All posts by MSS Staff

Disruptive Innovation and Predictive Analytics are the Next Big Wave

Just like the rise of Uber disrupting the traditional taxi business by completely changing people’s commute behavior – disruptive innovation are also happening in the data and predictive analytics realm today. “Disruptive Innovation” is defined as technologies that emerge to challenge established incumbent businesses, i.e., the traditional way of people doing things. It is not a marginal improvement to make things a little better, but a fundamental change that make the old things obsolete.

The first wave of disruption in data and analytics arrived about 10 years
ago, when coding-based data analytics platform is transformed into visual-based platforms. And with that comes the era of modern Business Intelligence, where data are visualized in an interactive and code-free environment and have since then been realizing true business values.

Now we are sitting on the horizon of another market disruption – “Augmented Analytics” where predictive analytics is combined with the power of artificial intelligence (AI). When the power of predictive analytics is enhanced by booming development in machine learning and AI, it will be capable to drive real business value at scale and speed that precedents our wildest imagination. 10 years ago, we struggled to find a handful of machine learning/AI enabled business applications. In 10 years, we will struggle to find any that don’t.

future of augmented analytics

Disruptive Innovations are happening in the data and Predictive Analytics market

Disruptive innovation is happening in the data and predictive analytics market, starting with the emergence of Business Intelligence – a new way for data visualization.

As someone who has been conducting data science research and predictive analytics for a while, I have lived through the time where all analysis was done through hardcore coding. To conduct an accurate business intelligence analysis and understand the patterns in the data, I need to write codes to slice-and-dice the data in different ways, and then write codes to visualize the results from the segmentations. To conduct predictive analytics and uncover hidden insights from the data, I need to write codes to formulate the regression model and test different variables to discover which are the significant ones and quantify the impact. With all the potential variables that might have significance, it usually takes weeks, or even months, combined with good luck, to achieve a statistically meaningful and business sense-making discovery from the data.

These deficiencies: the lack of scale, speed and application are indeed the factors that have been stopping traditional business intelligence and predictive analytics from driving real business value. The current business world is discovering bigger and more complex data and is in need for strategic analytics that demands faster time to reach actionable insights. The gap between business needs and reality is the reason that data analytics still has limited applications in the business world despite the length of time it has been around.

But the bright side is on the horizon. With the increasing computing capability and the power of AI, analytics will see enormous improvements on scale, speed and application. And along with these innovative changes, there comes the disruption in the data and analytics market. The first wave of disruption happened about 10 years ago, where coding-based data analysis platforms start shifting towards visual-based data discovery platforms. With that, tools like Tableau, Qlik and Microsoft Power BI emerged to disrupt the market and completely change the way analysts visualize and present their data. Because of this disruption, we officially entered the world of widely implemented modern Business Intelligence.

Of course, there is a learning curve to these new tools but after basic use, the return is enormous. The visualization enabled by these tools exceeds the wildest imagination of coding-based platforms. Being code-free, fast, and interactive – this disruptive innovation brought data visualization and BI to another level. With this power, firms start to realize the benefit of BI and you would be pressed to find a large enterprise who does not have a business intelligence group, crunching data and developing dashboards to help the business. In Gartner’s 2017 survey for “Magic Quadrant for Business Intelligence and Analytics Platforms” more than 65.4% mid-size enterprises reported ‘excellent/good’ when answering how well various business benefits were achieved from implementation of analytics and BI adoption.

Disruptive Innovation does not stop at Business Intelligence

The next wave of disruption is going to be in the next level: Predictive Analytics. Although the breakthrough in BI has been proved to be great in helping companies understand the question “What is happening?” with their data, the journey does not stop here. Since there are so much more can be done with data, especially through predictive analytics. Using predictive analytics, we would be able to answer much deeper questions beyond “what happened?” into questions like “Why it happened?” or “What could happen?” and “How can I improve it?” – In other words, predictive analytics looks into the future and provides actionable insights to directly drive business values.

The lack of speed and scale is again the roadblocks keeping predictive analytics from being practical and driving real value. It usually takes weeks, if not months, to run millions of regression models with different combinations to identify key influencers and develop hypothetical scenarios to predict the impact. This is again where AI can come in and help. Compared to the BI breakthrough, we are now at a point where we are expecting another market disruption with “Augmented Analytics” where predictive analytics is combined with the power of AI. Gartner uses the term “Augmented Analytics” to address that the idea is not to eliminate human from the analytics loop, but to provide deeper information to the person designing the analytics methodology, therefor to assist better decision making.

So, what does this next wave look like, and how is it different? The augmented analytics means an augmentation in all the key elements in the data and predictive analytics workflow: data preparation, data modeling to find insights, and the sharing of the insights to make it actionable.

  • Data Preparation. The old process of manual data preparation, investing heavily on human effort to format data, detect data error and irregularity will be eliminated. Under the scheme of augmented analytics, algorithms will automatically detect data quality issues, catalog and recommend enrichment, and build data lineage and metadata.
  • Data Modeling. The old way to conduct data modeling and extract insights is through manual exploration of data using interactive visualization, or through manual engineering and model building to find patterns in the data. Augmented analytics introduces the concept of “Natural-Language Query”, where algorithms find all relevant patterns in data and bring it to you. The proper models are auto-selected and validated to find the best way to depict the data, and code is auto-generated.
  • Sharing and Operationalizing Findings. In the world of BI and traditional predictive analytics, dashboards, and interpreted storytelling are the way to go. It heavily depends on users to interpret results, and it further requires users to build scenarios and forecast to make actionable recommendations. With augmented analytics, insights are narrated in natural language or visualizations to focus user on what is important and actionable. It also automatically builds scenarios to make predictions, and then provide concrete recommendations with measurable outcomes.

Early adopters of Augmented Analytics seeing ROI

Pioneering vendors are eagerly building augmented analytics (AI + Predictive Analytics) into their capability; and early adopters are seeing real return of investments in their businesses.

In the next 2 to 5 years, augmented analytics would bring yet another transformation in the data and analytics market. Some vendors are already on the forefront of this wave. A few examples include Salesforce Einstein Discovery (a $1.1 million acquisition of the startup Beyondcore), ThoughtSpot, Microsoft Power BI (Quick Insight feature), IBM Watson analytics, SAP Cloud analytics, and much more, infusing AI and machine learning to automate data science modeling. It’s not only the Tech-giants in the data analytics market that are innovating their tool, there are also numerous start-ups in this young and uprising arena, such as SparkBeyond, DataRobot, H2O, and Tellius. This indicates that augmented analytics has vibrancy and promising future. These cutting-edge analytics platforms are already being used by Fortune 500 companies in the Finance, Manufacturing, Life-Sciences, Energy, e-Commerce, Internet and Healthcare industries.

These early adopters are seeing real returns from using “Augmented Analytics” in their business. A large US bank has partnered with one of the AI analytics platform to transform into a more customer-centric organization. With a large customer base, bankers and financial advisors knew they could work better together if they had a more complete picture of customer interactions. With the predictive tool, it has been able to reduce data siloes and better understand their customers. In the wealth management business, for example, analyzing client flows can be complex. Cash movement inside and outside the company could be completely normal between a customer’s accounts, or it could be an indicator that a client is broadening a relationship with another wealth provider. The partnership with augmented analytics helped U.S. Bank cut through the clutter and understand client flows more completely, so they could act on them appropriately.

The tool also provides the U.S. Bank team with more information and insights about all their customers and present opportunities to deepen relationships using customized approaches. As the 5th-largest commercial bank, the company wanted to better understand the overlap between their retail banking clients and their wealth management clients. They began by analyzing which retail banking customers are most likely to become new wealth management clients. They found that wealthy young clients between the ages of 20-35 are more likely to transition into wealth management. This was a surprising insight as it was previously believed that more mature clients were more likely to pursue wealth management. The US Bank team can now use this insight instead of long-believed intuition to develop more targeted marketing strategy to convert retail banking clients into wealth management.

Ten years ago we struggled to find a handful of machine learning/AI enabled business applications. Ten years from now we will struggle to find any that don’t. Disruptive innovations can be intimidating at first, but it won’t stop because you choose to ignore its approaching. The best strategy is to prepare and get ready for it – starting with baby steps. In the next article we will talk about how to evaluate your business’s maturity for augmented analytics, how to prepare your business for it, and how to strategize your analytics practice to take advantage of this technology of the future.

This article was originally published in March 2018, by contributing author Lou Hao, PhD.

Do You Know Your Business Solution Requirements?

 

We all have a love/hate relationship with buying big ticket items – the excitement of having something new that hopefully solves a problem we are experiencing, against the anxiety of going through the procurement process. Procurement people think this is the exciting part, not so much for the rest of us. There are several tools available to communicate your business solution requirements and desires to vendors, each one able to generate a specific outcome along the purchasing path.

The tools are:

Request for Information (RFI)
Request for Qualifications (RFQ)
Request for Proposal (RFP)

Each has its place in the process, depending on what you want to achieve and the amount of knowledge you have about the item or service you are looking for.

Let’s start with the most familiar – the Request for Proposal or RFP

Depending on the business you are in, you may have been involved in generating a RFP for a product or service or perhaps been on the other side of the table providing a response to a RFP. Typically, a Request for Proposal is specific in what it is asking for. It will have a specific set of service requirements. These tend to be more specific than high level business solution requirements but not as detailed as technical requirements – in other words, the level of detail required to ensure you get what you are asking for. It may also include specific contract requirements that the vendor will need to comply with. The vendor typically responds indicating how they will satisfy the requirements stated in the document, agree to the contract requirements, and provide specific pricing for the product or service you are looking for.

What if you don’t really know what your business solution requirements are?

Perhaps the Request for Information (RFI) or Request for Qualifications (RFQ) would better suit your needs. These two tools are generally thought of as predecessors to the RFP.

The Request for Information is a useful tool when you may not know exactly what you want – you’re looking for vendors with products or services that can solve a particular issue you have. While less burdensome than a RFP, there is still a level of effort required on your part. You need to be able to articulate what you are looking for either through a detailed statement of the issue or a high level set of business solution requirements for the vendor to review and respond to. If your organization has particular contract requirements, this is a good spot to introduce them. If you need budget cost numbers, this is a good time to ask for them.

Understand that you are not guaranteeing you will purchase the goods or services identified and at the same time the vendor is not providing actual pricing. The end goal of this document is not to get a vendor on board or a contract in place, rather, the objective is to find a pool of vendors offering a solution that can work for you. The RFI or RFQ process is typically followed up with an RFP sent to the vendors you have identified as qualified from the RFI / RFQ process. Having gathered information from a variety of vendors, you are now better prepared to write your RFP.

Level the playing field with Scoring

All of these processes, the RFI, RFQ, or RFP, will require some sort of scoring process for the responses. Typically, the scoring framework is developed in conjunction with the end user of the item or service. The scoring should be based, at least initially, on the vendor’s response to your solution requirements – do they say their product or service can do what you need it to do? Is their solution acceptable to the user of the product or service? This is the first phase in determining who you would like to have further discussions with.

In the case of the RFI or RFQ, you are looking to reduce the number of vendors you will have involved in the RFP process so you are only reviewing proposals from vendors that can provide you with the product or service you need. In the case of the RFP, you are determining who you want to work with further on purchasing a solution.

There are follow up activities for each of the processes that will help you better understand the vendor’s product or service. We will cover these in the second part on this topic.

If you are looking to begin a purchase that will require a RFP or RFI, check with your company’s Procurement organization. They may have templates and guidance that can help you in creating these documents. If your organization does not have a structured purchasing process and you feel a RFI or RFP is required, there are outside resources that can assist you. These resources bring a level of expertise in developing business solution requirements and documentation as well as working with vendors to assist you in the procurement. You can find organizations that are “vendor agnostic” – they have no association with a specific vendor and are focused on getting you the best product or service. Engaging these resources can help you streamline the process and get a better result – often is a shorter time frame.

 

 

Mature Innovation is Possible in Complex Organizations

Mature Innovation | By David William Lee, Change Management Expert and Contributing Writer

 

Understanding Mature Innovation

My family can tell you that I consider myself one of the great armchair innovators. Among the many things I believe I invented before they were actually invented is the Keurig coffee dispenser, Netflix (streaming AND original content), and the Amazing Race. The problem I always told myself was that I never had access to the resources required to put my ideas into the market. So when I secured a position managing innovation at a global mega-company, I was excited. Here, I would finally have the opportunity to launch my great ideas, become massively famous, and change the world. Boy, did I have a lot to learn.

What soon became clear was that managing innovation for a mega-organization is not about creating great ideas. Of course we had our chance to develop some ideas, but mostly our role was to capture the ideas of leadership, cut through the noise, politics, and disruptions, and push them forward.

From the get-go, I was surprised to find that this 150+ year old company did not have any systematic approach to innovation, mature or otherwise. As a result, the innovation team would shift priorities on a dime and often waste tons of time driving ideas that were clearly wrong for the company, had no foreseeable positive return, or had no internal political support. Meanwhile, many good concepts would go unnoticed, remain on hold, or be shelved. After several bouts with minimal results, I was concerned that my career was slowly wasting away with superfluous efforts; I was converted from a proud, creative, non-linear thinker to a champion of centralized, systematic innovation processes.

When the ground shifted, as it will in big companies, I ended up in a new leadership structure and had the chance to implement my systematic approach. I was given four very talented people, and we decided that we would create a methodology to collect, rate, prioritize, and track innovation efforts, thus the infancy of mature innovation. It was going to be beautiful! We spent the better part of a year creating a steering committee, outlining our plans, and developing a system for tracking and sharing information. We gained approvals up the ladder for the approach and agreements from senior management to follow the discipline.

Unfortunately, we did not launch any more great products or services as a result of this approach. What we did do was find a great way to identify and track all of our failures. We now knew that we had a pipeline of literally hundreds of ideas, we knew where the ideas ranked based on the predetermined parameters, and we had high-level business plans for a small percentage of the top ranking ideas. Unfortunately, our cycle time from ideation to product launch still approached 18 months to 2 years on the very few ideas that actually made it to market. We were not what one might consider an innovative powerhouse.

The problem was that we had four people spending most of their time ensuring the process was working but spending little time actually innovating. We became so bogged down that people who had great ideas avoided our process for fear of falling into a black hole, and we were specifically excluded from the strategic innovation going on at the top of the organization because we were, “Too busy.” On top of this, we experienced all of the major roadblocks that are common when innovating in a hierarchical environment. Some of these include:

Defining Innovation: Say the word “innovation” to a room of 100 people and you will get 100 different takes on what it means. Some see it as the big new idea. Others are looking for enhancements or improvements across the board. Sometimes innovation is used as an excuse for the strategic flavor of the moment.

Separating Thinkers from Doers: Often, the mindset in traditional companies is that there are thinkers who have the capacity and capability to innovate and doers who are either too busy or the wrong personalities. This is Taylorism stuck in our collective psyche and a killer for innovation.

Failing to Set Aside Resources: The deadliest phrase in innovation, “Prove the case for it and then we will give you the budget,” is, frankly, just a cop out. Seeding and cultivating innovation requires continuous investment and experimentation. Still, budgeting for the future when managers throughout the organization are competing for resources takes the kind of courage that is often lacking.

The Middle Management Filter: Frequently innovation is given to middle management as one of their tasks. It is often part of Marketing, IT, or (God forbid) Finance. Unless middle managers are exceptional, they are rarely in a good position to lead innovation. They live on eggshells, are unwilling or unable to take risks, and are often punished for failure. As a result, they become the bane of the innovation team’s existence defaulting to the safe choices, watering down ideas, and making knee-jerk decisions.

Short-term vs. Long-term Thinking: Connected to #4, management is more interested in short term impacts rather than long term evolution. They are measured by what they accomplish in a quarter or, at best, a year. The long term is not part of their mandate. As a result, if the innovations don’t come fast and furious, they can lose support and focus.

Searching for the Silver Bullet: More often than not, the innovation team is pressured to find the big idea that pays off quickly for the boss. The problem is that innovation, especially in mature organizations, rarely happens that way.

So, what to do? Our approach had failed to produce results, and we were stuck. This is when an understanding of complex systems kicked in (though I did not know what it was called then) and we began to apply adaptive thinking.

The root of our problem was that the company was simply too complex for a small, centralized team to drive innovation for the entire organization. This was a company with nearly 60,000 employees, a GDP bigger than the country of Colombia, global operations in almost every country, a massive partner network and more Vice Presidents than we could count.

Viewing Innovation through a Complexity Lens

By utilizing a Complexity Lens, we stopped thinking of innovation as a centralized activity for a few people and began thinking of innovation as everyone’s role. We started to consider the idea that everyone can innovate and opening innovation to the entire organization was an absolute must.

The concept was bit humbling. We wanted to be the creative geniuses who launched the organization into a new era but this was clearly impossible. In a way, we felt we were passing the buck. It was like saying that we were not smart enough, we were not working hard enough, or we simply could not produce. Pushing this concept up the chain of leadership was even more difficult because the bosses had similar feelings. In the end, though, it became clear that this was the way to go. So our role as the innovation team changed from controlling innovation to fostering mature innovation.

It could not happen all at once. We had begun to mature as an organization, but we still needed to take steps. Our first step was to create a system that allowed everyone to generate ideas while we provided the tools allowing them to pursue those ideas, facilitating the process of turning ideas into opportunities, and creating the means for them to share their ideas among each other. Over the next few years, we took the methodology and systems that we had built for ourselves and opened it up to everyone by turning it into a framework that people could adapt for their own use. We walked around, figuratively and literally, looking at what people were working on and wherever possible promoting ourselves as a service to train and educate groups on how to move their ideas forward. While we did not have the technology at hand at the time to create total transparency, we did our best to create forums for people to share what they were working on and draw on each other’s ideas and approaches.

This approach did not mean that systematic innovation methods were tossed out the window. Rather, we created a tool set of approaches for people to utilize and added to this tool set as we learned more. We recognized though that not every approach worked for every situation, so we allowed experimentation.

In this sense, each group made their own pizza (read Change & the Pizza Principle) and after several iterations, the ones that worked best in this culture emerged as the norm.

The impact was soon clear. In less than a year, the organization was launching more new innovations more rapidly, about one a quarter, than in all the previous five years combined. But while there were more launches, they were generally smaller ideas. Some were simply enhancements to existing products, while others were efficiency gains, and still others were products that were adapted from our internal operations that we repurposed for our clients. None were the big silver bullet ideas that management hoped for, but out of these small ideas two ended up producing $30 million between them in the first year and the risk was very limited. Failures were equally small and isolated and the wins more than offset any losses.

I did not hang out to see this system in full implementation as I had received a new assignment overseas. When I returned after three years abroad, I found that the innovation team had continued to launch more and more products and enhancements. What was even more interesting was that these smaller innovations eventually enabled a big evolutionary leap. During this period, the internal and external circumstances aligned for the development of a new business that incorporated many of the innovations into a packaged offering. This business quickly became a nearly $200 million a year operation. The silver bullet emerged as a result of the cumulative innovation.

There are a number of very innovative companies that have discovered variants of this approach. Legos extended innovation by inviting customers to create ideas and participate in the financial success while Pixar has documented its highly successful approach in “Innovate the Pixar Way, Business Lessons from the World’s Most Creative Corporate Playground.” Of course the approach is unique in each organization, but they have a principle of a centralized framework and quality assurance coupled with distributed innovation. I have since learned that this fits well with the theory surrounding complex adaptive systems. Generally speaking, evolution does not usually happen in a single great leap. Complex organisms produce and experiment with small adaptations. Some work, some fail. What eventually happens is that they accumulate over time and eventually a tipping point is reached and an evolutionary event changes the system forever. By letting go of the centralized systematic approach and enabling mature innovation to occur across the organization, evolutionary transformation is made possible.

 

Being CyberAware is More Than Compliance for SMBs

Dr. Romeo Farinacci, Cybersecurity Expert, Contributing Writer

Cyber warfare is real, is here, and America is losing. Military personnel, law enforcement, and private security use bulletproof vests to protect themselves in hostile zones. These vests minimize injury and provide a means of security and safety of life. Additionally, they use intensive training, mindfulness, and combat skills to defend successfully against an enemy. This combination enables them to be effective in combat. Make no mistake, the Internet is a hostile zone and in a state of cyber warfare. Being compliant is simply the bulletproof vest, and needs a cybersecurity program to provide the training, visibility, and techniques to combat cyber threats.

Several small to medium -sized businesses (SMBs) use insurance (compliance and reduced liability), ignorance (too small of a business to be hacked), or inappropriate justifications (cybersecurity cost too much to carry out; pay for incidents when they occur) to manage cyber risks to the business, resulting in a false sense of security. These uninformed actions lead to lack of common sense measures. Military personnel, law enforcement, and private security do not rely on vests to prevent incoming bullets (insurance), place bulletproof vests on after they are shot (ignorance), or not buy one because the cost is too high (inappropriate justifications). Businesses should move beyond compliance and become CyberAware by understanding the ever-growing dangers throughout the enterprise.

According to the 2018 Verizon Data Breach Investigation Report, 58% of breaches hit small businesses. The report identified 30 percent more incidents than the previous year associated with Point of Sale (POS) breaches targeted at hotels and restaurants (most are small businesses). Many SMB companies do not have trained security staff, trusting heavily on their PCI certification to manage threats, which results in several unmanaged vulnerabilities.

“Compliance is not the end of cybersecurity but a part of it.”

Dr. Romeo Farinacci

Only using controls defined by compliances such as HIPAA, PCI, and ISO are not efficient methods to manage cybersecurity threats against the attacks today or forecast for tomorrow. Especially for small businesses that identify themselves as too small to attack, or simply do not have suitable funds to build a cybersecurity program. Compliance is not the end of cybersecurity but a part of it. If SMBs do not begin using cybersecurity best practices, they will be susceptible to hacks and breaches resulting in steep fines, damaged reputation, or loss of business.

CyberAware – Because it’s the Law

In just 20 years since introducing ecommerce and SSL encryption, some of the largest businesses are mostly virtual. The past five years have shown an exponential increase of businesses that depend on Internet-enabled services to include ecommerce, the cloud, online marketing, etc. However, cyber threats and hackers bent on exploiting a business’ weaknesses have also exponentially increased. Conducting malicious acts as they try to compromise business operations, reveal intellectual property to reduce competitive advantage, or simply breach customer data.

The U.S. and abroad have begun integrating Cybersecurity into law and changing how companies approach business practices with electronic data. The many proposals of Bills, Policies, and Laws by states, governments, and nations have surged in the last couple of years. According to the National Conference of State Legislatures, more than 36 states are introducing more than 265 bills around cybersecurity. This includes providing funds for cybersecurity initiatives, increasing penalties for cybercrimes, promoting security awareness and training programs, or enforcing security best practices and controls on critical infrastructures. Also, several laws such as the NYCRR and GDPR are setting directives enforcing businesses to complete cybersecurity programs to manage enterprise risks while achieving industry-wide cybersecurity objectives.

For instance, the NYCRR enforces businesses to develop a Cybersecurity Program to include assigning a CISO, completing periodic risk assessments, conducting a security awareness and training program, and applying suitable controls to safeguard nonpublic information and information. GDPR wants businesses to define policies and procedures to comply with an EU Citizen’s Right to Erasure, to impose security measures to ensure minimal personal data is used for each specific business process, and to record and preserve all user data processing.

SMBs Must be CyberAware Too

Small to medium -sized businesses (SMBs) are critical to the nation’s economy. According to the Small Business Association, SMBs provide 66 percent of the nation’s net new jobs and employ 47.5 percent of the private workforce. It’s time to take Cybersecurity Awareness seriously, and each year introduces more CyberAware methods to aid businesses. Most recently, the government has passed into law Bill S.770 “To require the Director of the National Institute of Standards and Technology to disseminate guidance to help reduce small business cybersecurity risks….” Also, the bill will update the National Institute of Standards and Technology Act to incorporate small businesses and provide resources to lessen cybersecurity risks.

SMBs provide 66% of the nation’s net new jobs and employ 47.5% of the private workforce.

Small Business Association

The NIST has published a guide for small businesses entitled: Small Business Information Security: The Fundamentals, which provides guidelines using the NIST Cybersecurity Framework (CSF) for basic security of information, systems and networks. This guide contains programmatic information on setting up an information security program, and includes nine key practices to begin strengthening the safety and security of data that drives the business:

  • Pay attention to the people you work with and around;
  • Be careful of email attachments and web links;
  • Use separate personal and business computers, mobile devices, and accounts;
  • Do not connect personal or untrusted storage devices or hardware into your computer, mobile device, or network;
  • Be careful downloading software;
  • Do not give out personal or business information;
  • Watch for harmful pop-ups;
  • Use strong passwords; and
  • Conduct online business more securely.

The increase in cybersecurity awareness across the globe should drive all organizations to adopting basic standards and principles to combat the threats currently attacking our way of life. However, many businesses are still falling victim to the ignorance, mind-set of insurance, or inappropriate justifications to not set up healthy cybersecurity programs. Large businesses such as Verizon, Target, SONY, and Experian have the resources in place to bounce back and continue business operations, customer base, incomes, and image after experiencing a cybersecurity incident. Murphy’s Law suggests that what can happen will happen. A breach is unavoidable and small to medium sized businesses must be CyberAware and prepare for when an instance occurs.

What To Do

Focusing on defining people, processes, and technology within the organization is the first step in becoming #CyberAware. This leads to identifying what drives the business, what risks pose a threat to revenue, and suitable steps to building a strategy for tracking and managing incidents when they occur. Gartner’s Six Principles of Resilience highlights these ideas.

Principle No. 1: Stop Focusing on Check Box Compliance, and Shift to Risk-Based Decision Making

Principle No. 2: Stop Solely Protecting Infrastructure, and Begin Supporting Business Outcomes

Principle No. 3: Stop Being a Defender, and Become a Facilitator

Principle No. 4: Stop Trying to Control Information; Instead, Determine How It Flows

Principle No. 5: Accept the Limits of Technology and Become People-Centric

Principle No. 6: Stop Trying to Perfectly Protect Your Organization, and Invest in Detection and Response

Consider Principle No.1 “Stop Focusing on Check Box Compliance and Shift to Risk-Based Decision Making.” This principle implies an understanding of business risks associated with the people, processes, and technologies that enable the business to function, and not exclusively IT risk. Simply put, examine ‘what do we do and why,’ identify business risk profile, then apply appropriate protections that enable the organization to meet customer expectations (product quality, company trust, service confidence, etc.). Remember, compliance is not sufficient protection, it is only a tool, a bulletproof vest.

Each of these Principles are used to change an organization’s culture and approach to managing their digital footprint. One of the key elements within the six principles is the determination of how data within the enterprise flows, a concept many organizations have trouble documenting. Obtaining visibility into network infrastructure, end-user interaction with data, and how data is printed, emailed, transferred, and modified should be identified to begin establishing appropriate protection mechanisms.

Security Assessment services can provide visibility into data movement and guidance in developing a strategy and roadmap for implementing cybersecurity within an organization. These services can demonstrate how to combine compliance requirements with other cybersecurity program elements. These program elements include frameworks, threat intelligence, security awareness, vulnerability assessments, log management, audit reviews, hardening techniques, change control, forensics, policy development, etc. Such a cybersecurity program will increase productivity, align with compliance requirements, enhance security posture, and combat cyber threats. With an understanding of how to implement a cost-effective cybersecurity program SMBs can become CyberAware and turn tide on cyber warfare for America.

Podcast: Get to Know SWAE and Yuma Regional Medical Center

mss-podcast

An Introduction to Baldrige with the Southwest Alliance for Excellence (SWAE)

Southwest Alliance for Excellence (SWAE) members Carl Herring and Karen Shepard provide an in-depth introduction to the Baldrige framework of business transformation and it’s application. With the mission to empower organizations to pursue performance excellence, improve outcomes and contribute to the economic strength of their community and state, Carl and Karen discuss how Baldrige methodology holds the potential to positively alters the foundation of many organizations. The discussion was led by David William Lee of MSSBTI.

 

Download this podcast: Introduction to Baldrige by SWAE

 


SWAE Baldrige Implementation at Yuma Regional Medical Center

The team of Yuma Regional Medical Center joins David William Lee in an animated discussion of the SWAE Baldrige Framework’s implementation. In the conversation is Robert Trenschel, President & Chief Executive Officer of Yuma Regional Medical Center, Deborah Aders, Chief Nursing Officer and Vice President of Patient Care Services and Woody Martin, Chairman of the Yuma Regional Medical Center. The group discusses their application of the Southwest Alliance for Excellence (SWAE) “Baldrige” Framework for the past 5 years. Discussed is the journey through the implementation process of this business transformation module. The group expands on the execution of this framework in a uniquely high risk, high expectation environment of a hospital.

 

Download this podcast: Baldrige Implementation at Yuma Regional Medical Center

 

Cloud Technology Emerges from its Foggy Veil

Cloud technology appeared as a buzz word more that a decade ago, ever since Amazon started selling their in-house, web-based service platform that was used to support their own internet sales site. They were able to package the technology, market it and turned it into a profitable solution. This allowed companies to take advantage of large scale technologies without the upfront costs to build their own datacenters. Since then, cloud technology has evolved quickly as a mainstay in our ever-evolving technological world.

New, billion-dollar companies such as AirBnB and Uber have capitalized from this trend by utilizing cloud-based infrastructure to increase reliability while decreasing costs. In April of 2018, GoDaddy announced it was moving a vast majority of their current infrastructure to AWS.¹

Top 5 Cloud Technology Trends

As companies are evolving to stay ahead in the new technology world, here are five trends that are emerging with cloud computing:

  1. Growth in Cloud Services and Solutions – We are in the digital age where cloud services are now common place and businesses look to a cloud solution first before an on premises solution. 56% percent of CIOs in Gartner’s CIO survey indicate they are adopting cloud as either an option or as part of a “cloud first” approach, while 71% look to SaaS either first or as an option.

    Gartner predicted that by 2020, businesses without cloud capabilities will be as uncommon as businesses without Internet are today. Most businesses use some sort of cloud offering or online application such as Microsoft Office 365 or Salesforce. Few businesses are completely 100% cloud based nor are there businesses that are completely 100% cloud free.

  2. Serverless Computing – A relatively new cloud service that has come into the marketplace is serverless computing which allows developers to deploy their applications without the need to provision servers or backend infrastructure to support and run their applications. Developers can release their code and run it as a service without the need to build backend infrastructure such as servers, network, databases and backend applications to support the application. This creates simplicity and agility in the marketplace to turn out applications much more quickly than run at greater speed. This also allows companies to go global by replicating their applications to run around the world as if the local datacenter is right next door.

  3. Multi-cloud – The rise of pure play cloud platforms like Microsoft Office 365, Salesforce, ServiceNow, and Workday show that most businesses already utilize a multi-cloud cloud technology environment. Multi-cloud is the use of multiple public cloud computing and storage services in a single heterogeneous architecture not to be mistaken for hybrid cloud which is a mixture of public and private resources. Some cloud technology companies are changing their application architecture to force companies into a multi-cloud environment even if they are not willing to give up the hold on local resources.

    Microsoft began to remove Skype for Business and OneDrive for non-365 users in 2020 to force them into using Office 365.²

  4. Disaster Recovery – As businesses move toward a virtualized and constantly evolving IT ecosystem old DR approaches become much more expensive and complex to maintain. Software based DR at the hypervisor level allows a company to prioritize applications and provides automated testing to ensure and validate a company’s DR strategy. I can remember a year after the 9-11 disaster, the company I worked for at the time invested in a 3rd party disaster recovery site and solution. A few times a year would be spent on building out our servers and clients from backup tapes to perform drills to ensure our DR solution was adequate. This time-consuming ordeal would take 48 hours to build and test but would only ensure our most business-critical applications would be recovered. Now, with the use of cloud technology, recovery can be completed and tested within minutes.

  5. Security – Last but certainly not least is security. The glaring question from anyone thinking of moving to the cloud “Is my information in the cloud secure?”. Contrary to the myth that you will lose security when you move to the public cloud because you cannot physically touch the device, in most cases you are increasing security by moving data to the cloud by utilizing the provider’s hardened datacenters with many more security resources. This all depends on your current state of security. The cloud provider is responsible for the security of the cloud (datacenters, access, security tools, etc.) while the consumer is responsible for the security in the cloud (data access policy, authentication, authorization, etc.). Security must be built into every step of product development or migration strategy rather than at the end.


Businesses demand more as technology increases and legacy systems become less sustainable. The goal for business is to reduce risk by ensuring that crucial applications are always available. The cloud has become a tool to satisfy this business demand while reducing risk. What needs to change is the IT mindset of being a support model into being an enabler. That means rethinking IT infrastructure and services that support the business which is not always an easy task. It takes resources that understand what and how to move business applications and infrastructure to the cloud to ensure businesses do not become extinct.

Cloud evolution continues to emerge in the technology world. If you aren’t willing to adapt, you’ll dissipate like fog.


¹ https://www.cloudcomputing-news.net/news/2018/mar/29/godaddy-goes-all-aws-citing-containers-expertise-key/
² https://www.pcworld.com/article/3191298/windows/microsoft-will-cut-services-to-standalone-office-users-so-theyll-subscribe-to-office-365.html

Podcast: From Nearly Turned Out to Successfully Turned Around with Tim O’Neal

mss-podcast

With nearly three decades of experience working in the thrift industry, Tim O’Neal has spent the past 18 years focused on the mission of fighting unemployment in the state of Arizona. When O’Neal was brought on with Goodwill of Central Arizona, the organization was in serious financial trouble and at risk of having its membership removed by Goodwill Industries International.

O’Neal’s arrival marked a turning point in the 70-year history of the organization, and his leadership was instrumental in keeping the organization running by increasing retail operations by 3000 percent during his tenure as the Vice President of Retail Operations

During this Podcast, we discuss the transformation and growth of Goodwill of Arizona into one of the top 3 Goodwill organizations in the world.

If you would like a tour of Goodwill of Central and Northern Arizona’s facilities contact Tim at tim.oneal@goodwillaz.org.

 

 

 

 

Delivering Project Results

Delivering Project Results program is intended to lay the foundation for applying change management on projects. The goal is to connect employee adoption and usage with the results and outcomes of your projects, and understand how change management drives increased adoption and usage.

Program Length

  • 4-6 hours

Intended Audience

  • Intact project teams
  • Project leaders
  • Solution developers
  • Lean and Six Sigma practitioners
  • Organization Excellence practitioners
  • Organization Development practitioners

Ideal Size

  • 10-15 participants

Success Factors

  • Sponsorship
  • Managing expectations
  • Completing pre-program work
  • Familiarity with project management

For more about Delivering Project Results, contact us at 602-387-2100 or dlee@mssbti.com.  Workshop can be performed at MSSBTI facilities in Central Phoenix, AZ or onsite at the client location.

High Performance Team Development

ASAP™ High Performance Team Development

The High Performance Leadership Development program is a unique method for facilitating increased communication, collaboration and decision making across teams at all levels in an organization. Based on the concepts developed by Radvan Bahbouh PhD, Charles University in Prague, the ASAP™ method is utilized by elite special forces teams in NATO and has been adapted to work within organizations of all types including Dell, T-Mobile, Jackson Health, and the European Space Agency.

Utilizing 3D, the facilitation approach starts with an intuitive, easy-to-grasp, display that uncovers challenges and opportunities that would otherwise remain hidden. From here, the facilitator works with the teams to develop immediately actionable plans to improve their performance. Whether you are forming a project team, building a new department or transforming a large organization, the ASAP™ High Performance Team Development program will help you get a jump start in a matter of days and track your team development to its potential.

 

Develop your High Performance Team.  Contact David Lee, MSSBTI Executive Director, at 602-387-2128 or dlee@mssbti.com.


Program Audience

  • Business leaders and their teams
  • Teams at any organizational level
  • Limited to 20 people per session

Type of Program

  • Workshop

Length

  • 1 day per session
    1-hour follow up for tracking improvements (recommend a least one per program)

Expected Outcomes

  • Action plan for step–level improvement in team performance
  • Ability to track progress with intuitive visual tools
  • Accountability for changes in team dynamics
  • Revelation of hidden perspectives
  • Desire for continuous improvement

Benefits

  • Immediate results within a month and ongoing trackable improvement
  • Safe, open (but challenging) approach to team development
  • Elimination of barriers and silos
  • Alignment of priorities & actions across participants
  • High impact that enables teams to improve their performance in the short- and long-term

Applications

  • Strategic Business Planning
  • Opportunity Prioritization
  • Outcome Alignment
  • Product Development/Innovation Decisions
  • Organizational Improvement Priorities
  • Requirements Gathering/Definition
  • Project Development

Location

  • All workshops can be performed at MSSBTI facilities in Central Phoenix, AZ or onsite at the client location

Podcast – Cyber Security: Not a Technology Issue – A Transformational Business Strategy

Airing on December 5, 2017, this podcast provides C-level perspective on building a transformational cyber security strategy that creates value for the organization while protecting its most valuable – nonhuman – asset; its data. Our expert panelists address the ubiquitous nature of the cyber security issue, how to set and achieve expectations from your cyber security strategy, what to expect from a Chief Information Security Officer, and how cyber security adds value in business terms.

Dr. Roméo Farinacci is a senior security consultant with Terra Verde Services, specializing in security program development, risk management, security architectures, and risk assessments. He brings over 20 years dedicated IT/Security experience and 5 years consultation of complex enterprise infrastructures in public, private, and government sectors. Roméo’s passion in cyber security enables him to effectively develop and communicate change strategies for improving the security posture of organizations. His education portfolio includes a Doctorate in Management with an emphasis in Information Systems Technology, an MBA in International Business and an MS in Information Technology. He also has the following professional certifications: CISSP, CISM, PMP, GSLC, and Six Sigma Green Belt / Lean.

Kim L. Jones is a 31-year intelligence, security, and risk management professional with expertise in information security strategy; governance & compliance; security operations; and risk management. Professor Jones is a former Chief Security Officer who has built, operated, and/or managed information security programs within the financial services, defense, healthcare, manufacturing, and business outsourcing industries. Jones holds a Bachelors Degree in Computer Science from the United States Military Academy at West Point, and a Masters Degree in Information Assurance from Norwich University.  He also holds the CISM and CISSP certifications.

Download the podcast