it’s the Law
In just 20 years since introducing ecommerce and SSL encryption, some of the largest businesses are mostly virtual. The past five years have shown an exponential increase of businesses that depend on Internet-enabled services to include ecommerce, the cloud, online marketing, etc. However, cyber threats and hackers bent on exploiting a business’ weaknesses have also exponentially increased. Conducting malicious acts as they try to compromise business operations, reveal intellectual property to reduce competitive advantage, or simply breach customer data.
The U.S. and abroad have begun integrating Cybersecurity into law and changing how companies approach business practices with electronic data. The many proposals of Bills, Policies, and Laws by states, governments, and nations have surged in the last couple of years. According to the National Conference of State Legislatures, more than 36 states are introducing more than 265 bills around cybersecurity. This includes providing funds for cybersecurity initiatives, increasing penalties for cybercrimes, promoting security awareness and training programs, or enforcing security best practices and controls on critical infrastructures. Also, several laws such as the NYCRR and GDPR are setting directives enforcing businesses to complete cybersecurity programs to manage enterprise risks while achieving industry-wide cybersecurity objectives.
For instance, the NYCRR enforces businesses to develop a Cybersecurity Program to include assigning a CISO, completing periodic risk assessments, conducting a security awareness and training program, and applying suitable controls to safeguard nonpublic information and information. GDPR wants businesses to define policies and procedures to comply with an EU Citizen’s Right to Erasure, to impose security measures to ensure minimal personal data is used for each specific business process, and to record and preserve all user data processing.
SMBs Must be CyberAware Too
Small to medium -sized businesses (SMBs) are critical to the nation’s economy. According to the Small Business Association, SMBs provide 66 percent of the nation’s net new jobs and employ 47.5 percent of the private workforce. It’s time to take Cybersecurity Awareness seriously, and each year introduces more CyberAware methods to aid businesses. Most recently, the government has passed into law Bill S.770 “To require the Director of the National Institute of Standards and Technology to disseminate guidance to help reduce small business cybersecurity risks….” Also, the bill will update the National Institute of Standards and Technology Act to incorporate small businesses and provide resources to lessen cybersecurity risks.
The NIST has published a guide for small businesses entitled: Small Business Information Security: The Fundamentals, which provides guidelines using the NIST Cybersecurity Framework (CSF) for basic security of information, systems and networks. This guide contains programmatic information on setting up an information security program, and includes nine key practices to begin strengthening the safety and security of data that drives the business:
Pay attention to the people you work with and around;
Be careful of email attachments and web links;
Use separate personal and business computers, mobile devices, and accounts;
Do not connect personal or untrusted storage devices or hardware into your computer, mobile device, or network;
Be careful downloading software;
Do not give out personal or business information;
Watch for harmful pop-ups;
Use strong passwords; and
Conduct online business more securely.
The increase in cybersecurity awareness across the globe should drive all organizations to adopting basic standards and principles to combat the threats currently attacking our way of life. However, many businesses are still falling victim to the ignorance, mind-set of insurance, or inappropriate justifications to not set up healthy cybersecurity programs. Large businesses such as Verizon, Target, SONY, and Experian have the resources in place to bounce back and continue business operations, customer base, incomes, and image after experiencing a cybersecurity incident. Murphy’s Law suggests that what can happen will happen. A breach is unavoidable and small to medium sized businesses must be CyberAware and prepare for when an instance occurs.
What To Do
Focusing on defining people, processes, and technology within the organization is the first step in becoming #CyberAware. This leads to identifying what drives the business, what risks pose a threat to revenue, and suitable steps to building a strategy for tracking and managing incidents when they occur. Gartner’s Six Principles of Resilience highlights these ideas.
Principle No. 1: Stop Focusing on Check Box Compliance, and Shift to Risk-Based Decision Making
Principle No. 2: Stop Solely Protecting Infrastructure, and Begin Supporting Business Outcomes
Principle No. 3: Stop Being a Defender, and Become a Facilitator
Principle No. 4: Stop Trying to Control Information; Instead, Determine How It Flows
Principle No. 5: Accept the Limits of Technology and Become People-Centric
Principle No. 6: Stop Trying to Perfectly Protect Your Organization, and Invest in Detection and Response
Consider Principle No.1 “Stop Focusing on Check Box Compliance and Shift to Risk-Based Decision Making.” This principle implies an understanding of business risks associated with the people, processes, and technologies that enable the business to function, and not exclusively IT risk. Simply put, examine ‘what do we do and why,’ identify business risk profile, then apply appropriate protections that enable the organization to meet customer expectations (product quality, company trust, service confidence, etc.). Remember, compliance is not sufficient protection, it is only a tool, a bulletproof vest.
Each of these Principles are used to change an organization’s culture and approach to managing their digital footprint. One of the key elements within the six principles is the determination of how data within the enterprise flows, a concept many organizations have trouble documenting. Obtaining visibility into network infrastructure, end-user interaction with data, and how data is printed, emailed, transferred, and modified should be identified to begin establishing appropriate protection mechanisms.
Security Assessment services can provide visibility into data movement and guidance in developing a strategy and roadmap for implementing cybersecurity within an organization. These services can demonstrate how to combine compliance requirements with other cybersecurity program elements. These program elements include frameworks, threat intelligence, security awareness, vulnerability assessments, log management, audit reviews, hardening techniques, change control, forensics, policy development, etc. Such a cybersecurity program will increase productivity, align with compliance requirements, enhance security posture, and combat cyber threats. With an understanding of how to implement a cost-effective cybersecurity program SMBs can become CyberAware and turn tide on cyber warfare for America.
Cloud technology appeared as a buzz word more that a decade ago, ever since Amazon started selling their in-house, web-based service platform that was used to support their own internet sales site. They were able to package the technology, market it and turned it into a profitable solution. This allowed companies to take advantage of large scale technologies without the upfront costs to build their own datacenters. Since then, cloud technology has evolved quickly as a mainstay in our ever-evolving technological world.
New, billion-dollar companies such as AirBnB and Uber have capitalized from this trend by utilizing cloud-based infrastructure to increase reliability while decreasing costs. In April of 2018, GoDaddy announced it was moving a vast majority of their current infrastructure to AWS.¹
Top 5 Cloud Technology Trends
As companies are evolving to stay ahead in the new technology world, here are five trends that are emerging with cloud computing:
Growth in Cloud Services and Solutions – We are in the digital age where cloud services are now common place and businesses look to a cloud solution first before an on premises solution. 56% percent of CIOs in Gartner’s CIO survey indicate they are adopting cloud as either an option or as part of a “cloud first” approach, while 71% look to SaaS either first or as an option.
Gartner predicted that by 2020, businesses without cloud capabilities will be as uncommon as businesses without Internet are today. Most businesses use some sort of cloud offering or online application such as Microsoft Office 365 or Salesforce. Few businesses are completely 100% cloud based nor are there businesses that are completely 100% cloud free.
Serverless Computing – A relatively new cloud service that has come into the marketplace is serverless computing which allows developers to deploy their applications without the need to provision servers or backend infrastructure to support and run their applications. Developers can release their code and run it as a service without the need to build backend infrastructure such as servers, network, databases and backend applications to support the application. This creates simplicity and agility in the marketplace to turn out applications much more quickly than run at greater speed. This also allows companies to go global by replicating their applications to run around the world as if the local datacenter is right next door.
Multi-cloud – The rise of pure play cloud platforms like Microsoft Office 365, Salesforce, ServiceNow, and Workday show that most businesses already utilize a multi-cloud cloud technology environment. Multi-cloud is the use of multiple public cloud computing and storage services in a single heterogeneous architecture not to be mistaken for hybrid cloud which is a mixture of public and private resources. Some cloud technology companies are changing their application architecture to force companies into a multi-cloud environment even if they are not willing to give up the hold on local resources.
Microsoft began to remove Skype for Business and OneDrive for non-365 users in 2020 to force them into using Office 365.²
Disaster Recovery – As businesses move toward a virtualized and constantly evolving IT ecosystem old DR approaches become much more expensive and complex to maintain. Software based DR at the hypervisor level allows a company to prioritize applications and provides automated testing to ensure and validate a company’s DR strategy. I can remember a year after the 9-11 disaster, the company I worked for at the time invested in a 3rd party disaster recovery site and solution. A few times a year would be spent on building out our servers and clients from backup tapes to perform drills to ensure our DR solution was adequate. This time-consuming ordeal would take 48 hours to build and test but would only ensure our most business-critical applications would be recovered. Now, with the use of cloud technology, recovery can be completed and tested within minutes.
Security – Last but certainly not least is security. The glaring question from anyone thinking of moving to the cloud “Is my information in the cloud secure?”. Contrary to the myth that you will lose security when you move to the public cloud because you cannot physically touch the device, in most cases you are increasing security by moving data to the cloud by utilizing the provider’s hardened datacenters with many more security resources. This all depends on your current state of security. The cloud provider is responsible for the security of the cloud (datacenters, access, security tools, etc.) while the consumer is responsible for the security in the cloud (data access policy, authentication, authorization, etc.). Security must be built into every step of product development or migration strategy rather than at the end.
Businesses demand more as technology increases and legacy systems become less sustainable. The goal for business is to reduce risk by ensuring that crucial applications are always available. The cloud has become a tool to satisfy this business demand while reducing risk. What needs to change is the IT mindset of being a support model into being an enabler. That means rethinking IT infrastructure and services that support the business which is not always an easy task. It takes resources that understand what and how to move business applications and infrastructure to the cloud to ensure businesses do not become extinct.
Cloud evolution continues to emerge in the technology world. If you aren’t willing to adapt, you’ll dissipate like fog.