Friday, September 18, 2015

5 Ways CIOs Can Transform Their Companies into Data-Driven Enterprises

Data, data everywhere—not just the right kind to make effective decisions! It wouldn’t be wrong to assume that this is the common lament in most enterprise decision-making circles today.

On the one hand, companies are drowning in an unprecedented flood of data, structured as well as unstructured. And, on the other, CIOs, CMOs and other CXOs are struggling to get a handle on all that data, put it into the right perspective, extract and massage it into a usable form and take quick, effective decisions. The ones that can earn their firm the much-prized moniker of an agile business or a data-driven enterprise.

While making decisions in any enterprise involves a whole battalion of executives, LOB heads, managers, supervisors and many others, I think the job of enabling the whole organization to take decisions based on analytics rather than hunches (and perhaps, lunches) is most suited to the CIO. The reason is simple: who else has an across-the-board view of the data ecosystem of the company? And that too with the additional knowhow of how the information systems work (or can be made to work)?

So, without further ado, here are five ways CIOs can enable an environment for adaptive, data-led decision making in their organizations:

Making speed count: I know one thing for sure: organizations of all stripes today collect all sorts of data. Through all sorts of forms. By making innumerable number of calls to customers and prospects. And by sources such as the usual enterprise data captured through ERP and other operational systems. But how fast are you with the data you collect? Does it lie buried into file cabinets or dusty disks? Simply putting the data to quick use can make a huge difference to the organization. Following up on a hot lead in quick succession of the data collection process, for instance, will translate into revenue; too much delay, on the other hand, will make the prospect turn to your competitors.

Knowing your data from your metrics: This may sound simple to some and unnecessarily complicated to others. Yet this article on the Harvard Business Review site illustrates the difference and the significance of the difference quite clearly. Authors Jeff Bladt and Bob Filbin cite in the article the example of a YouTube video, asking the reader to guess as to how many views would qualify a video as a success. Now, the particular video in question had garnered 1.5 million views but it failed to do what it was supposed to do: encourage young people to donate their used sports goods. So, despite the impressive views, only eight viewers signed up for donation—with zero finally making the donation!

Not all results (or metrics) will turn out to be in such low extremes. But the point is well-made: you need to specify clear metrics in any data collection or numbers related exercise that will reliably give the true measure of success for the initiative.

Data is data is data, right? Wrong: When data is to be put at the heart of decision-making in an enterprise, it matters all the more that the data be accurate, consistent and timely. So, one may be under the impression that all the data required for a project, say, a marketing campaign, is available, if the data quality is not up to the mark, the results of the campaign would certainly be below expectations.

According to a data quality study by Experian Information Solutions, 32% of U.S. organizations believe their data to be inaccurate and further, 91% of respondents believe that revenue is affected by inaccurate data in terms of wasted resources, lost productivity, or wasted marketing and communications spend. If that’s the case with such a data-rich economy, one could imagine how bad the shape of things would be in a country like India, where data collection and research are relatively new fields and far from being mature scientific disciplines. In this context, the need for best practices as well as tech tools in maintaining high data quality cannot be over-emphasized.

Democratization of analytics: How many of you can remember the era of generating sporadic MIS reports for the consumption of the privileged few? Well, that era is long gone. However, most companies are still chary of sharing key statistics or analytics data beyond the confines of top or senior mid-management. But gradually, this state of affairs, too, is set for a bold change. Some call the coming wave as the democratization of data or analytics, in which actionable data percolates to the lowest links in the organizational hierarchy.

Having said that, democratizing data does not mean dropping a huge spreadsheet on everyone’s desk and saying, “good luck,” as Kris Hammond, Chief Scientist at Narrative Science points out in this article. On the contrary, he explains what it involves simply and emphatically: “Democratization requires that we provide people with an easy way to understand the data. It requires sharing information in a form that everyone can read and understand. It requires timely communication about what is happening in a relevant and personal way. It means giving people the stories that are trapped in the data so they can do something with the information.”

Point well made: unless people can take “informative action,” the analytics tools or the extracted data will have little value for the people or the organization.

Analyzed this, have ya? Now visualize that, too: I’m not sure if you noticed but the Internet has been flooded with a new tool of information dissemination in the past couple of years. It’s called the infographic. For most of your searches on Google, there are now an eye-load of infographics, those illustrative diagrams that give you the needed information with icons, pictures, graphs and anything non-text.

Much less noticeable but equally important, a similar movement is underway within enterprises in the context of data analytics. Vendors such as Tableau Software and Qlik Technologies are leading the charge in this emerging segment, referred to as the visual analytics market

According to specialist consulting firm Atheon Analytics, visual analytics “brings together computer science, information visualization, cognitive and perceptual sciences, interactive design, graphic design, and social sciences.” (To see the power of visualized data in action, watch this slightly old but enormously impactful video, the Joy of Stats, of Swedish statistician Hans Rosling, who is often referred to as the “Jedi master of data visualization.”)

The above are only a few of the multiple ways in which CIOs can bring the hidden power of data to the forefront of organizational ability and agility. There are plenty of tools and technologies available but each organization must find its own best-fit path to data-driven success. The key is to start the data journey as early as possible and do so in right earnest.

Sunday, August 30, 2015

Can You Imagine How the Buddha Played the Flute?

We all know that Lord Krishna played the flute and held the entire world in the sway of its music. One of his several names is Bansidhar, which means the holder of the flute. So it came as a pleasant surprise to me that Buddha, the enlightened one, too, played this divine musical instrument made from the bamboo plant. And oh boy, did he play it beautifully!

The revelation came through the book Old Path White Clouds by revered Vietnamese monk and peace activist Thich Nhat Hanh. The book is a majestic retelling of Buddha’s eighty years of life built on multiple sources and accounts in several languages.

While Nhat Hanh mentions a young Siddhartha (Buddha’s given name) playing the flute serenely under a moonlit sky in the early chapters of the book, to me the real magic and melody of Buddha’s flute came alive in Chapter Twenty-Five, aptly titled Music’s Lofty Peaks.

In the episode, Buddha is said to have met a group of young people in a forest between Varanasi and Rajagriha (written Rajagaha in the book, now the city of Rajgir in Bihar). As the story goes, one of them asked the Buddha to play the flute for them just as some of them burst out laughing, dismissing the idea of a monk playing the flute.

Never the one to be perturbed, the Buddha just smiled.

Now, as the Buddha took a few deep breaths and put the flute to his lips, can you imagine how those young men felt? Can you imagine the music that wafted magically in the wind of that forest? Before he touched the first note, the Buddha reflected on how many, many years ago he played the flute as the Sakya prince in the capital city of Kapilvastu.

I believe it must take the spiritual depth and simplistic genius of a true monk to put forth the description that follows. This is how Thich Nhat describes the Buddha playing the flute in his book:

“The sound was as delicate as a thin strand of smoke curling gently from the roof of a simple dwelling outside Kapilavatthu at the hour of the evening meal. Slowly the thin strand expanded across space like a gathering of clouds which in turn transformed into a thousand-petalled lotus, each petal a different shimmering color. It seemed that one flutist suddenly had become ten thousand flutists, and all the wonders of the universe had been transformed into sounds—sounds of a thousand colors and forms, sounds as light as a breeze and quick as the pattering of rain, clear as a crane flying overhead, intimate as a lullaby, bright as a shining jewel, and subtle as the smile of one who has transcended all thoughts of gain and loss. The birds of the forest stopped singing in order to listen to this sublime music, and even the breezes ceased rustling the leaves. The forest was enveloped in an atmosphere of total peace, serenity, and wonder.”

Can you imagine how the Buddha played the flute?

As I read those lyrical words, I could feel a certain peace within my own self. It is as if you are being transported into another realm of existence on the wings of a swan. As if the gentle embrace of a child is holding you in its inexplicable delight. As if your heart has become so much full of love and divine grace that it is overflowing with joy…As if all the pain of thousands of years buried deep in the multiple births of your existence is melting away into a single note of relief…

Can you, can you imagine how the Buddha played the flute!

Sunday, August 16, 2015

Tackling the People Problem in Security

Security is a constantly moving target, all right. But which of these three pillars—people, process and technology—is the most vexatious issue in hitting the bull’s-eye?

Felix Mohan, one of India’s top experts on information security, addressed this question at the Delhi leg of DynamicCISO Regional Security Summit recently. (The summits are held in multiple cities in India.)

To make the point loud and clear, Mohan used a simple but powerful twin-visual. The first part showed a cube with a small hole on the front side. The revelation came in the second part, which showed a much bigger hole on the back surface (Didn’t want to say “back side”).

Now, here’s the crux: the tiny hole, which covered barely 10% of the surface area, represents security breaches because of technology gaps; the Real McCoy is the people angle to security, the 90% hole in the other side of the cube through which most incidents actually occur.

And yet, startling as it may seem, 80% of the security budget in a typical organization goes toward plugging that small, tech-related hole. Only a disproportionately small portion of the budget (20%) is allocated for addressing the people issues.

That is not to say that all those next-gen firewalls, data leak prevention tools and encryption solutions do not deserve your attention and investment. But the alarming rise of socially engineered attacks, password/identity thefts and advanced persistent threats all point to the dire need for putting people at the very core of your security strategy.

An indication of the people angle’s significance is the new acronym, PCS, coined by Gartner. In a blog post, Gartner analyst Tom Scholtz describes People-Centric Security as “a strategic approach to information security that emphasizes individual accountability and trust, and de-emphasizes restrictive, preventive security controls.”

The growing role of users in InfoSec is also highlighted in several industry studies. For one, according to the recent 2015Black Hat Attendee Survey, 33% of respondents believe that the weakest link in today’s enterprise IT defenses is “end users who violate security policy and are too easily fooled by socially engineered attacks.”

High concern over the people problem in security even prompted one consultant, Peter Thompson, to give this intriguing headline to his article in a newsletter: “Are you patching your people?”! Thompson further quotes the famous US prez Benjamin Franklin as having once remarked: “Three may keep a secret, if two of them are dead.”

The impact of the gallows humor in Franklin’s remark (which was made way back in 1735) should not be lost on today’s CIOs and CISOs.

But far from wishing for grave consequences for people who can’t help sharing passwords with their cats and girlfriends, what today’s IT decision makers require is adoption of constant training and re-training of people in security best practices—beginning with the top management down to the last employee, even if that person is an outsourced “resource” (who, for all you know, could be a good recourse for hackers out there).

The Cisco 2015Annual Security Report makes some interesting observations and raises relevant questions on people-related issues, among other aspects. Let me just pull out an excerpt here:
“With users becoming ever-weaker links in the security chain, enterprises have choices to make when implementing security technologies and policies: As developers try to make applications and software more intuitive and easy to use, do organizations open new loopholes for cybercriminals to exploit? Do enterprises bypass users, assuming they cannot be trusted or taught, and install stricter security controls that impede how users do their jobs? Do they take the time to educate users on why security controls are in place, and clearly explain how users play a vital role in helping the organization achieve dynamic security that supports the business?”

I don’t remember who said it but someone pointed out a very hard-hitting thing about the people problem in security at the DynamicCISO summit. It was about putting an undue burden of remembering multiple passwords, adhering to complex security policies or procedures and doing sundry other things to prevent security breaches on the poor user. As a connected, credit card-wielding (and shielding!) user, I somehow empathize strongly with that comment. And I suspect that a sizable online population would harbor similar sentiments.

The bewildering number of security procedures, the alarming number of online attacks and their ever-rising stakes, and the presence of multiple screens in a user’s life have made it virtually impossible to avoid trouble. If they are asked to do this or that, use this kind of password or that type of key, and comply with a ton of regulation, most of them would soon choose convenience over safety.

So, on the one hand, you have the need to apply multiple layers of security tools and constantly train people; and on the other, there’s the fatigue and unease felt by most users over time. This makes you wonder if there’s some sort of contradiction in terms here. 

On deeper reflection, however, this contradiction gives way to a balancing act. One can perhaps say that the success of a security strategy in today’s increasingly open world would depend on finding the right balance between tools and policies, between people and processes, between training and ease-of-use…in fact, between any two constructs that look diametrically opposite at first but which must be brought together in a continuum of collaborative responsiveness.

[This blog post first appeared on]