Replay: Can Brands Keep Their Promise?

Director of Customer Programs, Constellation Research
Constellation Research

Carole oversees the Constellation Executive Network, an executive community for innovative senior leaders who value strategic guidance from trusted advisors who understand the power of disruptive technologies. Carole brings over 15 years of marketing, strategic account management, and operations experience, specializing in high technology and professional services. She holds a BA from Santa Clara University and a MBA from Thunderbird, School of Global Management.     ...

Read more

If you missed the conversation between Dr. Natalie Petouhoff and Dr. Janice Presser about whether brands can keep their promise, you can catch the replay now. From popular brands, ranging from Taco Bell to Starbucks and Virgin Airlines, both experts offer their inisghts on what is needed for brands to stay authentic and offer memorable customer experiences that keep customers coming back for more. 

Feel free to tweet either of them to join the conversation and share what brands "get it" and "do it right" that come to your mind. @drnatalie @drjanice

What you’ll learn: 

1. Why it’s important for brands to keep their promise
2. How organizational change is affecting the ability to deliver true transformation digital customer experiences
3. How technology must be integrated with people and process to deliver what customers expect

Also, Dr. Janice is extending a special offer to anyone how checks out the replay to try her Teamability experience. Spoiler alert: The offer is provided at the end of the webcast.

Improving the position of the CISO

Steve Wilson

Former Vice President and Principal Analyst
Constellation Research

Steve Wilson is former VP and Principal Analyst at Constellation Research, leading the business theme Digital Safety and Privacy. His coverage includes digital identity, data protection, data privacy, cryptography, and trust. His advisory services to CIOs, CISOs, CPOs and IT architects include identity product strategy, security practice benchmarking, Privacy by Design (PbD), privacy engineering and Privacy [or Data Protection] Impact Assessments (PIA, DPIA). Coverage Areas: -  Identity management, frameworks & governance-  Digital identity technologies-  Privacy by Design -  Big Data; “Big Privacy”-  Identity & privacy innovation Previous experience: Wilson has worked in ICT innovation, research, development and analysis for over 25 years. With double…...

Read more

The Future of the Security Industry and Career Advice for Chief Information Security Officers

Over the years, we security professionals have tried all sorts of things to make better connections with other parts of the business. We have broadened our qualifications, developed new Return on Security Investment tools, preached that security is a "business enabler", and strived to talk about solutions and not boring old technologies. But we've had mixed success.

Once when I worked as a principal consultant for a large security services provider, a new sales VP came in to the company with a fresh approach. She was convinced that the customer conversation had to switch from technical security to something more meaningful to the wider business: Risk Management. For several months after that I joined call after call with our sales teams, all to no avail. We weren't improving our lead conversions; in fact with banks we seemed to be going backwards. And then it dawned on me: there isn't much anyone can tell bankers about risk they don't already know.

Joining the worlds of security and business is easier said than done. So what is the best way for security line managers to engage with their peers? How can they truly contribute to new business instead of being limited to protecting old business? In a new investigation I've done at Constellation Research I've been looking at how classical security analysis skills and tools can be leveraged for strategic information management.

Remember that the classical frame for managing security is "Confidentiality-Integrity-Availability" or C-I-A. This is how we conventionally look at defending enterprise information assets; threats to security are seen in terms of how critical data may be exposed to unauthorised access, or lost, damaged or stolen, or otherwise made inaccessible to legitimate users. The stock-in-trade for the Chief Information Security Officer (CISO) is the enterprise information asset register and the continuous exercise of Threat & Risk Assessment around those assets.

I suggest that this way of looking at assets can be extended, shifting from a defensive mindset to a strategic, forward outlook. When the CISO has developed a birds-eye view of their organisation's information assets, they are ideally positioned to map the value of the assets more completely. What is it that makes information valuable exactly? It depends on the business - and security professionals are very good at looking at context. So for example, in financial services or technology, companies can compete on the basis of their original research, so it's the lead time to discovery that sets them apart. On the other hand, in healthcare and retail, the completeness of customer records is a critical differentiator for it allows better quality relationships to be created. And when dealing with sensitive personal information, as in the travel and hospitality industry, the consent and permissions attached to data records determine how they may be leveraged for new business. These are the sorts of things that make different data valuable in different contexts.

CISOs are trained to look at data through different prisms and to assess data in different dimensions. I've found that CISOs are therefore ideally qualified to bring a fresh approach to building the value of enterprise information assets. They can take a more pro-active role in information management, and carve out a new strategic place for themselves in the C-suite.

My new report, "Strategic Opportunities for the CISO", is available now.

Musings - The Dilemma with Cloud Infrastructure Upgrades

Holger Mueller

Vice President and Principal Analyst
Constellation Research

Holger Mueller is VP and Principal Analyst for Constellation Research for the fundamental enablers of the cloud, IaaS, PaaS and next generation Applications, with forays up the tech stack into BigData and Analytics, HR Tech, and sometimes SaaS. Holger provides strategy and counsel to key clients, including Chief Information Officers, Chief Technology Officers, Chief Product Officers, Chief HR Officers, investment analysts, venture capitalists, sell-side firms, and technology buyers.  Coverage Areas: Future of Work Tech Optimization & Innovation  Background: Before joining Constellation Research, Mueller was VP of Products for NorthgateArinso, a KKR company. There, he led the transformation of products to the cloud and laid the foundation for new Business Process as a…...

Read more

The recent outage that occurred for Microsoft Azure prompted me to collect some thoughts on the challenges of upgrading cloud infrastructure. 

The inherent challenge of cloud infrastructures is also their biggest advantage – a consistent landscape of compute, storage and networking resources that are elastic for its subscribers. The more common the infrastructure is, the better the economies of scale for the subscribers and the provider. The challenge is when pieces of the infrastructure are supposed to be or need to (think the recent security risk in VMs) upgraded. So it makes sense to differ between planned upgrades and emergency upgrades in the further considerations.

• Testing – Needless to say, upgrades should be tested before exposed at all, to a limited or to the overall subscriber community. But anyone who has ever build software knows, that you can never test for the real thing, the go-live to 100%. That is not a cop out though and every serious cloud provider needs to test infrastructure upgrades before rolling them out. Labs, test instances and test data centers are a good vehicle to do so. The next phase needs to be a pilot phase – with the awareness of customers. Works great when it is a new piece being rolled out that is optional. Things change when the upgrade is related to a core piece of the architecture and de-facto must be used by all subscribers (e.g. security, networking etc.). Of course all these testing questions pretty much fly out of the window in emergency situations, triggered by threats – or bad upgrades. Rollbacks on infrastructure are a must, but have limitations in the real world. 

• Redundancy – Having enough redundancy in the infrastructure is key, e.g. being able to operate a cloud data center on two sets of switches / switch software releases. At least for the test data centers. But that all costs money and drives up the subscription prices, something cloud providers don’t want. But it can’t be done for all upgrades, note the noise in the cloud space when e.g. Amazon AWS was not able to provide enough ‘safely patched’ VMs to transfer the load from the ones that had to be patched. The same must have happened (so observers were less vocal) at all other cloud providers, as there was simply not enough compute around to have enough freshly patched servers available. Finally redundancy considerations are irrelevant in emergency situations. 

• Isolation – A good public cloud infrastructure should work like the human organism. When bad things happen the rest of the infrastructure steps up to carry the load while isolating and insulating the part (aka servers, network infrastructure, data centers, backup sites etc.). Whenever isolation fails – see this week’s Azure problem – challenges to service levels get out of hand. But then to be fair, there are upgrades where you cannot afford isolation, e.g. in the Day 1 exploit remedy. 

• Recovery vs Upgrade Speed – At the end of the day it all comes back to 2 speeds in which IT resources can be transformed. With upgrade speed I refer to the speed a provider can rollout out an upgrade across its infrastructure – with recovery speed I refer to the speed a provider can undo the latest change in case there was an issue. If recovery speed exceeds upgrade speeds by magnitudes, the provider is usually on the good side. If the two speeds become similar, it gets increasingly risky as e.g. a 2 hour planned downtime requires another 2 hour unplanned downtime to recover. When recovery speed is slower than upgrade speed (as in Azure’s case this week, though the details are not fully public – maybe even understood) then a provider is in trouble. When recovery time takes much, much longer than upgrade time, then it’s a pretty risky upgrade. 

The cloud GAU

I am lacking internet access while typing this – so using the German term from nuclear engineering – Groesster Anzunehmender Unfall – the largest thinkable accident. The good news is, that for compute and network upgrades, downtime solves the issue. Restart the server, give it the right software and all should be fine. Take the network down, roll it back and all should be fine. Ugly, downtimes, bad press, SLAs out of the window – but a remedy that is well understood. Same works for basic storage issues.

But for late discovered storage issues at high cost – it maybe game over for a cloud infrastructure. Anyone in traditional on premise enterprise software knows the scenario. A customer upgrades, incl. data conversion with non back ward compatible schema changes, and a major issue is only uncovered months in the usage of the upgraded system. So all and a lot of storage needs to be rolled back, while keeping the lights on and while fixing the issue. And because it’s data that clients cannot afford to loose, the provider needs to make a lot of copies of it. If you simply don’t have the storage capacity for it – it’s game over. I doubt any cloud provider has the same amount of strorage available just for that case. The above isn't purely theoretical, I have seen this twice in my 25 year enterprise software career, and if it can happen on premise, it can happen in the cloud – at least theoretically – too.

Questions cloud customers should ask

So here are a few questions customers should ask their cloud providers:

• How do you test infrastructure upgrades?
• How do you isolate data centers (and us as a customer) from upgrades
• What is the level of redundancy on a compute, storage and network level that you have to test and isolate upgrades
• What is your approach and philosophy in regards of upgrade vs recovery speed
• How fast can I get my vital data out of your infrastructure?
• ...

MyPOV

It’s the early days of the cloud and both customers and vendors need to learn and grow up. That includes the industry observers, as I was appalled to find nothing on the topic of cloud upgrades. Not sure if they vendors will tell the public, but it’s overdue that influencers on the media and analyst side start asking the questions. I will. 

 

----------

 

More recent posts on cloud:

 

• Event Report - AWS re:Invent - AWS becomes more PaaS on own IP - read here
• Musings - Are we wittnessing the birth of the enterprise cloud? Read here
• News Analysis - SAP and IBM partner for cloud success - a good move - read here
• Event Report - Oracle OpenWorld - Oracle's vision and remaining work become clear - and both are big - read here
• Market Move - Cisco wants to acquire MetaCloud - getting more in the cloud game - read here
• News Analysis - HP acquires Eucalypus - Genius or panic at Page Mill Road? Read here
• news Analysis - IBM and Intel partner for cloud security - Read here
• Event Report - VMWare makes a lot of progress - but the holy grail is still missing - read here
• News Analysis - SAP committs to OpenStack and CloudFoundry - Key Steps - but what's the direction? Read here
• Event Report - Microsoft TechEd - Day 1 Keynote takeaways - read here

The New Collaboration UI?

Alan Lepofsky

Vice President & Principal Analyst
Constellation Research

Alan Lepofsky - VP and Principal Analyst, Constellation Research. With almost two decades of experience in the collaboration software industry, Lepofsky helps organizations improve the way their employees work together to get their jobs done. Lepofsky’s primary research area The Future of Work, focuses on: integrating collaboration and business processes (Purposeful Collaboration), structuring work via Social Task Management, leveraging analytics and digital assistants to work more productively, the strategic impact of mobile computing on business transformation, and measuring workforce culture based on Digital Proficiency instead of age. Twitter: @alanlepoLinkedIn: https://ca.linkedin.com/in/alanlepo     , Title: Big IdeasIntelligent Collaboration: The Intersection of…...

Read more

Remember when every software product was designed to look like Facebook?

Now it appears a new "common UI" being used in many of the new collaboration tools.  

Here's a quick UI comparison of Slack, Glip, Unify Circuit and Cisco Project Squared.