Data is the new Oil

At a recent meeting I heard the expression ‘Data is the new Oil’ for the first time.

When you hear this, what does it conjure up in your mind?

Does it translate as data is the new oil of business?

The digital onslaught

It is hard not to have a business conversation without mentioning ‘digital’ and the new buzzwords are digital transformation and business transformation. I have not heard from anyone a convincing definition of what these mean.

What I have heard is the importance of data and how that can be transformative and I have personal experience of this. On one scale it can be the deep analysis of a small dataset that reveals new insights that support better decision-making through the analysis of a big dataset (Big Data) that can swamp you with riddles.

The ‘e’ fear

Just as oil has the ‘e’ fear where ‘e’ in this case is environment, so too does data has it’s ‘e’ fear being exploitation. There is huge debate that is growing in passion about data privacy (it affects everyone potentially and more so those that are online junkies) and how their personal data is exploited.

Fear not, your defender is the ICO

The Information Commissioners Office (ICO) is your defender and their documents may not be high on your must read list yet the contents provide reassurance that your privacy is important.

Politicians have stepped up to the mark in defence of privacy and the General Data Protection Regulation (GDPR) comes into force 25th May 2018 and  the financial penalties under this regulation are greatly increased over those permissible under UK law today, being capped at £500,000. This has increased awareness of the importance of good governance in respect of processing and controlling data .

I sit on the board of the Federation Against Software Theft (FAST) and benefit from the expertise of people like Julian Hobbins General Counsel at FAST who writes a monthly bulletin on legal matters of interest to the IT software community. I copy below his latest bulletin and give full credit for his work.

Big data analytics and the ICO

“Big data analytics” – a concept so in vogue that the term has become a buzzword. Quick to point out that it is “no fad”, the Information Commissioner’s Office (ICO) last month published its second paper on the subject. The paper provides an illuminating discussion on some of the key issues surrounding big data and how it can be reconciled with data protection principles. However, before taking a look at this in more detail, it first seems necessary to clarify just what the term “big data analytics” means.

“Big data”, “AI” and “machine learning” are terms often used interchangeably. Although closely related concepts, there is a notable distinction.

Whilst there is no single definition, the term “big data” essentially refers to colossal datasets of real-time data from a multitude of sources. Its size and complexity means that it is difficult, if not impossible, to analyse using traditional data analysis methods.

“AI” or “artificial intelligence” refers to the computational power capable of intelligently analysing big data.

“Machine learning” is a phrase encompassing the range of intelligent techniques and tools that sit behind AI. These mechanisms (based on complicated algorithms) allow computers to “think”, adapt and respond autonomously accordingly to the data being processed. This means that computers can process and interpret big data with the insightfulness of a human (although not always through using the same anthropic rationale).

Together, these three terms are often referred to as ‘big data analytics” or simply “big data” and, for simplicity, these are the terms used throughout the remainder of this article.

Because big data analytics is such a sophisticated and complex approach to data processing, it has significant implications for data protection and privacy. It is therefore important to have an awareness of these implications whenever personal data is involved. Whilst the brevity of this update does not allow for an in depth look at the data protection implications of big data analytics, it does allow for a brief comment on some of the main points to take from the ICO report.

One of the key concerns flagged by the ICO is the possible conflict between big data analytics and the requirement for fair and transparent data processing. There is often a supposition that big data analytics is so sophisticated as to be somewhat shady or sinister.

This therefore poses the question of whether big data analytics has an intrusive effect on individuals; for instance, where big data is processed for the purposes of automated profiling. In circumstances such as these – where big data is used in a way to make decisions affecting individuals – the ICO reminds organisations of the need to consider principles of fairness. Similarly, the ICO emphasises the importance of expectation and considering whether individuals could reasonably expect their data to be used in the ways that big data analytics facilitates.

The complexity of the machine learning underpinning big data analytics means that transparency is another key issue. Not only can the opacity of the processing create problems for individuals whose data is being used, it can also lead to difficulties when obtaining meaningful consent to the processing of personal data. This problem is further complicated due to the experimental nature of big data analytics, which means it is not always practical to give consent at the outset.

Whilst the above provides a flavour of some of the concerns discussed at length in the ICO report, it seems appropriate for this update to conclude by focusing attention on the overall stance of the ICO on the subject. However, before doing so, it is worth very briefly mentioning the number of “compliance tools” suggested by the ICO. These are measures, such as anonymisation, designed to help organisations comply with their data protection obligations in a big data context.

As the recommendation of these tools would suggest, the ICO is clear in its view that it is not a case of big data or data. Rather, the ICO endorses the view that big data is compatible with current data protection legislation. It also recognises and accepts the many commercial benefits of big data analytics across vast swathes of the public and private sector. Nevertheless, there is no denying that the volume, variety and complexity of big data present numerous problems for organisations that must adhere to legislative obligations.

The ICO’s focus is very much on how big data analytics and data protection can co-exist harmoniously. Data protection is not a blockade to big data analytics. Instead, a sensible, well managed and pragmatic approach is encouraged towards meeting data protection requirements and upholding key principles such as fairness and transparency.

How the ICO manages the tension between big data and the obligations on business to protect personal data under the GDPR will be one the ICO’s biggest challenges in the years ahead, especially after Brexit when the British Government will have greater freedom to legislate in this area. It is important for industry that the ICO, in managing that tension, does not implement the GDPR in such a way that it threatens to stifle innovation and the enormous potential commercial and social benefits that big data can deliver on.

A Big Read and I hope you found it informative.

Green is a good way

I rely on the Internet in so many ways and every month I get a bill for my energy consumption and it hadn’t really occurred to me what energy I consume to serve up my Google searches, Office 365, Twitter and everything else I do online.

Who’s counting?

Operators of data centres, and there are some whoppers out there, consume a lot of energy and they are highly motivated to reduce energy consumption as that is a big cost.

In the UK under the Companies Act 2006 (Strategic and Directors’ Reports) Regulations 2013, quoted companies are required to report their annual greenhouse gas (GHG) emissions in their directors’ report.

In the case of a quoted company the strategic report must, to the extent necessary for an understanding of the development, performance or position of the company’s business, include—

(b) information about—

(i) environmental matters (including the impact of the company’s business on the environment)

If a company uses public datacentres and many do then that is part of their carbon footprint.

The guardians of our environment Greenpeace are also counting. You can read their report and naming and shaming of dirty energy users and praise for exemplar companies like Apple heading up the list.

Screen Shot 2017-01-16 at 22.16.17

Screen Shot 2017-01-16 at 22.24.10

Got one of these?

Have you seen this before?   Screen Shot 2017-01-16 at 22.25.15

Screen Shot 2017-01-16 at 22.26.25It now lives on my Google toolbar and when I visit a website it tells me about the green credentials of that web site. Here I am on apple.com and this is what I see.

You can get the app with the Screen Shot 2017-01-16 at 22.25.15 by going to the Google Chrome Web Store

I don’t know about you but I really like this. It does not have a scorecard for every website but it does for the big providers that are serving very large numbers of users e.g Google, Apple, Microsoft and IBM.

I wonder how much this might influence those businesses under reporting regimes when choosing their provider?

Public sector doing their bit

Screen Shot 2017-01-16 at 22.53.42

The public sector need to demonstrate its green credentials and the EU has launched the EURECA survey (only Public Sector invited to participate) with the aim to ‘helping to improve the energy and environmental performance of data centres’ used by the public sector.

Risk

So having dealt with the green issue, what about risk? As a business becomes dependant on a third-party such as a datacentre provider to deliver business critical resources then that has an associated risk. Click here to read the Data Centre Risk Index 2016 published by Cushman Wakefield. I promise you it offers a few surprises!

Cyber security your responsibility

The Uk’s National Cyber Security Centre (NCSC) was officially opened on the day of love, 14 February 2017. However we are not in love with cyber it is a nasty evil that is a global threat to individual citizens, businesses and governments.

As I prepare to chair the Cloud Expo Security theatre on March 15 at Cloud Expo I have been researching recent news and the most prominent is the opening of the NCSC.

Here is what the Chancellor of the Exchequer said at the launch of the NCSC: ‘Our digital sector is also the best in the world – contributing a bigger proportion of our GDP every year than any other country in the G20.’

The UK is a big target for cyber criminals. He went out to quote:

  • 83% of UK businesses are online
  • 65% of large businesses reported a cyber breach or attack in the past 12 months
  • The ONS estimate that there were two million such incidents (cyber) in the past twelve months alone. If these numbers were included in our crime figures, the UK’s crime rate would double

A report dated December 2016 ‘Cyber security regulation and incentives review‘ is a worthwhile read as it sets the UK government’s policy on how it will combat cyber threats.

Here are some notable extracts (my emphasis in bold) from the report and I encourage you to read the whole document (27 pages).

The responsibility for keeping the UK, its economy and its citizens safe is shared. Every business, charity and institution up and down the country must realise that cyber security is their job as much as it is Government’s. Only when the effort is concerted and persistent can we fully tackle this challenge.

Effective cyber security risk management is vital to the success of the UK economy and to ensuring the safety of citizens. However, Government is clear that any interventions need to be proportionate. It does not want to overburden businesses and organisations with unnecessary regulatory requirements.

For now, Government will not seek to pursue further general cyber security regulation for the wider economy over and above the GDPR. It should ultimately be for organisations to manage their own risk in respect of their own sensitive data (e.g. intellectual property) and online presence. The Review findings also suggest that the impact of other regulation would anyway be limited, and unlikely to be effective enough to outweigh the burden on business. Imposing specific requirements could also encourage a ‘compliance’ culture rather than proactive cyber risk management. Government will however pursue a number of new non-regulatory interventions to incentivise better cyber risk management, in support of the existing business engagement strategy. These will mostly be delivered through the National Cyber Security Centre, providing advice and guidance to organisations and incentivising them to improve their cyber security risk management.

There is still time to register for Cloud Security Expo 2017 Excel London on March 15 2017 at http://www.cloudsecurityexpo.com/

This article was also published on LinkedIn on 4th March 2017

Calm down it is only digital

Dizzy from the heat of talk about digital transformation and warnings that a team in a garage somewhere in the world is about to wipe your business off the face of the earth? Calm down.

The latest froth from the ITC sector is digital transformation and much is made of how Amazon (Retail and now Cloud Computing) Uber (transport) and AirBnB (accommodation) and Netflix (entertainment) have gone global and disrupted the industries they serve and in turn made the founders of these business very rich. There are not that many examples of disrupters going big and those that flopped? Who cares.

Businesses like Uber started out to disrupt whereas the majority of businesses are cranking the handle and delivering value and earning money and it is BAU. They may be next in line to be disrupted and that is always a threat and reason why the digital transformation theme is so topical today particularly among ITC vendors and consultants. It was interesting to read a view that IMO sets the tone for the digital transformation conversation more realistically. Anyway, you decide. You can access the article at MIT Sloan Management Review (Feb 06 2017) when you click here

The article busts 5 myths:

Myth #1: Every company should digitally transform.
Reality: Not every company, process, or business model requires digital transformation.

Myth #2: Digital transformation leverages emerging or disruptive technologies.
Reality: Most short-term transformational impact comes from “conventional” operational and strategic technology — not from emerging or so-called “disruptive” technology.

Myth #3: Profitable companies are the most likely to launch successful digital transformation projects.
Reality: If things are going well — defined crassly as employee and shareholder wealth creation — then the chances of transforming anything meaningful are quite low.

Myth #4: We need to disrupt our industry before someone else does.
Reality: Disruptive transformation seldom begins with market leaders whose business models have defined their industry categories for years.

Myth #5: Executives are hungry for digital transformation.
Reality: The number of executives who really want to transform their companies is relatively small, especially in public companies.

Attribution: Stephen J. Andriole is the Thomas G. Labrecque Professor of Business Technology at Villanova University in Villanova, Pennsylvania, and is the author of the book Ready Technology: Fast-Tracking New Business Technologies (CRC Press, 2014).

 

Digital Transformation agenda for boards

Oh Oh, is 2017 the year when Digital Transformation gets a regular slot on the agenda of board meetings? If it is, what questions will stimulate that debate?

As a member of the Financial Times Non Executive Director Club I receive invitations from the club’s sponsor EY to events and receive notice of their publications.

Screen Shot 2017-01-31 at 20.42.53

Their latest report (January 2017) poses questions for corporate leaders related to digital transformation. It asks:

How can current levels of business be maintained and additional business be generated against the background of digital transformation?

Is this possible within the current business structure?

Which changes (cultural, strategic, organizational, technological) are necessary to ensure the continued success of the business?

Screen Shot 2017-01-31 at 20.51.54I particularly liked the five questions it asked of boards. As I read the question, ‘Does your board have a designated digital expert who focuses on technology issues’, it set me wondering what the qualifications and experience are to define a person for the role of ‘digital expert’ at board level. A Google search quickly revealed this was not going to be easy. A blog by Peter Noblet of Hays set me off in the direction of asking him why he wrote ‘There is no such thing as a Digital Expert’.

That set me thinking: what would a board expect of a digital expert?

Interestingly a Gartner report in 2012 stated organizations will create the role of a Chief Digital Officer (CDO) as part of the business unit leadership, which will become a new seat at the executive table and predicting that by 2015, 25% of organizations will have a CDO.  “The CDO will prove to be the most exciting strategic role in the decade ahead, and IT leaders have the opportunity to be the leaders who will define it,” said David Willis, vice president and distinguished analyst at Gartner. “The Chief Digital Officer plays in the place where the enterprise meets the customer, where the revenue is generated and the mission accomplished. They’re in charge of the digital business strategy. That’s a long way from running back office IT, and it’s full of opportunity.”

Screen Shot 2017-02-01 at 12.02.42

Quote from Deloitte report ‘Courage under fire’

 

I like this common sense advice from Deloitte in their report –

Courage under fire: Embracing disruption that can be downloaded when you click here.

 

 

 

Screen Shot 2017-01-31 at 22.14.51Perhaps the search for the answers in this blog will be revealed in this book that has been shortlisted for the CMI Management Book of the Year awards 2015/16 in the Management Futures category.

I’ll let you know in a future blog.

For my own personal insights in previous blogs click here and here.

 

The security beast

Cloud computing has reached the boardroom so what is topical to that conversation? Can you boil it down to the things that are important?

It is now 12 years since I was on the leadership team of a small Microsoft ISV Gold partner business that took a bet and built a subscription service (today that would be in the category of SaaS) to allow paperless trading between counterparties in a supply chain. Back then security was not spoken about, how things have moved on.

There are countless numbers of people reporting about the cloud and in my role as Deputy Chair at Cloud Industry Forum I keep watch on LinkedIn, Twitter and other channels for news.

I particularly liked this end of year report from North Bridge as it shows what ranks as important in the decision to use the cloud.

screen-shot-2016-12-30-at-08-28-17

Oh Oh Security

This is persistent and the conversation has more than one aspect. Most technologist jump to talk about ‘how to’ deal with security and that threat is constantly evolving and cyber risk is in everyday language. The conversation at the board meeting is not about technology rather about risk and the consequences of a lapse in security. Then there is the balancing act of allocating resources to combat the risk when that risk is not really understood – are you 100% certain your systems and data have not already been compromised?

Cyber risk and risk management

This section is accredited to The Institute of Risk Management.

The risks and opportunities which digital technologies, devices and media bring us are manifest. Cyber risk is never a matter purely for the IT team, although they clearly play a vital role. An organisation’s risk management function need a thorough understanding of the constantly evolving risks as well as the practical tools and techniques available to address them.

What do we mean by cyber risk?

‘Cyber risk’ means any risk of financial loss, disruption or damage to the reputation of an organisation from some sort of failure of its information technology systems.

It will never happen to us….

All types and sizes of organisations are at risk, not only the financial services firms, defence organisations and high profile names which make the headlines.

FT–ICSA Boardroom Bellwether Survey, published in December 2016.

Cyber risk is considered to be the risk that is increasing by the highest number of people (80%), followed by social media risk (52%) and reputational risk (51%).

Baseline

I promote the idea that the security conversation needs a baseline. That baseline is a statement of a known position much like a doctor would assess your health by measurement of  height, weight, waist, blood pressure and then based on preliminary assessment consider more detailed and expensive assessment e.g ECG, MRI.

How do you start the preliminary assessment of security in your own time and without cost. Sound too good to be true? Your taxes have already paid for it as the EU has funded WISER.

Wide-Impact cyber SEcurity Risk framework

WISER is a European collaborative Innovation Action that puts cyber-risk management at the very heart of good business practice, benefitting multiple industries in particular critical infrastructure and process owners, and ICT-intensive SMEs. Started on June 1st 2015, by 2017 WISER will provide a cyber-risk management framework able to assess, monitor and mitigate the risks in real-time, in multiple industries.

Be wise and use WISER

Conduct your own security evaluation when you click here 

screen-shot-2016-12-30-at-09-02-39

Cyber this Cyber that

As we exit 2016 it will be remembered for the high profile of cyber attacks.

The biggest yet – Yahoo own up to 1Bn hacked accounts.

It is one of those things you want to put out of mind – DON’T.

Who are the protectors

There is just soooo much to read about this subject so what can you doooo about it. Reading lots of bad stuff only elevates anxiety. Doing replaces anxiety with purpose.

You may have read that governments are pouring big money into cyber defense.

UK commits £1.9Bn

USA planned budget 2017 $17Bn

The EU commits €450M that it hopes will grow to €2Bn in a public-private partnership

You are a SME – what do you do?

I am sure the folks at Yahoo aren’t laughing and neither would any SME business if they had to deal with the consequences of being hacked that could result in business failure. The stakes are high and that is why governments are pouring money into cyber defense.

Make it a ‘to do now’ to assess the risk. Can you spare 10 minutes to protect your business against the most pernicious risk today to businesses irrespective of their size?

Assessing the risk

screen-shot-2016-12-19-at-13-13-38The EU initiative WISER is an online tool that through question and answer will deliver a report that helps you make the decisions to mitigate cyber risks to your business and the evidence is the risk is ever-present and growing. DANGER.

IT IS FREE – so no excuses.

Two versions of the report available:screen-shot-2016-12-19-at-13-16-28

That link again to create your free report – CLICK HERE

Digital Transformation – it can wait, can’t it?

Change, disruption, digital transformation, Kodak moment are thrown around like the world is coming to an end unless you are ‘on it now’.

Maybe it is, maybe not. Your POV?

I am proud to serve as Deputy Chair of the Cloud Industry Forum (CIF) and represent our membership of industry partners and professional members. I know digital transformation is something CIF care about as the ‘cloud’ is a disruptor of how IT is deployed and an enabler of digital transformation.

The following information is an extract from a report sponsored by Microsoft (a CIF member) and available to CIF members, so come and join us when you click here.

screen-shot-2016-11-09-at-10-33-15

Digital Transformation in pictures

Here are a few reveals from the report to tempt you to come and join CIF and be part of a community that brings together leading industry leading companies and professionals.

screen-shot-2016-11-09-at-10-41-51

screen-shot-2016-11-09-at-10-44-44

Who will listen to you?

The report in its conclusion states:

screen-shot-2016-11-09-at-10-48-04

Q. How do you ensure you are RELEVANT to that conversation?

A. Join the professionals at CIF.  Click here to join us.

logocif

The Internet of Everything

How many things are connected to the Internet? More importantly, how many are secure?

As of 2016 no one can say they know with any degree of accuracy with varying estimates of 10Bn to 20+Bn. This is a drop in the ocean when you consider the forecast. As for security, it is quite surprising the mundane sources of the threat.

The forecast

screen-shot-2016-10-15-at-11-45-53Source Statista

What are things?

They are everything from homes, cars, industrial machines in fact anything with a sensor and means to connect to a network.

This presents BIG opportunity for business and is fast overtaking the conversation about cloud computing.

The worry

There are bad guys out there who like to create havoc either for personal gratification or financial gain and sometimes revenge and the Internet of Everything adds to their opportunity to do that.

How is that?

Things such as webcams that are connected to the Internet when delivered from factory are insecure and the reason is they are all programmed with the same passkey. Even if there is an option to reset the passkey all too often it is not. It might have occurred to you that is the case as the remote that comes with your TV has a passcode printed in the user manual and that passcode is not unique. It is the same for set-top boxes and many other devices. Crack the passcode for one, just buy one or look it up using search and you have the passcode, and bingo all devices are open to exploitation.

Sound fanciful? Click here for a DDOS story reported October 2016.

And for the more technically minded another story reported October 2016.

The remedy

And the reason for this blog is that the Computer Security Alliance (CSA) has published a document (october 2016) that is free to download with the purpose ‘to raise the overall security posture of IoT products’. Click here to download.

screen-shot-2016-10-14-at-17-31-02

Collaboration an everyday word

I can’t remember how many conversations I’ve had where the word ‘collaboration’ creeps in.

The books I have written for Microsoft and Google on their respective products Office 365 and Google Apps for Work (renamed G Suite) enable collaboration.

The dictionary definition of collaboration is not so helpful: ‘the action of working with someone to produce or create something.’

As an author I wanted something visual that can easily be related to ‘work’ and the ‘workplace’ that is the picture you see below and featured in both books referred to before.

dr-pete-illu-1-01

Picture is Copyright Frank Bennett and Dr. Peter Chadha

It is a bit more than that though as the books explain.

Click here for Google Apps for Work

Click here for Microsoft Office 365

This is a hot space and Facebook have now gone public with its own ‘Workplace by Facebook’ and you can read more when you click here.