Are You A Digital Viking?

The Vikings were famous for travelling light, moving fast and raiding unpredictably. Where they encountered problems or set backs, they rapidly learned from their setbacks, changed approach and attacked with even more vigour. Their main motivations were to gather as much silver and gold as they could, as well as to obtain and settle on arable lands. As a result they spread extensively over Europe and towards North America. Russia, the Baltic States, Britain, Ireland, France, Greenland and Iceland were all impacted and shaped by them and their trade networks reached out into the islamic world. Key to their success was not just the simplicity of their approach, but also their discipline and the passion with which they pursued their goals.

In many ways this parallels what is being seen with modern digital businesses and the agile approach that they take to product development. It seems that every week we read of or start using a new digital service or business which is attacking entrenched market places, disrupting well entrenched businesses and overturning market places, by inventing new business models and re-writing market place business rules. Mostly this is as a result of trying to understand what customers value and address customer business experience. Then they pursue multiple rapid developments resulting in quick evolution of products and gaining insight into what works in their market places. Key to this is the scalability which is achievable by keeping things simple. If he were alive today, Stalin might have rewritten his observation about quantity to say that "Simplicity has a Quality all of its own".

So how does an entrenched business learn to fight back. The vikings were defeated by Alfred the Great who focused on a number of key strategies: he fortified the major towns so that the population could retreat behind stone walls and take their treasure with them; he blocked major rivers with stone bridges which were easily defended and difficult for viking long boats to get past; he developed a navy to patrol and intercept them and he developed a trained army which could fight them on an even footing when he lured them into battlefields of his own chosing.

So what does this teach a traditional bricks and mortar business with much of its capital tied up in assets? The first thing is that many of the modern digital vikings are slow to conform with all regulatory requirements. So a business should look at how it complies and try to optimise between meeting regulations effectively and doing so in as simple a way as possible. This raises the barrier to entry and acts as a defensive wall.

The second issue is that many of the new entrants are actually offering a new market service. They connect customers and suppliers in a value added manner. Existing businesses need to get together with competitors to develop their own market services. This is like building a navy to head off the vikings before they get to shore.

The third measure must be to build agile (and then DevOps) product development capability so that traditional products are continuously revolutionaised so that it is difficult for a new entrant to beet an existing product. (This is like building a capable army).

Finally, existing companies must protect their own IPR and customer related data. They must then build BI (and then big data) capability which can be used to develop new insight into customer behaviour and what works for customers. It may also help identify what additional services could be sold alongside existing products to optimise business value. This may involve building new collaborative relationships with other enterprises who sell different things to the same customers, so that they can then bring new digitally enabled value propositions to customers. Getting there before a new entrant, effectivel denies them access to the market and is similar to building a stone bridge across a river to deny a long boat access to the rest of the river).

MAD Chickens

Does Your Business Fail To Act Boldly with Acquisitions?

Many of us have been involved in someway with Mergers, Acquisitions and Disposals (MA&D or sometimes know as M&A). We all know that there is a low success rate with acquisitions, as more deals result in destruction in value for the acquiring party than those which increase value. Indeed, I often think of the vintage 60s film "It's a Mad, Mad, Mad, Mad World" as an allegory for a badly executed acquisition.

Historically businesses have tended to treat acquisitions one-dimensionally, with some just regarding them as legal deals and others as a financial transaction. Only recently have management teams begun to take a multi-disciplinary view to MA&D deals, but still they seem to have a blind spot around managing change or the importance of IT integration.

Overcoming Obstacles To Change

There's a critically important phase during the first 6 months or so of a completed transaction where the conditions for success are established or not. During this point it is essential to sow the seeds for successful cultural integration. That is we need to establish the emotional connection between the people within the acquired company and the acquiring company (note even in mergers and join ventures there is normally a dominant partner, so I am assuming acquisition in all instances for simplicity). We also need to establish management control, demonstrate to customers that we are integrating and going to offer something more, and to ensure business continuity. I call these the Cs (culture, continuity, customer interface and control).

IT is essential to this in a number of distinct but important ways, but often management teams fail to invest soon enough in all the Cs. Excuses often proferred are "it's a people based business and we don't want to scare talented people away and lose the value of the business" and "part of the price is performance related over the next N years, so we must not do anything which distorts the picture of performance". This tends to build failure in from the start.

Human Reactions to Change

If you have been through an acquisition yourself, you will know that most employees fall into one of three camps:

The Curious - who want to explore the new business and identify opportunities. These are the natural change agents and entrepreneurs within a business and usually the people you want to keep and encourage as they will create new value in the future.

The Troops - who although they may be wary of change are happy enough to follow where they are led, if only someone would show them the way. They are also the people you want to keep as they know how the business operate and deliver its value.

The Deniers - who want to defend how things used to be, defy change and block progress. Often they will willfully act to preserve their independence or even try to take over the acquirer from within. They may be the people who have destroyed value in the past (which could be the reason that the business was up for sale in the first instance). You may actually need to lose these people to assure future success of the merged new entity.

What IT Can Do To Encourage Cultural Change

Modern change management practices have shifted from trying to convert Deniers to encouraging the Curious and enabling the Troops. In this vein, then IT should be at least doing the following during the first few months of an acquisition:

(A) Ensuring that all essential service contracts and licences re reassigned or replaced; 

(B) Re-branding against the new identity in all systems and outward facing Web sites;

(C) Putting everyone onto the same connectivity infrastructure: e-mail, intranet, collaboration tools, mobile working toolsets;

(D) Ensuring that everyone belongs to the same security and access control systems: e.g. integrated active directory, security passes which work at each site where people work;

(E) Merging HR systems and payrolls, so that everyone is performance managed and paid in the same way;

(F) Establishing basic common controls for high level performance reporting;

(G) Then, launching a project (or programme) to integrate essential ERP processes.

This will not only ensure continuity of the acquired business, but enable the curious to explore and remove excuses for inaction which often prevents successful integration. It will also remove many of the subliminal "them and us" barriers which separate members of the previous historical organisations. Once this happens, then it is possible to pursue new opportunities where the combined capabilities of the 2 former businesses can be multiplied to deliver new value.

Cyber Fear and Digital Defence

How do we deal with the proposition that we are already penetrated?

Ever since the rise of the Advanced Persistent Threat and Socially Engineered Attacks the term Cyber has taken on new meanings and the IT Security industry has become one of the most vibrant sectors of the IT Industry.

At the European Infosec Event this week over 400 vendors were promoting their wares with the expectation that more than £1Bn of orders will result.

I have been to 3 such events recently and the range of issues arising has been phenomenal.

Planning and rehearsing for major events has become de rigeur with CIOs and other senior stakeholders needing to take media training. The industry has responded to Digital Challenges with a range of products providing cloud based security monitoring and encryption. Products similar to Military Battlefield Management Systems provide overarching monitoring, control and simulation systems. There is a high degree of inter-operation between many products and innovative products conduct network discovery and behavioural anomaly detection to track down new attacks using advanced machine learning and statistical analysis. There are even niche products for things such as system administrator control and user recognition via typing pattern recognition at keyboards.

However, one family of products disturbed me. There are now systems for monitoring user behaviour and predicting who is likely to cause a major leakage incident. This sort of big brother system is going to take significant effort to tune so that unfortunate false positives are avoided. Once people are used to them, they will be readily gamed. Whatever happened to actually managing and knowing the people who use your systems?

The End of Digital Adolescence

Are we growing from just talking about it to doing it?

Over the last 18 months I have attended a number of events with CxOs and other senior stakeholders from many different companies.

A key theme has been that we are all being pressed to do something, as we all work in organisations where customers, employees, business partners and senior managers expect us to be doing something and most of us have.

A key concern has been that we are all scared that we have missed something. Is there an "Unknown Unknown" that will emerge to destroy the new value that we are trying to create. We have all been thinking a lot about the subject and I think that collectively we have come to the following conclusions:

The 3 technologies that we have to get to grips with are:

• Identity Management (and subscription)
• Encryption
• Integration

The things that we should worry less about are:

• Security of the various PaaS and IaaS offerings, as the vendors who supply them spend a lot more time and money securing them than most user enterprises can dedicate or afford;
• Traditional technology selection approaches and worries about vendor lockin - the richeness, utility and value of the continuously evolving offerings obviates the need.

The things that we need to get good at are:

• DevOps - so we can move at Digital Clock Speed
• Service Integration (or SIAM) - so we can run this seamlessly from end-to-end
• (agile) Enterprise Architecture - so we don't lose track of what we've got (where we are spending money) and what we want to achieve in the future
• Security Governance - again so that we

The conversations that we have with other stakeholders in our businesses should focus more extensively on Business Value, rather than infrastructure maintenance and "keeping the lights on". But we also need to establish a different approach to projects, applications and investments, as the traditional ROI based Capital Appraisal, Invest and Forget model does not fit the continuous evergreening needed to sustain Digital Assets and keep them relevant in the face of customer demands.

There are plenty of other things as well, each worthy of a blog of its own, but this is the gist of all these discussions and power breakfasts.

The End of Outsourcing?

Most of us who have been in the trenches dealing with Outsourcing Partners in the last few years are puzzling over where it all is going. 3 major forces are changing the current model as we know it:

(A) Exhaustion of the Indian (or Off-Shore Labour Arbotrage) Value Proposition;
(B) The move to Everything as a Service (XaaS) as new players offer different types of service;
(C) The death of Monolithic Service contracts, as enterprises pursue increasingly complex Multi-sourcing models.

The original attraction of the Indian model was access to a large pool of well qualified talent which was artificially cheap as a consequence of exchange rate differences. As the offshoring model was pursued, the "Unseen Hand of the Market" has moved to erode the price benefits through year-on-year wage inflation and adverse currency movements. Additionally, as demand has risen, the talent has "followed the money" impatiently pursuing promotions, increased status and the opportunity to only work with the latest technology. This has led to unfettered job hopping, resulting in the loss of knowledge and the failure of individuals to develop deep experience. This has eroded the value proposition around talent. On top of this long distance relationships carry a heavy overhead in building them up and maintaining them, and the off shore players have developed business models and practices which assume that demand will continue to build at the same aggressive rate as previously. Many enterprises are actively taking things back on shore or in house.

The move to XaaS means that many of the traditional "box shifting and box running" services which were foundational to classic outsourcing are redundant. The traditional outsourcing players are losing the core "economy of scale" type services which they used to provide to IaaS and PaaS providers. Further more, the opportunities around traditional application based services are being eroded by SaaS providers. So although there are some niche opportunities where things like European data protection legislation or defence contracting requirements offer some opportunities, most of the market is moving to platforms such as those offered by Amazon and Microsoft. 

The continuous move to multi-sourcing started in the late 90s and has gradually built up steam over the last 20 years, especially as XaaS is now becoming the norm. This should also offer opportunity to move up the food chain to offer more value added services around Service Integration. Yet there is little evidence that any of the main outsourcing giants understand Service Integration or that there is appetite within customers to pay for it.

When I look at it, even in the area of Cyber where Security Operating Centre (SOC) services are in increasing demand, it seems that new entrants from the Aerospace and Defence industry have recognised and pursued the opportunities more aggressively, building both technical capability and market credibility.

So if you are looking at your service and sourcing strategy, it's time to think about what your model is, what kind of suppliers you need and to quiz them on their vision and direction. Otherwise you may be lumbered with a failing partner.

Should The CFO report to The CIO?

Is it Time that the CFO Reported to the CIO?

Attending an industry event the other week, I was struck by the comment that "CIOs were moving out from under the shadow of the CFO". The event was presenting the results of a recent global CIO opinion survey conducted by Harvey Nash and KPMG. Other questions had focused on who is responsible for Digital Strategy and it appears that Marketing is now giving this role up and starting to hand it back to the CIO.

Any reader who has worked in the finance industry will have long ago understood that "Money is Information", reversing the old adage that information is money. Basically, since almost all currencies moved off the gold standard, money has become nothing more than a promise or just life's brownie points. Its value only exists, because we chose to assign it value as it has no intrinsic value of its own. These days it consists of little more than data stored on some medium or being transmitted from point-to-point in transactions.

If this were the only issue then the CIO's claim might be considered a little tentative. However, in the modern digital economy, many industry pundits are quoting the statistic that "80% of an enterprise's value lies within its IPR". This IPR normally being stored and managed in the form of information (or sometimes knowledge embedded within IT systems and IT enabled processes). Given that digital businesses now appear to be outstripping traditional models in terms of growth, profitability and survival, it is a good time to review the relationship in many enterprises between CIOs and CFOs, and many are beginning to question it.

Personally, I am not sure that either should report to the other. CIOs should be there to help grow and sustain enterprise value. CFOs have traditionally been there to husband and protect money, ensuring sensible separation of duties. My experience has been that CFOs tend to come in 2 types: those who control (and tend not to be that imaginative about how to grow a business) and those who are entrepreneurial (and tend to be a bit too lax about controlling money). The former type is a bad fit for IT, the latter may be a good fit for IT, but can be bad for the overall financial health of the business. 

I do think however, that there are things that CIOs can learn from CFOs, in terms of the way in which budgetary control is shared within a business, but with the CFO providing the governance framework and control. CIOs should be doing something similar with information governance, so that information quality is managed appropriately.
CIOs can give back too. Increasingly CFOs are expected to provide Management Information services based on management accounting and BI. there's a lot which CIOs can advise on there with respect to techniques for fast delivery and ensuring that information integrity is maintained.
Its time for genuine partnership to help grow the business.