gotofail and a defence of purists

Steve Wilson

Former Vice President and Principal Analyst
Constellation Research

Steve Wilson is former VP and Principal Analyst at Constellation Research, leading the business theme Digital Safety and Privacy. His coverage includes digital identity, data protection, data privacy, cryptography, and trust. His advisory services to CIOs, CISOs, CPOs and IT architects include identity product strategy, security practice benchmarking, Privacy by Design (PbD), privacy engineering and Privacy [or Data Protection] Impact Assessments (PIA, DPIA). Coverage Areas: -  Identity management, frameworks & governance-  Digital identity technologies-  Privacy by Design -  Big Data; “Big Privacy”-  Identity & privacy innovation Previous experience: Wilson has worked in ICT innovation, research, development and analysis for over 25 years. With double…...

Read more

The widely publicised and very serious "gotofail" bug in iOS7 took me back ...

Early in my career I spent seven years in a very special software development environment. I didn't know it at the time, but this experience set the scene for much of my understanding of information security two decades later. I was in a team with a rigorous software development lifecycle; we attained ISO 9001 certification way back in 1992. My company deployed 30 software engineers in product development, 10 of whom were dedicated to testing. Other programmers elsewhere independently wrote manufacture test systems. We spent a lot of time researching leading edge development methodologies, such as Cleanroom, and formal specification languages like Z.

We wrote our own real time multi-tasking operating system; we even wrote our own C compiler and device drivers! Literally every single bit of the executable code was under our control. "Anal" doesn't ever begin to describe our corporate culture.

Why all the fuss? Because at Telectronics Pacing Systems, over 1985-1989, we wrote the code for the world's first software controlled implantable defibrillator, the Guardian 4210.

The team spent relatively little time actually coding; we were mostly occupied writing and reviewing documents. And then there were the code inspections. We walked through pseudo-code during spec reviews, and source code during unit validation. And before finally shipping the product, we inspected the entire 40,000 lines of source code. That exercise took a five person team working five hours a day for two months.

For critical modules, like the kernel and error correction routines, we walked through the compiled assembly code. We took the time to simulate the step-by-step operation of the machine code using pen and paper, each team member role-playing parts of the microprocessor (Phil would pretend to be the accumulator, Lou the program counter, me the index register). By the end of it all, we had several people who knew the defib's software like the back of their hand.

And we had demonstrably the most reliable real time software ever written. After amassing several thousand implant-years, we measured a bug rate of less than one in 10,000 lines.

The implant software team had a deserved reputation as pedants. Over 25 person years, the average rate of production was one line of debugged C per team member per day. We were painstaking, perfectionist, purist. And argumentative! Some of our debates were excruciating to behold. We fought over definitions of "verification" and "validation"; we disputed algorithms and test tools, languages and coding standards. We were even precious about code layout.

Yet 20 years later, purists are looking good.

Last week saw widespread attention to a bug in Apple's iOS operating system which rendered a huge proportion of website security impotent. The problem arose from a single superfluous line of code - an extra goto statement - that nullified checking of SSL connections, leaving users totally vulnerable to fake websites. The Twitterverse nicknamed the flaw #gotofail.

There are all sorts of interesting quality control questions in the #gotofail experience.

• Was the code inspected? Do companies even do code inspections these days?
• The extra goto was said to be a recent change to the source; if that's the case, what regression testing was performed on the change?
• How are test cases selected?
• For something as important as SSL, are there not test rigs with simulated rogue websites stress test security systems before release?

There seems to have been egregious shortcomings at every level: code design, code inspection, and testing.

A lot of attention is being given to the code layout. The spurious goto is indented in such a way that it appears to be part of a branch, but it is not. If curly braces were used religiously, or if an automatic indenting tool was applied, then the bug would have been more obvious (assuming that the code actually gets inspected by humans).

I agree of course that layout and coding standards are important, but there is a much more robust way to make source code clearer.  Beyond the lax testing and quality control, there is also a software-theoretic question in all this that is getting hardly any attention: Why are programmers using ANY goto statements at all?

I was taught at college and later at Telectronics that goto statements were to be avoided at all cost. Yes, on rare occasions a goto statement makes the code more compact, but with care, a program can almost always be structured to be compact in other ways. Don't programmers care anymore about elegance in logic design? Don't they make efforts to set out their code in a rigorous structured manner?

The conventional wisdom is that goto statements make source code harder to understand, harder to test and harder to maintain. Kernighan and Ritchie - UNIX pioneers and authors of the classic C programming textbook - said the goto statement is "infinitely abusable" and it "be used sparingly if at all." The Telectronics implant software coding standard prohibited goto statements, without exception.

Hard to understand, hard to test and hard to maintain is exactly what we see in the flawed iOS7 code. The critical bug never would have happened if Apple too banned the goto.
Now, I am hardly going to suggest that fanatical coding standards and intellectual rigor are sufficient to make software secure. It's unlikely that many commercial developers will be able to cost-justify exhaustive code walkthroughs when millions of lines are involved even in the humble mobile phone. It's not as if lives depend on commercial software.

Or do they?!

Let's leave aside that vexed question for now and return to fundamentals.

The #gotofail episode will become a text book example of not merely mention attention to detail, but moreover the importance of disciplined logic, rigor, elegance, and fundamental coding theory.

Yet a deeper lesson perhaps in all this is the fragility of software. Prof Arie van Deursen nicely describes the iOS7 routine as "brittle". I want to suggest that all software is tragically fragile. It takes just one line of silly code to bring security to its knees. The sheer non-linearity of software - the ability for one line of software anywhere in a hundred million lines to have unbounded impact on the rest of the system - is what separates development from conventional engineering practice. Software doesn't obey the laws of physics. No non-trivial software can ever fully tested, and we have gone too far for the software we live with to be comprehensively proof read. We have yet to build the sorts of software tools and best practice and habits that would merit the title "engineering" (See also "Security Isn't Secure).

I'd like to close with a philosophical musing that might have appealed to my old mentors at Telectronics. We have reached a sort of pinnacle in post-modernism where the real world has come to pivot precariously on pure text. It is weird and wonderful that engineers are arguing about the layout of source code - as if they are poetry critics.

We have come to depend daily on great obscure texts, drafted not by people we can truthfully call "engineers" but by a largely anarchic community we would be better of calling playwrights.

New C-Suite Next-Generation Customer Experience Digital Safety, Privacy & Cybersecurity Security Zero Trust Chief Customer Officer Chief Executive Officer Chief Information Officer Chief Information Security Officer Chief Privacy Officer

FIDO Alliance goes from strength to strength

Steve Wilson

Former Vice President and Principal Analyst
Constellation Research

Steve Wilson is former VP and Principal Analyst at Constellation Research, leading the business theme Digital Safety and Privacy. His coverage includes digital identity, data protection, data privacy, cryptography, and trust. His advisory services to CIOs, CISOs, CPOs and IT architects include identity product strategy, security practice benchmarking, Privacy by Design (PbD), privacy engineering and Privacy [or Data Protection] Impact Assessments (PIA, DPIA). Coverage Areas: -  Identity management, frameworks & governance-  Digital identity technologies-  Privacy by Design -  Big Data; “Big Privacy”-  Identity & privacy innovation Previous experience: Wilson has worked in ICT innovation, research, development and analysis for over 25 years. With double…...

Read more

With a bunch of exciting new members joining up on the eve of the RSA Conference, the FIDO Alliance is going from strength to strength. And they've just published the first public review drafts of their core "universal authentication" protocols.

An update to my Constellation Research report on FIDO will be published soon. Here's a preview.

The Go-To standards alliance in protocols for modern identity management

The FIDO Alliance - for Fast IDentity Online - is a fresh, fast growing consortium of security vendors and end users working out a new suite of protocols and standards to connect authentication endpoints to services. With an unusual degree of clarity in this field, FIDO envisages simply "doing for authentication what Ethernet did for networking".

Launched in early 2013, the FIDO Alliance has already grown to nearly 100 members, amongst which are heavyweights like Google, Lenovo, MasterCard, Microsoft and PayPal as well as a couple of dozen biometrics vendors, many of the leading Identity and Access Management solutions and service providers and several global players in the smartcard supply chain.

FIDO is different. The typical hackneyed elevator pitch in Identity and Access Management promises to "fix the password crisis" - usually by changing the way business is done. Most IDAM initiatives unwittingly convert clear-cut technology problems into open-ended business transformation problems. In contrast, FIDO's mission is refreshingly clear cut: it seeks to make strong authentication interoperable between devices and servers. When users have activated FIDO-compliant endpoints, reliable fine-grained information about their client environment becomes readily discoverable by any servers, which can then make access control decisions, each according to its own security policy.

With its focus, pragmatism and critical mass, FIDO is justifiably today's go-to authentication standards effort.

In February 2014, the FIDO Alliance announced the release of its first two protocol drafts, and a clutch of new members including powerful players in financial services, the cloud and e-commerce. Constellation notes in particular the addition to the board of security leader RSA and another major payments card, Discover. And FIDO continues to strengthen its vital "Relying Party" (service provider) representation with the appearance of Aetna, Goldman Sachs, Netflix and Salesforce.com.

It's time we fixed the Authentication plumbing

In my view, the best thing about FIDO is that it is not about federated identity but instead it operates one layer down in what we call the digital identity stack. This might seem to run against the IDAM tide, but it's refreshing, and it may help the FIDO Alliance sidestep the quagmire of identity policy mapping and legal complexities. FIDO is not really about the vexed general issue of "identity" at all! Instead, it's about low level authentication protocols; that is, the plumbing.

The FIDO Alliance sets out its mission as follows:

• Change the nature of online authentication by:
  • Developing technical specifications that define an open, scalable, interoperable set of mechanisms that reduce the reliance on passwords to authenticate users.
  • Operating industry programs to help ensure successful worldwide adoption of the Specifications.
  • Submitting mature technical Specification(s) to recognized standards development organization(s) for formal standardization.

The engineering problem underlying Federated Identity is actually pretty simple: if we want to have a choice of high-grade physical, multi-factor "keys" used to access remote services, how do we convey reliable cues to those services about the type of key being used and the individual who's said to be using it? If we can solve that problem, then service providers and Relying Parties can sort out for themselves precisely what they need to know about the users, sufficient to identify and authenticate them.

All of these leaves the 'I' in the acronym "FIDO" a little contradictory. It's such a cute name (alluding of course to the Internet dog) that it's unlikely to change. Instead, I overheard that the acronym might go the way of "KFC" where eventually it is no longer spelled out and just becomes a wood all by itself.

FIDO Alliance Board Members

• Blackberry
• CrucialTec (manufactures innovative user input devices for mobiles)
• Discover Card
• Google
• Lenovo
• MasterCard
• Microsoft
• Nok Nok Labs (a specialist authentication server software company)
• NXP Semiconductors (a global supplier of card chips, SIMs and Secure Elements)
• Oberthur Technologies (a multinational smartcard and mobility solutions provider)
• PayPal
• RSA
• Synaptics (fingerprint biometrics)
• Yubico (the developer of the YubiKey PKI enabled 2FA token).

FIDO Alliance Board Sponsor Level Members

• Aetna
• ARM
• AGNITiO
• Dell
• Discretix
• Entersekt
• EyeLock Inc.
• Fingerprint Cards AB
• FingerQ
• Goldman Sachs
• IdentityX
• IDEX ASA
• Infineon
• Kili
• Netflix
• Next Biometrics Group
• Oesterreichische Staatsdruckerei GmbH
• Ping Identity
• SafeNet
• Salesforce
• SecureKey
• Sonavation
• STMicroelectronics
• Wave Systems

New C-Suite Digital Safety, Privacy & Cybersecurity FIDO Security Zero Trust Chief Customer Officer Chief Information Security Officer Chief Privacy Officer

The Social Engagement Rankings of the Top 15 Cosmetic Brands

Vice President and Principal Analyst, Constellation Research
Constellation Research

Role: Vice President and Principal Analyst focusing on the IOT of Customer Experience and how the cloud is driving more flexible, agile, and robust customer service and customer experiences. In-app or in device customer service is the future. Coverage Areas: Next Generation Customer, Digital Marketing Transformation Bio: As a Vice President and Principal Analyst at Constellation Research, Inc, Petouhoff works with Fortune 100 and 500’s Senior Leadership teams to create strategic customer experience (marketing, sales and service) solutions which engage customers, build brands and grow businesses. Combining her experience as a former Forrester software analyst, PWC systems integrator and change management consultant, Petouhoff leads executive workshops to discuss to not only…...

Read more

Marketing Transformation Sales Marketing Next-Generation Customer Experience Revenue & Growth Effectiveness Future of Work Innovation & Product-led Growth New C-Suite Digital Safety, Privacy & Cybersecurity Chief Marketing Officer Chief People Officer Chief Revenue Officer Chief Customer Officer Chief Human Resources Officer

Where is the Justice? Court finds for both Oracle and Rimini Street

Constellation Research

J. Bruce Daley is a former vice president and principal analyst at Constellation Research, Inc.  , Title: Big Ideas Age Before Beauty Before there can be a wholesale conversion to the Cloud legacy applications must be converted. This will take decades and not every vendor has taken this obstacle into account when projecting growth. Professional Services Firms Need a Recurring Revenue Model The services business has a lot of advantages but one big disadvantage in that you are always going out of business. Some organizations are using the Cloud to offer clients new ways to spend money than just time-and-materials or fixed price projects. ...

Read more

;

In a case with potentially important financial consequences, Judge Larry Hicks of the U.S. District Court in Las Vegas has found that Rimini Street infringed on some Oracle copyrights but not on others. The distinction was based on the wording of contracts PeopleSoft customers signed when it was still an independent company, and not the wording of contracts J.D. Edwards or Siebel Systems customers signed. In the short run the decision could (and the operative word here is could) have an impact on Rimini Street's upcoming IPO. In the long run the ruling is unlikely to have much effect.

This is in part because the case is not about is the legality of third parties to offer independent enterprise software support. Oracle does not dispute its customer's right to engage third parties to provide support nor Rimini Street's right to offer it. What it does dispute is the way Rimini Street provided that support. The judge upheld Oracle's position in the case of PeopleSoft customers (but not J.D. Edwards or Siebel customers) that Rimini Street violated Oracle's copyright protections by installing software on servers it owned.

Rimini Street acted promptly to conform to the judge's ruling. In a letter to clients CEO Seth Ravin wrote "Rimini Street respects the Court’s decision and will conform its practices in light of the Court’s ruling.”

The company had already completed all JD Edwards and Siebel client migrations from Rimini-Hosted environments, and will work with the PeopleSoft clients to migrate their Rimini-Hosted environments to client-hosted environments as well.

It is also important to note the ruling is a motion for summary judgment. Although the case was first filed in 2010, it has not yet come up for trial. The summary judgment was made based on a plea from Oracle to decide the issue before the trial began.

Since part of the plea was granted and part was rejected the trial will still take place. The summary judgment will also be held inappropriate if the jury decides the case in favor of Rimini Street. Summary judgments are also subject to appeal which is almost certain to happen no matter who wins. Depending on how the appellate court then rules in that case, it is very likely the losing party will also appeal that decision. Then it will be up to the Supreme Court to decide if it wants to hear the case or ask a lower court to try the case again. Such a process could easily last over a decade.

So this judgment is just one skirmish in a legal battle that has already lasted for 4 years and promises to continue on for many more years to come. Legal sources tell the Observer the judge's ruling may be a sign from the court that he wants the parties to settle. This is not very likely to happen for reasons I am not prepared to discuss here. For the same reasons the smart money sees the case as a plus for Rimini Street's IPO which is why it is called the smart money.

The take away for Rimini Street's current clients, and any customers considering third party support, is that they need to evaluate legal risk the same as any other risk. There is a risk next quarters plans will be disrupted by a giant comet hitting the earth. It’s a real risk, but customers don't need to consult with an astronomer to assess it. By the same token the worst people to assess legal risks are often attorneys. What customer need to evaluate is:

• How long will the case be expected to last?
• How likely is either party to appeal?
• How likely is Rimini Street to win?
• What will happen to the customer if Oracle prevails in the end?

Since the difference in the ruling had to do with "magic language" in PeopleSoft agreement that was not in the J.D. Edwards or Siebel agreement it is reasonable to expect Oracle (and every other software company) to include that very language in future contacts and to amend existing contracts. It will be up to customers to review their contracts carefully and negotiate on any terms that they think might limit their future options.

The reason most attorneys are poor at assessing legal risk is because they are schooled in a concept developed during medieval times called legal precedence. Precedence holds a rule established in a previous legal case is binding on a court when deciding subsequent cases. The idea at the time was laws should have some consistency and not be subject to some spur-of-the-moment decision by a lord or bannum. The problem is events moved much more slowly in 1250 than they do today. Even though it was only a decade ago, no one involved could have anticipated how much innovation would change enterprise software support. The legal documents were drawn up considering the limits of the technology of the time. Yet precedence assumes that the parties did know what they were agreeing to and where is justice in that?

Tech Optimization rimini street Oracle Chief Information Officer

Bitcoin coming to an ATM by you…

pending

Guy Courtin was formerly Vice President and Principal Analyst at Constellation Research covering Matrix Commerce and how the Internet of Things drives the evolution of commerce.  Guy has over 15 years experience in the technology space and specifically in the supply chain space. Most recently he was the Vice President of Research at SCM World. Where he focused on the service providers that empowered supply chains. Prior to SCM World, Guy held numerous senior positions. He was responsible for product marketing at RSi, a retail supply chain solution provider. There managed RSi’s go to market strategy around their leading cloud based supply chain solutions. He also spear headed Progress Software’s supply chain group. Where he was responsible for driving revenue and market share as well…...

Read more

Bitcoin, the leading P2P currency, is coming to an ATM near you. There is an ATM right here in Boston now! At least Boston keeps its place as a high tech center…barely. Anyways, first what really is Bitcoin, other than being linked to the infamous Winklevoss twins? Click here for a good crash video on what it is.

Basically it is an online generated form of currency, no banks, no physical currency is created. It allows the online community to have a form of money to empower eCommerce – not that your credit cards doesn’t still work. Online commerce could function and not have to pay some of the fees associated with credit cards and other forms of traditional brick and mortar payment methods. So what does it mean that you can now go to the ATM machine and “get” Bitcoins?

For the most part it feels like a marketing scheme, to make the every day user comfortable with this form of currency. Consumers are becoming more comfortable with eCommerce both via their smart phones, tablets or computers. They have become comfortable using their credit cards online. Bitcoin has to hope they start feeling comfortable seeing Bitcoin as a viable payment option. Showing consumers how to leverage Bitcoin in a format they are used to – aka the ATM machine – should allow for an ease of association with the medium. I get that the ATM gives me $20 bills (in New York sometimes $100 bills!), I get how to use my phone for more than phone calls….now I can somewhat better grasp how this all mixes together with Bitcoin. From a marketing and education perspective this makes a lot of sense. It is also interesting when it comes to the timing – with many highly publicized credit card theft issues from Target to Neiman Marcus could Bitcoin find away to offer a “safer” alternative for online commerce?

It will be interesting to see what the reaction is to these Bitcoin ATMs, will it uptick the usage of the currency? Will the curiosity fade after a few days? Regardless it will be interesting to watch and I believe the impact will reach further than we might expect today…think supply chain. A discussion for another post!

Have a disruptive technology implementation story? Get recognized for your leadership. Apply for the 2014 SuperNova Awards for leaders in disruptive technology.

Matrix Commerce Next-Generation Customer Experience Innovation & Product-led Growth Digital Safety, Privacy & Cybersecurity Data to Decisions Tech Optimization Supply Chain Automation Cloud Digital Transformation Disruptive Technology Enterprise IT Enterprise Acceleration Enterprise Software IoT Blockchain ERP Leadership Collaboration M&A Chief Customer Officer Chief Executive Officer Chief Procurement Officer Chief Supply Chain Officer

Keeping it Dynamic

Constellation Research

J. Bruce Daley is a former vice president and principal analyst at Constellation Research, Inc.  , Title: Big Ideas Age Before Beauty Before there can be a wholesale conversion to the Cloud legacy applications must be converted. This will take decades and not every vendor has taken this obstacle into account when projecting growth. Professional Services Firms Need a Recurring Revenue Model The services business has a lot of advantages but one big disadvantage in that you are always going out of business. Some organizations are using the Cloud to offer clients new ways to spend money than just time-and-materials or fixed price projects. ...

Read more

Source: Flickr JSchementi

“Innovators create value by working on things that are not yet fully known. Periods of technological change have always involved numerous creative experiments followed by shakeouts and establishment of an industry standard.”

Professor Rosabeth Moss Kanter, Harvard Business School

Microsoft's announcement of new marketing, customer care and social listening features added to its Microsoft Dynamics CRM product reveals some true creativity and innovation. Not so much in terms of product features (although there are some). What the announcement really highlights is a creative business and go-to-market strategy.

First the announcement. Sometime next quarter Microsoft will release new marketing features based on its MarketingPilot acquisition, new service features to complement its recent acquisition of Parature, and new social listening features  based on its Netbreeze acquistion. Innovating from typical industry practice, the release will bring social listening capabilities to every sales, service and marketing person in the organization and the new release is expected in the second quarter of 2014.

Now for the innovative part.

The original model for CRM was based on sales as an internal and predictable process like manufacturing and to be controlled by IT. Since then customers have embraced social media and revoluionized marketing.  As much CRM now takes place a much outside the walls of organizations as inside.  Soon marketing may soon be spending as much on technology as IT.   At the same time we are experiencing a re-platforming as field workers become unteathered from their desktop and even laptop computers in favor of mobile devices. Data centers are also moving into the cloud.

Despite being almost 100% saturated, everything in CRM marketplace is up for grabs as organizations are going to have to spend big to stay current with new business processes, new customers, and new platforms.

How will vendors adapt to these turbulent market conditions? Each of the major vendors is experimenting with a different approach and here is where the true innovation in CRM rests, not in products but in business strategy. Traditionally Microsoft has been known as a fast follower preferring to be the second company to introduce features and not the first, but this is different. Microsoft is not following the market leader as much as it is dancing around it. Some of things we see Microsoft doing differently include:

• Embracing on-premise and well as cloud versions of its products,
• Looking for monopolies in local markets where it is the only vendor to offer native language support in say Danish or Turkish,
• Building applications to sell to end users as well as IT,
• Selling some products, such as Microsoft Dynamics Marketing standalone, but coupling with other products so the Microsoft footprint in an account can be extended if the opportunity arises,
• Leveraging its expertise in consumer markets to build apps with a mass market look and feel.

Will this strategy prove to be a winner? The market has not made up its mind, yet at the heart of every successful business are the people who make things happen. Clearly Microsoft Dynamics has some heart.

New C-Suite Next-Generation Customer Experience Tech Optimization Data to Decisions Future of Work Innovation & Product-led Growth Sales Marketing Digital Safety, Privacy & Cybersecurity Microsoft Chief Customer Officer Chief Executive Officer Chief Information Officer Chief Marketing Officer

Technology – The prime mega-trend that drives society

Founder, capioIT
calitolIT

Phil is the founder of capioIT, a research analyst firm focussed on driving change in the analyst and research market through innovation and collaboration, with a strong focus on IT services and BPO strategies in the Asia/Pacific region. He has 17 years' experience in corporate strategy, consulting and market intelligence, gained in a diverse range of organisations and industries. Prior to founding capioIT, he established the Australian and Services business units at Springboard Research. Prior to Springboard Research, Phil was responsible for driving analyst firm IDC's research in the services marketplace across the Asia/Pacific region. During his 6 years at IDC, Phil led a large multi-national team of analysts across a range of IT related services with a particular focus on IT…...

Read more

1

Every defined era of economic history is characterized by waves of disruption. From the agricultural revolution to the current information and digital revolution, innovation and change is results in continual disruption.

The drivers and outcomes of these eras of economic history have several common themes. The attached figure below highlights common themes that have accompanied each era of economic and social disruption from the Middle Ages. From the explosive growth of trade in resources that accompanied the Middle Ages, through to the shift toward urbanization in the Agricultural revolution; these factors are universal and drive development.

The information or digital revolution is no different. Demographic transition (urbanisation) in developing markets continues unabated. According to the United Nations, by 2025, over 900 million Chinese people will live in cities, and Indonesia’s urban population will exceed 50% of its total.[1] As the information and digital age has evolved, economic development has been a defining event for a number of economies. In the 8 years from 2004-2012 the Philippines GDP almost tripled, Australian GDP per capita increased 50% during the same period. [2]

Whilst the benefits and in particular, social and environmental costs of globalisation can, and should be, argued for months at end, it has created a globally integrated world with the ability for Thomas Friedman’s “Dell Theory of Conflict Resolution”[3] to have real applicability. (For a recent note on the value of an innovative supply chain please see “Innovation can come from history – HP uses the Silk Road to improve supply chain outcomes”) Organisations and consumers can get the benefits of scale and suppliers of various resources can have access to a range of markets globally.

Whilst organisations globally have historically benefited from the combination of all these Mega Trends, in terms of business benefits, Technology is pre-eminent. Technology drives a fundamental transformation in all spheres of society from consumers, through small business, Fortune 500 enterprises and all levels of government. The scale of technology impact is virtually impossible to measure. It ranges from micro-lending in emerging markets, and mobile banking platforms in rural Indian villages to optimised oil and gas exploration, and the ability to have instantaneous global news feeds.

 

New C-Suite Innovation & Product-led Growth Chief Executive Officer

ANZ Bank Retains Most Valuable Banking Brand for 2014

Gavin Heaton

Founder
Disruptors Co

Gavin is the Founder of Disruptors Co, one of Australia’s leading independent strategy and innovation companies. Gavin advises firms on strategy, marketing, product development and innovation. He is also a member of the Orbits program, the influencer network of  award winning analyst and advisory firm, Constellation Research. Gavin advises boards and leadership on innovation strategy, marketing, data-driven product development and corporate venturing. Gavin is on the board of Vibewire, a youth-led social enterprise based in Sydney, Australia and on the Technology Advisory Group for Good2Give – the workplace giving platform. ...

Read more

1

But Brand Directory’s evaluation of banking brands for 2014, in association with The Banker, does an interesting job of placing a monetary value on the intangible asset that is an organisation’s brand. And this year, as shown below, ANZ pips CommBank at the post, to take out first place in the Australian rankings.

In simple terms, brand valuation calculates the difference between book value and market capitalisation. But Brand Directory use a range of calculations in an attempt to get a handle on what a brand may actually be worth. Their methodology is called the Royalty Relief Method.

Now, I prefer more straight up calculations – less opinion and more fact – but there is something quite appealing in the brand strength index. The use of a balanced scorecard across a range of business indicators sounds great. But I digress.

The real reason these kinds of rankings are useful is that they allow those within the business to get a sense of whether the brand is resonating in the marketplace. Not with analysts, but with potential and existing customers. It marks you out as a player or a stayer. And because leaderboards shift and change over time, it helps to determine, relative to your peers, whether your brand/marketing efforts are shifting the dial.

And if I was on the brand side trying to go deeper with these statistics – I’d bring my own, internal knowledge into play. I’d look to assess, year over year, what my spend and resourcing commitment was – so that I had an even better insight into what works or doesn’t. And then maybe, just maybe, there’d be an ROI figure that I could apply to my efforts. But this would be my own little secret. Another intangible that I’d add to my brand value.

Marketing Transformation Revenue & Growth Effectiveness Sales Marketing Next-Generation Customer Experience Chief Executive Officer Chief Marketing Officer Chief People Officer Chief Revenue Officer

Quips: Dachis Group Acquired by Sprinklr

R "Ray" Wang

Principal Analyst and Founder
Constellation Research

R “Ray” Wang is the CEO of Silicon Valley-based Constellation Research Inc. He co-hosts DisrupTV, a weekly enterprise tech and leadership webcast that averages 50,000 views per episode and blogs at www.raywang.org. His ground-breaking best-selling book on digital transformation, Disrupting Digital Business, was published by Harvard Business Review Press in 2015. Ray's new book about Digital Giants and the future of business, titled, Everybody Wants to Rule The World was released in July 2021. Wang is well-quoted and frequently interviewed by media outlets such as the Wall Street Journal, Fox Business, CNBC, Yahoo Finance, Cheddar, and Bloomberg. Short Bio R “Ray” Wang (pronounced WAHNG) is the Founder, Chairman, and Principal Analyst of Silicon Valley-based Constellation…...

Read more

Deal Is First Of Many As Digital Business Providers Consolidates

On February 19th, Sprinklr announced the acquisition of Dachis Group.  The acquisition will make Sprinklr the largest independent end-to-end Social Relationship platform in the market. While many will see this deal as a services play, the acquisition is significant in the for a few key reasons:

• Dachis brings key product sets to the Sprinklr portfolio. While known for pioneering social business consulting, over the past 24 months, Dachis Group had built out a portfolio of products from brand analytics via the Social Business Index, Content Optimization (which supports the push to native advertising), and employee advocacy (which can be seen on the Sprinklr Content Creator).
• Sprinklr augments its services capabilities. Partnerships with Accenture and Deloitte have given Sprinklr the range and reach to deliver on global deployments.  The services arm of Dachis will add to this capability and augment existing partnerships.  Customers should not expect Dachis Group service folks to compete with Accenture and Deloitte.

The Bottom Line: Spinklr and Dachis Group Customers Gain a Win Win

In this rapidly consolidating market, mergers and acquisitions provide the scale and critical mass to compete in the market. As the market shifts away from social business and more towards digital, expect new models to emerge among the social leaders who see the vision to move forward.  Services and software will be key to competing in a world of networks and mass personalization at scale.

 

Marketing Transformation Next-Generation Customer Experience New C-Suite Revenue & Growth Effectiveness Innovation & Product-led Growth Data to Decisions Tech Optimization Sales Marketing Future of Work SoftwareInsider ML Machine Learning LLMs Agentic AI Generative AI Robotics AI Analytics Automation B2B B2C CX EX Employee Experience HR HCM business Marketing Metaverse developer SaaS PaaS IaaS Supply Chain Quantum Computing Growth Cloud Digital Transformation Disruptive Technology eCommerce Enterprise IT Enterprise Acceleration Enterprise Software Next Gen Apps IoT Blockchain CRM ERP Leadership finance Social Healthcare VR CCaaS UCaaS Customer Service Content Management Collaboration M&A Enterprise Service Chief Customer Officer Chief Marketing Officer Chief People Officer Chief Revenue Officer Chief Executive Officer Chief Information Officer Chief Technology Officer Chief Data Officer Chief Digital Officer Chief Analytics Officer Chief Financial Officer Chief Operating Officer Chief Information Security Officer Chief Experience Officer