Saturday, December 14, 2013

My 2013 Predictions Scorecard

What? It’s mid-December already? I barely blinked twice and the year has flashed by. That means it’s time to think about my predictions for the upcoming year. Yes, yes, I’m working on them already. But, as is my custom, I will do the right and honorable thing first and review here publicly how I did on my predictions for 2013. OK, taking a deep breath and here we go:
1. Facebook hits rocky ground
I predicted in January that Facebook would experience a slowdown. The company is of course doing well financially and the stock has recovered. Yet the year has passed without any major uproar about Facebook changing something, which is a sign that innovation has started tapering off. On the privacy front, the NSA became the top villain replacing Facebook. Since Facebook hit the magical mark of 1 billion users back in October 2012, there has not been much talk about user numbers. In fact, most media started reporting that teenagers are no longer hanging out on Facebook anymore since their grandparents befriended them. Things have definitely slowed down at Facebook.
I call this point for me: 1/1


2. Everything will be digital
I’ve predicted that 3D printing will trigger a major boom in CAD drawings and the management of CAD files. Yeah, I said back then that I might be pushing my luck on the timeline and sure enough, this hasn’t happened. Not yet. The 3D printing pioneer Chris Anderson has published a great new book called Makers and has given a bunch of inspiring speeches but the 3D printers are still used mostly to create lame plastic toys, albeit sometimes very creative ones.
This was definitely a miss and the score is now: 1/2
3. The rise of intellectual property management
My prediction was that the CAD boom will stir a debate about intellectual property as the CAD files are easy to pirate. Well, since the CAD boom didn’t happen, this one hasn’t played the way I predicted either and I won’t score a full point here. Yet, intellectual property management has become a huge issue behind managing rich media, particularly in the media and entertainment industry. IP rights management and the business processes related to securing, monitoring, renewing, and enforcing IP rights are a huge topic. Interestingly, Gartner just published a report called Gartner Top Predictions 2014: Plan for a Disruptive, but Constructive Future and the very same 3D-printing related IP security issue has been listed as one of the 10 predictions. Some Gartner analysts apparently read my blog :-)
I think I deserve a half point here.
Score: 1.5/3

4. Internet of iPhone things
The set of Wi-Fi connected gadgets that can be controlled with mobile devices has started growing like crazy. I love, love, love my Nest thermostat which allows me to come home to a warm house after a few days away. I use several WeMo power outlets and my Withings scale uploads my data straight into my Endomondo profile for precise calculation of calories burned. On my Christmas list are a Wi-Fi connected weather station, a WeMo light switch, and a hot tub thermometer (gotta have one of those!!!). I’m still looking for a good Wi-Fi controlled hot tub switch and a sprinkler switch if you know of any. And we are only just getting started.
This is a hit: 2.5/4
5. Mobile market predictions
I predicted that Apple would continue making a killing on margins while Google would keep going after revenue; there would be a price war among Android suppliers and RIM would keep struggling while hanging on to a small group of keyboard loyalists; Microsoft would not make a dent into the market and that would go multi-platform. Most of it happened. iPhone is the high-end status symbol while Android is going after market share. The Android phone vendors are killing each other with Samsung emerging as a big winner of this war. Blackberry is in trouble. Microsoft is still nowhere and if Stephen Elop takes over before the year’s end, we may even see some Microsoft products on iOS.
I’d say this was worth a point: 3.5/5


6. Censorship will succeed
I’ve predicted that after the barrage of government attempts to enact laws regulating the Internet, one of them actually passes. This has not happened but the government got most of what it wanted: tax income and access to everything. The tax income came since Amazon capitulated to California pressure to tax online purchases - a precedence that will likely lead to more taxation on the Internet. The access to everything came courtesy of the NSA that actually already had access to all the data on the Internet worldwide for years but we’ve only now learned about it thanks to the disclosures by Edward Snowden. Knowing that the government is watching will impact what we share on the Internet, which is effectively a form of censorship. Sadly, I score a point.
Score: 4.5/6
7. New wave of computers
I wrote last January that we will start seeing a broad adoption of wearable computers. Well, I might have been a bit too aggressive on my visioneering. Google pre-released the Glass but we can’t talk about a whole lot of adoption. In fact, it got kind of quiet around it for now. Pebble released its watch but as there are no useful apps, the excitement has also cooled off. Perhaps the only wearables that became popular are the fitness bands such as the FitBit or Nike FuelBand. I still believe that the wearable computers are coming but they haven’t made much of a dent yet in 2013. No point for me.
Score: 4.5/7
8. Responsive web design will become the buzz
My prediction was that there will be a lot of buzz about responsive web design. Its promise is to make web experiences look best on any device, no matter the screen size and form-factor. Responsive design has become a significant topic in the customer experience management and the digital marketing space. There has hardly been a conference where several sessions haven’t been dedicated to this subject. But I won’t pretend that this subject has reached the level of buzz of big data or NSA spying. Half a point will have to do.
Score: 5/8
9. Security finally becomes a market
Here, I predicted that customers finally start taking security seriously in the content management context and that convenience will not always win over security. The NSA spying scandal certainly sparked some heavy discussions and security and privacy have become a huge topic. People are waking up to the dire need for security – both at work and at home. The discussion is moving beyond just strong passwords. People understand the need for security and privacy. In fact, in some European countries, they are quite obsessed by it. We may not have all the answers today, but security and privacy are huge.
Score: 6/9


10. IT strikes back
Back in January, when everyone was still claiming that IT is dead and that the line of business managers will be buying their own software in the cloud as they please, I wrote that IT will re-gain power and importance again. After all, someone has to run all those systems, whether on the premises or in the cloud. Did that happen? Oh yes! The number one topic today is the CIO-CMO relationship and the overall sentiment is that the CIO is not only alive but needed more than ever before.
Score: 7/10
Scoring seven out of ten predictions is not quite a Nate Silver quality of clairvoyance but it is not bad. OK, there were a bunch of half points in there, which might suggest that I wasn’t quite right…but close enough. Predictions have to be bold enough to be wrong sometimes. Otherwise, where is the fun in that?
I plan to write my predictions again, and to be wrong sometimes. Stay tuned, I will publish them right after the holidays.

Wednesday, December 4, 2013

New Era of Digital Marketing

Over the last decade, marketing has been all about segmentation. The key to success was to communicate the most compelling message to the most relevant market segment.  That segmentation started first with some basic demographics such as age, gender, and location and eventually progressed to many more data points gathered about a potential buyer over time: company, role, title, income level, decision-making power, team size, purchase-influencing power, etc. The more the better! The principles are the same in B2C and B2B marketing.

Over time, the gathered data was analyzed and correlated with actual buying behavior which resulted in a more and more granular segmentation. You see the result of that every time you visit a grocery store. The data gathering happens using the “value card” which the clerks at the cash register insist you swipe every time you buy something. The card allows the marketers to collect the data about the mix of products you buy. With that, they can learn that you are buying, say, frozen pizza and beer on a work day at 9 pm. Such data gets correlated over a large data pool which then results in definition of a micro-segment of “personas” such as “stressed and overworked single males with poor nutritional habits”. As a result, they may try to place some healthy looking frozen vegetables next to that pizza to suggest you add some vitamins to your diet and to ultimately make you buy more products.

In the online world, data gathering is simple, there is always a digital trail from purchase requisitions and invoices. Therefore, online marketing has been based on segmentation from its early days. When you look at a book on dogs on Amazon, you will start getting suggestions about other books on dogs because ‘interested in dogs’ has been added to your profile as a result of your action. The system now has you tagged as a dog lover and assumes you need more dog-related products. It won’t stop until you look up a few other items which triggers new cross-promotions that eventually crowd out the books on puppies.

Obviously, this method is effective until the gathered data misguides the marketer. The software doesn’t know that it was really my young child checking out the book on dogs while still logged in as me. I may actually not at all be interested in dogs myself. Yet the “dog interest” tag is taking up space at the cost of my real interests - skiing, race cars, iguanas...whatever it is. The software tries to target me as a member of the smallest possible market segment, but the software doesn’t know me at all.

But that’s changing now. With the advent of digital marketing and software solutions such as customer experience management (CEM), customer relationship management (CRM), and marketing automation, the targeting is done not for a market segment but for a named individual. That individual is known by name and the software collects specific personal and professional information about that individual. This is not the fabled “market segment of one” - that approach was still following the path of finer and finer granularity by adding tags and metadata. The new era of online marketing is about knowing you and addressing you with messages and products that are relevant to you specifically.

This new approach to online marketing is promising to be much more effective for both, the marketers and the customers. The marketer only gets a shot or two before being banned into the spam penalty box and addressing you with the right message is crucial. You, on the other hand, only get exposed to messages and products that really could be of interest. Even if you are not shopping for a new sports car, hearing about the new model is actually fun if sports cars are your thing.

But collecting this kind of personal data is not without some challenges. Security and privacy come to mind right away. When the retailer gets hacked and segmentation data is compromised, the damage is relatively limited. OK, so I belong to the ‘interested in dogs’ market segment. That may or may not be a big deal. But if the compromised data includes the names and ages of my children and my home address, that could be a big deal. It sure would be for me!

Of course that’s why the gathering and use of such personal data is usually regulated by law or by compliance rules. Just think about all the regulations related to selling insurance, cars, or investment securities! The marketers, therefore, have to satisfy the regulators that they adhere to all the compliance rules and regulations that they are subject to. This is new territory for most marketing organizations. Remember how hard it was to comply with the do-not-call list and the double opt-in subscriptions? Satisfying the regulators about how we collect, analyse, and use personal data is a necessary requirement for digital marketing today.

That’s serendipitous, because this is where the worlds of CEM and enterprise content management (ECM) meet again. Giving up on the idea of a single platform for all content applications, web content management (WCM) has split from ECM a few years ago and eventually evolved into what we call today CEM. ECM remained focused on its core strengths - employee productivity and information governance. Yet exactly those information governance capabilities are needed to address the compliance requirements in the new world of digital marketing today. And so the two friends are meeting again to usher in a new era of digital marketing - with compliance.

Tuesday, November 12, 2013

What I Would Do As the New CEO of Microsoft

No, I have not received the call yet. Alan Mulally, the CEO of Ford, apparently has. So have a bunch of insiders including Stephen Elop of Burning Platform fame and Tony Bates, the former CEO of Skype - the only Microsoft product I still like to use today. Bill Gates apparently got the call but he said “no”. But as Steve Ballmer's era nears its announced end, the search for the new CEO is heating up. And when they call me, here is what I would do to fix Microsoft:

Steve Ballmer, Microsoft CEO
First, let’s figure out why Microsoft got itself into trouble. Their problems are clearly not related to financial performance. Microsoft is still making money hand-over-fist. The problem is the company’s perception. Microsoft is seen to be lacking innovation and relevance. Not that Microsoft has ever been considered a big innovator - in fact, entire books have been written documenting how pretty much every Microsoft product has been a reverse engineering of someone else’s innovation: Word was a remake of WordPerfect, Excel a copy of Lotus 1-2-3, Windows was inspired by Mac OS, Active Directory was 'stolen' from Novell NDS, XBox from Sony Playstation, Bing from Google...should I keep going?

So perhaps the lack of innovation is not the root cause of the Microsoft problem. Or at least not a new cause. But if not, what is? Well, I am convinced that it is Microsoft’s maniacal obsession with their single vendor stack. Back in the heydays when all the hardware vendors decided to try to copy IBM’s success in the PC business and they all started making PCs, this strategy was perfect. Everybody had the same PC architecture that came preloaded with a Microsoft Windows operating system and so every computer was able to run Microsoft software. To their credit, Microsoft made all that software pretty well integrated and the IT departments had to support homogeneous environments where every employee had the same system. Everybody was happy. What computer we used at home didn’t really matter because it was usually a generation or two behind and we couldn’t bring it to work anyway.

Today, all of that changed. Thanks to the success of Apple and Google, the computer landscape is much more heterogenous. Operating systems such as iOS and Android have a significant market share and Windows is no longer the only game in town. The devices we use at home are better than the ones we have at work and it is easy to bring them to work and to use them for work. The ultimate Microsoft nightmare is that they don’t run Windows. As a result, all that Microsoft software doesn’t run on many of the computers we use. There are a few exceptions such as Microsoft Office for Mac and my trusted Skype which ran pretty much on everything already before Microsoft acquired the company.

Yet Microsoft continues insisting on the no longer existent Microsoft-only world. For example: SharePoint only has a Windows client, Office doesn’t run on iOS or Android, and every Microsoft online service requires a Microsoft Hotmail email address...seriously?

If I were to become the new Microsoft CEO, I would change one main thing. I would stop the Microsoft myopia madness. I would make the different company divisions accountable for their revenue independent of the concerns for any other division. If the Office group wants to port their applications to iOS or Android, let’s have a go at it! If the Windows group decides to make their OS available on a Mac or iPad, let’s do it! If the Nokia team can make a case for offering an Android based device, don’t stop them! Let the XBox group make their games available on other consoles such as Sony Playstation or Nintendo Wii. Embrace tablets that people actually use - not just the ones from Microsoft. Stop playing defense! Stop always worrying about how does your move impact the “cash cow”, the installed base. Open up your strategy, open your software, open your imagination!

If Microsoft needs to defend anything, it is not their profits, not the revenue, and not the installed base. It needs to defend their market share. That’s not an easy play for a company that has been used to 95% market share for a couple of decades. Talk about being out of the comfort zone… The market share I’m talking about is the market share of all eyeballs at all times. Not just the PCs. It includes business users just as consumers. It includes desktops, smart phones, tablets, game consoles, TVs, and now also home security systems, thermostats, and wearable computers. That’s the game that Apple and Google are playing and Microsoft has to engage them on their turf. Even books, newspapers, and movie theaters are the competition!

That’s the market share that matters. Expecting that someone would ever buy all these products from a single vendor, even one as big and strong as Microsoft, is simply foolish. The world of the Internet of Things cannot be based on a single vendor’s stack. There are simply too many “things” out there. Microsoft has no choice but to open itself up on every layer of the stack.

That is the key thing that I would change if I were the new CEO of Microsoft.

Thursday, October 24, 2013

Hugging the Wrong Tree?

 
October 24 is World Paper Free Day. It’s an opportunity to remind ourselves about how far we still have to go towards a significant reduction of paper consumption. Particularly in the office, the amount of paper still in use is mind-blowing. We have been predicting a paper-free office for decades and yet it appears that we have a long way to go. Every one of us knows someone who still prints out all his or her emails… The World Paper Free Day is a worthy cause that we should all be behind. In fact, it shouldn’t be just for a day but for a year. Every year.

Wait a minute. Is it really the most important cause? Don’t take me wrong—I may not be wearing Birkenstocks, but I am closer to a tree hugger than a city slicker. Mass scale deforestation is a huge problem. Trees generate oxygen, provide animal habitat, give us shade, prevent erosion, and retain water. Trees are vital to our survival, and we need to protect them. And yet…trees are a renewal resource!

The fact is that trees do grow back, and trees for paper mills are being planted in managed timberlands based on a long-term plan. 84-91% of paper pulp is made from waste wood that was traditionally burned, and paper itself is a highly recyclable material. Newspapers, for example, are printed on paper that is made of 20-100% recycled material, and about 75% of print paper in the US is being recovered. Paper is also non-toxic and relatively benign as a pollutant—out of all things that end up in the landfill, paper is the least of our problems.

The next question is: what is replacing paper? Sure, bits and bytes in our computers, tablets, and e-readers. But those bits and bytes require energy to run, and in the case of Amazon, Apple, or Google, the “electronic paper” comes out of massive datacenters that require huge amounts of energy. That energy comes from burning oil or coal, which is hardly benign. Also, all those electronics have a limited life expectancy, and the old, replaced models represent a massive pollution issue. They are a huge problem in landfills.

We should perhaps focus our efforts on solving a bigger problem than the elimination of paper. Sure, there are other good reasons to eliminate paper than ecological: paper is perishable and thus not reliable as a way to preserve information, paper is hard to search and process, paper takes too much space to store…I could go on and on—I have been marketing these benefits for years. But a World Oil Free Day would make a much bigger difference. After all, unlike the price of oil, the price of paper is not really impacting the health of the global economy, and I don’t think there has ever been a war started because of paper…

Happy World Paper Free Day! 

Tuesday, September 10, 2013

Keeping the Bad Guys Out

This blog post has been written for the WIRED Innovation Insights blog where it was published on September 9, 2013. You can find the original post here.

Just as we thought the WikiLeaks problem had faded away, we got a little reminder recently through the Bradley Manning sentencing. As much as this issue is very polarizing and the public’s perception of Manning ranges from high treason to martyrdom, the fact remains that our information is not secure today.
What? The multi-billion dollar industry that produces all the security products has failed us? All those sophisticated encryption algorithms don’t protect our data? What about the firewalls, multi-factor authentication, VPN, and SSL that we have been deploying?
Sure, all those technologies are very powerful and they indeed do address some of the major information issues. Authentication ensures that the person accessing the information really is who he or she claims to be. Firewalls keep out everyone without authorization. Encryption tools such as VPN, SSL, or PGP prevent snooping on the data as it travels from system to system. All of this is great, but it has a major flaw!
The problem with most of our information security to date is that it has been designed to keep the bad actors out. When you keep the bad guys out, your information is safe. Right? Well, not exactly. As the WikiLeaks, and more recently, the Edward Snowden examples show, the critical information leaks can happen by the hand of the authorized personnel. The leaks occur by the people who have legitimate access to the information and who are not considered a security threat to the information that all these security measures are designed to protect.
This issue must be quite unsettling to any strategic CIO. They may not be telling their boss, but their data is only as secure as their employees can be trusted. On top of that, it’s not just the malicious information leaks that are a concern. Most information leaks happen through negligence, without any malicious intent. Have you ever sent an email accidentally to the wrong person? If you have (and let’s be honest, who hasn’t?), you were just lucky that the attachment didn’t contain any state secrets.
Such “authorized information leaks” become even more of an issue in the era of mobile devices and cloud based file sharing and synchronization. There is a plethora of services, such as Dropbox, Microsoft SkyDrive, and Google Drive, that make it very easy for people to share information across their accounts and devices -- corporate and privately owned. When the employees leave, they take those accounts with them -- together with all the confidential information. There may not be any malicious intend behind this but it is a worrisome information leak nevertheless.
So what can we do? Sure, we can intensify the background checks on our new hires, train employees, and test their loyalty through psychological tests but these methods are hardly practical outside the high security agencies. We can also employ some of the new breed of security solutions such as SIEM (security information and events management), which monitors the data traffic patterns and looks for anomalies to detect security breaches (albeit usually after the fact).
But we should also never underestimate the need to establish solid information governance across the organization -- a way to properly organize the information, to determine where the information should be stored and who has access to it. Information leaks are a much more frequent occurrence in a messy environment where nobody really knows what information they actually possess and where it lives.
Lastly, we should expect information security vendors to start focusing their innovation on areas beyond traditional perimeter security. Complete information security may not be a solved problem today, but let’s hope it won’t stay like that forever.

Sunday, July 14, 2013

Content Management and the Desktop Manufacturing Revolution

I had the opportunity recently to attend a keynote by Chris Anderson, the former chief editor of Wired magazine and now CEO of 3D Robotics and author of books such as The Long Tail and Makers. His inspiring presentation was about the advent of 3D printing which he says will revolutionize manufacturing and ultimately change our lives the same way computers did. Just as desktop publishing and desktop printers revolutionized printing and as computers changed music recording, video production, photography, publishing, and other creative activities, manufacturing of physical objects will go through a similar disruption as a result of “desktop manufacturing”.
Chris Anderson
Let’s be clear, 3D printing is still in its infancy. What you can create on the $1,000-$2,000 home printers are mostly some cheesy plastic toys with little practical use. Even the professional grade 3D printers which cost many thousands of dollars are very much limited by the choice of materials, colors, and shapes. But Mr. Anderson is making the point that the first desktop printers were also quite limited in what they could deliver. Just a decade or so later, however, the laser and inkjet printers could handle photo-grade colors and resolutions at a very affordable price. Based on that, we should see some amazing manufacturing capacity in every office and every home within a decade!

What I find interesting about the desktop manufacturing revolution is its likely side effect - the need to manage CAD files. Today, CAD files created by applications such as Autodesk's AutoCAD or Bentley Software's MicroStation are the domain of a relatively small world of highly skilled specialists. Sure, there may be hundreds of engineers and designers using CAD software at companies such as BMW or GE but most of us never touch a CAD file. Now, 3D printing may be changing that.

There is a new generation of CAD tools emerging that enable much easier creation and sharing of CAD drawings. New software such as Autodesk's 123D Catch enable regular users like you and me to create our own computer models of physical objects by simply 'scanning' them with an iPad. There are also new sites that facilitate the sharing and selling of such computer models. If we have a 3D printer on every desk ten years from now, all of us will be managing our CAD files the way we manage our music or video files in iTunes today.

This is exciting news for the enterprise content management (ECM) industry which included engineering content management solutions for many years. This type of software is really a niche subcategory of ECM today. However, that may be changing soon! CAD files tend to be very complex with many layers of data stacked upon the core structural model of a given object.

Just think of a car with its electrical system, fuel system, cooling system, heating and air conditioning, etc. Each of these systems represents multiple layers that all comprise a CAD drawing. All these layers need to be managed separately because they are worked on by different engineers and they need to be shared with suppliers and subcontractors. However, the entire project also has to be managed as a single entity to make sure all of the systems are delivered on time for the actual product release. All of this leads to a lot of complexity that can only be solved by an enterprise content management system.

Soon, all of us will need some type of a content management solution with the ability to manage CAD drawings natively. In the consumer space, that may be still relatively simple - just like iTunes does an acceptable job at managing my music connection (well, it does a rather poor job, really, but that's a different topic). In the enterprise, however, we will need an entirely different type of a solution with enterprise-grade requirements for versioning, security, collaboration, process management, compliance, etc. That is good news for the ECM vendors.

Besides the need to natively manage CAD files, I also expect the emergence of another type of software - security and intellectual property management. Digital CAD drawings and computer models are easy to share - and easy to steal. This will lead to a massive black market for original CAD plans of expensive physical products. Indeed, as the 3D printers become capable of reproducing complex, high quality objects, the day will come when it will be much easier to get the plans for a new Rolex and print it yourself rather than buying one.

To avoid going down the same path as the music industry, the CAD industry will need a lot of enterprise content management.

Monday, July 1, 2013

My Thoughts On PRISM

Front page of The Guardian on June 10
The British newspaper The Guardian published for the first time on June 7, 2013 information about a large-scale data surveillance program called PRISM. Based on the information obtained from the former CIA employee Edward Snowden, the US government has been collecting vast volumes of personal data from cloud based services provided by US companies that represent the who-is-who of the high-tech world: Google, Apple, Facebook, Microsoft, etc. Based on the recent news updates, it looks like other governments have been doing the same.

This is very worrisome.

I am not surprised that the government is collecting all this data. It is too easy and too tempting. With the USA PATRIOT Act of 2001, it is probably even legal - at least based on the intelligence agencies’ interpretation of the law. Comparisons of how the government respects our paper mail while snooping our email are complete nonsense. The government respects the paper mail because it has no ability to snoop it. US Mail is a highly distributed system that handles data that is hard to duplicate - paper letters. Intercepting them all is practically impossible and copying them is difficult. Even if they did, they would end up with warehouses full of paper that would be highly impractical to search through.

Compared to that, collecting our electronic data is rather easy. The data is highly centralized and accessible through a few central choke points called Google, Facebook, etc. It is very easy to copy, and when stored, it is relatively easy to search through - just search for your name on Google and you get the idea of what the government has to do. Sure, storage and organization of all that data represents a challenge - a real “Big Data” challenge - but nothing that can’t be solved today.

As for privacy, let’s not kid ourselves. The government, the intelligence agencies, and the law enforcement don’t have much regard for our privacy. Have you flown on a plane in the last decade? They make you take off your shoes, your sweater, and your belt. They capture a picture of your naked body. They look through your luggage and make you bare your toiletries. They have an extensive data profile on you with all the info from your passport and often also your fingerprints and retina scan. They keep a record of all your flights and border crossings. If they like, they give you a thorough pat down. What makes you think that they would hesitate to search through your email - your data that you are not even keeping on your own premises?

Now, let’s consider the other side of this coin. So, the government has a copy of all our emails, Facebook posts, tweets, and then some. That’s billions and billions of data records. There is no way that human eyes could possibly review all these records. In fact, when a human review is  needed, it can become pretty daunting - I wrote about this type of big challenge in my article The Only Hope for Privacy? The point is that only computer algorithms are looking at your personal data and they will only raise a flag if your data pattern suggests a behavior of interest - terrorist related activities, tax evasion, drug trafficking, etc. You could argue that if you are engaged in any such activity, the feds should be looking at your data. Right?

Well, no. This is exactly the type of an orwellian surveillance state that knows too much about its citizens and it doesn’t take long to start flagging any behavior the state deems adverse. It takes a frighteningly small step from snooping your data to killing your freedom of speech. That leads to the state telling citizens what to do and how to behave which is called dictatorship. That’s not what the US Constitution is about. That’s not what freedom, liberty, and justice are about. This is not the ideal upon which the United States have been founded. We must not allow this to happen. That’s what Edward Snowden was thinking when he decided to blow the whistle.

Now let’s be clear, there are some concerning questions about Edward Snowden that should be answered. I don’t blame him that he went public with classified information. While that is against the rules (against the law), he obviously didn’t have the option of blowing the whistle the proper way - by informing to his supervisor, HR department or Chief Legal Counsel. Those are the guys behind the mass surveillance. But he did have the option to disclose the information anonymously and I wonder why he didn’t. I also wonder why he ended up hiding in China and Russia which are officially friendly nations but, honestly, I’d feel better if he was hiding in the United Arab Emirates or Indonesia which are also non-extradition countries. Going public in his own name and doing it in China rings a little alarm bell for me. But still, Edward Snowden appears to have done the honorable thing, albeit illegal.

So, where do we go from here? Well, this is a tough one. Our technology has created a monster by making all of our data readily available to snooping. We have also created a climate of public paranoia that places security above privacy. At least perceived security as there is no real evidence that all those security measures such as airport security controls or cameras on city streets yielded any tangible security increase for the citizens. The number of terrorists that the TSA caught in the last 10+ years is exactly zero while the annual TSA budget is $8 billion (source: BusinessWeek). Both of these things are a genie that won’t easily go back into the bottle.

In the end, I hope that we will educate ourselves enough to better understand how to handle our information to keep at least some of it private. Maybe, not all the data should end up in the Cloud after all! I also hope that the security vs privacy pendulum swings back and finds some point of equilibrium that will make our lives more pleasurable. The excessive security that has become part of our daily lives is the kind of asymmetric response that I wrote about two years ago. Because every time I get a thorough pat down at the airport, I can’t help thinking that the bad guys might have won when they set out to make our lives miserable.

Wednesday, June 12, 2013

What Features Ensure Compliance?

I hear the word ‘compliance’ tossed around all the time but I suspect that many of those using the word only have a very vague idea about what it means. Compliance usually refers to the adherence to the rules that have been imposed upon you by the law or some type of regulatory body. But what technical capabilities are required to actually comply with such legal and regulatory requirements?

First, let’s be clear. You don’t use the word compliance when you are referring to something that you really want to do. Compliance usually means an inconvenience that you are required to do. It rarely saves you time or money. However, compliance is designed to protect you from failure, from disruption, from poor quality, from wrong decisions, from danger, from injury, and - if you live in America you’ve probably guessed it - from lawsuits. Various parties may be interested in protecting you from all of those risks. It could be a consumer safety regulator (i.e. the FDA in the pharma industry), your government (federal, state, or local), or your employer. But how does that actually work?

First, compliance often means to assure that proper authorization is in place for important decision making. That starts with access control - making sure that the right people have access to pertinent information at the right time. That usually involves a dose of security - preventing any unauthorized actor from manipulating the information or the decisions.

The decisions themselves are often required to be documented in a non-repudiable way. This is where electronic signatures come in. Unlike digital signatures which deal with mimicking the paper-based ‘wet signature’ in a digital form, e-signatures are all about capturing who, when, what and why. Electronic signatures are simply a data object with name, date, and brief justification that become attached to a version of a document. When someone changes the document version, the e-signature is invalidated. “I didn’t sign off on this version of the medication packaging” is what e-signatures are all about in the pharma industry’s FDA’s CFR 21 Part 11 regulation.

Other compliance requirements, such as Six Sigma and the various ISO customer service quality standards, ask to ensure that certain mandatory process steps are completed before the process can advance to the next stage. This is where technologies such as workflow  and BPM come in - workflow for processes where all steps occur within a single system and BPM for processes that cross multiple systems.

At the end of any process, many regulations require that all the artifacts are stored as proof in case of a potential audit or lawsuit. That’s the role of archiving and of course also records management. Records management not only stores the required information for a prescribed period of time, it also classifies the records to assign them a retention policy that specifies how long the record is to be kept and what should happen with it when the retention expires. Records management also deals with requirements such as legal holds (pausing of any record shredding during a lawsuit) and secure records disposal to prevent forensic recovery.

Finally, many regulations require the ability to trace back any steps for the purposes of an audit or investigation of an incident. This is where auditing comes in with the ability to record a timestamp for every event in an audit trail and the ability to easily review and analyze the audit trail.

There are many other capabilities that may be part of a compliance solution. The specific regulations drive the requirements. Beyond access control, e-signatures, workflow/BPM, archiving, records management, and auditing, compliance requirements may include search, publishing, secure communication, collaboration, and many other capabilities. Records management has been receiving plenty of attention lately; so much that many equate compliance to records management. Yet there is much more to compliance than records  which is what I wanted to show in this post.