OCDQ Blog

Social Business is more than Social Marketing

Social Media Marketing: From Monologues to Dialogues

Social Media for Midsize Businesses

Barriers to Cloud Adoption

Leveraging the Cloud for Application Development

Cloud Computing for Midsize Businesses

Devising a Mobile Device Strategy

Talking Business about the Weather

Tuesday

Feb262013

Smart Big Data Adoption for Midsize Businesses

Big Data is not just for Big Businesses

Mobile

Tuesday, February 26, 2013 at 3:00PM

In a previous post, I explained that big data is not just for big businesses. During a recent interview Ed Abrams discussed how mobile, social, and cloud are driving big data adoption among midsize businesses.

As Sharon Hurley Hall recently blogged, midsize businesses are adopting social for the simple reason “a significant proportion of your potential customers are online, and while there they could be buying your product or service.” She also makes a great point about social adoption not being only externally focused. “Social business technologies will improve internal communication and knowledge-sharing. The result is a better-informed and more engaged workforce, and the technology gives the ability to harness creativity and implement innovation to increase your competitive advantage.”

“Becoming more social,” Hall concluded, “doesn’t mean that employees waste time online; in fact, it means that everyone is better informed about both data and strategy, leading to business benefits. The combination of integrating social technologies to improve your operational efficiency and harnessing social data to boost your knowledge base means that your business can be more competitive and more profitable.”

Hall’s insights also exemplify the proper perspective for midsize businesses to use when adopting big data. No business of any size should adopt big data just because everyone is talking about it, nor simply because they think it might help their business.

As with everything in the business world, you should seek first to understand what big data adoption can offer, and what kind of investment it requires, before making any type of commitment. The best thing about big data for midsize businesses is that it provides a big list of possibilities. But trying to embrace all of the possibilities of big data would be a big mistake. Start small with big data. Smart big data adoption for midsize businesses means starting with well-defined, business-enhancing opportunities.

Devising a Mobile Device Strategy

Social Business is more than Social Marketing

Barriers to Cloud Adoption

Leveraging the Cloud for Application Development

Cloud Computing for Midsize Businesses

Social Media Marketing: From Monologues to Dialogues

Social Media for Midsize Businesses

Talking Business about the Weather

Thursday

Jan032013

Best OCDQ Blog Posts of 2012

Social Media tagged

Best OCDQ Blog Posts of 2011

Master Data Management,

Metadata,

Mobile,

Philosophy

Thursday, January 3, 2013 at 2:12PM

Welcome to my roundup of the best blog posts published on the Obsessive-Compulsive Data Quality (OCDQ) blog during 2012.

My selections were based on a pseudo-scientific, quasi-statistical combination of page views, comments, and re-tweets, as well as choosing a few of my personal favorites, and which I have organized into four sections of ten best posts by topic or type.

Ten Best Posts on Big Data

Dot Collectors and Dot Connectors — The multifaceted challenges of big data require the dot collectors of data management and the dot connectors of business intelligence to overcome their attention blindness and work together more collaboratively.

HoardaBytes and the Big Data Lebowski — Don’t hoard Data, dude. The Data must abide. The Data must abide both the Business, by proving useful to our business activities, and the Individual, by protecting the privacy of our personal activities.

Magic Elephants, Data Psychics, and Invisible Gorillas — As technological advancements improve our data analytical tools, we must not lose sight of the fact that tools and data remain only as effective and beneficent as the humans who wield them.

Our Increasingly Data-Constructed World — What we now call Big Data is in fact a long-running macro trend underlying the many recent trends and innovations making our world, not just more data-driven, but increasingly data-constructed.

Will Big Data be Blinded by Data Science? — With apologies to Thomas Dolby, will the business leaders being told to hire data scientists to derive business value from big data analytics be blind to what data science tries to show them?

The Graystone Effects of Big Data — Using a metaphor based on the science fiction television show Caprica, I refer to the positive aspects of Big Data as the Zoe Graystone Effect, and the negative aspects of Big Data as the Daniel Graystone Effect.

Exercise Better Data Management — Big Data may be followed by MOData (i.e., MOre Data or Morbidly Obese Data), but that doesn’t necessarily mean we require more data management, instead we just need to exercise better data management.

A Tale of Two Datas — Inspired by Malcolm Chisholm and Charles Dickens, there are two types of data (i.e., representation and observation, not big and not-so-big) with different data uses that will require different data management approaches.

Data Silence — Not only do we need to adopt a mindset that embraces the principles of data science, but we also have to acknowledge that the biases and preconceptions in our minds could silence the signal and amplify the noise in big data.

The Wisdom of Crowds, Friends, and Experts — The future of wisdom will increasingly become an amalgamation of experts, friends, and crowds, with the data and techniques from all three sources often contributing to data-driven decision making.

Ten Best Posts on Data Governance and Data Quality

Data Governance Frameworks are like Jigsaw Puzzles — Inspired by Jill Dyché and Scott Berkun, this post explains how the usefulness of data governance frameworks comes from realizing data governance frameworks are like jigsaw puzzles.

Data Quality: Quo Vadimus? — With lots of help from Henrik Liliendahl Sørensen, Garry Ure, Bryan Larkin, and many others via the comments, I ponder where data quality is going, and whether data quality is a journey or a destination.

Data Quality and Miracle Exceptions — Battling the dark forces of poor data quality doesn’t require any superpowers, and data quality doesn’t have any miracle exceptions, so for the love of high-quality data everywhere, stop trying to sell us one.

Data Myopia and Business Relativity — Examines the two most prevalent definitions for data quality, real-world alignment and fitness for the purpose of use, otherwise known as the danger of data myopia and the challenge of business relativity.

How Data Cleansing Saves Lives — Although proactive defect prevention is far superior to reactive data cleansing, the history of the Hubble Space Telescope proves that data cleansing can be not just a necessary evil, but also a necessary good.

Data Quality and the Bystander Effect — The most common reason data quality issues are neither reported nor corrected is the Bystander Effect making people less likely to interpret bad data as a problem or, at the very least, not their responsibility.

Data Quality and Chicken Little Syndrome — A chicken-metaphor-based post about the far-too-common and fowl folly of, instead of trying to sell the business benefits of data quality, emphasizing the negative aspects of not investing in data quality.

Data and its Relationships with Quality — The metadata linking the data management industry to what it manages suffers from the one-to-many relationships created by never agreeing on how data, information, and quality should be defined.

Cooks, Chefs, and Data Governance — Implementing policies requires cooks who are adept at carrying out a recipe, as well as chefs who are trusted to figure out how to best combine policies with the organizational ingredients available to them.

Availability Bias and Data Quality Improvement — The availability heuristic explains why a reactive data cleansing project is easily approved, and availability bias explains why initiating a proactive data quality program is usually resisted.

Ten Best Podcasts

Data Quality and Big Data — Guest Tom Redman (aka the “Data Doc”) discusses Data Quality and Big Data, including if data quality matters less in larger data sets, and if statistical outliers represent business insights or data quality issues.

Saving Private Data — Recorded in December 2011, guest Daragh O Brien discusses the data privacy and data protection implications of social media, cloud computing, and big data.

Decision Management Systems — Guest James Taylor discusses data-driven decision making and analytical concepts from his book: Decision Management Systems: A Practical Guide to Using Business Rules and Predictive Analytics.

Demystifying Master Data Management — Guest John Owens explains the three types of data (Transaction, Domain, Master), the four master data entities (Party, Product, Location, Asset), and the Party-Role Relationship, which is where we find many of the terms commonly used to describe the Party master data entity (e.g., Customer, Supplier, Employee).

Social Media for Midsize Businesses — Sponsored by IBM Midsize Business Solutions, guest Paul Gillin, author of four books, the latest, co-authored with Greg Gianforte, is Attack of the Customers, discusses social media marketing concepts.

Data Driven — Guest Tom Redman (aka the “Data Doc”) discusses concepts from one of my favorite data quality books, which is his most recent book: Data Driven: Profiting from Your Most Important Business Asset.

The Johari Window of Data Quality — Guest Martin Doyle discusses helping people better understand their data and assess its business impacts, not just the negative impacts of bad data quality, but also the positive impacts of good data quality.

The Evolution of Enterprise Security — Sponsored by the Enterprise CIO Forum, guest Bill Laberis discusses striking a balance between convenience and security, which is necessary in the era of cloud computing and mobile devices.

Defining Big Data — This episode of the Open MIKE Podcast, with assistance from Robert Hillard, discusses how big data refers to big complexity, not big volume, even though complex datasets tend to grow rapidly, thus making them voluminous.

Getting to Know NoSQL — This episode of the Open MIKE Podcast discusses how NoSQL does not mean AntiSQL (i.e., NoSQL is not a Relational replacement), and that business-driven big data needs will often require “Not Only SQL.”

Ten Best of the Rest

DQ-View: Data Is as Data Does — In this short video, I explain that data’s value comes from data’s usefulness, exemplifying the potential value of unstructured data based on whether or not you put what you read in data management books to use.

DQ-View: The Five Stages of Data Quality — In this short video, using my superb acting skills, I demonstrate how coming to terms with the daunting challenge of data quality is somewhat similar to experiencing the Five Stages of Grief.

DQ-View: MetaData makes BettahMusic — In this short video, I demonstrate how better metadata makes data better using the metadata automatically and manually created after importing my CD collection into my iTunes library.

Metadata, Data Quality, and the Stroop Test — In this colorful (and perhaps too colorful) post, I use the Stroop Test, where colors do not match their names, to discuss the relationship between metadata and data quality.

Quality is the Higgs Field of Data — Using one of the biggest science stories of 2012, the potential discovery of the elusive Higgs Boson (which I also attempt to explain), I attempt an analogy for data quality based on the Higgs Field.

The Family Circus and Data Quality — Thanks to The Family Circus comic strip created by cartoonist Bil Keane, I explain how Ida Know owns the data, Not Me is accountable for data governance, and Nobody takes responsibility for data quality.

Data Love Song Mashup — Since your data needs love too, on Valentine’s Day I wrote this post providing a mashup of love songs for your data (and Rob DuMoulin added a few more in the comments) — Happy Data Quality to you and your data!

The Algebra of Collaboration — The trick of algebra equates collaboration with data quality and data governance success when collaboration is viewed not just as a guiding principle, but also as a call to action in your daily practices.

The Return of the Dumb Terminal — With help from author Kevin Kelly and my old green machine, I ponder how the mobile-app-portal-to-the-cloud computing model means mobile devices are bringing about the return of the dumb terminal.

An Enterprise Carol — Jacob Marley raises the ghosts of a few ideas to consider about how to keep the Enterprise well in the new year via the Ghosts of Enterprise Past (Legacy Applications), Present (IT Consumerization), and Future (Big Data).

Thank You for Reading OCDQ Blog in 2012

In 2012, the Obsessive-Compulsive Data Quality (OCDQ) blog published 92 posts, which received 160,000 total page views, while averaging over 400 page views and 200 unique visitors a day.

Thank you for reading OCDQ Blog in 2012. Your readership was deeply appreciated.

So Long 2011, and Thanks for All the . . . – The OCDQ Radio 2011 Year in Review

2012 Quarterly Review of the Data Roundtable (Part 4)

2012 Quarterly Review of the Data Roundtable (Part 3)

2012 Quarterly Review of the Data Roundtable (Part 2)

2012 Quarterly Review of the Data Roundtable (Part 1)

2011 Quarterly Review of the Data Roundtable (Part 4)

2011 Quarterly Review of the Data Roundtable (Part 3)

2011 Quarterly Review of the Data Roundtable (Part 2)

2011 Quarterly Review of the Data Roundtable (Part 1)

Thursday

Dec202012

Big Data is not just for Big Businesses

Books,

IT,

Mobile

Thursday, December 20, 2012 at 1:00PM

“It is widely assumed that big data, which imbues a sense of grandiosity, is only for those large enterprises with enormous amounts of data and the dedicated IT staff to tackle it,” opens the recent article Big data: Why it matters to the midmarket.

Much of the noise generated these days about the big business potential of big data certainly seems to contain very little signal directed at small and midsize businesses. Although it’s true that big businesses generate more data, faster, and in more varieties, a considerable amount of big data is externally generated, much of which is freely available for use by businesses of all sizes.

The easiest example is the poster child for leveraging big data — Google Search. But there’s also a growing number of open data sources (e.g., weather data) and social data sources (e.g., Twitter), and, since more of the world is becoming directly digitized, more businesses are now using more data no matter how big they are. Additionally, as Phil Simon wrote about in The New Small, the free and open source software, as-a-service, cloud, mobile, and social technology trends driving the consumerization of IT are enabling small and midsize businesses to, among other things, use more data and be more competitive with big businesses.

“Each minute of every day, information is produced about the activities of your business, your customers, and your industry,” explained Sarita Harbour in her recent blog post Harnessing Big Data: Giving Midsize Business a Competitive Edge. “Hidden within this enormous amount of data are trends, patterns, and indicators that, if extracted and identified, can yield important information to make your business more efficient and more competitive, and ultimately, it can make you more money.”

However, the biggest driver of the misperception about big data is its over-identification with data volume. Which is why earlier this year in his blog post It’s time for a new definition of big data, Robert Hillard used several examples to explain that big data refers more to big complexity than big volume. While acknowledging that complex datasets tend to grow rapidly, thus making big data voluminous, his wonderfully pithy conclusion was that “big data can be very small and not all large datasets are big.”

Therefore, by extension we could say that the businesses using big data can be small, or mid-sized, and not all the businesses using big data are big. But, of course, that’s not quite pithy enough. So let’s simply say that big data is not just for big businesses.

This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet.

Talking Business about the Weather

Magic Elephants, Data Psychics, and Invisible Gorillas

Open MIKE Podcast — Episode 05: Defining Big Data

Open MIKE Podcast — Episode 06: Getting to Know NoSQL

OCDQ Radio - Data Quality and Big Data

HoardaBytes and the Big Data Lebowski

Sometimes it’s Okay to be Shallow

How Predictable Are You?

The Wisdom of Crowds, Friends, and Experts

Exercise Better Data Management

A Tale of Two Datas

Darth Vader, Big Data, and Predictive Analytics

The Big Data Theory

Data Management: The Next Generation

Big Data: Structure and Quality

Tuesday

Dec182012

An Enterprise Carol

Data Quality,

Business-IT Collaboration,

Data Governance,

Why does the sun never set on legacy applications?

HP,

IT,

Mobile

Tuesday, December 18, 2012 at 11:00AM

This blog post is sponsored by the Enterprise CIO Forum and HP.

Since ‘tis the season for reflecting on the past year and predicting the year ahead, while pondering this post my mind wandered to the reflections and predictions provided by the ghosts of A Christmas Carol by Charles Dickens. So, I decided to let the spirit of Jacob Marley revisit my previous Enterprise CIO Forum posts to bring you the Ghosts of Enterprise Past, Present, and Future.

The Ghost of Enterprise Past

Legacy applications have a way of haunting the enterprise long after they should have been sunset. The reason that most of them do not go gentle into that good night, but instead rage against the dying of their light, is some users continue using some of the functionality they provide, as well as the data trapped in those applications, to support the enterprise’s daily business activities.

This freaky feature fracture (i.e., technology supporting business needs being splintered across new and legacy applications) leaves many IT departments overburdened with maintaining a lot of technology and data that’s not being used all that much.

The Ghost of Enterprise Past warns us that IT can’t enable the enterprise’s future if it’s stuck still supporting its past.

The Ghost of Enterprise Present

While IT was busy battling the Ghost of Enterprise Past, a familiar, but fainter, specter suddenly became empowered by the diffusion of the consumerization of IT. The rapid ascent of the cloud and mobility, spirited by service-oriented solutions that were more focused on the user experience, promised to quickly deliver only the functionality required right now to support the speed and agility requirements driving the enterprise’s business needs in the present moment.

Gifted by this New Prometheus, Shadow IT emerged from the shadows as the Ghost of Enterprise Present, with business-driven and decentralized IT solutions becoming more commonplace, as well as begrudgingly accepted by IT leaders.

All of which creates quite the IT Conundrum, forming yet another front in the war against Business-IT collaboration. Although, in the short-term, the consumerization of IT usually better services the technology needs of the enterprise, in the long-term, if it’s not integrated into a cohesive strategy, it creates a complex web of IT that entangles the enterprise much more than it enables it.

And with the enterprise becoming much more of a conceptual, rather than a physical, entity due to the cloud and mobile devices enabling us to take the enterprise with us wherever we go, the evolution of enterprise security is now facing far more daunting challenges than the external security threats we focused on in the past. This more open business environment is here to stay, and it requires a modern data security model, despite the fact that such a model could become the weakest link in enterprise security.

The Ghost of Enterprise Present asks many questions, but none more frightening than: Can the enterprise really be secured?

The Ghost of Enterprise Future

Of course, the T in IT wasn’t the only apparition previously invisible outside of the IT department to recently break through the veil in a big way. The I in IT had its own coming-out party this year also since, as many predicted, 2012 was the year of Big Data.

Although neither the I nor the T is magic, instead of sugar plums, Data Psychics and Magic Elephants appear to be dancing in everyone’s heads this holiday season. In other words, the predictive power of big data and the technological wizardry of Hadoop (as well as other NoSQL techniques) seem to be on the wish list of every enterprise for the foreseeable future.

However, despite its unquestionable potential, as its hype starts to settle down, the sobering realities of big data analytics will begin to sink in. Data’s value comes from data’s usefulness. If all we do is hoard data, then we’ll become so lost in the details that we’ll be unable to connect enough of the dots to discover meaningful patterns and convert big data into useful information that enables the enterprise to take action, make better decisions, or otherwise support its business activities.

Big data will force us to revisit information overload as we are occasionally confronted with the limitations of historical analysis, and blindsided by how our biases and preconceptions could silence the signal and amplify the noise, which will also force us to realize that data quality still matters in big data and that bigger data needs better data management.

As the Ghost of Enterprise Future, big data may haunt us with more questions than the many answers it will no doubt provide.

“Bah, Humbug!”

I realize that this post lacks the happy ending of A Christmas Carol. To paraphrase Dickens, I endeavored in this ghostly little post to raise the ghosts of a few ideas, not to put my readers out of humor with themselves, with each other, or with the season, but simply to give them thoughts to consider about how to keep the Enterprise well in the new year. Happy Holidays Everyone!

This blog post is sponsored by the Enterprise CIO Forum and HP.

Are Applications the La Brea Tar Pits for Data?

The IT Consumerization Conundrum

OCDQ Radio - The Evolution of Enterprise Security

Can the Enterprise really be Secured?

Magic Elephants, Data Psychics, and Invisible Gorillas

Big Data el Memorioso

Information Overload Revisited

The Limitations of Historical Analysis

Tuesday

Dec112012

Devising a Mobile Device Strategy

Mobile

Tuesday, December 11, 2012 at 11:00AM

As I previously blogged in The Age of the Mobile Device, the disruptiveness of mobile devices to existing business models is difficult to overstate. Mobile was also cited as one of the complementary technology forces, along with social and cloud, in the recent Harvard Business Review blog post by R “Ray” Wang about new business models being enabled by big data.

Since their disruptiveness to existing IT models is also difficult to overstate, this post ponders the Bring Your Own Device (BYOD) trend that’s forcing businesses of all sizes to devise a mobile device strategy. BYOD is often not about bringing your own device to the office, but about bringing your own device with you wherever you go (even though the downside of this untethered enterprise may be that our always precarious work-life balance surrenders to the pervasive work-is-life feeling mobile devices can enable).

In his recent InformationWeek article, BYOD: Why Mobile Device Management Isn’t Enough, Michael Davis observed that too many IT departments are not devising a mobile device strategy, but instead “they’re merely scrambling to meet pressure from the CEO on down to offer BYOD options or increase mobile app access.” Davis also noted that when IT creates BYOD policies, they often to fail to acknowledge mobile devices have to be managed differently, partially since they are not owned by the company.

An alternative to BYOD, which Brian Proffitt recently blogged about, is Corporate Owned, Personally Enabled (COPE). “Plenty of IT departments see BYOD as a demon to be exorcised from the cubicle farms,” Proffitt explained, “or an opportunity to dump the responsibility for hardware upkeep on their internal customers. The idea behind BYOD is to let end users choose the devices, programs, and services that best meet their personal and business needs, with access, support, and security supplied by the company IT department — often with subsidies for device purchases.” Whereas the idea behind COPE is “the organization buys the device and still owns it, but the employee is allowed, within reason, to install the applications they want on the device.”

Whether you opt for BYOD or COPE, Information Management recently highlighted 5 Trouble Spots to consider, which included assuming that mobile device security is already taken care of by in-house security initiatives, data integration disconnects with on-premises data essentially turning mobile devices into mobile data silos, and the combination of personal and business data, which complicates, among other things, remote wiping the data on a mobile device in the event of a theft or security violation, which is why, as Davis concluded, managing the company data on the device is more important than managing the device itself.

With the complex business and IT challenges involved, how is your midsize business devising a mobile device strategy?

This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet.

OCDQ Radio - Social Media for Midsize Businesses

Social Media Marketing: From Monologues to Dialogues

Social Business is more than Social Marketing

Barriers to Cloud Adoption

OCDQ Radio - Cloud Computing for Midsize Businesses

OCDQ Radio - The Evolution of Enterprise Security

Tuesday

Nov272012

Social Business is more than Social Marketing

Books,

Collaboration,

Social Media Marketing: From Monologues to Dialogues

Marketing,

Mobile

Tuesday, November 27, 2012 at 5:00PM

Although much of the early business use of social media was largely focused on broadcasting marketing messages at customers, social media transformed word of mouth into word of data and empowered customers to add their voice to marketing messages, forcing marketing to evolve from monologues to dialogues. But is the business potential of social media limited to marketing?

During the MidMarket IBM Social Business #Futurecast, a panel discussion from earlier this month, Ed Brill, author of the forthcoming book Opting In: Lessons in Social Business from a Fortune 500 Product Manager, defined the term social business as “an organization that engages employees in a socially-enabled process that brings together how employees interact with each other, partners, customers, and the marketplace. It’s about bringing all the right people, both internally and externally, together in a conversation to solve problems, be innovative and responsive, and better understand marketplace dynamics.”

“Most midsize businesses today,” Laurie McCabe commented, “are still grappling with how to supplement traditional applications and tools with some of the newer social business tools. Up until now, the focus has been on integrating social media into a lot of marketing communications, and we haven’t yet seen the integration of social media into other business processes.”

“Midsize businesses understand,” Handly Cameron remarked, “how important it is to get into social media, but they’re usually so focused on daily operations that they think that a social business is simply one that uses social media, and therefore they cite the facts that they created Twitter and Facebook accounts as proof that they are a social business, but again, they are focusing on external uses of social media and not internal uses such as improving employee collaboration.”

Collaboration was a common theme throughout the panel discussion. Brill said a social business is one that has undergone the cultural transformation required to embrace the fact that it is a good idea to share knowledge. McCabe remarked that the leadership of a social business rewards employees for sharing knowledge, not for hoarding knowledge. She also emphasized the importance of culture before tools since simply giving individuals social tools will not automatically create a collaborative culture.

Cameron also noted how the widespread adoption of cloud computing and mobile devices is helping to drive the adoption of social tools for collaboration, and helping to break down a lot of the traditional boundaries to knowledge sharing, especially as more organizations are becoming less bounded by the physical proximity of their employees, partners, and customers.

From my perspective, even though marketing might have been how social media got in the front door of many organizations, social media has always been about knowledge sharing and collaboration. And with mobile, cloud, and social technologies so integrated into our personal and professional lives, life and business are both more social and collaborative than ever before. So, even if collaboration isn’t in the genes of your organization, it’s no longer possible to put the collaboration genie back in the bottle.

This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet.

OCDQ Radio - Social Media for Midsize Businesses

OCDQ Radio - Social Media Strategy

The Challenging Gift of Social Media

Listening and Broadcasting

Quality is more important than Quantity

Demystifying Social Media

Thursday

Nov082012

Barriers to Cloud Adoption

Leveraging the Cloud for Application Development

Mobile

Thursday, November 8, 2012 at 8:11AM

I previously blogged about leveraging the cloud for application development, noting as the cloud computing market matures we are seeing an increasing number of robust infrastructure as a service (IaaS) and platform as a service (PaaS) offerings that can accelerate new application development, as well as facilitate the migration of existing applications and data to the cloud.

A recent LinkedIn discussion about cloud computing asked whether small and midsize businesses (SMB) are embracing all that the cloud has to offer and, if not, then what are the most common barriers to cloud adoption.

“There is a lot of skepticism,” Sabharinath Bala noted, “about hosting apps and data in the cloud. Not all SMBs are confident about cloud-based apps due to reasons ranging from data privacy and security to federal regulations. I’ve seen quite a few SMBs embracing the cloud by hosting internal apps (payroll, HCM, etc.) in the cloud first and then moving on to apps that contain client confidential data. In most cases, this is more of an exercise to build confidence about data security and privacy issues.”

Concern about data security and privacy issues is understandably the most commonly cited barrier to migrating applications, and the often sensitive data they contain, to the cloud. This is why, as Steve O’Donnell commented, “commodity applications such as email, document management, and communications are being migrated first. However, extremely critical applications such as CRM, ERP, and salesforce management are being adopted quickly as these really appeal to mobile workers.”

I have previously blogged about mobile devices being the biggest driver for cloud adoption since almost all mobile applications are based on a mobile-app-portal-to-the-cloud computing model. Therefore, since without the cloud mobile devices can not be leveraged to their fullest potential, it is not surprising to see a high correlation between cloud adoption and mobile enablement.

Nor is it surprising to see that “the S in SMB is adopting the cloud faster than the M,” as Karthik Balachandran observed, “partially because the cloud has given smaller businesses access to IT assets that they did not have before. But, larger businesses still enjoy returns from their traditional IT investments. Call it legacy drag?”

Legacy drag is certainly a real concern, but another reason smaller firms may be migrating faster is because, as Karen Harrison commented, “companies with larger IT departments also feel a sense of loyalty to the people they have, and that also contributes to the lag. In today’s economy, many companies don’t want to lay off workers who have been with them a long time.”

But lacking some of these legacy challenges facing larger businesses doesn’t necessarily mean that SMBs have an easier path to the cloud. Although “there is no reason for your average SMB to not leverage what is available in the cloud to the fullest,” noted Fred McClimans, “realistically, this is not a technology issue, but rather a behavioral issue that goes well beyond the cloud: we’ve been conditioned to think that we have to physically own something to control it, keep it safe, or treat it as an asset. Rather than focusing on owning assets, we need to get businesses to begin to think about leveraging assets. And just like feeling comfortable with cloud-based applications, this is an educational/comfort issue.”

What other barriers to cloud adoption have you encountered in your organization?

This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet.

OCDQ Radio - Cloud Computing for Midsize Businesses

Lightning Strikes the Cloud

The Partly Cloudy CIO

Monday

Oct292012

The Evolution of Enterprise Security

OCDQ Radio,

Podcasts,

Can the Enterprise really be Secured?

HP,

Mobile

Monday, October 29, 2012 at 1:00PM

This podcast episode is sponsored by the Enterprise CIO Forum and HP.

OCDQ Radio is a vendor-neutral podcast about data quality and its related disciplines, produced and hosted by Jim Harris.

During this episode, Bill Laberis and I discuss the necessary evolution of enterprise security in the era of cloud computing and mobile devices. Our discussion includes public, private, and hybrid clouds, leveraging existing security best practices, defining BYOD (Bring Your Own Device) policies, mobile device management, and striking a balance between convenience and security.

Bill Laberis is the Editorial Director of the Enterprise CIO Forum, in which capacity he oversees the content of both its US and international websites. He is also Editorial Director and Social Media Manager in the IDG Custom Solutions Group, working closely with clients to create highly individualized custom content programs that leverage the wide range of media capabilities, including print, online, multimedia, and custom events.

Bill Laberis was editor-in-chief of Computerworld from 1986-1996, has been a frequent speaker and keynoter, and has written for various business publications including The Wall Street Journal. He has been closely following the IT sector for 30 years.

The Evolution of Enterprise Security

Additional listening options:

Click here to Download the MP3 file for this OCDQ Radio episode

Click here to Subscribe to OCDQ Radio via iTunes

Click here to Subscribe to OCDQ Radio via its RSS feed (non iTunes)

Click here to Listen to OCDQ Radio on your Mobile with Stitcher SmartRadio

Click here to Browse the OCDQ Radio Archives

This podcast episode is sponsored by the Enterprise CIO Forum and HP.

Enterprise Security and Social Engineering

Monday

Oct152012

Can the Enterprise really be Secured?

Enterprise Security and Social Engineering

HP,

Mobile

Monday, October 15, 2012 at 1:15PM

This blog post is sponsored by the Enterprise CIO Forum and HP.

Over the last two months, I have been blogging a lot about how enterprise security has become an even more important, and more complex, topic of discussion than it already was. The days of the perimeter fence model being sufficient are long gone, and social media is helping social engineering more effectively attack the weakest links in an otherwise sound security model.

With the consumerization of IT allowing Shadow IT to emerge from the shadows and the cloud and mobile devices enabling the untethering of the enterprise from the physical boundaries that historically defined where the enterprise stopped and the outside world began, I have been more frequently pondering the question: Can the enterprise really be secured?

The cloud presents the conundrum of relying on non-enterprise resources for some aspects of enterprise security. However, “one advantage of the cloud,” Judy Redman recently blogged, “is that it drives the organization to take a more comprehensive, and effective, approach to risk governance.” Redman’s post includes four recommended best practices for stronger cloud security.

With the growing popularity of the mobile-app-portal-to-the-cloud business model, more enterprises are embracing mobile app development for deploying services to better support both their customers and their employees. “Mobile apps,” John Jeremiah recently blogged, “are increasingly dependent on cloud services that the apps team didn’t build, the organization doesn’t own, and the ops team doesn’t even know about.” Jeremiah’s post includes four things to consider for stronger mobile security.

Although it is essential for every enterprise to have a well-articulated security strategy, “it is important to understand that strategy is not policy,” John Burke recently blogged. “Security strategy links corporate strategy overall to specific security policies; policies implement strategy.” Burke’s post includes five concrete steps to take to build a security strategy and implement security policies.

With the very notion of an enterprise increasingly becoming more of a conceptual entity than a physical entity, enterprise security is becoming a bit of a misnomer. However, the underlying concepts of enterprise security still need to be put into practice, and even more so now that, since the enterprise has no physical boundaries, the enterprise is everywhere, which means that everyone (employees, partners, suppliers, service providers, customers) will have to work together for “the enterprise” to really be secured.

This blog post is sponsored by the Enterprise CIO Forum and HP.

Thursday

Sep202012

Enterprise Security and Social Engineering

HP,

Mobile

Thursday, September 20, 2012 at 1:00PM

This blog post is sponsored by the Enterprise CIO Forum and HP.

“100 percent security no longer exists in the digital world,” Christian Verstraete recently blogged. “Many companies have to recognize that they have not developed a proactive enough security strategy. They also have to recognize that they have not put the appropriate procedures in place to cope with a security breach when it happens. Instead, they are in reactive mode.”

In my previous post, I blogged about how although any proactive security strategy can only be as strong as its weakest link, the weakest link in your enterprise security could actually be the protocols enacted in the event of an apparent security breach.

“We are confronted with a world where employees bring their own devices and use them for both their private and their business lives,” Verstraete continued. “As our world is getting increasingly integrated, and as social media is used by enterprises to reach their customers and prospects, we need to train our people to ensure they are watchful for social engineering.”

The book Social Engineering: The Art of Human Hacking by Chris Hadnagy, the lead developer of Social-Engineer.org, defines social engineering as “the act of manipulating a person to take an action that may or may not be in their best interest.”

“While software companies are learning how to strengthen their programs,” Hadnagy explained, “hackers and malicious social engineers are turning to the weakest part of the infrastructure — the people. The motivation is all about return on investment. No self-respecting hacker is going to spend 100 hours to get the same results from a simple attack that takes one hour, or less.”

“Denial, ignorance, or the overwhelming nature of threats and vulnerabilities are all causes of a lack of focus,” Ken Larson recently blogged. “In this age of IT, the threats and vulnerabilities raised by mobility, social networking, cloud computing, and the sharing of IT resources between enterprises must be added to the traditional threats that we’ve focused on for years.”

As I have previously blogged, traditional approaches focus mainly on external security threats, which nowadays is like fortifying your physical barriers while ignoring the cloud floating over them and the mobile devices walking around them. The more open business environment enabled by cloud and mobile technologies is here to stay, and it requires a modern data security model.

“Proactively define your security strategy,” Verstraete concluded. “Decide what an acceptable risk level is. Choose and implement tools and procedures accordingly, and train, train, train your employees.” I definitely agree that employee training is essential to strengthening your enterprise security, and especially training your employees to understand the principles of social engineering.

This blog post is sponsored by the Enterprise CIO Forum and HP.

Thursday

Sep062012

The Weakest Link in Enterprise Security

HP,

Mobile

Thursday, September 6, 2012 at 3:00AM

This blog post is sponsored by the Enterprise CIO Forum and HP.

As a recent Techopedia article noted, one of the biggest challenges for IT security these days is finding a balance among three overarching principles: availability (i.e., that information is accessible when authorized users need it), confidentiality (i.e., that information is only being seen or used by people who are authorized to access it), and integrity (i.e., that any changes to information by an unauthorized user are impossible — or at least detected — and changes by authorized users are tracked).

Finding this balance has always been a complex challenge for enterprise security since the tighter you lock an IT system down, the harder it can become to use for daily business activities, which sometimes causes usability to be prioritized over security.

“I believe those who think security isn’t a general IT priority are wrong,” Rafal Los recently blogged in a post about the role of Chief Information Security Officer (CISO). “Pushing the security agenda ahead of doing business seems to be something poor CISOs are known for, which creates a backlash of executive push-back against security in many organizations.”

According to Los, IT leaders need to balance the business enablement of IT with the need to keep information secure, which requires better understanding both business risks and IT threats, and allowing the organization to execute its business goals in a tactical fashion while simultaneously working out the long-term enterprise security strategy.

Although any security strategy is only as strong as its weakest link, the weakest link in enterprise security might not be where you’d expect to find it. A good example of this came from perhaps the biggest personal data security disaster story of the year, the epic hacking of Mat Honan, during which, as he described it, “in the space of one hour, my entire digital life was destroyed.”

The biggest lesson learned was not the lack of a good security strategy (though that obviously played a part, not only with Honan personally, but also with the vendors involved). Instead, the lesson was that the weakest link in any security strategy might be its recovery procedures — and that hackers don’t need to rely on Hollywood-style techno-wizardry to overcome security protocols.

Organizations are rightfully concerned about mobile devices containing sensitive data getting stolen — in fact, many make use of the feature provided by Apple that enables you to remotely delete data on your iPhone, iPad, and MacBook in the event of theft.

In Honan’s case, the hackers exploited this feature by accessing his Apple iCloud account (for the details of how that happened, read his blog post), wiping clean his not-stolen mobile devices, resetting his passwords, including for his email accounts, which prevented him from receiving any security warnings and password reset notifications, and bought the hackers the time needed to redirect everything — essentially all by doing what Honan would have done if his mobile devices had actually been stolen.

The hackers also deleted all of Honan’s data stored in the cloud, which was devastating since he had no off-line backups (yes, he admits that’s his fault). Before you’re tempted to use this as a cloud-bashing story, as Honan blogged in a follow-up post about how he resurrected his digital life, “when my data died, it was the cloud that killed it. The triggers hackers used to break into my accounts and delete my files were all cloud-based services — iCloud, Google, and Amazon. Some pundits have latched onto this detail to indict our era of cloud computing. Yet just as the cloud enabled my disaster, so too was it my salvation.”

Although most security strategies are focused on preventing a security breach from happening, as the Honan story exemplifies, the weakest link in your enterprise security could actually be the protocols enacted in the event of an apparent security breach.

This blog post is sponsored by the Enterprise CIO Forum and HP.

Thursday

Aug232012

Enterprise Security is on Red Alert

HP,

Mobile

Thursday, August 23, 2012 at 8:00AM

This blog post is sponsored by the Enterprise CIO Forum and HP.

Enterprise security is becoming an even more important, and more complex, topic of discussion than it already was. Especially when an organization focuses mostly on preventing external security threats, which is somewhat like, as in the photo to the left, telling employees to keep the gate closed but ignore the cloud floating over the gate and the mobile devices walking around it.

But that doesn’t mean we need to build bigger and better gates. The more open business environment enabled by cloud and mobile technologies is here to stay, and it requires a modern data security model that can protect us from the bad without being overprotective to the point of inhibiting the good.

“Security controls cost money and have an impact on the bottom line,” Gideon Rasmussen recently blogged. Therefore, “business management may question the need for controls beyond minimum compliance requirements. However, adherence to compliance requirements, control frameworks, and best practices may not adequately protect sensitive or valuable information because they are not customized to the unique aspects of your organization.”

This lack of a customized security solution can also be introduced when leveraging cloud providers. “Transparency is the capability to look inside the operational day-to-day activity of your cloud provider,” Rafal Los recently blogged. “As a consumer, transparency means that I have audit-ability of the controls, systems, and capabilities that directly impact my consumed service.”

A further complication for enterprise security is that many cloud-based services are initiated as Shadow IT projects. “There are actually good reasons why you may want to take a hard look at Shadow IT, as it may fundamentally put you at risk of breaching compliance,” Christian Verstraete recently blogged. “Talking to business users, I’m often flabbergasted by how little they know of the potential risks encountered by putting information in the public cloud.”

In the science fiction universe of Star Trek, the security officers aboard the starship Enterprise, who wore red shirts, often quickly died on away missions. Protecting your data, especially when it goes on away missions in the cloud or on mobile devices, requires your enterprise security to be on red alert — otherwise everyone in your organization might as well be wearing a red shirt.

This blog post is sponsored by the Enterprise CIO Forum and HP.

Tuesday

Aug142012

The Age of the Mobile Device

Mobile

Tuesday, August 14, 2012 at 10:00AM

Bob Sutor recently blogged about mobile devices, noting that “the power of these gadgets isn’t in their touchscreens or their elegant design. It’s in the variety of apps and communication services we can use on them to stay connected. By thinking beyond the device, companies can prepare themselves and figure out how to make the most of this age of the mobile device.”

The disruptiveness of mobile devices to existing business models — even Internet-based ones — is difficult to overstate. In fact, I believe the age of the mobile device will be even more disruptive than the age of the Internet, which, during the 1990s and early 2000s, disrupted entire industries and professions — the three most obvious examples being music, journalism, and publishing.

However, during those disruptions, mobile devices were in their nascent phase. Laptops were still the dominant mobile devices and most mobile phones only made phone calls, though text messaging and e-mail soon followed. It’s only been about five years — with the notable arrivals of the iPhone and the Kindle in 2007, the Android operating system in 2008, and the iPad in 2010 — since mobile devices started to hit their stride. The widespread availability of connectivity options (Wi-Fi and 3G/4G broadband), the shift to more cloud-based services, and, as Sutor noted, in 2011, for the first time ever, shipments of smartphones exceeded total PC shipments, all appears to forecast that the age of the mobile device will be an age of massive — and rapid — disruption.

The IBM Midmarket white paper A Smarter Approach to Customer Relationship Management (CRM) notes that “mobile is becoming the customers’ preferred communications means for multiple channels. As customers go mobile and sales teams strive to meet customers’ needs, midsize companies are enabling mobile CRM. They are optimizing Web sites for wireless devices and deploying mobile apps directly linked into the contact centers. They are purchasing apps for particular devices and are buying solutions that store CRM data on them when offline, and update the information when Internet access is restored. This enables sales teams to quickly acquire customer histories and respond with offerings tailored to their desires.”

As Sutor concluded, “mobile devices are a springboard into the future, where the apps can significantly improve the quality of our personal or business lives by allowing us to do things we have never done before.” I agree that mobile devices are a springboard into a future that allows us, as well as our businesses and our customers, to do things we have never done before.

The age of the mobile device is the future — and the future is now. Is your midsize business ready?

This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet.

Thursday

Jun212012

The Return of the Dumb Terminal

Books,

HP,

Mobile

Thursday, June 21, 2012 at 3:00AM

This blog post is sponsored by the Enterprise CIO Forum and HP.

In his book What Technology Wants, Kevin Kelly observed “computers are becoming ever more general-purpose machines as they swallow more and more functions. Entire occupations and their workers’ tools have been subsumed by the contraptions of computation and networks. You can no longer tell what a person does by looking at their workplace, because 90 percent of employees are using the same tool — a personal computer. Is that the desk of the CEO, the accountant, the designer, or the receptionist? This is amplified by cloud computing, where the actual work is done on the net as a whole and the tool at hand merely becomes a portal to the work. All portals have become the simplest possible window — a flat screen of some size.”

Although I am an advocate for cloud computing and cloud-based services, sometimes I can’t help but wonder if cloud computing is turning our personal computers back into that simplest of all possible windows that we called the dumb terminal.

Twenty years ago, at the beginning of my IT career, when I was a mainframe production support specialist, my employer gave me a dumb terminal to take home for connecting to the mainframe via my dial-up modem. Since I used it late at night when dealing with nightly production issues, the aptly nicknamed green machine (its entirely text-based display used bright green characters) would make my small apartment eerily glow green, which convinced my roommate and my neighbors that I was some kind of mad scientist performing unsanctioned midnight experiments with radioactive materials.

The dumb terminal was so-called because, when not connected to the mainframe, it was essentially a giant paperweight since it provided no offline functionality. Nowadays, our terminals (smartphones, tablets, and laptops) are smarter, but in some sense, with more functionality moving to the cloud, even though they provide varying degrees of offline functionality, our terminals get dumbed back down when they’re not connected to the web or a mobile network, because most of what we really need is online.

It can even be argued that smartphones and tablets were actually designed to be dumb terminals because they intentionally offer limited offline data storage and computing power, and are mostly based on a mobile-app-portal-to-the-cloud computing model, which is well-supported by the widespread availability of high-speed network connectivity options (broadband, mobile, Wi-Fi).

Laptops (and the dwindling number of desktops) are the last bastions of offline data storage and computing power. Moving more of those applications and data to the cloud would help eliminate redundant applications and duplicated data, and make it easier to use the right technology for a specific business problem. And if most of our personal computers were dumb terminals, then our smart people could concentrate more on the user experience aspects of business-enabling information technology.

Perhaps the return of the dumb terminal is a smart idea after all.

This blog post is sponsored by the Enterprise CIO Forum and HP.

The Partly Cloudy CIO

Why does the sun never set on legacy applications?

Are Applications the La Brea Tar Pits for Data?