Archives for January 2016

We live in the age of big data and the Internet of Things (IoT). Did you know that since the start of this Millennium, 52% of Fortune 500 companies are gone? What happened? They didn’t make the digital shift that occurred during and after the dot-com bubble. Today, companies need to be a part of the next shift, driven by big data and IoT. Those that don’t will go the way of those nonexistent 52%. What does it mean to shift towards big data and IoT? Your digital business model should focus on CX: Customer Experience. Provide your customer with an excellent interaction, whatever your industry.

Have you heard about digital disruption? Along with big data and IoT, this is another buzzword today, because it’s making waves in many different industries. Well-known examples include AirBnB and Uber. They’ve provided a more sought-after customer experience than the existing model in their industries and people jumped on their services. Did you know that the iPhone was a big digital disruption? Its release destroyed 27 business models: cameras, flashlights, digital records and so on.

Digital disruption is what happens when traditional business models don’t prepare for shifting markets by creating digital business models. How might your industry be disrupted? Has it already been?

Customers no longer look for companies that simply sell a product or provide a service. They want brand promises. You are committing to your customers what you will deliver to them. Perhaps you’ve heard of a few of these best brand promises?

• Geico: “15 minutes or less could save you 15% or more on car insurance.”

• BMW: “The ultimate driving machine.”

• Apple: “Think different.”

Why does a brand promise matter? Because our market is now an “attention economy.” With so many things demanding our time and so much coming at us constantly, between TV, social media, advertising and our constant go-go-go schedules, our time has become a scarce commodity. Customers take brand promises seriously and you’ll quickly lose credibility if you’re not consistent.

In order to deliver consistently, you need the data to keep tabs on your customers’ expectations. Take Uber, again, as an example. They’ve disrupted unit cost pricing models by updating their prices based on real-time demand.

So what might you need to include in your digital business plan?

1. Dynamic pricing models

2. Data (clicks, touchpoints, IoT info, etc)

3. Insight streams (built on your data)

If you can integrate all three, call yourself a digital winner. Who are winner companies today? Apple, Amazon, Google and Microsoft vertically integrate them all. Amazon, for example, is keeping the postal service busy while competing against other shipping companies.

So start today with defining your customer, defining your brand and translating it into your digital business model. Disruption is coming. Either you’ll be hit by it, or you’re leading it.

Ron Ross is somebody that you might consider a superstar in the arena of cybersecurity. His lengthy resume includes leading the task force that developed the Unified Information Security Framework for the federal government.

Ross was recently interviewed by Forbes and dubbed the “Most Influential Cybersecurity Guru to the U.S. Government.”

Two important discussion points from that interview included an international standard for security frameworks and the importance of business leaders understanding TACIT security, which is an acronym for Threat, Assets, Complexity, Integration and Trustworthiness.

International engineering standard for attack surface

Have you heard the term “attack surface” before? This cybersecurity phrase refers to the increase of complexity in the information technology infrastructure as we add more Internet of Things devices, more software, more operating systems and more possible zero-day vulnerabilities. A zero-day vulnerability is an unknown vulnerability that could become a threat if discovered and exploited by cybercriminals. As the attack surface expanded and zero-day vulnerabilities increased, a standard was drafted to help software engineers prevent these threats. The standard is called “System Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems.” Some of its goals include:

1. Put risk management frameworks in place from the start of development (some operating systems consist of fifty million lines of code!);

2. Avoid shipping to consumers without frameworks in place;

3. Use the system and software standard, IEEE/ISO 15288;

4. Follow the 30 process steps from the standard to build out tasks and activities that integrate security tightly into existing processes, both technical and non-technical;

5. Improve risk management, configuration management and quality assurance;

6. Comply with HIPAA, GLBA, FISMA and other policies.

The five legs of TACIT security

Threat: The world we live in now has transformed from paper-based to digital. High-technology allows an incredible increase in productivity and business success but brings with it great threats and cyberattacks. Business leaders need to understand what threats impact their organization by doing risk assessments: What will happen if it happens to you?

Assets: Information technology infrastructure brings complexity with all of its layers made up of components, applications, frameworks, etc. Can you define your business’s critical assets? Did you know that all government agencies are required to categorize their information systems into low, moderate or high impact? Once you’ve identified critical assets, take additional steps to safeguard these.

Complexity: Our systems and networks are so complex that they have surpassed our ability to understand them completely in terms of how to protect them. Your business should actually work to reduce complexity, through well-designed enterprise architecture: consolidate, optimize and standardize your IT. Cloud computing can also help reduce complexity.

Integration: Embed security personnel into the organization, instead of keeping them siloed within the IT department. Get them involved in processes where they haven’t been before, such as acquisitions.

Trustworthiness: Build systems with the top priority being penetration-resistance. Use technology built to do this, such as two-factor authentication and encrypting data.

Ultimately, your business’s success in cybersecurity comes down to you. What is your plan for protection, prevention and recovery? Make sure that you understand the threats and the technology to secure the critical assets in your business. Think of it like red-zone defense in football. You put certain tactics in place for the most important areas of your business so that if a threat gets close to your end zone, you can hold it off.