Contributing to the cyber security conversation

 Business, Canada, IT Security, politics  Comments Off on Contributing to the cyber security conversation
Oct 162016
 

My firm, Institute X, responded and provided a paper to the Canadian Government’s Consultation on Cyber Security. It’s a considered white paper that assumes government should do what it’s supposed to do (public safety and security; and support Canadian industry). We suggest that an “unreasonably” high standard for cyber security and directed support toward the Canadian cyber security industry (e.g., national security-protected procurement) will benefit Canada on multiple fronts.

Download it here: institute-x-cyber-security-consultation-submission-oct-2016.

Intrapreneurshit

 Uncategorized  Comments Off on Intrapreneurshit
Jul 132016
 

Like long forgotten songs on a K-Tel compilation, Intrapreneurship, the notion that employees of large organizations can hustle and scramble like entrepreneurs to create innovation and radical growth, is back! Of course, its day in the 1980s sun was a failure. But today’s promise is the success of Silicon Valley’s disrupting wunderkind.

Should intrapreneurship actually catch on, again… it will fail. Again. Smart executives of targeted enterprises and government departments ought to remember why it failed before and take a pass this time. The flawed assumption is that entrepreneurs thrive in any environment. Except, everything that makes entrepreneurship admirable is suffocated in the low oxygen atmosphere of the large organization.

The entrepreneurship allure is palpable: a dream of agility, disruption, and outsized growth leading to dominion over new and even undiscovered frontiers. With unicorns on every horizon, it’s hard to ignore. But for large organizations, it’s a mirage that will squander resources and frustrate everyone.

The larger the organization, the more its strength weighs upon it. It can no more be an entrepreneurial entity than the growth business is a colossus bestriding the world. The pitch to turn an eighteen wheeler into a Tesla is ridiculous and counter-productive.

Large organizations need not ogle enviously at the upstart entrepreneurial organizations rapid, often false growth that captures market and media attention. Appreciate your own qualities. Large organizations are mostly slow and steady. They have to be. Oscillating around opportunistic pivots would rend the behemoth from seam to seam. A material mistake by a small business constantly changing anyway is bad but recoverable. A material mistake for a large organization could prove mortal (without government intervention). Demands of governance and responsibility befitting its stature command the organization to be circumspect. One role of large organization is to stabilize tempestuous seas.

Sounds banal compared to the romantic entrepreneur. But, this gummy stateliness belies vast virtue. Large organizations have the power to change markets and industries. That they may choose not to because they’re comfortable has nothing to do with intrapreneuring. The taxi industry did not have to actively ignore its suzerain being upended while focusing on rigging regulation. Moreover, a start-up did not succeed in digitizing music nor create the consumer smart phone industry. Apple did. Ultimately, large organizations control innovation and disruptive change.

Your favourite innovation guru will have written that when industries heave with revolution, some venture-backed entrepreneur has used a technology or method to disrupt a cozy environment. But even where that is the case, it’s because the large incumbents were sleeping. As often as not, industries are turned inside out because competitive, large organizations acquire or introduce changes to the competitive environment and evolve the marketplace. In effect, they reinvent themselves and their worlds.

This has little to do with being entrepreneurial. It has everything to do with being observant, smart, and courageous. These mark the entrepreneurial character but are not exclusive to it. Most organizations require innovation of some sort, not all need the peculiar and destabilizing qualities of the entrepreneur.

This intrapreneurship fad is but a means to a desirable end: innovation, which in turn leads to growth (and maybe reinvention). A large organization does not have to weaken its chances pretending to be something it is not and cannot be. Of course, large organizations should do things to remain vital and purposeful. But they should play to strengths.

Large organizations should get and be strong at anticipating changes to their world as has Royal Dutch Shell. They should strive to innovate. That will necessarily keep them apprised of near and distant (technology) innovations around them. Large organizations have the resources to do something better than be entrepreneurs: they can buy entrepreneurs—at the right time.

Large organizations have been known to get fat and lazy, ferreting out challengers, buying them, and burying their technologies to maintain control of their worlds. The world no longer allows that. Enterprises need to tack: don’t buy the start-up or growth company to shelve it; buy it to grow it and, maybe later, internalize it. I say maybe because the choice could be to shape the smaller organization to benefit from and provide benefits to the large organization. This is a different skill, but one a large organization could more probably create.

Many enterprise organizations would be better off creating a farm system of minor investments and expertise at observing real entrepreneurial action. Supporting and keeping them alive, all the while creating the internal conditions to ingest entrepreneurial output and do what enterprise organizations do best: serve scale.

Large organizations have to be stable, not ossified. An aircraft carrier is no PT boat. It is built for stability in even the roughest waters. To be the indispensible centre of many critical operations, ths largest of naval vessels must be stable. Necessarily, it doesn’t move nimbly. It would be absurd to expect it to operate like a frigate. But even with the responsibility to provide a dependable platform, the aircraft carrier and its personnel are always prepared and vigilant for stormy seas or competitive attack from the sky or under the waves—from other navies or even pirate flotillas.

Think about that. Maybe the idea of a carrier group fleet would serve large organizations well in structuring themselves to do battle in their own corporate oceans.

Innovation Nation? More like Pontificate State

 Business, Canada  Comments Off on Innovation Nation? More like Pontificate State
Jul 132016
 

Innovation will not get better in Canada. Sorry Minister Bains, we will not become “Innovation Nation” because we are not a start-up nation. Not that being a start-up nation is necessary. But without start-ups, innovation has to come from the enterprise level. In Canada, it will not, except from a few egoless businesses still run by the originator that ignore and avoid “professional” managers/consultants in important leadership roles.

Sadly, the rest of enterprise size organizations will not be helpful though essential. It will not be for a want of desire and intensity. It will not be for want of noise. It’s because the biggest fraud and disservice the media and management gurus have perpetrated on gullible MBA-class and younger business executives weaned on two rounds of Internet unicorns, is to make it seem like innovation is easy and immediately accessible to those that want it.

Enterprises can put attention and resources to the challenge. And yet it doesn’t happen. So, what’s wrong? Obviously, it must be misguided tax (incentives) and industrial policy. No, there is a brain drain. No, it has to be inadequate support and early-stage financing. That’s not right. There’s a scaling capability shortfall. Or we need an entrepreneurial startup culture. Or maybe, everybody’s just not wishing hard enough.

Certainly, based on prevailing problem identification and solutions, it couldn’t be because real, noticeable innovation is hard, infrequent, and more demoralizing than cold call door-to-door sales. More than that, it’s not simple. In fact, innovation is typically complicated and complex (and if you don’t know the difference, perhaps that’s part of the issue…). None of which sits well with enterprise executives of the sort described.

We appear to have been convinced that everything at every stage should be simple. And some things are—at some well-trod, detail-defying level of description. Innovations, by definition, are not that. Even when, under the adoring glow of market success, the essence of the innovation is ridiculously over-simplified (think Über or iPod or Amazon) for broad consumption, the true measure of non-simplicity is easily scratched out of the polished surface.

Simple is fine. So long as you, behind the wheel of your car understand start (with biometric voice command), engage (GPS-enabled destination command), and let the car do its thing, you’re good. We’ve described simply the innovation of the self-driving automobile. Of course, it’s absurd. Such a “simple” innovation is unattainable without somebody—the business people purveying it perhaps—knowing the much less than simple (creative) thinking just beneath this placid surface.

Yet too many executives—with an unrelenting commitment to the latest whack-a-doodle pronouncements on professional management technique—have no real clue about innovation. If they did, they would know that asking for product concepts, business plans, and so on for innovations to be simple during that period between fanciful conception and practical realization is neither helpful nor valuable.

Focus not on the first part, but the last three words of what’s called Einstein’s Razor: “Everything should be made as simple as possible, but no simpler.”

There is skill and art in communicating the essence of innovation to different audiences at the appropriate level of complexity. Overwhelmingly that is where the thinking and difficult work falls into the “simplest possible description” trap never again to get back to the necessary level of difficulty that innovation demands. Too many of these professional managers are educationally and temperamentally unprepared to root in the not-simple, not-easy, muck of innovation from which the eventual simple story will eventually emerge.

An innovative idea starts with a simple proposition. But, if achieving it were that simple and straight-forward, it would be done already. That simple proposition, whether a business model innovation or technology development, meets the challenge created by the very recombination or change that makes the simple idea so appealing. Through a lot of trial and error, failure and heartbreak, a Eureka moment may happen. It is viable! Only then can the whole endeavor be once again regressed to an easy-to-consume PowerPoint graphic or 20-second elevator pitch or advertisement or what-have-you.

Those who haven’t or don’t work on innovations regularly have no idea. Until more enterprise (senior) leadership owns and understands (or grudgingly tolerates if not gets mucky themselves) the messy complexity of the process, and accepts that nothing gets simple without being very complex first, innovation will not be a strong suit of Canadian business. Our go-to move will remain able administration.

It doesn’t have to be this way. And it doesn’t have to be the future. Leaders, especially those phalanxes senior professional managers need to learn to love wallowing in the guts of their businesses—especially if their business is innovation.

That grinding noise at Westminster Abbey? Charles Darwin rolling in his grave

 Uncategorized  Comments Off on That grinding noise at Westminster Abbey? Charles Darwin rolling in his grave
Feb 192015
 

A PowerPoint slide being “shared” and “liked” within LinkedIn says: “It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change.” This is a corrupted Darwinian notion I first saw first in a Globe and Mail op-ed piece entitled, Why leaders must take a different tack when managing change, contributed by Symantec Canadian General Manager, Sean Forkan. His first-person counsel is not especially enlightening. But there is that one sentence at the end: “As the saying goes, ‘it is not the strongest nor the most intelligent who will survive but those who can best manage change.'”

So people appropriate and massage powerful thoughts for their own purposes. Why quibble with variations on the theme? It’s just convenient and relevant cribbing of inspiring words.

How can I be so nasty—or petty? To start, the phrase has no greater provenance than some unnamed hack contributor to a Web quotations page or creator of a PowerPoint slide. Try to find anything remotely like this quotation in Darwin’s writings, especially in On the Origin of the Species. Even Herbert Spencer, who actually coined the phrase “survival of the fittest,” never used this language. That smart people are willing to quote inspirational nonsense suggests a troubling lack of rigour. But I digress and, frankly, I don’t really care about that.

This plagiarism does, however, raise an idea that could rock what we, the chattering classes, hold dear about change (management) and innovation. If you read to the end, you might even re-evaluate what you’ve been told about innovation and innovators, such as Steve Jobs. Maybe you’ll just ignore it or malign me, which might be easier. Your call.

Start by really understanding the idea commandeered for this motivational meme. Darwin referred to evolutionary adaptation. In Darwin’s observation, species did not initiate change. “Fitness” was what best suited prevailing conditions through a process of selective adaption, admittedly over generations. And Darwin was silent on any propensity to or ability for managing the change required to adapt, as was Spencer.

This is critical because as we know them, the words “change management” or “fitness to change” or any other variation lend themselves to the opposite interpretation. The implication being that a good executive, or one following our published guidance and pursuing the motivational direction of the imitation Darwin, could positively conceive and purposefully direct change IF (s)he and the organization were fit to make such change.

That’s quite materially different.

To use this counterfeit quotation to give weight to change management “fitness” and still be true to Darwin’s brilliant idea, one is obliged to accept that change management is about adaptation. But adaptation is responsive not directive. In nature, those fit to survive are those that best adapt not those that are most fit to create change.

To recap, modelling on natural evolution via pseudo-Darwin is an excellent idea: evolution has about a billion years of successful experience. But it demands one appreciate that change management must be about adaptation, which is to say accommodation toward prevailing conditions. Prevailing conditions because nature does not evolve toward what doesn’t exist. It can only adapt to what does exist.

So, therefore, fitness or willingness or ability to change is nonsense at least as far as invoking quasi-Darwinian thought as support. These are a separate matter entirely and warrant a separate non-Darwin shrouded discussion. Of course, the premise for those discussions has to start with responsive adaptation instead of directive change.

That’s change management; but innovation compels change to a product, process, or people so it must be implicitly about change. We have to accept that. So the Darwinian notion of adaptation to prevailing conditions, as indicated above, has to hold for innovation as well. Buckle up. It means the innovation myth of your favourite business leader or guru may be in for some rough treatment.

Consider the evidence. IBM nearly went extinct until Gerstner’s adaptations made it fit to survive. Branson cannily adapts Virgin’s ethos to the conditions of various prevailing environments, experimenting to see where its adaptations best fit. For a long time, Nokia adapted successfully, transforming through industries and technologies. It stopped adapting and has all but gone extinct. Microsoft, which has prolonged some of Nokia’s “genes,” has a well-documented record of obstinately refused then aggressively conceding to adapt. Blockbuster is the archetypal non-adapter. The quality of the management of change or the willingness or ability to change in all of these instances was necessary—maybe—but not sufficient. The adaptations were the thing.

IF you’re still with me about fitness to survive being based on the success of adaptations to prevailing conditions, then we have to concede that an innovator does NOT create or step into some imagined future. The successful innovator actually adapts best to the prevailing market conditions. In other words, any start-up and Steve Jobs do nothing more(!) than adapt to conditions that already existing. Steve didn’t see the future; he saw the present whether that was Apple II, Mac, iPod, iPhone, or iPad. It is a present that everyone else simply can’t see the way that some people can’t see the symbolism or the theme in a book or movie, or the way that extinct species couldn’t “see” that they weren’t optimal for prevailing conditions.

For those that got this far, I apologize. Every metaphor fails at some point. Lesser people, and gurus, continue ramming home their notion as though it’s not happening. I won’t. Evolution and organizations changing or innovating are very different things that don’t track together at a certain point. But, my point is that the idea at the outset ought to be understood and followed. It can lead to fascinating revelations. Here are merely two:

  1. Adaptation is going on all the time. All people always adapt naturally. Those who don’t adapt are artificially denying nature. Adaptation is not a theory or a strategy or a plan. It is action. If it works, you succeed. If you don’t, you adapt again. If it still doesn’t work. You become petroleum eventually. Therefore, in the big picture, change management is about allowing prevailing conditions to cause pain, letting natural adaptation happen, then doubling-down on those that show the most fitness.
  2. If you want to innovate, and evolution is your model for survival, you must be rapidly responsive not creative. You must provide, for a price, a means for your customers to best adaptations to prevailing conditions—because they may not.

Optimism and technology

 Uncategorized  Comments Off on Optimism and technology
Feb 042015
 

[Some old thoughts, which may be “published” on other blogs, etc., notably Politik-Substance]

It turns out that at least among technologists there is a clear, nearly religious moral divide on the subject of Edward Snowden and his revelations of government electronic snooping. This I found out by provoking the issue while discussing privacy at a technology conference in Banff. There are fundamental ethical and legal questions about whether governments should be allowed to acquire data that seems private, and under what conditions. But I suggest that some of the “Snowden is saint/satan” and “government is villain” reaction comes from the same sense of betrayal felt by a spurned lover or an NRA regional president the day after a mass shooting in a day care centre. Let me explain.
It shouldn’t be a wonder that technology advancement, particularly if it affects consumers’ lives, happens most actively in the United States. Americans are, by-and-large, an optimistic bunch: always looking for another sunny “Morning in America.” That perfectly harmonizes with technology and innovation’s very nature of optimism. It is, in fact, impossible to be pessimistic and work effectively in a field of technological advancement. The whole point of technology and innovation is to make a better tomorrow—to the extent of whatever the technology promises.
Although I tend toward what I believe is being realistic, which some of my colleagues refer to as cynical, I think optimism is wonderful. It is sustaining through the inevitable troughs of bad luck and setbacks in this life. Optimism wilfully ignores the probabilities stacked up against you. And by this conscious refusal to accept the possibility of defeat—even when it is overwhelmingly self-evident, optimists sometimes achieve the seemingly impossible.
Be it gunpowder and nuclear energy, synthetic painkillers, or mobile “social” applications, neither their creators nor their enthusiasts expects anything but good from such technological advances. Within tolerable, typically commercial limits and subject to consumer happiness, it’s all good, good, good.
The dark side of being optimistic about technology, however, is blindness to the risks of undesirable, yet highly plausible uses and outcomes of those good technologies. It is all too easy to see the bright side because that is the intent. Clean, infinitely available nuclear energy begat the atomic bomb and protective firearms kill school children and other innocents. Likewise, technology that implicitly knows where you go and that you are communicating generates vast deposits of privacy-threatening metadata and other information for marketers and governments to assay.
The recent revelations of Edward Snowden expose states, overzealously perhaps, doing what they do to fulfill a higher level societal need: safety and protection. These unveilings also reveal another instance of hopeful inventors coming face-to-face with the dark side of their creations. From my seat, it’s a bit hard to know which is more troubling to them.
Like everyone else, technologists feel violated by governments inferring private information from digital exhaust. And while there may be a heavier weighting of civil libertarians in the group, never mind a clash of democratic ideals—specifically, privacy within and security of the nation—I surmise that part of the reaction is creator’s guilt. How could our wonderful child do such a thing? Or, more to the point, our creation is being used against us: and we don’t like it.
So Edward Snowden is canonized despite being a thief and traitor now suckling from an “enemy” state’s graces. Western governments are (justifiably in some senses) vilified. The consumer/citizen is maltreated at least as far as privacy goes; and that’s as far as the citizen wants to go because venturing farther into these grey places would affect the pleasant state of consumerist narcosis. But nobody talks about the inherent corruptibility and affliction of the technology.
Alas, the genie is out of the bottle… again. Society will eventually metabolize these new conditions, catch up, and adjust both ideals and practices to account for these technologically driven realities. Innovators will create solutions to the problem they themselves created. And balance will be restored… before the cycle repeats. Because that’s the great thing about optimism: it’s sure to be better tomorrow.

Innovation Fads, Fashions, and Trends

 Uncategorized  Comments Off on Innovation Fads, Fashions, and Trends
Sep 142014
 

So much ink; so much paper! So many pixels! So many task forces! Thank God for the bottomless pit to mine for answers to Canadian innovation challenges. The proposals are as many as there are lobbies and hobbies. And every one of them has merit. But every one of them is doomed by narrowness and inadequacy. That’s because, as the girl said to the boy: “It’s complicated.”

The focus of well-meant public musings and counsel tends toward specific, actionable, and obvious drivers of the problem. The result? There ought to be more public and private investment at every stage; better training and skills; government intervention; coordinated geographic clusters; stronger commercialization; more creativity and risk taking; a focus on entrepeneurs; or a focus on enterprises. And on and on.

Less considered, probably because they make crystal clear causal arguments cloudy at best, are the softer facets of the ecosystem. There are one or more steps removed from the direct “this-then-that” connection between action and outcome. Also, innovation tends to be diagnosed discretely from other economic and social challenges, such as productivity decay. This is the result of a schooled reductionism that segregates systemic problems into constituent parts as if complex problems can always be solved in pieces and work when reassembled. But that’s not how complex systems work.

Setting aside my cynicism about the motives of those voicing positions, each contribution adds valuably to the discussion. But that discussion remains isolated, technocratic, and mired in detail. Consider only the example of innovation and productivity as a holistic pair.

Everyone who has sat through an executive discussion of new revenue contrasted with reduced cost knows that the latter goes straight to the bottom line. CFOs fall all over the second option. And yet, productivity is in decline in Canada. Why? Among the reasons is a “waste not, want not” ethic that would make a Puritan blush. There is also the discount sticker given to Canadian businesses by our chronically weak dollar. Let’s not forget government subsidization/protection. All of this cuffs the market’s invisible hand that might otherwise force competitive price drops, in turn demanding greater productivity—perhaps through innovation?

Weak demand for productivity innovation weakens the drive toward technologies, processes, and business models that address these challenges. Only among a few exceptions, such as mining, are businesses innovating—or investing in innovation—for productivity gain. In other cases, such as oil & gas, their cups have spilleth over so much that being unproductive is inconsequential.

That leaves the glory of consumer-directed innovations. Consumers want cool technological toys that may (the jury is still out) make them more productive. It’s true—or at least it’s said, which is the same thing apparently—that mobile devices make business people more productive. It’s also true that many consumers are also business people. But is WhatsApp or FaceBook or the iPod creating productive commercial capacity? The argument for “yes” is dubious at best.

Consumers reward these innovations though, or the successful ones anyway, explicitly with revenue or use; less explicitly through the idolatry of consumer products and the business people associated with them. Investors reward such innovations with easier and more valuable rounds of financing, and grand payoffs at Initial Public Offering. This all despite many of the longest-lived and profitable technology businesses, such as Microsoft and Oracle and Salesforce and SAP, innovating around commercial/management productivity. But they’re not Facebook or LinkedIn are they?

Defocus consumer innovation! Blackberry (RIM) lost its edge and lead not primarily because of threats in the consumer space but because it chased that space and forgot that its lead and advantage was due to its impact on industrial productivity. Also consider that while it’s true Henry Ford made the automobile a mass consumption product, his enduring legacy is the conveyor belt: the productivity innovation that allowed for the consumer delight.

So what’s the point? Simply this: all of those many answers to the innovation problem could be instrumental elements of a successful change to Canada’s innovation trajectory. Maybe… in some combination… or in some sequence…. But merely refocusing toward innovations that genuinely address how to make Canada’s businesses more productive, first at the edges then at the core, would set the stage for solving multiple economic challenges, including productivity and innovation, and fabricating a virtuous cycle updraft to raise all parts of the economy.

I use “F-Words”

 Uncategorized  Comments Off on I use “F-Words”
Sep 122014
 

I use “f-words” in mixed company. Well-bred professional, management, and executive types recoil in disgust. One might think that they would be inured to f-words. But they seem to hold themselves above all that.

Of course, the most troubling f-word is not the one on the tip of your tongue now. This one sounds “eff” but starts “ph.” Try saying philosophy in the company of busy career people; just be prepared for rolled eyes and that piteous expression that says you just don’t get it.

Those blank faces better “get it” soon themselves. Our privacy and maybe even democracy could depend on it. After all, not every tectonic shift is as blatant as the revelations of Edward Snowdon or as arrogantly, publicly contemptuous as the Fair Elections Act. Pay attention to the every day stuff!

Today’s transactional immediacy of business and government work is not an historical novelty. There was no time when these practical people were more inclined to think deeply about what they were doing. What may be different now is the measure of disdain for anyone who challenges business or government plans and actions more deeply than what the pervasive “value proposition” pap answers.

If we refrain from contemplations of epistemology and such, and stick to ethics and the sunnier(!) side of existential questions, philosophy is about purpose. That has to be clarifying for professionals, and is about as close as most organizations get to schwerpunkt (a typically consonant-ridden German word that means concentration point or main effort).

When I say philosophy in this company, I often mean, “What do you believe?” Not as in, “We believe the world wants a device that will allow them to…” That’s actually, “We think…” Rather, as in, “We believe that people need to remain connected to other people; we believe our purpose is to provide devices that…” Despite reading and abiding by directives such as Start With Why (Sinek, 2011), this kind of descent to expose the core assumptions of “Why” is one nobody really wants to take.

So why is that kind of philosophical pondering held in such disregard?

First, it’s hard. It requires rigorous thought, due consideration, and alternative points of view. None of which is acceptable in an environment of HiPPO (Highest Paid Person’s Opinion) rules or unconsidered braying of partisan vitriol.

Second, it’s still hard. It demands a sense of right and wrong. That then presumes you might stand for something, ideally something that can be argued rationally from some principles. Rampant specialization and narrow awareness does not lend itself to this capacity.

Third, it’s unnecessary. After all, whether its Mill, Burke, Rousseau, or Jefferson, there are philosophies a plenty to choose from and no need to waste time on such things now.

Fourth, well… it’s hard. Given the preference for action—any action!—to indicate ability, quality, and value, taking time to muse over that action gets indicted as regressive to say the least.

It’s true that some fundamental underpinnings of philosophy are timeless—give or take a millennium, otherwise we wouldn’t still look to Plato. But other philosophy is more set in a time and place—give or take a millennium or continent, so it needs to be refreshed from time to time.

Given the rate society is evolving in technology’s wake, we need to take a little time to continually consider whether our core values remain operative in practice. At the very least, we should give a modicum of respect and an ear to those who do it professionally, casually, or within the confines of their daily toil.

The problem with not thinking about these things and, worse, discouraging those who will, is that these things are affected by rapid innovation and change anyway.

The seemingly outrageous privacy invasions by governments is not the product of a sea change in method. It was a steady dripping of unconsidered change that allowed the method to metastasize into what it’s become: something odious. And, it all took root in so many innocuous “consumer benefits.”

The outrageous bill that is to be the Unfair Elections Act (2014) is only possible because over time we have largely become so blasé about hyper-partisan drivel and the corruption of governance by politics that many people see nothing especially egregious about the bill’s content. And so it now threatens a foundation of our society. That represents six years’ effort on the part of Canada’s New Government.

So let’s all throw around the f-word until it’s so common that everyone does it. We’ll all be better for it.

IT Security and the rise of the Data Chemists

 Uncategorized  Comments Off on IT Security and the rise of the Data Chemists
Sep 072014
 

The days of perimeter protection for online security and privacy are dwindling. Those tried-and-true approaches for safeguarding data and ensuring organizational and individual data security are destined to the quaintness of punch cards. Relying on them as the paradigm of security for extensive or elaborate IT implementations that have a future is not wise. There is a better way.

The concept of perimeter security is inspired by the notion that if you put all your eggs in one basket then you have but one basket to guard and protect. It is a castle, high on a hill with thick stone walls and drawbridges over impassable moats. The stuff inside is safe because the bad guys are kept at bay. Until it’s not.

One problem with perimeter security is that it depends on meeting force with force. So attempts to breach firewalls and ports are met with clever shields and redundant blocks. That is not a bad thing; it’s just a recursive cycle that probabilities suggest will always end in breaches. Moreover, it hardly matters how strong the perimeter is: once there is a crack, everything is in jeopardy. Since things have to move across the perimeter to function properly, the perimeter is porous by design, raising the odds of compromise.

To deal with the hole-y perimeter and make it reasonable for individuals to pass we take cues from the Old Testament. The Gileadites augmented their perimeter, keeping out the Ephraimites by demanding everyone crossing the border say the word “Shibboleth.” To make an old story short, those that could not were obviously trespassers and were dealt with in a decidedly Old Testamentary way. The concept introduces the demand for secret password identification.

In prevailing IT security, a previously established password presented at the perimeter gets compared to the one held behind the perimeter walls. This system can be compromised on the outside by capturing the password or matchable token from the individual to whom it belongs. Alternatively, the store of passwords/comparables inside the perimeter is, in fact, a geometrically more valuable treasure.
This approach is ever-less effective. In fact, it is practically a law that the value of perimeter protection is inversely proportional to participant sophistication.

So, what is the viable alternative? In Introductory Financial Management many years ago, I was introduced to the concept of diversification. It refers to investing in assets of varying risk profiles so that the aggregate risk would be more readily predictable. There is a lot of calculus and probabilities math behind this, so it must be scientific. Those who avoid scientific language might be inclined to describe diversification as spreading the risk or not putting all your eggs in one basket.

Critically, the risk is inherent in the value of the asset itself. If data is the valuable asset and the risk is that its acquisition by unauthorized parties can result in privacy or confidentiality breach which could have significant financial impact, that sounds a bit more like securities. In which case, managing risk more like a financial wizard becomes sound policy.

This challenges a core assumption of today’s IT security, being that one can prevent breach from happening. In other words, we presume and measure from zero, trying to keep the needle there (like airline safety). After all, if there is a lot of valuable data in one spot AND breach will affect lots of data and people, ANY breach is catastrophic and must be prevented. This base notion results in a course of action that takes us along the path that IT security has followed thus far.

What if that presumption were inverted? Instead, accept that there will always be (many) breaches. Then the goal cannot reasonably be to prevent them all, but rather to make them small, unprofitable, and essentially meaningless. In other words, diversify the risk away. This different starting point will result in a different approach. (That is the intent of encryption, but it should be quite evident that encryption alone is necessary but not sufficient in the cyber-security arms race.)

Take this idea further. What if there were no stores of meaningful aggregated data? It would not be worthwhile to penetrate the challenging security of an online service if there were nothing useful to acquire. Nobody would bother to break into a bank vault for one bar of gold. The crime doesn’t pay. Such a circumstance would require CIOs and security specialists to become “data chemists.” It is nothing less than alchemy—in reverse. Take gold and turn it into lead (or its elemental components). The real magic is in the owner being the only one able to reconstitute it into gold—when needed.

So, where does this leave us? Unfortunately, without specific answers; but with an idea for alternatives in the post-perimeter IT security world. The next wizards of security and privacy will succeed when they courageously change the metaphor and the starting point for their practice.
Start soon though: Our privacy and confidentiality depends on it.

“User Experience” is nonsense

 Business, Management, organization, stupidity, Uncategorized  Comments Off on “User Experience” is nonsense
Sep 022014
 

God damn Steve Jobs! It’s hard to dredge from memory or history another huckster who left behind such a legacy of dreck. Jobs was a tireless promoter who innovated relentlessly and—as legend would have it—single-handedly changed the face of the consumer world from personal computing to animated movies to music consumption and mobile telephony/computing. Love it or hate it; he did it.

But that’s not what I mean. The detritus in his formidable wake is all of the half-baked nonsense that others less capable have picked up. Where for Jobs the result if it would be a gastronomic delight, in other hands it becomes fast food. Nowhere is this more evident than in the Web world.

You see, Jobs was a man with vision, drive, and—to switch metaphors—the skills of a utility fielder. He was a showman and marketer with a sense for the appealing. He was an evangelist and salesman with a feel for the con. He was an industrialist with a grasp of production. And, allegedly, in his later tenure, became something of a strategist and commanding agent of change. What this adds up to is a well-rounded entrepreneur who knew inherently that even though he was reducing a complex mix of ingredients to a single catchy phrase, there was a lot of magic going on.

Those who worship at the alters of his several business religions are not so well versed. They do not appreciate that, just to hold the mystique for single-minded people like them, Jobs oversimplified and reduced to an aphoristic sound-bite, very complex conditions. They don’t get that Steve Jobs was a sophisticated carney and they are his marks.

Why do I rant? Because I am now fed up by the noxious and excessive blather from all levels of so many organizations about consumer experience or customer experience. Don’t get me wrong: such concern is paramount, or at least it will be until it proves unprofitable and therefore unacceptable to the stock market. To satisfy the customer—to make him or her or it categorically happy with your wares is fundamental to loyalty, repeat business, referrals, buzz, and ultimately revenue if not profit. And there is truth to the causal connection between the visceral experience with a product/service and the good outcomes noted above.

That said, the ham-handed Webheads roll this all up under the aegis of user experience. And then they reduce all of that holistic business complexity to what would properly be limited to user interface. When gullible and complicit executives support the cause user interface gets conflated with customer experience and the absurdities begin.

“So what’s the problem with that Mr. Pedant?” You ask. Not much except for how the UI (user interface) people—interaction designers really—get up on their hind legs and throw their weight around with the support of improbable, linguistic overreach. All of a sudden the interface carries dominion over all other possible aspects of customer experience. For instance:

  • A customer’s preconception of the product, from which his/her experience is anchored, starts with the ads and promotion. Shouldn’t Marketing Communications be in charge?
  • A customer’s sense of proportional value and the resulting positive/negative experiential feeling is critically related to the price paid. Why wouldn’t Pricing get the last word?
  • In the highly probable event of a problem with the product/service/Website, how the various customer service channels respond has enormous impact on customer experience. Why then does Customer Service not hold sway?
  • Let’s not overlook that an offering simply working (or not) has a clearly enhancing or detracting effect on one’s overall impression. So it seems that Operations ought to be the final arbiter of customer experience.
  • All this without even considering that the product group determines market need and value, and orchestrates all the above-noted constituent players and more—including the interface designers—to create and provide an offering to please customers and fill the company coffers.

Let’s agree that customer experience is valuable, but that it is the complex output of many inputs. Even if you make the dubious causal leap that customer experience equals success, it may or may not recognize that ultimately success is profit. And on this it merely muddies the simplicity to note that while touting the experience, Steve Jobs could shave Lincoln’s beard off of a penny. (Maybe that has had a little to do with Apple’s commercial success…)

To blithely dictate that user experience equals customer experience is wrong to begin with. To push that further and allow customer experience, which is actually now equal to user interface, to be the start and end or at least the dominant element of commercial input is simplistic, naïve, and unduly credits user interface (i.e., design) with too much.

Besides, isn’t this kind of hyperbolic overextension what “Marketing” is all about? Does nobody care that now Marketers have no real purpose let alone dominance?

Holacracy… old wine new bottles

 Business, Management, organization, society  Comments Off on Holacracy… old wine new bottles
Aug 292014
 

Found this article in the Globe and Mail (Say goodbye to hierarchy, hello to holacracy) about the disappearance of hierarchy at some “cool” businesses (such as Zappos). It’s essence is per the following definition:

Holacracy is a social technology or system of organizational governance in which authority and decision-making are distributed throughout a fractal holarchy of self-organizing teams rather than being vested at the top of a hierarchy

Since it’s only been in existence since 2007 and seems to be favoured by new economy, technology-based businesses and not-for-profits, it might be a little early to tell whether there is broad merit in the approach. Having self-contained, self-directed units makes complete sense and aligns with many features of nature and certainly of “Complexity” and “Emergence” theories. I’d say generally I’m in favour with the caveat that there are limits to its relevance.

Take the military, for instance and as a deep-relief example of where hierarchy is necessary. While it makes sense that battalions or platoons or fleets or squadrons, in combat, be enabled with self-direction over their own activities to achieve clear goals (this is fundamental), you can’t run an army that way. That kind of organization needs, at its broadest levels, timely and ongoing coherence in purpose and action fast. Holacracy would tend toward incoherence in the short run, though it might be more valuable and effective in the long run. So, organisations that need to be coherently directed toward a possibly fluid goal with a minimum of evolutionary trial and error as the holocratic parts bump into one another might not be right for this structure.

That generally describes large enterprises of the money making or other variety. But even as I type this I wonder if the issue is not black and white but many shades of grey. That is holocracy at one level does not mean hierarchy at another. Perhaps there is harmonious combination of these two structures that would be generally applicable. Maybe that’s been considered by the creator of the idea and/or its various evangelists, including Ken Wilbur.

The article I’ve tagged makes the point but, truth be told, I didn’t read it that closely to know whether it only mentions government or dwells on it. There is a statement to the effect of this being how government works and isn’t it ironic that after so long being told government should be more like business, it’s business that is now being told to be more like government… is? I don’t know about that, but again it could be the degree of magnification. Yes, government departments and agencies do operate as holon. So in that respect, I get it. But, within those departments and agencies I’ve yet to see anything but wicked, rank-respecting, bloated and unwieldy hierarchy.

There is, however, one area of government that is definitely holacracy. That is the confederation as Canada is structured with its provinces being largely independent parts loosely held together by the national centre (federal government), and as Switzerland is with its cantons being practically distinct and unrelated units. These work to greater and lesser degrees. One can find wonder or horror in the structure depending on what you choose as a focus.

In any case, it smells a bit like old wine in new bottles. Nostalgia being dusted off and sold for more than its worth. Harumpf.