I have had the distinct honor of working with the IBM X-Force team since 2006, and manage security marketing for IBM across all of the various brands that contribute to build our overall security story. Twice a year, the X-Force team compiles all of the research, data, trends, myths�that are relevant within the Internet security landscape and publishes its recommendations for staying ahead of the threat. This year�s mid-year report launched today (read it here) and covers a whole host of topic areas. One area that deserves the spotlight is the IBM Emergency Response Service section tucked away in pages 54-57. This portion of the report encapsulates what the IBM Emergency Response Service (ERS) would tell you if you were to grab a cup of coffee with any team member and ask, �If you were me, how would you set up your incident response process?�
It is the what-do-you-do-after-you-get-breached section or more professionally referred to as the Computer Security Incident Response Plan (CSIRP) that dives into key details such as ensuring that you have discretionary expense not just for the large items but little things, like buying a $50 flash drive for the IT recovery team. Making sure to create back-ups, save restore points and document and capture information along the way so that if a seemingly minor event begins to escalate into a full-blown incident you�ll have the forensic information to identify the original source and path. Also, you�ll also need a shift-change and meal-plan for the response team working 24/7. Although as one IT-director reminded me� while most IT managers run on caffeine and nicotine, the majority are not trained to do their best decision making at hour 22 without at least a few slices of pepperoni and a Mountain Dew.
I would categorize this section as a must-read for anyone in IT, whether you are focused on security or not. It can serve as a great reference and checklist for your information security response plan. Additionally, you can also use it to raise awareness to your management team about critical items to consider in developing and updating incident response procedures and policies.
And yes, as the title of this post alludes to, one of the pieces of advice from the ERS team is to remain calm in the unfortunate event that your organization becomes a target. There are loads of other great sections in the report about mobile security, botnet takedowns, application and OS vulnerability trends, etc. But I wanted to draw particular attention to a topic that is perhaps not the most glamorous, yet remains one that should absolutely make its way into your next security strategy discussions.
When it comes to security, the challenges we face today are, in many ways, familiar business and IT challenges. Based on the events of the last year, two really significant questions have come to the forefront of the security conversation. The first is around the level of investment and how to more strategically prioritize both spend and skills. The second is around the nature of the technology conversation. Today, we need to focus more on not just buying the latest and greatest, but making sure the latest and greatest is properly deployed, configured and, as networks and IT environments change and grow, that the corresponding security technology is updated appropriately. In other words, security needs to be managed more effectively.
In the recent (published today recent)IBM X-Force Trend and Risk Report, we wrote extensively on what we're calling the "year of the security breach." Over the course of the last year it seems like every week has brought with it a new headline, and the landscape of attackers has become as diverse as the organizations they target. We are seeing everything from targeted state sponsored attacks, to organized crime, to politically and socially motivated attackers to those motivated by notoriety. While each of these groups have different sets of skills, tolerance to risk and ultimate objectives, the impact they have had on businesses has been significant across the board. You might expect that the most sophisticated attackers have been responsible for the most damaging attacks, but that isn't necessarily the case. Many inexperienced attackers who use automated tools (that often come complete with help and support) have been extremely successful at stealing information and damaging organizations, both financially and otherwise.
For a long time, many circles came to view security as a technical challenge. How good is my IPS? Is it vulnerability or exploit based? How effective is my patch management strategy? How am I successfully on-boarding and off-boarding users? What techniques am I using during application development to ensure I'm not introducing new security vulnerabilities?
Since then the world has changed a lot, and it did so without changing much at all.
We've seen an incredible number of breaches over the course of the last year, but often times at the hands of attacks that are anything but new. In the vast majority of these cases, the technology to prevent these incidents is commercially available. This reality is forcing us to ask the question, if the technology isn't the problem, then what is it? At this point, what we are really left with is questions of investment and process, and these are not technical challenges, but rather business and risk management challenges. The ability to manage risk effectively is important because in today's world there is no such thing as complete security. If there was, and you could buy it, we wouldn't be having any these conversations. The reality is that because you can't achieve perfect security (much less buy it), you need someone to make strategic business decisions about where to focus your spend and skills. In this way the job description of today's CISO is becoming less technical, and more focused on strategic business objectives and outcomes.
Additionally, many new technologies today are making it easier to connect and compute, and that general trend of connectivity and shared resources is also introducing new risks. How can we effectively balance openness with security? Cloud and mobile are transformational platforms, but to adopt these technologies in the workplace we need to be confident in their security capabilities. As the promise and value of these technologies is so significant, instead of saying "no," it is becoming the responsibility of the CISO to figure out the "how?"
The events of the last year have shown us that there need to be changes made in the way that many organizations manage security. Security needs to be handled as a strategic business challenge requiring ongoing evaluation and management and not something that is not a one-time assessment/investment. As security becomes a more ingrained element of business and IT transformation, we expect the role of CISOs to evolve accordingly.
Back in the '80s,The Frantics were Canada's answer to Monty Python. One of their recurring bits involved Paul Chato (the geeky one) inventing a new video game. Like Kramer on Seinfeld, he'd burst into the room unannounced and shout, 'Hey guys, it's ready!' Upon hearing the news, the other guys would excitedly jump around the room in a stop-motion homage to 'Neighbors,' the famous 1952 NFB short film by Norman McLaren.
For you, the SMA makes it easier than ever to share in the excitement of Information On Demand. It pulls in conference tweets, blog posts and photos and presents them on a single page. So, if you're using any or all of the conference tags: #iod11, #baforum, #imforum or #IBMECM, they'll show up here. The SMA will also provide live streaming video of the morning general sessions, plus executive keynotes and interviews from the EXPO floor courtesy of Scott and Todd.
Because The Frantics were popular in the 80s, Paul's games looked like the ones you played on your Atari 2600. Because this is 2011, the IOD SMA looks a little better: Smarter Software means smarter aggregators
What's more, the SMA scans all that content to build real-time tag clouds of trending topics and highlights the conversation leaders who are tweeting and blogging up a storm. Last year, that honor went to raving IBM Cognos 10 fan Cedric deVroey. The last time I checked this year, there was quite the duel shaping up between Christoph Papenfuss and Fraser Anderson. Now that the SMA is out there for the world to enjoy, no doubt we'll see perspectives from outside the firewall in there as well.
The SMA pulls in Tweets automatically, but if you plan on blogging you'll need to create an IBM profile or use the one you already have. From there it's simply a matter of copying and pasting a few feeds. Add any of the tags above in the body of your blog post and it will be picked up automatically to be shared with an audience of thousands. The added bonus of registering is that once you've created your profile you can contribute to any aggregator in the IBM universe.
IOD is is the biggest conference in the IBM software galaxy. Last year more than 10,000 said 'Viva Las Vegas' (a new record) and this year we're expecting even more. With that many people and that much technology coming into contact with each other I foresee no shortage of opinions, insights and - because this is Vegas - maybe the odd joke or two. So, I'll be keeping a close eye on the aggregator throughout the conference to highlight the trending topics, congratulate the conversation leaders and maybe - just maybe - throw in a poll or two. The buzz is brewing for IOD11 and the SMA is your best place to participate and take it all in. Why not get started now?
The end-of-day update
I couldn't find the Frantics clip in question, so instead I can offer this cool animation. It was also made by Norman McLaren, who could make numbers dance as well as people. Enjoy!
Quite a few of today's buzzwords don't mean anything definite either to the people who are listening or talking. If 'Application Lifecycle Management' (ALM) seems to you to fall into this group, though, I would argue it shouldn't. In fact, I bet I could get across the gist of it in two sentences:
Application development typically involves a series of stages. So if you want applications to be as bug-free and feature-complete as possible, you need to manage each of those stages as well as you possibly can.
That wasn't so bad, now, was it?
I could, admittedly, elaborate a bit more. Software developers generally also want to minimize their costs and risks and accelerate their development cycles. So these concerns play a major part in ALM theory and solutions as well.
Furthermore, the more complex applications become -- the more lines of code, the more development groups, the more elaborate the specifications, etc. -- the more important a governed approach to ALM gets. And the stronger the case for a best-in-class, integrated, ALM-focused suite of development solutions becomes.
To really spotlight the increasing importance of ALM, we might pick a case in which getting the software right is literally a matter of life-and-death -- a case in which 'crash' might imply a lot more than IT services. Such cases certainly exist.
The lower the margin of acceptable error, the stronger the case for ALM
One excellent example: Invensys Rail, a leading provider of trackside and on-board signaling systems used by railway operators in Spain and Portugal.
Some of the challenges this organization's software development team face include:
Coordination of train movements with 100 percent accuracy and reliability
Trains that zip along at near 200 miles per hour
A specification called the European Rail Traffic Management System (ERTMS) that requires continuous compliance despite its frequent changes
More than a dozen different railway operators, simultaneously operating
Hundreds of trains in two different countries
The margin for error in orchestrating this complex task is, needless to say, virtually zero. Let's just say that software development mistakes of the kind that frequently occur in other industries would generate global headlines in this particular case.
Five optimized stages of development from one integrated ALM solution
Such a situation clearly demands a governed, efficient, and consistent approach to ALM. Toward that end, Invensys Rail has turned to one primary solution provider for end-to-end lifecycle management.
'We needed an integrated solution to optimize our processes and procedures and provide our developers with the agility they need to respond to changes,' said Francisco Lozano, ERTMS Program Manager. 'This is what IBM Rational provided, from the requirements with DOORS to the code with Rhapsody.'
Notice the 'from' and 'to' parts of that last sentence. What Mr. Lozano means is that for each of the stages in the application lifecycle, the IBM Rational� solution delivers all the necessary capabilities needed to drive a better outcome -- even given Invensys Rail's constantly changing codebase of more than one million lines.
This earliest stage is, for obvious reasons, one of the most critical. The complete set of requirements for the application must be established; that's no simple task, because the requirements for today's largest and most complex applications typically stem from many, many sources and are expressed in many forms (or data formats). Fail ing to aggregate and centralize them all will certainly lead to trouble down the road -- or rail, as the case may be -- that might, in a worst-case scenario, turn out to be literally catastrophic.
Also important in the requirements management stage is that as new requirements come in, they are transmitted to other elements of the software portfolio appropriately, in order to support the new goals they were designed to achieve. This flow of information must be managed very carefully.
'IBM Rational DOORS� helps ensure that the delivered product meets Invensys Rail's and its clients' needs,' said Scott McKorkle, Senior Manager for IBM Rational. 'It enhances the quality of safety-critical systems by increasing the visibility of business objectives, customer needs, technical specifications and regulations.'
Configuration and change management
Given a set of requirements, the next two phases -- configuration and change management -- come into play. Code can't actually be generated yet, but based on the requirements, it can be designed, using standardized libraries and visualization tools.
Many architectural questions must be asked and answered at this point to assess and diminish risk. These questions might include: How are new requirements going to be implemented? What kind of conflicts might be created? What is the impact on the overall system going to be as a result? What are the direct and indirect consequences to the software and its utilization likely to be?
Here, too, ALM tools, working together and often in an automated fashion, can support a governed, risk-managed, collaborative process.
Said McKorkle: 'IBM Rational Synergy and Change provide a unifying change, configuration, and software delivery platform, bringing distributed development teams together for the development of complex systems and software. They help ensure that all development processes can be defined, implemented, automated, visualized and thus managed.'
This next phase is, of course, all about writing the actual code, but there's typically a lot more to the story than that.
Consider simulation, for instance; this is often needed to assess how well (or how badly) a given software build will perform under real-world conditions. In a dynamically changing environment, application stresses may fall outside expected boundaries, and it's necessary to ensure high tolerance for that possibility.
Interoperability -- certainly critical to Invensys Rail and its diverse base of railway operators -- is also a key factor to verify at this point. So is regulatory compliance.
'IBM Rational Rhapsody transforms complex program and regulatory requirements into deployable systems and software through model-based design, simulation and automated testing,' said McKorkle. 'Its model-driven development approach delivers the critical capabilities that Invensys Rail's systems engineers and software developers need to create demanding embedded and real-time applications.'
Documentation and reporting
Once applications have been developed, it will still be necessary to document them (to facilitate their use in real-world environments) and generate reports on demand (to illustrate utilization trends, patterns, or emerging issues that might require revision or optimization).
These reports, in addition to user/client feedback and other data points, then feed back into the next iteration of the application lifecycle, and the Requirements stage can begin again -- closing the development loop.
Thanks in part to its new ALM solution, Invensys Rail has certainly achieved impressive results. For instance, there is now 100 percent synchronization between the design model and resulting source code; changes in either one are instantly reflected in the other.
'The Rational solution facilitates this by uniting requirements and change management, model-based systems engineering, and software development into a fully integrated and traceable workflow,' said McKorkle.
And as a result, Invensys Rail's estimated time-to-market for new products has fallen by a remarkable 40 percent -- cutting the duration of the development cycle almost in half, and putting the company in a much stronger competitive position.
About the author Guest blogger Wes Simonds worked in IT for seven years before becoming a technology writer on topics including virtualization, cloud computing and service management. He lives in sunny Austin, Texas and believes Mexican food should always be served with queso.
How did you greet the new and improved Facebook? If you took to Facebook to complain about Facebook and demanded the old Facebook come back, you certainly weren't alone. Last Tuesday's rollout drew what could be a record amount of complaints from the site's 750 million users.
Don't blame Mark Zuckerberg, though. Blame your ancestors instead.
Life evolved to gather energy resources, and the purpose of our advanced brains is to predict availability of resources (e.g., benefits) and possible loss of energy resources (e.g., threats). If we think of the brain as a prediction machine (a reductive but useful model), it follows that the brain likes to be correct about its predictions and dislikes being incorrect. [...] Failing at prediction is actually perceived as a threat to the organism (however slightly or subconsciously), and so any surprises or unanticipated changes seem menacing.
In short: we depend on predictions to survive. Being right makes us happy. And we get awfully cranky when our predictions turn out wrong. The fact that so many people (myself included) expressed so much frustration illustrates just how deeply embedded Facebook has become in our daily lives. Facebook's front page is a window on our world. Overnight, many felt that window had been shattered. Nothing was where we expected it to be.
This dynamic doesn't just apply to Facebook. Taft sees the same phenomenon in at play in the fear that often greets new ideas. It also helps explain why we derive so much pleasure from watching movies we know by heart:
Our brains are highly optimized to anticipate outcomes and feel satisfaction and joy when we are proven right. This is why we like to re-encounter favorite movies and books again and again over the years and derive pleasure from them each time.
Finding our "sweet spot"
Taft isn't recommending we rely entirely on predictable events, which would leave us incapable of responding to change of any kind. I'd add that it's also an unwise way to run your organization in our new era of pervasive uncertainty. Instead, Taft points to a "sweet spot" of challenge and ability where we - and, I'd argue, organizations - can operate at peak powers. He cites Psychologist Mihaly Csikszentmihalyi and his concept of flow, "a state in which people are so involved in an activity that nothing else seems to matter; the experience is so enjoyable that people will continue to do it even at great cost, for the sheer sake of doing it.�
There are, according to Csikszentmihalyi, nine different elements involved in achieving flow:
There are clear goals every step of the way.
There is immediate feedback to one�s actions.
There is a balance between challenges and skills.
Action and awareness are merged.
Distractions are excluded from consciousness.
There is no worry of failure.
The sense of time becomes distorted.
The activity becomes an end in itself.
Flow and the analytics-driven organization
Csikszentmihalyi is one of the pioneers of the scientific study of happiness. But this happy state of flow also sounds a lot like that of an analytics-driven organization - the kind you can build with the IBM solutions you're going to see down at Information On Demand next month in Las Vegas. In the hundreds upon hundreds of breakout sessions and EXPO demonstrations you'll see how you can add the capabilities to make your outcomes a little more predictable. You'll learn about the Analytics Quotient and the steps you can take to achieving a flow-like Leader staus. You'll see how to enable your workforce to better manage the relentless pace of change. And you'll see how turning insight into action makes everyone that much happier.
Change may not be pleasant, but it's the only way we know of to move forward. On a smarter planet, smarter software can mitigate the pain and help you flow forward as well. The question to you now is, are you ready to move forward as well?
Each year, the IBM Beacon Awards recognize the most innovative solutions from IBM Business Partners. Spanning a wide range of solutions and markets in support of Smarter Planet, winning solutions consistently demonstrate exemplary value by solving real business issues for clients.
In addition to providing IBM Business Partners with recognition for their achievements over the past year, the Beacon Awards also give winners an opportunity to gain greater visibility across the industry and within IBM through press and analyst support, PartnerWorld web recognition, as well as video testimonials. Winning Business Partners will also receive a crystal trophy, use of the IBM Beacon Award mark for one year, and complimentary registration to the event at which award winners will be announced.
This year, Business Partners will be recognized in the following categories:
For an overview of the IBM Beacon Awards, as well as a look at last year's winners, check out this video from the 2011PartnerWorld Leadership Conference, courtesy of the IBM PartnerWorld Livestream Channel:
Nominations for the 2012 IBM Beacon Awards are due on November 1, 2011 at 11:59 p.m. EDT. IBM Business Partners can visit PartnerWorld to get a better understanding of eligibility criteria for the IBM Beacon Awards, as well as answers to some of the most frequently asked questions related to the awards.
You'll see some of these recent acquisitions next month if you're heading down to Information On Demand next month. It boasts the biggest EXPO in the IBM Software galaxy and ample opportunities to meet product and solution experts, so not only will you discover the value that these acquisitions can bring to your organizations, you'll see how that value is augmented and extended within a broader IBM software solution. On a Smarter Planet, the smartest companies will win. So whether you're in retail, banking, education or simply want to learn more about analytics I'd urge you to do two things: read the report and register now.
THINKing about Leadership, for a Smarter Planet
IBM Chairman and CEO Sam Palmisano opened this week's IBM THINK Forum in New York by calling for a new type of leadership. Palmisano noted that although competition drives progress and innovation, it's not sufficient in an interconnected world. In this new model, Palmisano said, "the wild west of competition needs to be complemented and tempered by far more collaboration across old boundaries: across academic disciplines, industries, nations; even amongst our most fierce competitors. Palmisano also commented on the lessons IBM has learned over its first century, lessons that will enable it to survive into the next:
The Forum drew many influential - not to mention thoughtful - attendees including Sir Howard Stringer, Chairman, Chief Executive Officer and President of Sony Corporation, New York City Mayor Michael Bloomberg and His Excellency Felipe Calder�n Hinojosa, President of Mexico. Rob Enderle of Forbes wrote about the conference here, and you can see more videos here.
In addition to the Forum, IBM has also installed the THINK Exhibit, a visual exploration of making the world work better, in Lincoln Center in New York. The exhibit takes visitors on a journey through a series of experiences, including:
The Data Wall: Striking patterns undulating on a 123-foot digital wall, visualizing live data streaming from the city�s nearby systems, like traffic details, untapped solar energy, water leakage through the city�s main aqueduct, air quality and credit card transactions.
Immersive Film: An immersive film displayed across 40 seven-foot, vertical media panels that tells stories of progress, including space exploration, personalized medicine and biotechnology.
Interactive Experiences: After the film, the 40 media panels switch to interactive touch screens, becoming a forest of discovery. Visitors can explore the various ways science and technology have improved the world, and the tools and methods used to drive progress, showcasing inspiring examples of systemic progress around the world.
The Icons of Progress: IBM�s top 100 milestones, including the PC, the first computerized airline reservation system and the Apollo Missions. Through graphics and stories, the icons tell the story of big risks, lessons learned and discoveries that have transformed the way we work and live.
The Exhibit is open to the public from September 23 to October 23, and smaller scale exhibits are installed at 14 IBM locations around the world, including IOD.
It takes a tenacious business owner to hold a small business together in today's economy. But sometimes, tenacity isn't enough.
In fact, small and midsize business owners have overwhelmingly stated that the biggest inhibitor to growth right now is the availability of financing (or lack thereof). Without financing, many small businesses cannot take advantage of the latest technologies like analytics and cloud, which might help them innovate and prosper despite the market conditions. .
Enter IBM -- with the understanding that SMBs play a critical role in our economic recovery, Big Blue recently announced that it will offer $1 billion in financing from IBM Global Financing to qualified small and midsize businesses over the next 18 months. Some people were surprised to hear that Big Blue was financing new technology for small businesses, but in fact, IBM Global Financing has been around for years. And with this great resource already in hand, why not make it even easier for SMBs to invest in the future? We think it makes sense. .
So far, the pundits seem to think so too, and the general public's reaction has been positive. Check out this MarketWatch video featuring AllThingsD's Arik Hesseldahl, as he talks through the latest announcement and what it means to SMBs (and please, excuse the brief commercial):
But wait -- there's more. In conjunction with this announcement, IBM also introduced an enhanced portfolio of pre-configured solutions, called Cost Buster Solutions, which combine hardware, software and services with this financing offer, in order to provide an affordable, simplified package for small and midsize businesses. The 29 solutions, which were identified based on research conducted with over 5,000 midsize business CIOs and IT decision makers, span all of the six software business needs: Turning Information into Insight, Driving Business Integration and Optimization, Connecting and Collaborating, Enabling Product and Service Innovation, Managing Risk, Security and Compliance, and Optimizing the Impact of Business Infrastructure and Services. As a result, it's now easier than ever to implement integrated solutions around Business Analytics, Help Desk, IT Monitoring, Data Protection and more.
Cost Buster Solutions help small business by improving the business case for investing in new technology through greater ROI and faster payback. They also make the financials easier to digest, preserving cash flow and lines of credit through a low, fixed monthly payment rather than an all-up-front cost.
Oh, I don't know, when you're too busy doing it to write about it?
There's lots happening on the IBM Software front and a lot of great work, too, so I'll be brief: Social Business: Boon or Boondoggle?
September 19 - 23 is Social Media Week and to mark it, the fine folks in our Social Business Team are joining in the global conversation. Each day they'll be putting forth provocative statements that explore the rationale, benefits, obstacles and opportunities involved in becoming a social business. They kicked off the week looking at the impact of social business on productivity; today they're looking at adoption. If you're in either Chicago or Los Angeles and browsing USA today on your iPhone lately you may have seen banner ads with headlines like these:
"E-mail is where information goes to die."
"Social is more cultural than technological."
"Social media is a weapon against irrelevancy."
I'd disagree with the first one. I consult my email archive pretty much every day. I'd agree strongly with the second point, but add that it's also true of any technology that upsets the standard way of doing things. As for the third, I'd have to agree as well, and I think it's only going to become more apparent as the technologies, metrics and practices all mature. In the emerging era of social business, I'd argue that every individual is a business. In much the same way that companies poured millions into their search engine optimization efforts to improve their Google rankings, individuals must now do the same to get noticed.
The UK consultancy Global Web Index has a mighty fine-looking infographic of social business technology adoption and usage worldwide. They've grouped user types into four categories and surveyed the ways their behaviors vary by region. It's a pretty interesting scan.
Just like the Internet transformed retailing, media and entertainment in the 1990s, social networking and mobile communications are now putting even more power in the hands of individuals.
Today, 70 percent of a customer's first interaction with a product or service takes place online, 64 percent make a first purchase because of a digital experience and of the two billion people connected to the internet, more than 600 million are on Facebook. This is compounded by an explosion of mobile purchases, which is tripling annually to $119 billion this year alone. Think of this as the era of the connected consumer.
The shift is a good thing. It means consumers know more than ever about their choices and can comparison shop for the best price with ease. They get what they want when they want it. And they can make their opinions known � positive or negative � to thousands or even millions of other consumers.
The power of the connected customer
This big shift in how customers connect brings profound consequences � redefining the term �commerce.� What used to be seen as a flow of goods from manufacturers through a distribution chain to customers has become an interactive feedback loop, where consumers, producers, distributors, the media, and marketers all have new roles to play. Smart companies see "selling" not so much as a traditional function of their organization but rather as an ever-evolving set of services they perform for their customers � performed in concert with their business partners.
Toward that end, organizations are getting more intelligent, so that vast amounts of customer data � from demographics, to product-purchase histories, to online conversations � can be analyzed and turned into real value in real time.
They are getting more interconnected, so that customer insight can be fed into every point in the process � from design to distribution. And they are extending this network of insight to suppliers and partners, because no business can innovate alone.
And they are getting more instrumented, so every item of inventory can be tracked; every interaction with customers can be understood.
Smarter Commerce at work
Leaders in every industry are turning to dynamic business networks that span human, digital, social and mobile modes.
For example, an electronics retailer is using seemingly unrelated purchasing events to get the products its customers want on the shelves when they want them, and make the whole shopping experience seamless across all channels � from brick-and-mortar, to the Web, to mobile.
An automaker is continuously improving its products by infusing customer feedback and reviews into the design process, and pulling in the best parts, suppliers, and assembly expertise without disruption as market needs continuously change.
A bank lender is taking a 360-degree view of its customers using predictive analytics to determine which types of products might interest a patron and even when, where and how to approach them � putting customers at the center of its strategy for what new services are introduced.
The complexity of the task
Building dynamic business networks that span human, digital, social and mobile access modes isn�t easy. Businesses often find themselves with too many siloed systems, and too many unique processes that don�t share information or integrate very well.
But now there�s new technology that enhances and automates the way businesses connect � across the wide range of systems and activities flowing between departments, businesses, and into the cloud. There�s also clever analytics software that can turn vast streams of data into a narrative that people can understand and put to use.
Defining a new market
Powerful software tools and services are available from IBM to help companies to better address the connected customer.
In 2010, IBM added to its own WebSphere Commerce software platform with three related acquisitions � Sterling Commerce for order management and supply chain optimization; Coremetrics for analyzing customer behavior; and Unica for managing marketing campaigns from beginning to end. Together, they address a broad spectrum of enterprise commerce activities � new ways to buy, sell and secure greater customer loyalty in the era of mobile and social networks.
In March 2011 IBM debuted its Smarter Commerce Initiative with new software solutions designed to help companies intelligently automate supplier and trading partner interactions, automatically turn marketplace insights into marketing and sales actions, and seamlessly connect online, mobile and social channels to physical stores. IBM is defining and leading this new market, which is expected to grow to a $20 billion opportunity in software alone by 2015, driven by demand from clients that must bring new levels of automation to marketing, selling and fulfillment, and managing brands.
IBM has also put together a robust consulting services practice and a �university� program to teach commerce skills to clients. It�s packaging all of these capabilities together and presenting them as an integrated set of technology and business solutions. And now with IBM's help, leaders in every industry are serving the connected customer's needs at every turn.
At it's first Smarter Commerce Global Summit this week in San Diego, CA, IBM announced newsoftware and servicesthat address a broad spectrum of enterprise commerce activities � new ways to buy, sell and secure greater customer loyalty in the era of mobile and social networks.
Some of you might recall a blog we did a few months back that contained highlights from the Gartner Security and Risk Management Summit that took place here in the US. This week Gartner is out in the UK and we�ll be bringing you highlights from around the conference, both from the perspective of what IBMers are saying, but also what we�re hearing from other industry leaders and analysts.
As with the last Gartner conference, I am not attending (bummer), but one of my colleagues in the UK, Rebecca Swindell (follow her on Twitter here), is at the conference and the observations that will be contained in this blog are hers.
She�s also taking some photographs and posting them from the @ibmsecurity Twitter handle. Here�s one that she took of Watson!
As with the previous blog, I will be continue posting the most recent news and highlights at the top of this blog.
If you are attending the conference, come say hi to us at stand 10.
Tom Scholtz, VP Distinguished Analyst, Gartner
Tom spoke about the role of the Risk and Security Compliance Manager and defined a few key responsibilities:
Define process that ensures that reasonable and appropriate actions are taken to protect organizations
Ensure information resources are use in the most effective and efficient manner, in pursuit of business goals.
Sets and manage accountability and decision rights
Arbitrate between conflicting security requirements
Provide assurances to execs that info is appropriately managed
Jay Heiser, Research VP, Gartner
Carsten Casper, Research Director, Gartner
Jay and Carsten talked about cloud security, privacy and assurance. They noted that even by 2014 many organizations will still avoid putting sensitive data in the cloud.
Cloud Services pose a dilemma.
Positives: Convenient, Scalable, Plug and Play, Flexible, On Demand
Negatives: No ability to control a vendor you are dependent on, no risk transparency, scalability and convenience make risk assessments more difficult and complicated
Architectural challenges: Multiple customers sharing resources, protect data when processed, accessed and at rest
They talked about how using a cloud service provider means you are totally dependent on the stability of that vendor. Is migration even possible in this world?
They concluded by saying that cloud computing exacerbates existing concerns about outsourcing and that in order to be successful, new risk standards will need to be developed.
Marc Van Zadelhoff, Director, IBM Security Strategy
Marc began by talking about the technology landscape. Everything is everywhere and there is a continuous evolution of platform as evidenced by things like cloud, virtualization, mobile, social, etc. The data explosion is being driven in part by application access from anywhere. Our personal and professional identities, hours, devices and data is all on a path of convergence.
He additionally commented on the different attackers. We�ve seen the rise of advanced, well funded attackers, and an entire array of motivations behind different attacks (political, state sponsored, terror, financial gain, notoriety, mischief, etc).
Marc further commented that a secure web presence has become the Achilles Heel of Corporate IT Security. Internal and external threats, as well as compliance regulations, are all affecting the ability to innovate, and the entire C-Suite is concerned.
He then stressed a more intelligent approach to security that focuses on more automation and proactive protection.
He concluded by stressing IBM�s dedication to this space. He said that IBM monitors 21 billion events per day, has 10 security development labs, 6000+ experts, 4000+ MSS customers and has made 11 acquisitions in the last 5 years in this space.
Chris Byrnes, Managing Director, Gartner
Chris expanded on the increasing importance of security as a function of a successful risk management strategy.
One of the things he addressed was the role of the CISO in IT Risk Management. While in the past many CISOs have had significant technical expertise, this focus on risk management shows that the CISO role is becoming more strategic and more tightly aligned to business objectives.
*Interestingly, this is a topic that we at IBM have been doing a lot of work around recently. Click here to read the blog that Marc Van Zadelhoff, Director IBM Security Strategy, recently wrote on the topic of the Evolving Role of the CISO.
Carsten Casper, Research Director, Gartner
Carsten gave an overview of some of the different topics that are currently hot in the industry, including mobile and compliance regulations. He also brought up security in the context of being an embedded element of everything we do in IT.
He mentions that the top 5 priorities of the CIOs in 2011 are cloud, virtualization, mobile, IT management and business intelligence. Carsten then points out that while the word �security� may not appear in that list, it is understood that security is a key element of all of these projects.
Tom Scholtz, VP Distinguished Analyst, Gartner
Tom begins by talking about something that we�re really starting hearing more and more in the market today, that we need to do more to make sure that the business understands what the security community is working on and where they are having success. Risk Management is a fundamental discipline (that extends beyond IT and security for that matter) and one that most businesses understand pretty clearly. By embracing risk management, security professionals can have more conversations that the business is going to be able to relate to.
The following contribution is by guest blogger Wes Simonds. Over the next few months, Wes will share with you his perspective on the role of software in transforming business and building a smarter planet. Wes worked in IT for seven years before becoming a technology writer on topics including virtualization, cloud computing and service management. He lives in sunny Austin, Texas and believes Mexican food should always be served with queso.
Analytics help you compete better in the business arena
College football is my favorite sport, but for reasons unclear to me, it's not played every day of the year.
So I find myself giving other sports a chance. This is often a learning experience.
For instance: the recently completed US Open tennis tournament. Did you know it has an Official Technology Partner?
And that as of 2011, this Technology Partner does extensive, customized analyses on a match-by-match basis, to suggest what specific players must do to win any given match?
I didn't. Neither did the sportscasters. I was surprised to hear that even jaded, seen-it-all John McEnroe was impressed with the detailed insight provided, which sounded much like this:
To beat Djokovic, Federer will need to land more than 62 percent of his first serves from the ad court, and in that scenario, Djokovic is least likely to return serves right down the middle.
To beat Federer, Djokovic will need to concentrate on Federer's relatively weak backhand, targeting it 43 percent or more of the time, especially in volleys at the net.
Wow, I thought. "This goes way beyond sabermetrics in baseball, which is mainly about individual players' relative strength. This is nothing less than a tailored, prioritized game plan driven by deep analysis of hard data. It tells players how well they're doing, where they're weak and strong, what kinds of risks are coming up, and what they need to do to achieve their goals. And it does that in as much or as little detail as they need.
Then I thought: What if businesses could leverage this kind of software to do much the same things?
Then I thought: They can. That's what business analytics is all about.
Don�t be an analytics have-not
Mychelle Mollot, IBM Vice President of Worldwide Marketing for Business Analytics, makes a very similar case.
"For our customers, analytics is really a tool to help them compete," Mollot said. "People have to discover new ways to differentiate, be competitive, and find new areas for growth. Many organizations are turning to IBM for analytics to help them make sense of their data in order to drive better business outcomes."
Think of data as a stockpile of valuable, but hidden, insights. Discovering those insights requires analytics tools capable of sifting through the stockpile and detecting trends and patterns. Then, based on the insights, business leaders can create strategies to help the business grow.
Practically every organization, in every industry, can benefit from quantified analysis of the available data. This is particularly true if little or no analysis along those lines is being performed right now.
"We see that not just in our own experience with our customers," said Mollot, "but the data [in general] shows it as well. In the studies we've done, [there is a clear] divide between the Analytic Haves and the Analytic Have-Nots.
"And the more that organizations fall behind in terms of their analytic usage and their analytic capabilities, the more their performance is going to be impeded by it."
Recognize trends and patterns faster and more accurately
As just one specific example, consider the business context of insurance providers. The entire insurance business is, at its heart, driven by statistical analysis -- an attempt to assess various forms of risk on a mass scale in order to provide financial protection for clients against undesirable events.
But going beyond that form of analysis, there is also the issue of claim evaluation. Insurance providers sometimes receive fraudulent claims; the faster and more accurately such claims can be identified and dealt with, the better the business outcome for the insurance provider. And that, in turn, will translate into value for policyholders in the form of lower premiums.
Detecting just which claims are fraudulent, though, is a complex matter. It's also an opportunity for analytics tools to shine.
Such was the recent experience of Infinity Property and Casualty Corporation, an Alabama-based automobile insurance provider that covers drivers identified as higher-than-normal risks. This organization provides 24x7 service, handling between 25,000 and 35,000 claims per month -- a vast data pool of ever-increasing size, and one in which a certain percentage of claims are going to be fraudulent. Being able to pinpoint those claims rapidly and correctly is thus a crucial aspect of Infinity's business model.
Thanks to a new set of analytics solutions and modeling techniques, the organization has managed to achieve exceptional results. Via sophisticated predictive models, claims can now be flagged as suspicious and referred to a special investigative unit in one to three days instead of a month. And they are now much more likely to involve actual fraud once they're investigated.
Furthermore, this approach pays a second dividend in the case of routine, legitimate claims. These can now typically be paid in one day, instead of a week or more.
The business result for Infinity? Twice the accuracy in identifying fraud and swifter claim processing in all cases, leading to a 403 percent return on investment.
That's an impressive result by anybody's standards.
Cases like that also illustrate just why leading IT providers are focusing more and more on analytics solutions: there is an increasing market demand for them.
"In terms of a growth strategy, IBM is investing in analytics, as we have seen from the recent acquisition announcements over the last year: SPSS, OpenPages, Clarity, Netezza, BigFix and now recently Algorithmics," said Mollot. "It is a core strategy for IBM because it's core to the success of our customers. We really believe that analytic-driven organizations are going to outperform those that are not analytic-driven."
Pursue analytics via a tailored strategy that reflects your specific context
If Mollot is right about that -- and I think she is -- then the question is not whether organizations need to deploy analytics tools, but how.
For best results, they should think through not just what their challenges and goals are, but also how to implement and integrate new analytics capabilities over time. The idea should not be just to buy and install analytics solutions, but also to drive positive change via an analytics strategy.
Some points to consider:
1. Find out how mature your analytics strategy is right now -- and what you should do next.
2. Consider analytics capabilities from both tactical and strategic perspectives.
Often, a balanced approach is best. One way to go about that: think strategically (in terms of designing the system), but act tactically (in terms of creating pilot projects).
For instance, you might begin with analytics-driven direct marketing, but over time expand into much more specific analyses of customer data, such as the probability they will buy any given product or service.
3. Evolve your strategy and capabilities over time.
As your business changes, so will your data, your customers, and your strategies. You'll need to grow and refine your analytics capabilities in parallel.
In many cases, analytics can also help organizations understand change better, revealing not just new possibilities, but also false conclusions or unexpected gaps in their market awareness.
"Customers often find that the more they know, the more they realize they don't know," said Mollot. "That's what drives the next set of projects: the opportunity to learn more. Analytics is an ongoing process that [empowers] people at the point of impact with the ability to make decisions. So it becomes a cultural change as well as a technology and transformational journey."
About the author
Guest blogger Wes Simonds worked in IT for seven years before becoming a technology writer on topics including virtualization, cloud computing and service management. He lives in sunny Austin, Texas and believes Mexican food should always be served with queso.
At its first Smarter Commerce Global Summit on September 19-21 in San Diego, CA, IBM will announce new software and services that address a broad spectrum of enterprise commerce activities -- new ways to buy, sell and secure greater customer loyalty in the era of mobile and social networks
Here's a simple video on the 'how' and 'why' of Smarter Commerce.
We're into the home stretch before Information On Demand (you have registered, right?), so I've shared a few recent blog posts that will help frame the discussions taking place in the general sessions and executive keynotes. Feel free to bookmark, read and add to your own social media reading list. Also, feel free to comment on or disagree with these posts right here, as each is bound to raise a hackle or two.
1. GOOD Magazine: The Data Issue: GOOD calls itself an "integrated media platform for people who want to live well and do good" and "a company and community for the people, businesses, and NGOs moving the world forward." Its latest issue looks at areas of our lives that aren't typically associated with (or driven by) data and finds some surprising insights. Yes, data is everywhere and facts can be comforting, but when it comes to our own lives, it's the questions we ask ourselves that lead to true wisdom. As illustrator Andrew Kuo writes: When we search the numbers, we find reflections of ourselves, glimmers of the world we live in and the lives we lead. We may learn immense amounts from this data, but make no mistake: Our search is what gives it meaning. In The Information Arms Race,William Wheeler explores the increasingly effective use of microtargeting in political campaigns, as well as the repercussions for democratic debate. The issue is also chock full of of cheeky infographics and gets meta on data with a chart entitled "Which kinds of people like which charts?"
2. Numerati Baseball = Rope-a-dope, by Stephen Baker: Is a winning strategy boring to watch? Perhaps, but I suppose entertaining the fans is a secondary concern when you're buried beneath "fifty feet of crap," as frustrated Oakland As' GM Billy Beane (Brad Pitt) laments in the movie trailer below. Under Beane's 11-year watch, the A's have compiled the third-best record in the American League and fifth best in all of baseball. Still, Baker (author of The Numerati, chronicler of the Watson story and a baseball fan) explains how Moneyball makes games longer and tests fan patience: I love baseball, and I defend it stoutly against all those who complain that it's boring. But anyone who can sit through a Yankees-Red Sox game without a fast-forward button deserves some kind of medal ... For someone who is not passionate about the Yankees or the Red Sox, it was torturous. The game dragged on for 4 hours and 21 minutes. What's your take on taking a lot more walks? Moneyball pioneer Billy Beane and Moneyball author Michael Lewis will share share their take on wining an unfair game when they share the stage as our keynote speakers.
3. Desert Island Datasets: Over on The Guardian's Datablog, Charles Arthur plays with the "Desert Island Album" concept by asking, "Which set of open data would you like to get from the UK government so as to have the maximum impact on the open data movement?" Arthur's goal is twofold: first, to protect and advance the open data movement overall, and second, to focus on those datasets that can make the biggest improvements in public policy: I recently met some people inside government who are trying to push the open data idea, of getting anonymised, publicly-collected data out there for developers to be able to build applications which will have both financial and societal benefits. It is taken seriously at the top levels of government; they aren't just paying it lip service. The problem though is that there's only so much time available to anyone to push the agenda through.
Bonus feature: IOD Housekeeping Details
A few details to keep in mind as you prep your week and pack your bags:
Don't forget to sign up for the IOD Social Media Aggregator: This site is your proverbial one-stop shop for real-time tweets, pictures, videos and blog posts from your fellow attendees and those playing along at home.
Excited about going? Tell all your friends! Our LinkedIn and Facebook pages are great ways to let your friends and colleagues know you're headed to the biggest conference in the IBM Software galaxy. Make some valuable connections before you head down to Vegas.
Follow us on Twitter: Real-time event updates, opinion and excitement in 140 characters or less. Use #iod11 to join in the fun.
Interview with Ari Kaplan, Manager of Statistical Analysis with the Chicago Cubs
Baseball has always been ripe for analytics.
Former Los Angeles Times sportswriter, Jim Murray once said that �baseball�s appeal is decimal points; no other sport relies as totally on continuity, statistics, orderliness of these. Baseball fans pay more attention to numbers than CPAs."
The game is measured from generation to generation, year to year, and game to game on statistics.
It�s how fans discuss the game; and more importantly today, it�s how Major League Baseball teams measure the performance of its players and operations to gain a competitive advantage.
The notion of analytics and baseball will be thrust further into the spotlight when the movie Moneyball (starring Brad Pitt as Oakland A�s General Manager Billy Beane) is released later this month.
I was honored to speak with Ari Kaplan, the head of statistical analysis for the Chicago Cubs and the first official hire by Tom Ricketts, the current owner of the team, about his role, the importance of analytics in baseball and how the use of analytics continues to evolve.
How did you get into analytics and decide to make a career out of it?
During a research fellowship while an undergrad at the California Institute of Technology, I demonstrated that the statistics generally used (Earned Run Average, Wins/Losses, Batting Average, Saves) were not the best way to explain how players performed. While this is accepted today, at the time saying something like this received lots of attention in the media and in the industry itself.
The owner of a Major League Baseball (MLB) team approached me to offer me a position. Once in baseball, I have been able to contribute in many areas � from technology and analytics to scouting, advance scouting, player development, contracts and arbitration, and business development. I decided to make a career out of it because this is my passion in life and I have been fortunate to have the opportunities along the years.
This is my second full-time season with the Chicago Cubs, and I have consulted with them over the past 15 seasons.
Can you describe what you do on a day-to-day basis?
Being in the Baseball Operations, I have had the opportunity to get involved in many areas. There is the long-term development of our analytics and baseball-related technology to position us to be consistent champions on and off the field.
On a day-to-day basis I help prepare information for the coaches for games, do special projects for the General Manager and other baseball management, and try to stay one step ahead looking for ways for us to improve. There is a rhythm to the baseball season � Spring Training, the MLB season, the Minor Leagues, the draft, signings, trade deadlines, organizational meetings, Winter Meetings. These events set the pulse of what we focus on month to month.
What advice would you give to individuals thinking about going into a career in analytics?
If it is truly your passion, get into the game any way you can, put in the hours, and learn as much as you can. Then hopefully you'll "stick" and get lucky enough to parlay that into a full-time position. Also becoming a writer for a website such as Baseball Prospectus, searching www.pbeo.com, and going to the Winter Meetings are good ways to get into the industry.
How do you measure your effectiveness as an analytics professional?
Our goals are to consistently make the playoffs, progress through the playoffs, and win the World Series. If we do those objectives, great; if not, we need to self-evaluate why not and adjust accordingly.
What is the most common misconception that the public has with the use of analytics within major league ball clubs?
There is a public misperception of a rift between "old school" and "new school" that is a bit sensationalized. Everyone has the common goal of being a winning organization, of effective teamwork, and of doing what it takes to get from good to great.
How has the use of analytics evolved in the past few years?
New technology such as Sportvision's PitchFX and HitFX has changed the use of analytics dramatically. We now have significantly more data on pitch types, velocities, locations, spin, break, and more that can be used for really meaningful and actionable advice. And soon, FieldFX will help better understand and quantify defense like never before.
Any interesting �aha� moments that you have uncovered that you can share from your analysis?
These are humans, not computers playing. And humans often have subtle and repeatable habits that can be taken advantage of. A good advance scout can find these, and also reviewing millions of pitches and game events can help in that effort. Finding a strength, weakness, or habit to help win even one additional game a year is worth all the effort.
What do you think of the new stats of evaluating players, such as WAR (Wins Above Replacement), UZR (Ultimate Zone Rating) or BABIP (Batting Average of Balls in Play)?
Using stats depends on what you are trying to do. Are you helping a coach relay actionable information to a player? Are you seeing how Minor Leaguers or amateur players might have an impact at the Majors? Are you forecasting and valuing a player�s contract relative to others? Each stat you list is a generalization that could be useful or not depending on the context of how it is used.
Is there a rivalry among analytics professionals in MLB?
There is a great sense of camaraderie in the analytics world � with tons of really useful free information in the public domain. New blogs and websites pop up that enable the overall analytics marketplace to vet out ideas and improve methodologies. Within ball clubs themselves there is often an advantage to keep methodologies closed and proprietary to maintain a competitive advantage. So there's a mix of both out there.
What feedback do you receive from ballplayers in regards to using analytics?
For 23 seasons, I have worked with managers, coaches, and players, including Hall of Famers, All-Stars, regulars, replacement-level players, and those that have never made it. Everyone's approach is different � some want to learn everything they can and have the ability to adjust. Some want to learn everything they can but can't physically adjust to that information. And some don't really care or focus on different approaches. There is no right answer. It all depends on the individual.
Like players or managers, do you take the wins and losses home with you?
Certainly, all of my essence is devoted to helping the Chicago Cubs succeed and rewarding generations of fans. I am passionate about the game, and passionate about winning, and take with great pride being a representative of the Cubs organization.
Register for the upcoming IBM Business Analytics Forum (Oct. 23-27 in Las Vegas) and see keynote speakers, Michael Lewis, author of the best-selling book, Moneyball, and Billy Beane, General Manager of the Oakland A�s.