When we think about how the planet is evolving to become smarter, one of the most interesting places where we're seeing a lot of change is in energy and utilities and the SmartGrid. As a result of advancements in things like solar power, we aren't just taking power out of the grid, we're now putting energy back into the grid. We're investing in things like Smart Meters to help increase efficiency and we're doing more every day to make sure that less power is lost between power plant and light bulb. However, being able to confidently leverage all of the new advancements in grid technology means we are also going to need to understand more about the new challenges we face.
We are taking on new projects to increase the efficiency of the grid, and replace an aging and legacy infrastructure, because the grid's fundamental architecture hasn't changed much since its original conception. So, when we talk about solar panels adding power back into the grid, how do we make sure that these older systems are ready to take on these new inputs? The connected nature of the grid also raises significant concerns around the impact that would be incurred by a widespread attack against critical infrastructure. Stuxnet was targeted at industrial command and control systems. If people previously thought these types of attacks didn't, or couldn't exist, they don't think like that any longer.
As Jack Danahy mentions in the below video, when we introduce new technology, we also introduce new risks. That's a fact and it's not limited to just security. When we invented cars we also introduced the risk that people could be in a car accident. However, the benefit of cars was too great so we kept moving forward with automobile production, and as the market matured, and we covered some of the initial bases, like how to make sure the wheels don't fall off, we increasingly turned our focus to the safety of automobiles. Being able to protect people in the event of a crash became one of the most important features. We need to apply this same principle to new technologies, particularly when it comes to energy and utilities. Security needs to become an innovative aspect of the overall design. However, unlike automobiles, we don't release a new smart grid every year. We're building on the one we have and making it work better.
The launchpad we're announcing today features an overview of the issues, expert opinions and testimonials, as well as some demos and links to additional resources. For those of you interested in learning more about security for the SmartGrid, I encourage you to take a look at some of this content. You can find the demo by clicking here.
A core element of the AQ concept is a four-stage maturity model. The first stage is "Novice." In our new AQ White Paper, we describe the Novice stage like this:
At this first level, individuals or teams analyze their own data, typically using spreadsheets or basic query tools. Here, knowledge workers have only a limited historical view into past performance and must rely in large part on �gut feel� to make decisions about current or future performance. It�s at this early stage that that the negative effects of rudimentary or incomplete analytics are most acutely felt, as outcomes are often hampered by inefficiencies, delays, miscommunication and the pain of missed opportunities. Any one of these impediments can serve as the necessary �burning platform� that drives organizations to take their first step toward a higher AQ.
You can discover your own AQ right now with our new Web quiz. In addition to the new AQ White Paper and Web demo, we're also excited to introduce The AQ Chronicles, a new animated series. In this series, we'll follow a typical marketing manager as he progresses through a business analytics journey. Watch as in this first episode, he asks IT for some much-needed and not altogether unreasonable sales figures:
While most of what I know about art preservation I learned from watching Ghostbusters II, I do know that it is a difficult task. Art needs to be viewed/shared with it's audience and yet must be properly preserved so that it is not irreparably damaged and lost to future viewers.
Years of reading comic books has taught me that ink/paper tend to deteriorate at a rapid rate. It is very rare to find "Golden Age" comic books in pristine condition, and comic books only go as far back as the 1930's. So you can imagine what a difficult task museums have with paint/canvas that dates back into the hundreds (and even thousands) of years. Museum visitors line up every day to see these paintings. Up close and personal.
Art, like so many things, is stored in buildings and it is the environment of these buildings which must be regulated and controlled so as to properly preserve the art.
Which is why one of the coolest things to come out of our Smarter Buildings event on June 9th was how IBM is partnering with, "...Metropolitan Museum of Art to test a wireless environmental sensor network--dubbed, unsexily, the Low-Power Mote--in the museum's Cloisters, a section that holds 3,000 works of art from medieval Europe. The works, which include paintings, tapestries, and illuminated manuscripts, date from the 12th through the 15th century." (Fast Company).
Buildings are essential to a Smarter Planet and it's one of the areas we're focusing on with our industry solutions.
Using buildings to help preserve the art that they house is one way that our customers are leveraging Intelligent Building Management solutions, but we also had another great customer at this event.
Tulane University is another customer with whom we are partnering, and they are certainly at the forefront of helping to create a Smarter Planet with ...[their] first IBM project is helping to transform the home of Tulane's School of Architecture, the century-old Richardson Memorial Hall, into a "smarter building living laboratory," using IBM Intelligent Building Management while maintaining respect for its historic status. The school aims to arm a new generation of architects with techniques that will allow historic buildings to be more efficiently adapted for modern use.
Please comment below. Are you and your company working towards intelligent building management? Have you been following any projects similar to Tulane and the MET that you want to share with the community?
*yes, "Intelligent Building Management At The Museum" would have made more sense, but when have I ever bothered to make sense?
This week is the 17th annual Gartner Security and Risk Management Summit. There are lots of leading experts from around the world in attendance, including many IBMers, and we wanted to take this opportunity to make sure that some of the content was reaching folks who aren't able to attend the event. That is why over the course of the next several days we'll be bringing you highlights from around the conference. I am going to continue updating this single blog, even after the conference ends, and hopefully you find it to be a helpful resource regardless of whether or not you are in attendance.
I should mention that I am not personally at the event. The observations are that of a teammate of mine, Sydney S. Johnson. She is our acting security correspondent in the field. I should also mention that you can view IBM's agenda at the show by clicking here.
I will continue posting the most recent news at the top of this entry.
(6/22) David Pogue, Tech Columnist, New York Times
David spoke about how technology drives culture. 95% of cars today now come with an iPod adapter, but what he finds most interesting is not the technology itself, but rather how it changes us. Using the example of apps, David spoke about how you can quickly bring a new technology to the consumer market. Millionaires have been made overnight. David believed this factor was an important new characteristic of the way that technology is changing our lives and he believes that augmented reality is one of the next big steps we will see. David points out that new technology does not necessarily replace what came before it either. TV was supposed to be the end of radio. But radio didn't die, we just changed the way we interact with radio.
But the question is, what does all of this have to do with security? The answer, of course, is that is has everything to do with security. All of these cultural trends seem to be driving us online, and that trend sets up security to be an increasingly desperate requirement.
(6/21) 9:30 AM. Social Media and Security and Privacy
This session featured Marne E Gordan (@MarneEGordan), Regulatory Analyst, IBM Corporate Security Strategy. Marne began by talking about the enormous benefits that social media has brought. People are communicating, in real-time, in exciting new ways. Business are reaping the benefits because social media is inherently high in impact and low in cost. However, with emerging technologies also come new risks and challenges. This does not mean that we avoid new technologies (I am blogging about this), but rather that we take a strategic and thoughtful approach so we can more confidently use and embrace what's new.
Marne looked at a few examples where we can see why there are legitimate concerns about social media. We've seen online harassment, the leaking of private and corporate information and the scandals that resulted, questions around privacy and finally, how we control the convergence of our professional and personal lives. These are not easy questions to answer, and Marne used some statistics from Osterman Research (http://www.proofpoint.com/outbound) to illustrate this point. According to what Osterman learned, 30% of organizations have already seen a negative business impact due to social media, 47% of organizations reported not having a social media strategy and 53% are concerned about the risk of an information leak due to social media.
However, there are things that organizations can do to help mitigate these risks.
Strictly forbid illegal activity (no stalking, harassment, hate speech). You're not voliating employee civil rights to say that.
Encourage employees to maintain separate corporate and personal online identities and accounts.
Provide training on social media.
Warn first time offenders.
Seek advice of counsel.
Stay within NLRA parameters.
Marne concluded by talking about the 5 "must haves" organizations need to have when it comes to social media.
5) Have a contingency plan: If something is inappropriately communicated you should have clearly defined steps and actions you can take.
4) Personal Communication: When you are thinking about the way you are presenting yourself as an individual, always consider if you have identified yourself as a corporate spokesperson.
3) Corporate Communication: Getting approval for things that are questionable is not a bad thing.
2) Clearly define appropriate use: Make sure to be even-handed.
1) Have a documented policy: Enough said.
(6/20) 2:30 PM. The Future of Privacy
This was a panel discussion featuring Harriet Pearson (VP Security Counsel & Chief Privacy Officer, IBM Corporation), Bojana Bellamy (Global Data Privacy Compliance Lead, Accenture), Mary Ellen Callahan (Chief Privacy Officer, U. S. Dept of Homeland Security-Privacy Office), Robert Quinn (AT&T Services, Inc., Senior Vice President-Federal Regulatory and Chief Privacy Officer), Laura Riposa VanDruff (Attorney, Bureau of Consumer Protection, The Federal Trade Commission) and Heidi Wachs (Director of IT Policy and Privacy Officer, Georgetown University). The opinions expressed by the panel participants are their own and do not represent the opinions of the companies they represent.
This group of panelists were asked the question, in 2015, will privacy be over-regulated, appreciated or ignored?
The group began by addressing the first possibility, that privacy will be over-regulated.
Harriet begins the discussion by saying that the importance of privacy regulations is likely to vary based on the specific area of privacy. In certain areas, we may favor strict government regulation (ex. children's privacy), but there are other times when we expect that the private sector may have effective privacy best practices in place and government regulation could make privacy policies less efficient. Mary Ellen built on that idea saying that because we tend to be reactive in legislation, the legislative agenda might be behind the work going on in the private sector, and we need to be careful not to have government regulations that conflict with the efforts of the private sector, especially in areas where the private sector has demonstrated success and leadership. Bojana added that in Europe, privacy is regarded as a human right, and developing privacy regulations and policies in specific countries is an issue being complicated by worldwide convergence. Robert points out that his company's industry - communications - is, in his opinion, over-regulated, and has been for years. He believes this over-regulation stems in part in order to ensure that law enforcement retains access to information that they need. Additionally, he notes that one of the challenges that exists is that many of the data companies who generate and leverage data don't have an actual relationship with a consumer group. When there's a data breach, who's got the relationship with the customer to go and tell them that their data has been breached?
From there, they moved onto the second question. Will privacy be appreciated? Will people care?
Laura begins the discussion by saying yes, people will care. The more people understand how their information is being used the more attentive and interested they are going to be regarding questions of privacy. She notes that social media platforms do have privacy options, a comment that Harriet then builds on. Harriet noted that sometimes people understand the immediate impacts of new technology, while in other times they don't discover them until later. She said that organizations must make decisions regarding when/how they will adopt privacy models. She commented that a check-the-box approach won't get us very far because organizations need to look at themselves and make deliberate, strategic choices. Robert also made a point that location based services were coming and asked the question of how do we retain "best privacy practices" amongst applications? He believed it was the obligation of companies to get out in front of this.
Finally, will privacy be ignored considering the growing volume of other risk-related messages?
About 6 months ago the FTC proposed a privacy framework that would include, "Privacy by design," "Simplified consumer choice" and "Improved transparency." (This framework is still in the initial phases of recommendation and the team is working to improve based on stakeholder comments.) Questions were then brought up around whether or not privacy could be enforced. In response, Bojana closed by talking about, "Privacy by design," and her hopes that privacy will one day be built into every product brought to market, transforming privacy into business enabler.
Gartner ended the session by doing an informal audience poll. Of the audience members who participated, 43% think privacy will be over-regulated by 2015, 43% believe it will be appreciated, and 14% think it will be ignored.
(6/20) 10:16 AM. Michael Chertoff (Co-founder and Managing Principal, Chertoff Group) is the next to speak and he was the former Head of the Department of Justice Criminal Division and was also U.S. Secretary of Homeland Security. Given his background, he spoke about how to effectively manage a crisis and brought it down to three key elements:
1) Planning You will need to adapt and manage, but in the event of a crisis, you should never be starting from scratch.
2) Communication It is about both what you take in and what you put out. Situational awareness is critical as you must know what is going on in real-time, otherwise you become a hostage to media and hearsay. Communicate to the public in a way that is accurate, creditable, and succinct.
3) Decisiveness Acting on your plans.
During the course of his talk, Chertoff also focused on the relationship between government and the private sector as it pertains to the internet. As an example of the conflicting thoughts in this space, he mentions that there are people who believe the government should have an internet kill switch and others who believe the private sector should be completely in control. Chertoff suggests more of a balance and that we need to focus on defining the overall doctrine/strategy. In his opinion, it is important that we become clear on what is government's responsibility, what the responsibility of the private sector is, and what their shared responsibility is.
He also makes the suggestion that we should not try to fit this doctrine into the existing legal landscape. Chertoff believes that we should adapt the law as needed, and if done correctly, we should be able to preserve the essence of the internet while also retaining trust and security and fostering economic growth.
Cherkhoff also had some interesting thoughts on wanting to get more of today's youth involved in security by emphasizing that defending a system can be as exciting as attacking one.
Looking into his crystal ball, Chertoff felt that cybersecurity was going to be one of the two critical national security risks in the next decade (the other being biological warfare).
(6/20) 10:00 AM. Vic Wheatman is the managing vice president of Gartner Research and is part of the security and privacy team.
This is the 17th annual Information Security Summit and this year there are over 1,800 attendees and 93 solution providers. Vic makes a number of key observations around "Enterprise Security Intelligence" or ESI. He says, this is not a market so much as it is a concept. The concept is based on the integration of technology and information and about how analytics can be used to make better decisions. It's not just about being able to collect information (which organizations are doing a pretty good job at right now), it's about being able to apply that information in a meaningful way (an area where organizations have an opportunity to improve).
He also commented on the changing profile of attackers. We are seeing a revival of cyber attacks designed simply to humiliate.
Being able to simultaneously share and protect sensitive information is one of the biggest challenges today. We need to be confident that the right people have access to the right information, but we also don�t want to accomplish this at the expense of business agility. Our world demands that we constantly find new ways to move more quickly. Two weeks ago we announced some enhancements to our data redaction technology so we thought now was as good a time as any to talk a bit more about data security.
The below is a Q&A I did with Kimberly Madia of our Infosphere team.
Bryan: There's data everywhere, and being able to protect that data is more important than ever. However, not all data is the same, some of it is structured and some of it is unstructured. Why is it important to have solutions that can do both? Can you provide an example of a situation where this is important?
Kim: Companies are collecting so much information today, it�s really unbelievable. I can�t think of a retail establishment that doesn�t have a loyalty card or a public building where I don�t see security cameras. I feel like no matter what establishment I patronize, someone asks for email address or zip code. The increased usage of RFID tags, the massive success of Twitter and new uses for GPS data are some factors fueling this growth. Organizations are actively harvesting these new data formats in an attempt to derive more intelligence and earn a competitive advantage. This is in addition to data they collect via standard applications such as CRM and ERP systems which is stuffed into databases.
Even though these new data sources are unstructured, meaning they don�t fit into a column or row of a database, organizations are still responsible for proper handling of the data. If sensitive information is compromised, regulatory agencies don�t care that the data was in a PDF file or a database column, the consequences are the same and regulatory agencies demand accountability.
Recently, physicians at UCLA medical center were caught going through Britney Spears� medical records to satisfy their own curiosity, not because they were actively treating her. These medical records were in an unstructured format, not in a database. However, UCLA also has information on Britney Spears in their databases such as her phone number and address. This information must also be protected. Excluding one or the other only tells half the story.
Bryan: It's a balancing act simultaneously sharing and protecting sensitive information. Can you talk a little bit about why it needs to be easier to share this information, and how we can still ensure security behind the scenes?
Kim: Redaction simply allows you to apply a fine grained level of privacy to a document. Imagine you have a document which needs to be used by a clinician as part of a trial study. This document contains diagnostic information which can be used by the person running the clinical trial to gather statistical information. However, this same document can also contain sensitive information (SSN, name, address, phone number, etc) which is not needed by the clinician. He or she is not allowed, according to HIPAA, to see some identifiable sensitive information about the patient. Under the old model, you would encrypt and lock away this file because it could contain Social Security numbers and other sensitive information, and thus the pertinent clinical information would not be properly used.
With redaction, we can process this document and delete the information that the clinical trial worker is not supposed to be exposed to (SSN, name, address, etc), and still allow for the relevant information to exist in the file. HIPAA compliance and company reputation is maintained by not needlessly exposing personally identifiable information, and productivity is increased by allowing the valuable information in the document to be used by the appropriate parties.
Redaction actions can be inserted into many different places in any given ECM system. Documents can be redacted upon ingestion and stored for later use. They can be redacted at retrieval time, thus using the retrieving person�s credentials (role) to determine what needs to be redacted and what can be viewed safely by that particular person. Files can also be redacted in bulk as part of an eDiscovery case, where many thousands of documents are being submitted at once for privatization, ahead of sharing them with a wider audience.
Bryan: Manual data redaction has obvious problems with accuracy and efficiency. Is it possible to scale this process and simultaneously improve accuracy?
Kim: Yeah, you�re right. Manual redaction is out of the question. A person must laboriously comb through each document in the content management system and identify sensitive data. Next they must block out sensitive fields in some way � either using an actual or virtual black marker. The chances of a person missing something are high and the person�s sanity might also be at risk.
An automated redaction solution consists of five parts:
�Text extraction using OCR (Optical character recognition) techniques to first identify textual or image entities.
�Breaking apart and parsing data in a form/document. Text is fragmentized to enable the next step which is identifying sensitive data.
�Sensitive information is identified so that the tool can provide the user with candidates (suggestions) for redaction.
�Once the sensitive information is identified and recognized it is deleted and replaced with redacted sections (shown as black bars or any color user chooses).
�The document is re-created with the sensitive information removed. Note: the original document is still available, this is a copy of the original document, but now redacted.
Automated redaction handles documents differently, depending on whether the document is free-text or a structured form.
For free-text documents, the redaction engine automatically identifies and extracts relevant units of information. Using text patterns and dictionaries are not enough since homonyms can disguise meanings (is �bush� a plant or a former U.S. president?). Instead, it is necessary to combine regular expressions and dictionaries with a syntactic analysis of the text surrounding the relevant information.
Structured forms, on the other hand, require a different technique, in which the known form layout is leveraged for accurate redaction. This allows even low-quality scans with handwritten text to be processed; if they are accidentally skewed or resized, they can be straightened and aligned with a template. To accomplish this, a redaction system begins by redacting a sample form (for example, a blank) and marking the sensitive fields to be redacted, together with elements that identify instances of the form, such as the form title or identification number. This creates a template for subsequent forms. The software redaction solution matches templates to forms, eliminating the costly presorting of different form types. Next, it applies a template to each form, precisely deleting the marked fields based on their position.
Some input documents, such as Microsoft Word and many PDFs, carry text in them, but others like TIFF and some PDFs are pure images. For image files, the solution applies high-quality optical character recognition, and then processes the text. If there are any photographs or other graphics in a document, the solution preserves them as such.
Bryan: How can properly designed data redaction solutions help organizations to maintain compliance?
Kim: To take an example from the U.S. government: the Freedom of Information Act (FOIA) is intended to hold government organizations more accountable for their actions by making information about those actions available on demand. On the other hand, the same regulation requires that those ordering the documents must not see any sensitive personal or national security information. The public should know where wars are being fought and why, not exact locations of attaches of supply networks.
Similarly, the Health Insurance Portability and Accountability Act (HIPAA) is designed to enhance sharing of documents between physicians, hospitals and insurers while preventing the unauthorized disclosure of individuals� personal healthcare information. For example, consulting physicians need access to individuals� electronic health records, but they do not need to see billing information that is unrelated to their job duties.
Redaction can satisfy governmental regulations, including those in data privacy laws, without restricting the legitimate use of information�thus avoiding sanctions, penalties and costs associated with addressing compliance violations after the fact.
Take, for example, its earliest advertisements for tabulating machines and electric timekeepers - produced even before before the company adopted the moniker IBM. Few would argue that they're not far removed from the promise of our current business analytics solutions:"The Electric Tabulating and Accounting Machines analyze the facts of a business. They supply executives with the details of sales, costs and operating data, permitting the formulation of policies and assisting in the proper control of business. These machines compile data quickly and with a great saving in clerical expense, furnishing reports which it would be impractical to obtain by manual methods."
At first blush, progress often brings a positive connotation. It suggests forward motion toward an ideal; it suggests an outcome or result that is more desirable than the current state. For a technology company - particularly with a reach and portfolio as broad and diverse as that of IBM - the positive aspects of progress are near-paramount.
But not everyone sees progress - technological or otherwise - in the same light. Sometimes the effects of what some view as progress are not immediately apparent or understood. Sometimes the goals being pursued are poorly explained. Some view progress through the lens of loss.
How do we reconcile these two opposing views?
First, we should accept that technology will continue to evolve - and if you read Kevin Kelly's book What Technology Wants, there's no reason to suspect that it won't. If you accept that premise, then our response to its effects must evolve as well. To that end, I propose that we frame the discussion about progress in three ways:
First, progress must be meaningful. Improvements in efficiency, speed, and power must serve a purpose. Their effects must be designed with their effect on the planet and its people in mind.
Next, progress must be measured. Measurement brings clarity to ambiguous situations and provides us the means to understand tradeoffs, alternatives and possibilities.
Third, progress must be managed. Computers and the interconnected systems they drive exert an ever-increasing influence over more and more aspects of our lives. That is not to say, however, that they control our lives. Nor should they.
IBM enters its second century dedicated to progress - not only through its technology, but through the ideas and ideals that its technology is deployed to promote. As IBMers we have a tremendous opportunity - some would even say a responsibility - to pursue progress to make our world a better place. We may never agree on the precise nature of progress. But with the guidelines I've outlined above I hope we can make the discussion a productive and, dare I say, progressive one.
Thanks to IBM, tomorrow, I'll be taking the day off work to package emergency food supplies at the Phoenix St. Mary's Food Bank. When I was first considering joining the IBM team, I was impressed by IBM's commitment to make the world a better place through diversity, green thinking, and good citizenry.
I loved how IBM encouraged its employees to give generously to great causes and local community efforts, and even initiated the "Day of Caring" to encourage all IBMers to take a day off work to serve at a local charity or organization. IBM also created an On Demand Community portal to help IBMers find local service opportunities and the Employee Charitable Contribution Campaign to provide a payroll reduction service for IBMers choosing to fund charities and other organizations. Read more on the Smarter Planet blog.
During its centennial birthday year, IBM took it up yet another notch with the Celebration of Service: IBM's Celebration of Service honors our employees, retirees, families and friends in their commitment to volunteer service. It supports their efforts with resources, a program of new and expanded grants, and the opportunity to pledge their participation in a global effort during 2011 � with a special focus on June 15, when IBMers will bring their skills into thousands of communities worldwide.
One thing that IBM gets is that when its employees are happy, so is the workplace. What makes humans happy? Being able to make a difference. Contributing to a greater good. Learning and becoming a better person. The pictures below show lots of happy people getting to experience just these things.
For me, tomorrow, it's St. Mary's Food Bank, but in the coming months, I'll also be volunteering with the Habitat for Humanity, ValleyLife, and other Phoenix organizations. The opportunity to give goes well beyond June 15. Take a moment to explore the Celebration of Service site to find ways you can make a difference in your local community.
�You're traveling through another dimension, a dimension not only of sight and sound but of data; a journey into a wondrous land whose boundaries are limitless with business insight. That's the signpost up ahead � your next stop, theAnalytics Zone.� (Apologies to Rod Serling.)
IBMtoday unveiled �Analytics Quotient� (AQ), a measure of an organization�s readiness, ability and capacity to apply analytics tore-orientthebusiness, make better decisionsanddeliver better outcomes.
Simply put,AQ helps organizations of all sizes better assess how well they are using analytics. And, more importantly, how organizations can begin using analytics and take their first step on an analytic journey, or progress to a higher level of analytic proficiency.
For example, is your organization applying history and context from the past with the ability to make insightful forecasts, anticipate likely outcomes, and automate decisions? If so, you might be receive a high AQ score.
Just as with IQ (Intelligence Quotient) or EQ (Emotional Quotient), AQ is the hip, new way to determine just how smart an organization is at leveraging its data assets to make better decisions.
Business in the �New Normal�
Today�s organizations are dealing with greater uncertainty and risk, increased pressure from shareholders, new legislation, exploding data volumes and a proliferation of social networks and mobile devices unlike anything we�ve seen before. This is the new reality � the �new normal.�
Individualbusiness leaders are feeling immense pressure to outperform their peers and contribute significantly to their team�s and organization�s success. However, intuition and gut feel-fueled decision making informed mostly by personal experience is no longer sufficient.
Decision makers are demanding a broad range of business analytics capabilities to gain actionable insight that can help them better understand how their business is doing, why it is on or off track, and what they should be doing about it.
A recentstudyconducted by MIT Sloan Management and IBM�s Institute for Business Value indicates organizations that use analytics in the most mature ways are three times more likely to outperform their competitors than those that are just beginning to adopt analytics.
Similarly, the recentCFO studyfrom IBM shows that objective financial data validates that decision making supported by business insight contributes to enterprise outperformance, such as two times greater EBITDA growth, 36 percent greater revenue CAGR and 15 percent greater return on invested capital.
The Analytic Journey
The integration of business analytics within and across the enterprise is really a journey that may begin in one department in one business function, but with quick and tangible results adoption continues deeper and broader across the organization. Organizations on this analytic journey gain greater competitive advantage and higher and higher returns.
Therefore, the AQ measure was designed to show how far an organization has come to fully embrace business analytics. The more analytics is infused into the business, the more a business will outperform others, and the higher the AQ will climb � let alone revenues.
Hence, AQ was created to create a clearer path to value.
Every organization, team or individual is at their own point leveraging analytics to outperform. Some are masters, while others are just beginning. The maturity model illustrates the four fundamental steps to improve AQ. They include:
�Novice: Organizations have spreadsheets, but don�t trust them. They�re more reactive than proactive. They�re disconnected and want to do better.
�Builder: Organizations see current results and a little of what�s driving them. They�re sharing results with other teams in your department and they�re ready for more.
�Leader: The VP sets the strategy. Marketing and sales share metrics and plans. They�re predicting the future as well as reviewing the past.
�Master: Top-down goals meet bottom-up tactics. Insights flow freely across divisions and departments. Resources are allocated, risk minimized and outcomes maximized with equal ease and speed.
Are you ready for analytic freedom? Future success will depend on the ability to turn an ever-increasing deluge of data into better decision making. With the amount of data doubling every year, achieving a high AQ is imperative to outpacing the competition.
So, we invite you to take a trip to the Analytics Zone. No longer will you have murky insight into the business that undoubtedly leads you down the wrong path into the Twilight Zone.
Measure your AQ � Take the Quiz
Come to www.ibm.com/analytics/aq to take the fast, easy quiz. Answer a few questions to understand your AQ and see where you are on the journey to becoming analytics driven.
You�ll also be able to share ideas and connect with others who use their high AQ to outperform.
I can�t recall how many times I�ve said something along the lines of, �I don�t know all the ways this will eventually be used, but it seems like the right approach.� When Lou Gerstner made the decision to keep IBM together in the early �90s, he probably wasn�t quite so flippant in his decision making, but I imagine that there were elements of that reasoning. He saw value in a company that was able to solve large, complex challenges that feature products, services and expertise from all corners of the business. IBM was then, and is today (more so than ever before), a company capable of taking on big things.
We use the word �smarter� a lot these days and I promise it�s about more than patting ourselves on the back for our newest work. In a lot of cases we�re talking about a dramatically different approach to whatever it is that we�re calling �smarter.� This Monday we announced a brain for our Smarter Cities initiative and we�ve named it the IBM Intelligent Operations Center. With this announcement, we are taking a more centralized approached to city management, which is a task that brings in more than a few products and services from around the company.
I feel like a broken record talking about convergence because I�ve been writing about endpoint management so much recently, but this is another area where we�re seeing real value being derived from not looking at specific technologies in operational silos. When it comes to the endpoint we�re talking about systems management and security management, but when it comes to cities we�re talking about public safety, water, transportation, weather, etc. Let�s say a natural disaster were to occur in a city, the Intelligent Operations Center would enable people to identify the impact on the key elements of city infrastructure (such as the water system), deploy first responders to the most critical sites and then help coordinate with hospitals to understand where there are open beds.
It�s admittedly a bit bleak to put these new capabilities in the context of a natural disaster, but it�s one of the few times when a whole city is called to respond. IBM is helping people to make better decisions in these moments. That said, natural disasters are certainly not the norm, and on a more routine basis you might find people using real-time analytics to avoid traffic on the drive home from work.
You also might feel a bit safer knowing that public safety will be one of the first three focus areas of the Intelligent Operations Center. IBM has been in the business of public safety for quite some time with our managed security services team. We�ve used video analytics technology to do everything from tactical implementations that might only require a handful of cameras, to citywide deployments in places like Chicago.
This week�s announcement will enable local, state, federal and nongovernmental authorities to harness the intelligence derived from analytics fed by sensors, crime data bases, cameras and integrated communications to make smarter and more timely decisions. Informed decisions that can make the difference in people�s daily lives.
IBM's Video Correlation and Analysis Suite can be integrated with the Intelligent Operations Center to enable rapid response to physical security events through the real-time and historical analysis of multiple video streams. Not only does IBM help authorities to respond more quickly to incidents, but we�re also improving the speed and accuracy of forensic analysis.
I feel safer already.
For more information about IBM�s Physical Security Services go here
The alternate title to this blog was, "There's only one "i" in Innovate."
But that makes about as much sense as building services and not talking to the operations side of your organization.
One of the themes of Integrated Service Management is DevOps. It's a part of our "Design & Delivery" messaging.
RedMonk* analyst Michael Cot� got to sit down with IBMers Pete Marshall & Peter Spung for a fantastic video discussing this very topic.
Rational and Tivoli. Talking about solutions together. Cause that's how we do it in the I-B-M.
(and yes, that was as painful for me to write as it was for you to read...)
Seriously. If you build services and you're not working with Ops, you need to sit down and watch this video.
Here's the description of the video, followed by a link to the RedMonk site with the video:
The practices and technologies of DevOps have begun to spread into what I�d call �the mainstream,� which is fantastic: DevOps has a lot to offer to all IT organizations. IBM has taken notice and started getting involved. Here, while at the IBM Rational conference Innovate 2011, I talk with IBM�s Pete Marshall and Peter Spung about DevOps is and what IBM has to offer.
A little over fifteen years ago, IBM set out to change the face of the software industry by
bringing together a collection of high-quality software that would help clients solve their most
pressing business problems.
As customer needs changed, new approaches were adopted. Unique partnerships were formed. Dozens of acquisitions were signed. And inside software labs around the world, breakthrough discoveries were made.
This leads to where we are today, with all of IBM�s different software products and solutions working together as never before to help clients get to a smarter and much more efficient way of doing business � in whatever industry they fall.
As IBM Software has discovered, to get the most value for its own business and customers it needs to continuously reinvigorate its strategy and technologies through multiple, creative approaches and channels.
Through a series of interviews with Software pioneers and leaders, these two videos explore IBM Software's continuing pursuit of value and innovation across several decades.
Recently on the Integrated Service Management blog we�ve been talking a lot about endpoint management. It�s an exciting space and one that we�re invested heavily in. Instead of getting into a lot of depth, I�m going to attempt to summarize what we�ve been talking about in just a sentence or two. I�ve got the time, so I�ll write a short blog instead of a long one.
Basically what we�re talking about boils down being able to identify all of the endpoints in your infrastructure, and then not only being able to centrally define and deploy security policies across those endpoints, but also be able to manage the lifecycle, patch process and power management of that endpoint. The key here is convergence.
This is an example I typically use when talking about why convergence is so important, because it is one of the most common challenges associated with power and patch management. How do you deploy patches to endpoints that aren�t turned on? Security concerns are directly intersecting with operations management. The benefit of Tivoli Endpoint manager is that by managing everything centrally, under one dashboard, you can manage both security and operations, and in the case I mentioned above, wake the computer up, apply the patch and then put the computer back to sleep/turn it off completely. All of this is automated.
Of course this is not the only example of why convergence is important, but I did promise not to take up too much of your time. In any case, this is the value that SC Magazine could not ignore and yesterday they gave Tivoli Endpoint Manager a rating of 5 stars out of 5. A perfect score. I don�t want to put words in their mouth, so instead I�ll just direct you to the story, which you can find here.
For any of you that would like to learn more I�ll additionally point you in the direction of some of things that we�ve recently written about this product.
Here you can find a blog that Sandy Hawke, Manager IBM Security Solutions, wrote about a recent webcast she did (you can also find the link to the webcast there).
Here is the very recent announcement of Tivoli Endpoint Manager for Core Protection, an addition to the TEM family that leverages cloud technology to provide the most updated security to all of your endpoints.
Lastly, here is something we wrote about how academic institutions are using TEM�s power management solutions to save hundreds of thousands of dollars in energy costs.
Companies run on numbers. We need them every every day, every hour, sometimes every minute. Companies that master the numbers inside their walls routinely provide better numbers outside their walls, in the form of higher earnings, higher revneue and greater customer loyalty.
Consider some of the numbers from last Saturday's UEFA Champions' League Final, widely heralded as the "match of the decade" between FC Barcelona and Manchester United, two titans of the game (Barcelona carried the day 3-1):
Barcelona directed 16 shots on net; United three.
Barcelona won six corner kicks, United zero;
Barcelona controlled the ball 68 percent of the time.
As impressive as these numbers are, though, no one who watched the match would come away praising percentages. They'd be more likely to praise what made the game so pleasing to watch:
The first is agility: Barcelona's game is one of short, continuous "triangle" passes between players constantly in motion yet always in perfect position. Collectively they advance, assess, probe, retreat, reassess, then advance again, usually to to score. It's like watching a clock rearrange its gears every second and still keep perfect time.
The second is precision: Barcelona plays the ball close to the opposition. Midfielders Xavi, Messi, Busquets, Iniesta and Alves drive the ball directly into defenders where it would seem easy for an opposing player to snatch it away. Not so; collectively, their pass success rate is over 86 percent. Instead of losing the ball they find the seams and create space that no one else can see, let alone defend.
The third is passion: I won't post it here, but a quick YouTube search for "messi champions league 2011" will show you all you need to know about the passion that comes from winning.
Agility. Precision. Passion. They are the attributes of FC Barcelona, now undoubtedly one of the greatest sides in the history of The Beautiful Game. They are also attributes of the analytics-driven organization. They are both the drivers of performance and its result.
How fortunate we are to live in an age of such greatness.
It seems that we can�t go more than a day or two without hearing another story about data loss. Whether it is the result of an insider threat or an external attacker, being able to protect your data has never been more important. However, this has also got to be a balancing act. We can�t respond to these events by just hardening all of our security controls to the point where we are introducing ridiculous operational inefficiencies. Yes, we need to have embedded the proper security controls, but we also need to make sure that these controls are designed with the end user in mind. Great security should enable people to move faster without having to look over their shoulder every two seconds. When we talk about being able to innovate with confidence, that�s what we�re talking about.
The protection of data and information is one of the core components of the IBM Security Framework, and IBM Infosphere Guardium was recently recognized as the world leader when it comes to database auditing and real-time threat detection. InfoSphere Guardium also offers security solutions beyond just structured data (database protection), and today, we are thrilled to announce some important enhancements to the IBM Infosphere Guardium Data Redaction product line, a solution that automatically redacts, or blacks out, text or information from unstructured data (PDF, TIFF, and Microsoft Word).
The importance of being able to redact sensitive information from documents is pretty obvious. Think about healthcare for just a second. Doctors probably don�t need to see all of your financial information and the finance department probably has no business knowing why you�re in the doctors office to begin with. As such, you need to be able to control who has access to what and when.
However, data redaction has some interesting challenges associated with it. Because of compliance regulations, often times the original, unaltered records, need to remain in the database untouched. However, different pieces of the record need to be viewed by different roles. For example billing staff, doctors, and account representatives each need to see different pieces of information. Coming up with redacted views for each role is difficult.
Some organizations have approached redaction manually, going through documents one-by-one with a handy permanent marker. I don't really think I really need to say much about the reliability or scalability of this approach. Other automated solutions will just drop a black box over information and create a multi-layered document. However, this isn't a properly designed redaction solution. Curious users can get around this by copying the blacked out text to any text editor. Yes, that actually works in some cases. The advantage that IBM Infosphere Guardium Data Redaction boasts is that it's automated/scalable, it's accurate, and it creates single layer documents to make it impossible to grab the original text.
Ok, but back to where we started. Back to security enabling people. Back to today�s announcement. The reality is that data redaction is a total pain. Well, I should say, WAS, a total pain. That is until today�s announcement of Secure Viewer. Secure Viewer is an addition to IBM Infosphere Guardium Data Redaction that, in real-time, allows privileged users to gain access to the information they need to do their job.
It�s probably easiest to explain the product�s benefit if I take you through a quick scenario. Let�s say we have a physician working with a pharmaceutical company to identify candidates for a new drug. Due to security and privacy concerns, the names of the patients in the documents the physician and pharmaceutical company are viewing and discussing have been redacted. However, the physician has been given the privileges to view patient names should he need to. Lets say the physician finds a perfect candidate and wants to begin treatment immediately.
Let�s go through the process he had to go through yesterday:
1) Physician calls records management department to request a new view of the document showing the patient�s name
2) Physician experiences a delay while he waits for records management department to respond
3) Physician explains which records are required and which data are needed
4) Records management team validates physician�s credentials
5) Newly redacted document is finally sent to the physician
6) Records management staff must manually add report to audit log detailing who, what, when and how redacted data was used
7) Physician attends to patient
Let�s walk through the new process the physician would go through today with secure viewer:
1) In the redacted document right click to view redacted data, provide justification, audit trail updated in real time
2) Physician attends to patient
If you listen closely, you can hear doctors all over the world cheering.
What we are announcing today is not just the successful balancing of security/privacy with ease of use in one our products. It�s a continuation of how IBM Security Solutions views this space. We believe in security that enables you to be better at your job, security that helps you innovate.
For more information about IBM Infosphere Guardium Data Redactor visit us online here.
To learn how Avia UK Health used Infosphere Guardium to achieve PCI and data privacy compliance, click here.