Don’t we lock the front door of our house to keep intruders away? If we didn’t, it would be dangerous, right?
Similarly not locking the gateway to our organization’s internet usage is allowing hackers in and leaving it open to intrusion. Our passwords, private data, confidential information and a lot of other things are at a major RISK.
To keep hackers or malicious software from getting into our network, there is a need for a deadlock called “Firewall.” Firewalls evade the entry of hackers or malicious software from getting in to our network. The firewall plays an important role in establishing the organization’s network security. A firewall could either be software or a hardware-based platform. A firewall acts as a crucial link between the organization’s internal trusted network and the outside untrusted network which is the larger Internet that may not be as secure thanks to the growing number of malicious cyber activities.
“The primary function of a firewall is to monitor and control incoming and outgoing traffic in the network it deals with.”
With increasing number of hackers planning and devising malware to penetrate a company’s system/network in order to steal information, organizations today are under the continuous threat of cyber-attack. This raises an acute need to exercise caution by ensuring apt security measures that improve the visibility and control over the network traffic especially at the network perimeter or between network segments.
With increasing number of hackers planning and devising malware to penetrate a company’s system/network in order to steal information, organizations today are under the continuous threat of cyber-attack. This raises an acute need to exercise caution by ensuring apt security measures that improve the visibility and control over the network traffic especially at the network perimeter or between network segments.
The traditional firewall or standalone security products provide protection based on specific TCP ports and protocols. It has been evident that a majority of attacks are web based and can pass through such TCP ports that are typically left open, such as port 80 or 443 or 53.
Does this mean that controlling traffic based on protocols or ports is enough? Would blocking or allowing such traffic meet the security goals of an organization?
The answer is a straight NO!
For critical and modern day security requirements, a Next Generation Firewall (NGFW) is a must-have.
Next Generation Firewall (NGFW)
NGFWs are application-aware as against traditional, stateful firewalls that deal in just ports and protocols. They drill into traffic to identify applications and micro applications traversing the network. Apart from that, these NGFWs deliver excellent security and control at throughput speeds to match both the pace of your business and the network traffic at the edge and core.
Sounds ideal, doesn’t it?
However, the real challenge lies in zeroing in on a firewall to approve the right network traffic and the applications for an organization to contain and manage risks thus preventing breaches.
The following pointers can simplify the process and assist to drill down on the apt NGFW for an organization:-
- It should support the standard capabilities of first generation firewall such as packet filtering, stateful protocol inspection, NAT and VPN connectivity
- The firewall should be equipped with truly integrated Intrusion protection with frequent signature updates
- Apart from support features like Application Control and User Identity the firewall should also enable web filtering and IP reputation and provision ease of configuration of role-based application control
- The firewall should be backed up with extensive threat intelligence to reduce risk of data breach
- The firewall should be equipped with context aware policy control so as to allow deep-dive inspection of the network traffic
- Single pane management, rich reporting and logging are some of the must-haves
- The set up NGFW should support business continuity at high throughput speed
- It should have the ability to continuously monitor and mitigate security gaps on endpoints connected to the network
- Have the capability to protect the network from non-compliant or unsanctioned devices
- Be capable of creating and enforcing policies based on real time end user identity information regardless of type of device or location
- Be able to create blacklist and white lists and map the traffic to users and groups using active directory
The icing on the cake:
An Internet Protocol Security (IPS) will provide intrusion prevention for the known threats on the basis of existing or newly generated signatures. But what about threats that may be unknown or generated newly over a period of time?
For this, a sandbox feature can be built into the NGFW to take care of unknown threats. As this is a process intensive application, it is recommended to opt for a cloud based sandbox solution integrated into a NGFW.
Sandbox creates a virtual environment just like an organization’s IT network and diverts all suspicious traffic to this environment before it is actually sent to the user. Once the behavior of the traffic is marked clean, only then it is sent to the user, thus saving the organization from every probable cyber-attack.
Publish Date: May 30, 2016 5:00 AM
IT has played a very crucial role in today’s day and age, this has also given rise to information/security threats.
Starting from Elk Cloner in 1982 to the latest Cryptolocker which made headlines recently, we have seen all IT systems being infected resulting into massive data & reputation losses.
A quick recall, Elk Cloner (first known microcomputer viruses) was targeted to infect the Apple LLC’s operating system. It infected the Apple’s boot sector and spread by cloning itself throughout the victim’s machine and reversing this effect wasn’t easy at that point of time.
With time the threats have become more complicated and advanced for some specific purpose either for monetary benefits or for reputation destruction. Latest of them being the ransomware. Ransomware is a type of malware designed to disable a computer, laptop or mobile device, typically by encrypting the data in such a way that it prevents the user from accessing the device or data. Once the data on an infected machine is encrypted, the victim is told that unless they pay a certain amount, they will not be able to get their data back. Ransomware has grown sophisticated and bulletproof over the last couple of years that even the top law enforcers admit there’s not much to be done if you’re unprepared and hit by ransomware.
There are two basic types of ransomware in circulation. The most common type today is crypto ransomware, which aims to encrypt personal data and files. The other, known as locker ransomware, is designed to lock the computer, preventing victims from using it.
Ransomware is on the high because of two main reasons
- 1. Cyber security field is not entirely prepared for the resurgence of ransomware. Security mechanisms today are not capable of recognizing the malicious behavior of the ransomware because ransomware itself “effectively acts as a security application”.
- 2. The anti-ransomware efforts are stunted and the response procedure for an attack is not unified.
Let us understand how this piece of code manages to do so much of destructions? The lifecycle can be roughly described as :
- Initial infection: Malware is sent typically via an email attachment, a malicious download or installed by other malware
- Embedding on the computer: ransomware alters the relevant registry keys and files to make sure its code is running when the computer starts/runs
- Launching the attack: Malware communicates with the command and control center trying to get the encryption keys and register the attack
- Locking down: The malware then proceeds to encrypt/lock the user’s files using the key obtained from the attacker’s server
- Ransom note: Ransomware displays ransom notices and links that allow the victim to access websites accepting payment in Bitcoins
Considering the above unavoidable scenario of Ransomware, some of the best known methods to prevent an attack are:
1. Implement Advanced Threat Protection for Email
For email attachments, use an anti-malware multi-scanner in order to increase detection of ransomware. For newly released ransomware, the more anti-malware engines you use to scan files, greater the chance that you will be able to detect and block the malware and prevent threats from bypassing a specific engine’s vulnerabilities. By implementing data sanitization for email attachments, you can convert files to a different format, removing any potentially embedded threats that are not detected by anti-malware engines. For instance, by converting a Word document to pdf format, you can ensure that any potentially harmful content is removed.
2. Scan Web Traffic for Threats
Use anti-malware multi-scanning on your web traffic in order to ensure that the web pages that you are visiting are free of malware. The ability to prevent users access to t vulnerable or malicious websites greatly lowers the risk of a ransomware infection.
3. Monitor Your Devices
Monitor your devices and scan machines for malicious files and processes. Scan your servers, laptops and other devices to automatically remediate any issues.
While e-mail being the primary media for spreading the attack, attackers tend to distribute ransomware through malicious advertisements served when certain websites are visited. Blocking advertisements from being delivered on your systems or preventing the access to certain sites can minimize the threat to a certain extent.
4. Educate People/ Friends, Staff, Collogues
Ransomware requires manual intervention to kick start, either downloading an attachment or visiting a malicious website. The users should be well educated on the potential threats, consequences and the source of such attacks to avoid such massive disruption.
Ideally you need to have Real Time backup of your data to be unaffected by malware. In such case you can entirely wipe the infected device, retrieve the data and get back to business. However frequent backup’s result in lesser impact of the malware attack.
6. Preventing communication with Command and control center
A proper Security Operations center will constantly ensure blocking of any such unusual request and ensure your system / Organization is uninterrupted.
It is common consensus in the cyber security world and most security experts agree that it’s almost impossible to recover the data that has been encrypted by a ransomware attack without access to decryption keys. Most security companies have advised to simply pay the ransom when the critical systems are affected and data cannot be retrieved by other means I still believe the best defense against such attacks is regular backup.
Publish Date: April 29, 2016 5:00 AM
In today’s increasingly connected virtual world; as digitization and automation take centre stage, it is incumbent on us to step up awareness levels on cyber threats and the impending vulnerabilities that enterprises may face. Unfortunately, there are very few people or organizations that may remain completely unaffected in the event of a major cyber attack.
The ease and volume of available storage space and the speed of access thereafter lures individuals and organizations to store sensitive data making it easy for hackers to acquire an identity.
Following can be classified as consequences of a cyber attack:
- Identity theft, fraud
- Extortion / Ransom
- Malware, phishing, spamming, spoofing, spyware, Trojans and viruses
- Denial-of-service and distributed denial-of-service attacks
- Breach of access
- Password sniffing
- System infiltration
- Website defacement
- Private and public Web browser exploits
- Instant messaging abuse
- Intellectual property (IP) theft or unauthorized access
- Legal consequences arising due to data breach
A cyber attack is defined as “deliberate exploitation of computer systems, technology-dependent enterprises and networks. Cyber attacks use malicious code to alter computer code, logic or data, resulting in disruptive consequences that can compromise data and lead to information and identity theft.”
Today, majority of enterprises are increasingly dependent on computers thereby making them highly vulnerable to attacks, regardless of their best efforts on compliance or monitoring. And a vulnerable setup can paralyze an entire organization or a country’s system.
Extending the existing infrastructure and getting increasingly interconnected has led to increased opportunities for adversaries to infiltrate into as also the ease of access to information across networks is making conventional protection mechanisms seem outdated.
Cybercrime can affect not just a financial services sector or retail but other sectors such as – healthcare, energy, transportation, and manufacturing are also at high risk thereby creating a wider negative impact. For example, entertainment companies have lost millions of dollars from stolen intellectual property. In a nutshell every connected organization, irrespective of its size, is at a risk of having data stolen, destroyed, disrupted or changed. There is no boundary, and there are really no limits!
Outlined below are some recommendations to better prepare ourselves to counter a probable cyber attack at an enterprise level.
- 1. Have a crisis management structure to respond to attacks on critical information systems
- 2. Provide technical assistance to other entities with respect to emergency recovery plans in case of failure of critical information systems
- 3. Work closely with government agencies to provide specific warning information and advice on appropriate protective measures and counter measures
- 4. Provide for the development of tactical and strategic analysis of cyber attacks and vulnerability assessments
- 5. Exercise cyber security continuity plans for enterprise systems
- 6. Build intrusion prevention systems (IPS) to mitigate and reduce the malicious traffic that may come in
- 7. Increase domestic and international law enforcement, when it comes to cyber crime
- 8. Routinely, conduct exercises to test contingency plans in the event of an attack
- 9. Build and provide specialized, and continuing, training to highly skilled computer security workforce
- 10. Automate security processes
- 11. Continue transparent practices
- 12. Publicize the root cause and extent of adverse cyber attacks
Essentially, Cyber threats are amongst the top challenges of the day. Networks have been the target of criminals, and it is likely that the danger of cyber security breaches will only increase in the near future. As networks expand further, sensible precautions have to be taken to minimize losses from those who seek to create negative disruptions.
With the right level of preparation and specialist assistance, it is possible to control damages, and recover from a cyber breach and its consequences.
Organizations need to manage and monitor networks on a 24*7 basis. Vulnerability Management softwares, Security Incident and Event Management tools and Advanced Threat Management and Intrusion Prevention Systems are some of the tools that need to be deployed to avoid zero day attacks and keep the IT landscape relevant and yielding to business outcomes.
Publish Date: March 28, 2016 5:00 AM
While the recent events of incessant rains in Chennai , India, Snowzilla in Eastern US and volcanic ash in Europe, all have been themes for Television chat shows (for TRP ratings) and inside the unglamorous CIO’s office there have been a series of introspection about organizational readiness for business continuity during disruptions – both manmade and natural.
By nature, disasters are unpredictable, inevitable and vary in magnitude such as hardware or software component’s malfunctioning or are the universally recognized natural calamities. The ideal strategy should be to a plan to return to normalcy at the earliest soon after the disaster has struck. For an enterprise, a disaster means abrupt disruption of all or part of its business operations, which may directly result in revenue loss. To minimize disaster losses, it is very imperative to have a plan for every business subsystem and operation within an enterprise.
This brings us to two terms often used in management meetings – Business Continuity Planning (BCP) and Disaster Recovery (DR) Plan.
BCP: Business Continuity Planning is the process and related procedures that are carried out by an organization to ensure continuity of essential business functions during and after a disaster. By having a BCP, organizations seek to protect their mission critical services and give themselves their best chance of survival. BCPs generally cover most or all of an organization’s critical business processes and operations.
As part of the business continuity process an organization will normally develop a series of DRPs. These are technical plans that are developed for specific groups within an organization to allow them to recover a particular business operation. The most well known example of a DRP is the Information Technology (IT) DRP. Earlier recovery objectives were measured in days or hours whereas now they are measured in seconds and minutes. Increased reliance on technology and zero tolerance towards downtime are the governing factors behind this radical change.
IT DR plans only deliver technology services to the desk of employees. It is then up to the business units to have plans for the subsequent functions.
BCP /DR Strategy (Impact Analysis):
Impact analysis, business continuity strategy and business continuity plans are a part of BCP. However incident response, emergency response, damage assessment, evacuation plans, etc. are all a part of DR. It makes sense to divide BPC planning into two parts
- 1. Planning to continue your business operations
- 2. Planning to recover from disaster situations
In this VUCA (Volatile, Uncertain, Chaotic and Ambiguous) world, the best laid plans fall apart unless the DR drills are done with the true spirit and performance measures. This requires management commitment and resources.
So we now have BCP and DR plans documented and when the moment of truth arrives, it can be said from our experience that the best laid plans go awry / haywire. In my experience there are 4 key reasons why this happens.
Reason # 1: Having an Inspired/ Adapted Plan – An altered plan or someone else’s plan may fit their specific needs, but at the end of the day, it may have very little impact on your company. While there may be so many ways to recover a Windows Domain Controller or an Exchange server, what if there are special needs of your organization that may not be impacted at all. People get stuck since they fail to understand the dependencies their system may have. Like for instance, one may have to restore a domain controller, but the data recovery method assumes that the domain controller is up and going. What does one do? Too often stolen plans fail to take that into account because one didn’t put any thought to it.
Reason # 2: Out of Date Plan – The DR plans should be reviewed at a fixed interval say, every 6 months. And anytime that a change is effected in the existing IT infrastructure such as adding servers or services, retiring others, or changing some aspect of operations, that needs to be reflected in the plan.
Reason # 3: It’s too complicated – I’ve seen disaster recovery plans that were beautiful, with flow charts depicting what if this works, to do this, and if not do that. What you end up with is a plan no one can follow and unfortunately becomes too complicated and might not allow for natural human creativity. The biggest problem here is that we think we’ve thought of every possibility, but what happens in the real world rarely matches our expectations.
Reasons #4 :Lazy Drills – In order to ensure your plan is operating as it should be, you will need to test it on a regular basis. This includes reading the blueprint of the plan and making adjustments, as need be. You’ll also want to walk your employees through the plan at least once every six months to see if they have any suggestions.
Publish Date: February 29, 2016 5:00 AM
BYOD, or Bring Your Own Device, is a topic of communication and connectivity that touches organizations across markets and across verticals from finance to manufacturing to healthcare. Adoption of mobile devices at the workplace has rapidly increased because of their ability to support multiple functions. Since the early days of simple phone calls and text messages, mobile device capabilities have expanded to include so much more. For example, for clinicians, these functions include drug reference apps, electronic medical record (EMR) access, critical test result notifications, code alerts or secure communications with colleagues. The question arises here for both hospitals and health systems are whether to supply these devices or allow clinicians to use their own.
Creating a successful BYOD environment takes time, careful planning, and thorough execution to maintain the integrity and security of the patient information being accessed and shared on mobile devices.
A successful BYOD policy needs to address the people, the processes and the technology. It should clearly outline what behaviors are expected and accepted, and what the penalties are for non-compliance.
From an IT perspective and when designing a BYOD policy, especially in a critical vertical like healthcare, the big question for employers and employees generally include
- 1. Decision making
- 2. IT support (If they use it, will you support it?)
- 3. Expense allocations (Who pays for what?)
- 4. Access (What is effective and acceptable use?)
- 5. Security (Is it safe?)
Though the questions above apply across industries, there are regulatory requirements that make security an especially important consideration for the healthcare vertical.
How is the decision taken?
Once a physician group, clinic or hospital has decided to implement BYOD, a formalized policy needs to be drafted in coordination with multiple departments.
Clearly defined set of governing rules are recommended to be crafted at the outset to prevent misuse of personal devices that could jeopardize the security of patient information as also make the institution vulnerable to security breaches and fines.
Inputs should be taken from BYOD participants to understand how devices are used, what systems they need to access, and the potential risks. HR is responsible to outline and enforce punitive measures in the event an employee misuses the device and/or patient information. Administration coordinates both approvals and the budget. And the IT team is responsible for assessing the risks, determining what tasks should be performed on a mobile device, ensuring the technical implementation, and deciding what support they are expected to provide or otherwise.
What is THE role OF IT in BYOD?
IT support implies two critical aspects in a BYOD scenario-which are the devices for which IT will provide the apps and enterprise access, and what is the level of help available for end users to register their device, install apps, troubleshoot problems, etc. Lack of support can cause user frustration, create security risks if information protocols are ignored, and might even delay patient care because of disruptions to network access or important system integrations.
Part of the challenge for IT teams with a BYOD policy is the variety of device types and platforms that employees wish to use. Which ones will be allowed? Smartphones, tablets, laptops, wearables? Apple, BlackBerry, Android?
IT will also need to decide the extent of help to be offered and how to provide it. For example, will the IT team offer assistance for new app installations? What about ongoing support for day-to-day questions on the ability to integrate with certain systems, the use of a hospital-provided app and assistance with lost or stolen devices? Another important factor to be considered by the IT team is the expertise and the number of staff members required to support a BYOD roll out.
WHO PAYS FOR WHAT?
One of the toughest parts of developing a BYOD policy is establishing the expectations of employees and employers around who picks the tab. Users are generally expected to purchase personal devices such as smartphones and tablets.
Then the primary questions are around the data and cellular plans. If the personal device being used is essential to the employee’s job, hospitals might consider covering part of the monthly expense by paying a flat stipend to employees, paying a percentage of the bill, or reimbursing monthly expenses based on actual usage.
WHAT IS EFFECTIVE AND ACCEPTABLE USE WHEN IT COMES TO BYOD?
From the clinician’s perspective, Effective use means devices that help them perform their jobs efficiently by cutting wasted time from a clinical workflow, or making a process easier. Effective use means better care for patients. Acceptable use means enhanced security for Protected Health Information (PHI) and better risk management.
To provide this level of control over personal devices in the hospital, many organizations are on the lookout for mobile device management (MDM) solutions. An MDM solution can help hospitals keep track of all approved BYOD devices, control access to enterprise networks and systems, manage app installations and upgrades and above all offer enhanced security.
IS IT SAFE?
Though desirable, full systems access through personal devices cannot always be granted due to data security concerns. The use of personal, mobile devices raises questions on security: the information being shared, or if it is secure in transit and storage, can it be saved to the device, or is it only accessible through a portal? Hospitals are concerned because the cost to healthcare organizations for a data breach can range from $10,000 to more than $1 million.
For instance unsecured SMS /Texting to coordinate care for patients put physicians and hospitals at risk for HIPAA violations. One answer to help address the risk to patient information is a secure texting application that can be used by physicians to organize messages and alerts based on priority and keeping work-related messages separate from personal notes and spam.
A good secure texting app delivers effective use to clinicians, as well as acceptable use for the facility.
BYOD is a long process — from planning through implementation – hence hospitals should start earlier than they think they need to. BYOD best practices are still being developed, but help can be sought from others who have implemented a policy to find out what worked and what didn’t. For instance, hospitals and IT teams should consider working with a consultant that has experience in healthcare communications and who understands the clinical workflows that BYOD needs to support. This consultant can help coordinate staff for input, assist with planning, and even help with solution rollouts and end user training.
Creating a BYOD policy is not a simple task – it takes time, planning, and the involvement of all stakeholders to be both, useful to users and successful at protecting data. Ultimately, easier access to information, simpler communications, and faster collaboration among providers means better patient care.
Publish Date: January 29, 2016 5:00 AM
The key characteristics that define a dynamic and ever evolving B2B space across organizations and geographies are in the imperatives driving the C-suite and can be outlined as,
- 1. CEO imperatives: Revenue growth, Superior customer service and Business efficiency
- 2. CFO imperatives: Risk and Compliance, Cost reduction and Cash flows
- 3. CIO imperatives: Investment protection, Return On Technology Investment (ROTI) and Rapid deployment
These business imperatives when read along side some of the global statistics quoted by leading research analysts like IDC / Gartner / Forrester create a global business direction – the movement towards Cloud and Cloud based services.
- 1. 38% growth in enterprise spend on cloud in 2014
- 2. 55% of the overall IT budget is spent on cloud and managed services and 45% on traditional IT
- 3. 20% of the customers will no longer run ICT solutions in-house by 2017
- 4. Cloud software market to be $75B by 2017, UC cloud market to by $62B by 2018 and CC cloud market to be $11B by 2019
- 5. Sales force – a cloud only model!
- 6. Microsoft’s commercial cloud revenue grew 88% quarter-ended 2015
- 7. Oracle’s cloud revenue growth – software and cloud revenues up 5% to $7.3 billion. Cloud software-as-a-service(SaaS), platform-as-a-service (PaaS) and infrastructure-as-a-service (IaaS) revenue was up 45% to $516 million.
- 8. Amazon Web Services pulling in about $6 billion per year.
CIOs, especially in emerging markets like India, while contemplating the adoption of cloud will be forced to take the step sooner than later owing to the above business dynamics. While statistics indicate rampant adoption across the board, there are a few must-have that are in short supply in the current scenario and are driving the decision.
- • Time: Businesses need to be agile. The timelines from an idea to its GTM are shrinking. Above all, the first mover advantage is huge. Customer acquisition and retention is directly linked to the speed with which an organisation innovates and technology has a huge role to play in it.
- • Cash: Ask any CFO and he will tell you how difficult it is to either mobilize cash or show ROCE (Return on cash employed) to the expectations of various stake holders.
- • Skilled workforce: Domain experts, people with deep technology skills, vertical expertise among other aspects are far and few.
With this as the backdrop the benefits of cloud stand tall.
- 1. No upfront capex investment (CFO ☺, CEO ☺)
- 2. Better ROCE (CFO ☺)
- 3. Off balance sheet transaction, full tax deductibility of operational cost, improved liquidity, reduction in fixed costs etc. (CFO ☺☺, CEO ☺)
- 4. Improved application and platform availability by leveraging cloud providers’ domain expertise and technology skills (CIO ☺)
- 5. Adopt cutting edge and new technologies without upfront investment. Lower risk of failure. (CIO ☺, CEO ☺)
- 6. Reduce GTM time (CEO ☺)
- 7. Consume as a service. Great way to de-risk from peaks and troughs of business. (CFO ☺, CEO ☺)
- 8. Predictability of outflow (CIO ☺, CFO ☺)
- 9. Relieve IT department from routine tasks and align them closely with business priorities. Smaller IT team, yet more effective. (CIO ☺, CEOs ☺)
- 10. Improve green footprint and responsible e-waste disposal (CIO ☺, CFO ☺, CEO ☺)
CIOs need to proactively work on their cloud strategy. There is no one size fits all approach. And yet, everything need not be on cloud! There are options of private cloud (infrastructure hosted internally), public cloud (application and data stored in provider’s data center) and hybrid cloud (combination of public and private cloud and sometime on-premise services). Incumbent partner and/or system integrators can play a significant part in this journey right from Transition phase to Transformation phase. The specialist solution integrators understand an organisation’s eco system, multiple integrations that may be needed including legacy systems and customizations, all of which can be leveraged to ensure that adoption of cloud is with least amount of disruption to business.
Publish Date: December 23, 2015 5:00 AM
Digital for many, refers to technology encompassing SMAC (Social Mobile Analytics Cloud) or IoT (Internet of Things), while for others it may refer to a new strategy or even setting up of an adjunct IT or online marketing department. While none of these definitions are incorrect per se, these initiatives on digital transformation could lead to a rather piecemeal approach, thereby losing the intended ability to generate significant and sustainable ROTI (Return on Technology Investment) for a company. While you are reading this article, the transient borders of the digital world are getting pushed at a rapid pace.
Top strategy consulting firms sometimes define digital as an entirely new way of doing things. And for an enterprise ‘things’ should translate into future value business. It also means creating and delivering customer value, at new business frontiers by changing the way business was done earlier – for example digitizing the entire supply chain right from factory to POS by using RFID tags and having all actionable analytics in place. Though the digital industry is in a rapid evolution phase, how can you be sure that an investment does not turn out bad? Let us look at another angle more popularly known as PPT – People, Process and Technology – all to be finallytransformed into digital bits and bytes to drive digital businesses. But does a digital engagement apply to all your customers? The answer as you have probably guessed is No. What can be a litmus test for this, when you go for a customer meeting and start talking about your digital solutions or a capability? One thing you can always consider is whether it makes long-term business sense for your customer, even when they could be keen to complete their KRA by getting into digital/social/analytics/cloud/info sec. You can ask yourself three basic questions:
1. Can your customer address the needs of their customers at lower costs by going digital?
2. How will customer service be aligned in this case?
3. Does your customer have a potentially larger base to address digitally? It does not need to be necessarily an e-commerce or travel company; it could be insurance or a banking firm as well.
When you have decided it makes long-term sense for your customer by going digital, you may note that the notion of digital engagements often gets confused with an inexpensive push channel for marketing engagements. The two primary conditions of going digital should be long term and sustainable business benefits. Let us refer to a recent research conducted by CMO Council in APAC region, which shows the top challenges to digital execution below:
While you cannot handle all of the problems, a few of them can be. Quite surprisingly, 39% of the marketers in APAC region identified making a business case to justify their digital spend. This means not many marketers are sure that it does help them to get digital. This takes us somewhat back to our initial topic that even if digital confidence grows, how do we ensure that the value or ROTI (Return on Technology Investment) is well understood by our chosen customer.
However, there is no right or wrong approach for this, but developing a business case for a customer would be a logical step for both you and your customer. It is incremental and cyclic, meaning that we are approaching our customers’ case in a process oriented and logical way. So what do you need for a business case? For a business case, it could be in terms of a multi-stepped process starting with:
1. Key Business Objectives – It includes studying and summarizing the business strategies like Customer Acquisition, Customer Development, Cost Optimization and finally Automation
2. Opportunities and Challenges – It includes a market research of your customers’ business and benchmarking their revenues and costs against Industry Leaders. Challenges for example can specify regulations or supply constraints. Opportunities are the market gaps, which could be addressed by your customer. For example, Opportunity for an online travel portal could be New Product Launch, or differentiating facilities from the rest.
3. Best Practices & KPIs – The best practices for the industry has to be identified through use cases, case studies and research papers. KPIs should be again benchmarked against Industry leaders
4. ROTI or Return on Technology Investment – The purpose of any business is to ensure profitability. And profitability comes by increasing revenue or by reducing costs. In AGC we believe that business benefits can be quantified in terms Payback Period (or ROTI), NPV, IRR and Net Savings from a Solution Implementation over the Technology Timeline.
A logical approach like this would not only benefit you, but also your customer by realizing the business benefits by adopting digital. Finally, in my discussions I have seen that CxO buy-ins for any new business strategy is more important than ever and they agree to propositions that make long-term business sense. Again, while there is no right or wrong way, qualifying digital business benefits for a relevant customer, does help in your journey to become a trusted technology advisor.
Publish Date: November 30, 2015 5:00 AM
Board Room’s make a statement and set the tone for an organization’s approach to meetings & collaboration to achieve desired results. It is probably the only other turf other than the golf course where CEO’s and Board Members are at their best. A well-equipped and impressive Board Room can be a showcase to clients for negotiating and finalizing business deals or other important meetings being conducted there. Important data and information being displayed in these rooms serves the purpose of enabling quick and inclusive decision making, This thus highlights the crucial role of AV technology (Audio Visual) in a Board room setup and the need for its automation.
So to begin with, Boardroom AV must be considered at the initial design phase itself. This should then be coordinated in the design phase with the builder/architect/consultant of the project to plan for remote meetings across offices and /or geographical boundaries. Mid-course corrections always prove to be expensive and cause significant delay to the project, hence it is advisable that one has to make sure that the builder/architect/consultant understands the AV needs before he or she lays out the physical space, lighting, furniture and HVAC for the boardroom. As an example, electrical power points are needed at the right location to support IT equipments like laptops, AV equipments, projectors, displays and sound system during that crucial call or the lighting in the room can be an important aspect of the boardroom – a well lit room enhances the quality of image of participants in a video conference.
So, a few points to ponder on can be,
SD, HD, 4K…..or even a higher resolution, if possible. Most new computers and laptops have HDMI outputs enabling Full HD 1080p resolution. Multiple HDMI inputs in the projector allows one to switch between sources easily. HDBaseT not only allows data to be sent over a much greater distance than HDMI but can also carry HD video, audio, ethernet, power and control on a single cable. This can significantly cut down the number of cables needed for a typical business installation. The same kind of vision for display’s is rather difficult as the question of what beyond LED is still a debate.
Another upcoming technological advancement is a lampless projector which utilizes LED as a light source as against the traditional lamp. The expected life of a lamp is 2000 hours whereas the life of a LED is 10000 hours. The cooling requirement of a traditional projector is much higher as compared to the LED projector and the LED projectors are less noisy! Needless to say LED projectors are also less expensive.
Today, visitors and clients prefer to bring their own devices and wish to remain productive. There is always a need to connect your display device seamlessly to their device whether it’s a tablet, laptop or smartphone. Most projectors now have wireless functionality to stream data from mobile devices using wireless HDMI devices and dongles. With tablets and mobiles getting popular it is key to have this functionality built in while planning the boardroom equipment and IT policies to support such future ready devices.
Conferencing and Collaborating
Conferencing through audio and video has increased exponentially in the recent past. Video conferencing is the next best thing vis-à-vis an actual face to face meeting which slashes both travel costs and travel time. Hence, the design aesthetics of the board room should be adapatable to any small or large participation conferences / remote interactions.
During conferencing with teams across diverse locations it helps if several people can work easily on a document/ drawing/ draft without using a pen. Annotation on the projected image has become popular for this reason and in my opinion it is not just a great productivity tool but also a must have in board rooms of today!
Future proofing of board rooms is very important from a functional standpoint and it has cost implication too. I am positive that the above, will be a good starting point and , will help in in making the right choice while architecting your boardroom’s AV.
Publish Date: October 28, 2015 5:00 AM
The right cloud solution for your Enterprise?
In the computer animated science fiction comedy “Cloudy with a chance of Meat Balls” I see a parrallel to the widespread dilemma that we face today – that of deciding the approach for the “Right Cloud Solution!”.
The Cloud (personally a movie buff like me would have preferred – the MATRIX) really has lived up to its hype of being an industry disrupter and one of blockbuster proportion at that ! It is no secret that Cloud is impacting the business world to varying degrees, irrespective of the industry vertical.The problem isn’t just that Cloud is a disruptive technology. The CIO has to navigate the organization through Public, Private and Hybrid clouds and then there are the IaaS, SaaS, PaaS dimensions. While on one hand there are benefits of agility, flexibility, lower TCO, Innovation and Capex reduction, there are the challenges of Data ownership and security, regulatory compliance, SLA enforcement, customization etc. at the other end. The CIO is today required to navigate through all aspects of cloud and land “Digital Transformation” safely and securely – that’s just like Sandra Bullock in Gravity…..very simple.
The further turbulence for the CIO comes from the fact that everyone is taking a radically different approach to Cloud implementations, not to mention their on-premise offerings of the Cloud Service Providers. The rapid pace at which these are being rolled out is what adds to the challenges. Changes which would earlier happen in 12 or 18 months are now happening every 3 or 6 months. While choice is a great thing and the fact that there are varied deployment options is perfect for the organization that knows precisely what it wants, the complete Cloud proposition presents an obstacle for those that don’t know what they need.
Everyone now agrees that Cloud strategy requires planning and thinking that is extremely strategic and priorities must be clearly understood by all members of the management team. A common understanding of all possibilities, opportunities, risks, costs and management challenges of the various available options will then lead to a path being mapped out to help lead to a decision. This however doesn’t happen in the real world…does it?
The next safe bet as most organizations have done is to call in the “Experts” to get an RFP out which will knock the daylight out of all respondents. This is a good approach but in an era where there’s limited patience for long RFP creation, evaluation cycles, it is actually turning out to be an exercise in futility. It has landed us in the Analysis-Paralysis situation where fewer of the bold have moved forward to be the innovators in adoption and a larger percentage have decided to stay laggards.
My view is that this journey to the “Right Cloud” can be simplified with a few steps (7 as Mr.Covey has taught us …)
- 1. Business priority – Is it disruption and competitive advantage, redundancy and reliability, agility and flexibility, Capex reduction or freeing up IT resources? Be clear on the priority and do not tick all of the above. I cannot emphasize enough on the importance of Data Security and Compliance.
- 2. Start by stating the Objective(s) – What is the overall purpose of the new solution? If you aren’t thinking big picture here, stop and just stick with what you have. Sweat out whatever is the investment that’s being made. This is the time to really cast a vision for how technology can significantly affect business outcomes and become a competitive advantage. One doesn’t want to sit through another lecture from the CEO of changing business models, technology as the next frontier, Uber, Tesla, Amazon……you know what I am talking about.
- 3. Keep an eye on the changes in the B2C world – We all know that the best user friendly technology is at home and not at office unless you are working for Agent Q in some dungeon in London making gadgets for a certain Commander James Bond. GUI in software interfaces for mobile applications, response time, ease of reporting and viewing…. are all lessons to be learnt from the B2C technology expansion. The Digital age (often confused with Smart Phone revolution) is upon us. Let’s learn from it.
- 4. Be open and prepared for changes – Don’t be surprised if new offerings pop up half way through the evaluation phase. With the aforementioned acceleration of change, it is likely there will be further changes in the industry during the project.
- 5. Sandbox it – Most Cloud service providers give this option today and it’s a great way to capture business requirements, rapidly deploy the same and integrate the same with other applications. It enables an organization to reduce the risk while testing out Use Cases.
- 6. Create an innovation / disruption team within the organization – If the above can be achieved with a cross functional team from within the organization, I can almost sense innovation and adoption of an unprecedented scale or rejection of the current approach while moving onto the next idea. It also helps user adoption which is key for any change in an organization.
- 7. Eco-System Orchestra – There are definitely a few partners who get affected when one disturbs the existing on-premises model. Realistic TCO, Contract Termination and Planned Downtime are part of this which the CIO – Conductor of Information Orchestration needs to manage.
All Cloud Service Providers have multiple offerings in every possible stage of the product lifecycle. This is a difficult time to make a decision, but the opportunities get more exciting every day as technology matures and offers increased value for solving business problems. So as it rains burgers, spaghetti and pizzas make sure that you apply some of the above criteria to choose your journey to the Cloud.
Publish Date: September 29, 2015 5:00 AM
The world is increasingly turning digital today. This essentially translates into development of newer customer applications and services, increasing number of accounts being created and an equal number of associated passwords to be remembered! What need special mention are the countless security questions. A call to the Call Center to inquire about something as simple as the credit card balance puts one through a series of questions that sometimes makes us wish we had never called in the first place!!
Of course, this multi-level security practice has been developed to protect customer information from fraudsters. Today, Banking and Contact Center organizations need to implement a non-invasive yet transparent system which exonerates the customers from answering a series of personal trivia questions to help establish their authenticity, confidentially, and simultaneously relieve the service representative from a monotonous activity.
A voice biometric is a numerical representation made from the sound, pattern and rhythm of an individual’s voice. Voice biometrics technology analyze more than 50 characteristics of voice which are unique & dependent on physical traits of the vocal tract, such as shape and size of mouth, nasal passages, as well as behavioral factors including pronunciation, emphasis, speed of speech and accent. Attempts to impersonate a voice or provide voice recordings to gain fraudulent authentication fail due to the distinctive details of the voiceprint used for comparison. The intelligent use of randomly generated phrases can further thwart any fraudulent practices.
Based on the analysis of the voiceprint, a scorecard is generated and business rules are applied to enable the associated services. For e.g.
If score card < 30; low score customer to be authenticated with alternated mechanism such as Account number & PIN or to be verified through OTP.
If score card < 50; enable only information related services such bank balance, last 5 transaction
If score card > 70; enable all services including fund related transaction services such as RTGS, NEFT, Utility bill payment, Recharge etc…
It’s not just the threat of fraudsters that’s scary, it is more the misuse of personal information collated for the so called “security purposes” by the executive at the other side of the call that is equally worrisome. A human intervention with full access of Customer information is a big flaw in itself in any security process. Voice biometric technology and advanced word spotting technique empowers the customers to control the information being displayed to the Call center agent thus enhancing security.
A voice biometric system first authenticates a customer’s real time voice with sample voice print and a score card is generated. This information is attached as tag to the call, and wherever a customer traverses, his voice biometric score card follows. If a customer opts for agent assistance, the call is transferred & using CTI technology score card is displayed on agent CRM screen. Customer converses with the agent for his queries/complaints/requests. During the conversation, speech engine does key word spotting & associates context to it. In the background speech engine relays this information to CRM & activates relevant work flow/activity. For e.g. CRM Screen when call is transferred to an Agent, Voice print authentication score card, customer Name & balance information is displayed to an Agent.
Note: Information in grey cells is hidden/disabled
During conversation customer requests for cheque book request. Business rule engine checks score card & qualifies it to take the request. Cheque book work flow is now activated on CRM Screen. whereas other workflow remains disabled.
Now let’s taken an example of financial transaction. During conversation customer want to pay his/her electricity bill. Speech system sets contexts as “Bill Payment request”. As score card is low, business rule advises for Manual Authentication. Manual Authentication parameters such as mother’s maiden name (MM Name) is dynamically enabled on CRM screen to complete utility bill payment request.
Voice has emerged as a viable authentication method because, just like a fingerprint or iris, voice is unique to an individual. In a nutshell, voice biometric engine enables authentication using customer voice print, which is non-invasive. With lower implementation cost, ease of use and higher accuracy, voice biometric technology has emerged as a game changer.
Publish Date: August 26, 2015 5:00 AM
The consumer industry is witnessing a paradigm shift in the marketing strategies deployed to woo customers. No longer signing an “A-listed” actor as the brand ambassador of the product alone ensures success. The emerging superstar in this block of marketing is obviously “Social Media”.
Social Media Marketing has a profound influence in both domains of B2B or B2C marketing approach. Today, consumers’ decisions are influenced by the reviews or comments posted on social media channels like Facebook, Twitter, LinkedIn, Google+ etc. Statistics from an autonomous survey state that every 3 in 4 consumers (75%) use Facebook to make retail decisions and half of the consumers have tried a new brand based on social media recommendations. With greater transparency, wider reach and stronger impact as clear positives, Social Media has changed the face of marketing.
While a positive image on the social networking site can do wonders for your company’s brand value, a negative tweet or comment can have a disastrous effect. With the ever increasing influence of social media, minimizing the dent thus made on your company’s image will surely be a mammoth task. With digital transformation revolutionizing the business strategies, sustaining and further enhancing company’s image has become a whole new ball game and hence the importance for brands to invest and commit to social listening by building a Social Media Command Centre (SMCC).
SMCC can be visualized as sleek, glass-enclosed rooms with huge LED panels simultaneously displaying live streams from various social media viz Twitter, Facebook, LinkedIn etc to “listening social executives” who summarize the results from these streams and track customer conversation, understand the customer sentiment and thus help in refining the tactics to be deployed in business. In simple terms, it is a command centre where the unfiltered and unbiased feedbacks from the customers are analyzed for the improvement of the product and the company.
SMCC with the help of automated software tools searches and monitors the use of keywords or tags on social conversation to track what customers are speaking about your brand. Monitoring your brand’s mention on social media channels can also help quickly respond to customer complaints before they damage the brand reputation. The acceptance level of a new product or service launched by your company can also be measured effectively. And the list goes on…
The very first consideration while building a SMCC for the company should be clearly defining the objective of building one! One needs to be sure about how to use this insane amount of data thus collected to benefit the company. Does one wish to have a better understanding of customer sentiments or know how the brand is perceived or listen to customer complaints and try to resolve them before they pose a major problem? If one gets this right, the rest of the design will follow seamlessly.
With the objective in place comes the Designing of SMCC. The design of SMCC needs to be apt as it is the reflection of a company’s interest in maintaining its social image. It can be built with large screens, LCD displays and heat maps with a significant number of analysts spanning across hundreds of square feet of office space or can be limited to a few desktops depending upon the size and scale of the organization.
The amount of tools and technologies available for monitoring and analyzing the information obtained are multiple. Choosing the right technology that matches the company requirements is a key factor. User interface, real-time analysis, ease of use and methods of data collation are a few determinants for the technologies being deployed. Various tools like Google Analytics, Unmetric, Germin8, Simply360, Wizrocket, LISA, Radian6 etc are available in the market today. Investing in the right tools for customer listening and monitoring from among the many is important.
The design and technologies implemented will be rendered useless without the availability of skilled human resources. The company needs to employ a set of individuals, who are passionate about the use of social channels, are tech savvy and have the required skill sets. Companies also need to invest in regular training of these employees for successful working of SMCC.
Building a SMCC requires an exceptional foresight and understanding of the business and its policies. With organizational readiness in place, it then calls for key technology components to be bolted on from choice to tools and its associated processes, the Audio Visual Technology and above all flawless execution of the plan.
Publish Date: July 29, 2015 5:00 AM
It embarrasses me to admit that my 4 year old daughter is better with Social Apps than I am – what with being a technocrat who supposedly makes her living out of selling technology to people.
It all started when she wanted to “Send a Message” to her best friend, and she says “Mummy, give me your phone, I want to message my friend”. Now she is still is learning her alphabets so there was no way she was going to type a message. So I handed over my phone wondering what she would do next. And to my surprise and no small wonder, she opens my WhatsApp, looks for her friend’s mom’s photo, identifies it’s her and then clicks on the record button and voila!! She has sent him a message in about 30 seconds….. and then satisfied it’s fine, hands me back the phone, says thanks and flounces off, not before she instructs me to keep a watch out for her friend’s return message….
And to think I had been using WhatsApp for about 6 months or more …..and hadn’t figured it out till then….
The point being the new Gen Y is extremely cued in to the social world. We can argue ourselves hoarse that they were born in the era and are hence more adept but the simple fact is that the way we interact, communicate and connect with people has changed drastically thanks to the explosion of social media.
Yesterday I was with a business partner and we were discussing about reaching out to a customer’s top honcho and he smugly tells me he will help me since he is already connected to him on LinkedIn and all that so its all networked and taken care of. I chat now with my extended family on WhatsApp more often that I actually call them. My husband and I almost exclusively share our daily calendars on Google Calendar. And a few days I broke the ice with a customer I was speaking to after a while by asking him about the super “happening” vacation he took and posted pics of on Facebook.
However, social media have definitely added another dimension of communication channel for organisations. Today along with the business strategy and IT strategy, customers discuss their social strategy as well. In fact social features on at least 2 important budgets within any organisation today – the IT & the Marketing budgets. Customers now want to tap the “anonymous” consumers through the web and at the same time suddenly contact centre operations managers are worrying about responding to tweets and Facebook posts and the likes.
The typical challenges organisations face with social is due to the fact that it’s instant, pervasive, constant and most importantly has the potential to go viral. This in addition to the fact that the social web is working every day, every minute whether or not organisations are working and can leave companies constantly playing the catch up game.
Statics from the Autonomous Consumer says that about 55% of the times they communicate to an organisation using the social media, about 38% communicate over web chat – making it the fastest growing channel in the contact centre and about 68% say they would rather web chat with an agent to get their problem resolved while on the internet. Another interesting and sometimes disturbing statistic being that about 58% consumers say they get better help on line from fellow consumers on the wide web than from agents at the contact centre. This of course is a boon and bane for several organisations. When consumers start self servicing themselves without reaching out to companies and hence utilising company resources, it obviously results in cost saving for the organisation.
But it also opens a Pandora’s Box of challenges. It would mean they definitely need to invest more time and efforts in training their agents to combat and fulfil the appetite of the “more informed – through cumulative efforts” consumer. It also means that customers are now connecting to organisations lesser and lesser. This makes them disengaged and a disengaged customer is a high risk potential churn customer. It also means that organisations constantly need to monitor the web to see the information about their brand that is floating out there and ensure its sanity.
This is thus proving to be no-mean feat for companies. They need to constantly try and find new ways to engage with customers proactively even if the consumers don’t come to them. Intelligent companies do this by turning the tables on the social media and its usefulness to them by scourging more personalized information of their customers and hence resorting to targeted marketing by doing micro segmentation and hyper personalization. With the explosion of Big Data and everyone from start ups to the biggies like Google, Oracle and Adobe joining the fray to do everything from user profile management to content management or targeted marketing it might then not be an unsurmountable task for organisations – albeit a possibly expensive one if they choose the bigger brands.
Of course with this what many organisations don’t realise is the old adage about the knife being as good or bad as the yielder is true when slaying the digital Dragon too. Without a team of experts who understand how to interpret the vast volumes of data that these engines spew out and finally doing something about that data too instead of them being simply pretty looking dashboards, is like investing the money for an academic project of finding the mystical elixir.
The second part of the problem is building and maintaining the brand of the organisation on the Social Media. This is proving to be the bigger challenge for most companies. Receiving, responding and servicing consumers satisfactorily on the social platform is a lot more challenging then most organisations perceived it to be. And it seems to have caught most of them blind sighted and gobsmacked!! At close heels to this is another related challenge – consumers expect consistency and persistence across the channels – voice, video, web, email and social.
This transformation requires enterprises to fully adapt to the changes in customer demographics. The utopian way of dealing with this problem is to unify all channels to a common platform. But this is easier said than done. So the smarter way possibly of doing this is to build in memory data caches that temporarily store the data for a period of time that logically makes sense to an organisation. This period could be about a few hours of an e-Commerce site to a few days for a travel portal to about a few months for a bank. This way you tackle the problem by breaking it up into smaller pieces and absorbing it piece meal within the IT strategy.
The answer is of course in building a persistent, contextual engine which will ensure richer profiles of customers, ability to maintain consistency at high scale and finally cater to the ever growing appetite of the consumers for instant gratification.
So until we find the perfect way to tame the Digital Dragon and teach it to fly and soar for organisations, we will continue our pursuit of the perfect customer engagement engine.
And if this makes sense to you, be sure to “like” it for me and do leave a nice comment!!!
Publish Date: June 26, 2015 5:00 AM