The security beast

Cloud computing has reached the boardroom so what is topical to that conversation? Can you boil it down to the things that are important?

It is now 12 years since I was on the leadership team of a small Microsoft ISV Gold partner business that took a bet and built a subscription service (today that would be in the category of SaaS) to allow paperless trading between counterparties in a supply chain. Back then security was not spoken about, how things have moved on.

There are countless numbers of people reporting about the cloud and in my role as Deputy Chair at Cloud Industry Forum I keep watch on LinkedIn, Twitter and other channels for news.

I particularly liked this end of year report from North Bridge as it shows what ranks as important in the decision to use the cloud.


Oh Oh Security

This is persistent and the conversation has more than one aspect. Most technologist jump to talk about ‘how to’ deal with security and that threat is constantly evolving and cyber risk is in everyday language. The conversation at the board meeting is not about technology rather about risk and the consequences of a lapse in security. Then there is the balancing act of allocating resources to combat the risk when that risk is not really understood – are you 100% certain your systems and data have not already been compromised?

Cyber risk and risk management

This section is accredited to The Institute of Risk Management.

The risks and opportunities which digital technologies, devices and media bring us are manifest. Cyber risk is never a matter purely for the IT team, although they clearly play a vital role. An organisation’s risk management function need a thorough understanding of the constantly evolving risks as well as the practical tools and techniques available to address them.

What do we mean by cyber risk?

‘Cyber risk’ means any risk of financial loss, disruption or damage to the reputation of an organisation from some sort of failure of its information technology systems.

It will never happen to us….

All types and sizes of organisations are at risk, not only the financial services firms, defence organisations and high profile names which make the headlines.

FT–ICSA Boardroom Bellwether Survey, published in December 2016.

Cyber risk is considered to be the risk that is increasing by the highest number of people (80%), followed by social media risk (52%) and reputational risk (51%).


I promote the idea that the security conversation needs a baseline. That baseline is a statement of a known position much like a doctor would assess your health by measurement of  height, weight, waist, blood pressure and then based on preliminary assessment consider more detailed and expensive assessment e.g ECG, MRI.

How do you start the preliminary assessment of security in your own time and without cost. Sound too good to be true? Your taxes have already paid for it as the EU has funded WISER.

Wide-Impact cyber SEcurity Risk framework

WISER is a European collaborative Innovation Action that puts cyber-risk management at the very heart of good business practice, benefitting multiple industries in particular critical infrastructure and process owners, and ICT-intensive SMEs. Started on June 1st 2015, by 2017 WISER will provide a cyber-risk management framework able to assess, monitor and mitigate the risks in real-time, in multiple industries.

Be wise and use WISER

Conduct your own security evaluation when you click here 


Cyber this Cyber that

As we exit 2016 it will be remembered for the high profile of cyber attacks.

The biggest yet – Yahoo own up to 1Bn hacked accounts.

It is one of those things you want to put out of mind – DON’T.

Who are the protectors

There is just soooo much to read about this subject so what can you doooo about it. Reading lots of bad stuff only elevates anxiety. Doing replaces anxiety with purpose.

You may have read that governments are pouring big money into cyber defense.

UK commits £1.9Bn

USA planned budget 2017 $17Bn

The EU commits €450M that it hopes will grow to €2Bn in a public-private partnership

You are a SME – what do you do?

I am sure the folks at Yahoo aren’t laughing and neither would any SME business if they had to deal with the consequences of being hacked that could result in business failure. The stakes are high and that is why governments are pouring money into cyber defense.

Make it a ‘to do now’ to assess the risk. Can you spare 10 minutes to protect your business against the most pernicious risk today to businesses irrespective of their size?

Assessing the risk

screen-shot-2016-12-19-at-13-13-38The EU initiative WISER is an online tool that through question and answer will deliver a report that helps you make the decisions to mitigate cyber risks to your business and the evidence is the risk is ever-present and growing. DANGER.

IT IS FREE – so no excuses.

Two versions of the report available:screen-shot-2016-12-19-at-13-16-28

That link again to create your free report – CLICK HERE

Digital Transformation – it can wait, can’t it?

Change, disruption, digital transformation, Kodak moment are thrown around like the world is coming to an end unless you are ‘on it now’.

Maybe it is, maybe not. Your POV?

I am proud to serve as Deputy Chair of the Cloud Industry Forum (CIF) and represent our membership of industry partners and professional members. I know digital transformation is something CIF care about as the ‘cloud’ is a disruptor of how IT is deployed and an enabler of digital transformation.

The following information is an extract from a report sponsored by Microsoft (a CIF member) and available to CIF members, so come and join us when you click here.


Digital Transformation in pictures

Here are a few reveals from the report to tempt you to come and join CIF and be part of a community that brings together leading industry leading companies and professionals.



Who will listen to you?

The report in its conclusion states:


Q. How do you ensure you are RELEVANT to that conversation?

A. Join the professionals at CIF.  Click here to join us.


The Internet of Everything

How many things are connected to the Internet? More importantly, how many are secure?

As of 2016 no one can say they know with any degree of accuracy with varying estimates of 10Bn to 20+Bn. This is a drop in the ocean when you consider the forecast. As for security, it is quite surprising the mundane sources of the threat.

The forecast

screen-shot-2016-10-15-at-11-45-53Source Statista

What are things?

They are everything from homes, cars, industrial machines in fact anything with a sensor and means to connect to a network.

This presents BIG opportunity for business and is fast overtaking the conversation about cloud computing.

The worry

There are bad guys out there who like to create havoc either for personal gratification or financial gain and sometimes revenge and the Internet of Everything adds to their opportunity to do that.

How is that?

Things such as webcams that are connected to the Internet when delivered from factory are insecure and the reason is they are all programmed with the same passkey. Even if there is an option to reset the passkey all too often it is not. It might have occurred to you that is the case as the remote that comes with your TV has a passcode printed in the user manual and that passcode is not unique. It is the same for set-top boxes and many other devices. Crack the passcode for one, just buy one or look it up using search and you have the passcode, and bingo all devices are open to exploitation.

Sound fanciful? Click here for a DDOS story reported October 2016.

And for the more technically minded another story reported October 2016.

The remedy

And the reason for this blog is that the Computer Security Alliance (CSA) has published a document (october 2016) that is free to download with the purpose ‘to raise the overall security posture of IoT products’. Click here to download.


Collaboration an everyday word

I can’t remember how many conversations I’ve had where the word ‘collaboration’ creeps in.

The books I have written for Microsoft and Google on their respective products Office 365 and Google Apps for Work (renamed G Suite) enable collaboration.

The dictionary definition of collaboration is not so helpful: ‘the action of working with someone to produce or create something.’

As an author I wanted something visual that can easily be related to ‘work’ and the ‘workplace’ that is the picture you see below and featured in both books referred to before.


Picture is Copyright Frank Bennett and Dr. Peter Chadha

It is a bit more than that though as the books explain.

Click here for Google Apps for Work

Click here for Microsoft Office 365

This is a hot space and Facebook have now gone public with its own ‘Workplace by Facebook’ and you can read more when you click here.

So you want to be a Board member

The top jobs and top money. What is ahead for boards and are you ready to take on those challenges?

I was awarded the Financial Times Non-Executive Director Professional Diploma in 2015 and take a keen interest in reading about those things that affect my performance as a member of boards.

It’s Digital and it’s potent

I write about IT and how its is business DNA and core to the success or potential failure of an organisation. Recently I blogged about cybercrime and how important it is for this to be on the agenda of every board meeting and it was intriguing to read that this also features in a report by Grant Thornton title: Boards of the future – Steering organisations to thrive. You can download a copy when you click here.

Here are the remarks from the report about cyber-crime and collaboration.

Screen Shot 2016-08-27 at 10.16.20

Regarding collaboration this is an area that is addressed by companies like Microsoft and Google whose products, Office 365 and Google Apps for Work respectively, delivered in the Cloud, are superb platforms for delivering affordable collaboration in the supply chain. I wrote about this in books I had published for Microsoft and Google and this is going to remain topical for a long time. For more information on how this plays out on a global scale and the ecosystems that are the connectors for collaboration click here.

More than just Digital

The report calls out the priorities: Boards of the future: steering organisations to thrive uncovers burning priorities for boards and shareholders worldwide which need addressing as a matter of urgency: ensuring diversity of composition and boosting digital expertise.

Read on and it is not all about digital, that is just one of the big components in focus for Boards. Here is a picture from the report and I encourage you to download the report if you aspire to be a board member or just want to be better informed of the challenges that boards deal with.

Screen Shot 2016-08-27 at 10.33.28

To learn more about the FT Non-Executive Director Professional Diploma click here

Digital Transformation

I don’t how many times I have read about the necessity for a business to actively pursue digital transformation or fail. Then, when in a conversation you ask what that means, the conversation gets a bit ragged.

So, I went looking for something simple to explain digital transformation and found this infographic in the latest digital edition of Europe Business Review (July 2016).

The 8 steps for Digital Transformation (courtesy of Oracle) with my own commentary.

Screen Shot 2016-08-01 at 21.43.58

Where is this on a CEO’s agenda? Top, middle, bottom?

I ponder how many SME CEO/MD are worrying if they have a clear digital strategy?

Who do they look to? McKinsey?



Screen Shot 2016-08-01 at 21.44.15

This has been talked about for a long time.

It is not made easier as Line of Business managers impatient with IT delivery cycles vote to buy services in the cloud often without the involvement of IT, aka Shadow IT. This gives rise to concerns about security and governance.

Work together, easy to say, sometimes hard to do.


Screen Shot 2016-08-01 at 21.44.42

To achieve this bi-modal IT may require additional resources (people and money) and that is why the CEO and Board need to be on-board.

It may also require a new way to deploy IT, perhaps in the Cloud or Hybrid (in the Cloud and on-premises)?

The IT that soaks 95% of IT resources are business DNA (e.g. ERP) and they are ‘untouchable’ so Mode 2 is probably going to be customer facing, see Step 5.




Screen Shot 2016-08-01 at 21.45.21

Move over People Process Technology. The new way is Portfolio People Process Platform.

What changed? Oh yes, Portfolio and Platform.

The biggie is Cloud as it is transforming how businesses choose to deploy IT.




Screen Shot 2016-08-01 at 21.46.30

So you will need to go figure what is bugging your customers and what value they would place on you fixing their gripes.

I get the idea, it is very clear what order you would want to commit your resources, but how do you get to know what is No. 1? Monitor your social media? Ask your customer: what do we do that really pisses you off?

Perhaps another way to look at this is: what would really please your customer and they would value? Pretty please: how can we serve you better and what difference would it make to you?

Maybe I am not the right person to write the marketing spiel for this exercise.


Screen Shot 2016-08-01 at 21.46.11

This is a mindset thing and can challenge the culture of an organisation that does not like to think of failure even though the truth is every organisation has to live with failure. We just don’t like to mention the word.




Screen Shot 2016-08-01 at 21.45.55

Bring in the professionals.





Cloud glorious Cloud da da da da da da…



There you go, so now you have the blueprint for a conversation about digital transformation whether that is in the pub or anywhere else. Cheers.

Mission Critical or Mission Support?

How many times have you got close to winning that sale and then it just never happened. Were you on the mission critical list? Did you ask the question?

Every vendor whatever they have to sell faces the challenge to get their hands on the money. In pursuit of that, the focus is on justifying why that money should be allocated to their proposal rather than any other and there is always competition for money for a range of projects. So you are not just competing against others that you deem ‘competitors’ but also other projects that need funding.

Know your mission

What if a customer were asked to classify what they consider to be ‘mission critical’ and for that matter ‘mission support’. That would reveal what separates one from the other and in turn provide clues to your chance of success.

These ‘mission’ terms are usually associated with the military yet they have a place in commerce as well. A quick look at Wikipedia describes mission critical as: any factor of a system (components, equipment, personnel, process, procedure, software, etc.) that is essential to business operation or to an organisation.

I can find no Wikipedia definition for mission support.

I’m interested to create a list of what is ‘ITC’ mission critical. My starter for 10. ERP (a finance system for SME). CRM. eMail. Website (the list is incomplete of course). I know some organisations that allocate 80%+ of their annual budgets to ERP and CRM so that does not leave much for anything that is not deemed mission critical.

What does that mean for those that are not mission critical? Thin pickings?

What’s on the table?

According to industry sources IT spending in 2016 is forecast at $2.3 trillion. IDC predict the rate of growth is slowing to 2% (2016) from a healthy 5 to 6% over the past six years. Does that put more squeeze on anything that is not mission critical?

So if you are not mission critical, even if you think you are, how do you attach to what is mission critical is vital and know (and have references) what the corresponding economic benefit of that is to a customer?


Where do you start looking for mission critical? I suggest that ecosystems are a good place, they are an economy in their own right and customers attach to them. Who are those ecosystems?

Here is my list:








The combined market cap of these businesses is a staggering $2.5Tn (28/7/16). To put that in context UK GDP for 2015 was reported as $2.84Tn.

One more thing, they all deliver services in the Cloud, the daddy of ecosystems.

Did I miss anyone?

Question #1: how many of these ecosystems are you part of?

Question #2: should SAP, Oracle and IBM be on the list?

Mission over for today.

Tracking down cyber-baddies

Where are the bad guys?

A lot of time and money is allocated by businesses to protect them from cyber risks that are external and that is the correct action but is there another risk already in the building?

According to a recent survey the answer is YES. What the, how can that be?

Well the people at Statista have put together a chart from figures produced by IBM. More commentary at most-cyber-attacks-are-an-inside-job

The thing is, will we now be looking over our shoulders and more than ever vigilant about what our work colleagues are up to.  Hey, you are quiet today, you up to no good?  Clearly that is out of order.  The chart tells the story, someone in the business today could be up to no good.  So how is that going to be policed and what is the responsibility of an employee to blow the whistle?

Screen Shot 2016-06-24 at 08.48.54

Read this blog to know why this is so important.

Director’s Dilemma

If you are a Director of a company then this is of high importance as the UK Corporate Governance Code states that: All directors should receive induction on joining the board and should regularly update and refresh their skills and knowledge.  Cyber crime is typically left to security experts as a technical discipline but the buck stops with board and it is they who vote on the allocation of resources appropriate to the risk.  How can you make that judgement if you don’t understand the risks and so this is yet another discipline that Directors need to be savvy. That risk has just been highlighted as being ‘down the corridor’.

What questions arise?

Next Generation Sales

I am currently reading a book that in my opinion is essential reading for everyone in a sales or marketing role including the Senior Executive Team (SET).

Screen Shot 2016-05-24 at 08.17.28That book is ‘From Selling to Co-Creation’. Click here for a summary from one the UK’s most respected school of management.

The book addresses the fundamental question of co-creating and delivering value to customers in increasingly challenging contexts.

If you have read ‘The Challenger Sale‘ then you are already thinking in a new way about demonstrating your value as a salesperson.

This book takes selling to the next level, or is it any longer selling? If so, who is the new breed of salesperson and what skills must they possess. Before we get too carried away let’s understand that customers still buy ‘stuff’ so vendors will sell ‘stuff’ and that is going to go on. The next level creates value that is not about ‘stuff’ rather it is about ‘something I find hard to describe’ so I share an example now.


What is an expression of co-creating value in these increasingly challenging contexts?

What has one of the world’s largest automobile manufacturers and a tiny (in comparison) software company have in common?

Why did that automobile manufacturer invest a sum of money more than twice that of the software company’s last reported quarterly revenues?

That company is Ford and here is there rationale:

“Expanding our business to be both an auto and mobility company requires leading-edge software expertise to deliver outstanding customer experiences,” said Mark Fields, Ford president and CEO. “Our investment in Pivotal will help strengthen our ability to deliver these customer experiences at the speed of Silicon Valley, including continually expanding FordPass – our digital, physical and personal mobility experience platform.” Click here for the story.

I’m trying to figure how that conversation got started and I doubt it was through a conventional buyer – seller process. It would be really interesting to know who approached who and the context of the first conversation.

Who are the co-creators?

I don’t know but there are two people that count, Mark Fields, Ford president and CEO and Rob Mee, Pivotal CEO.  I would add to that very short list Bill Ruh, CEO, GE Digital.

Who else?  Help me out here.