Excelling at Customer Service

Customer services

Customer services (Photo credit: gordon2208)

“Excellence is not a skill. It is an attitude.”

Ralph Marston (1907 –  ) Professional Football Player in 1929

“If you want to give a great customer experience you have to align your culture and the way you reward staff. None of our customer facing staff has sales targets or sales bonuses — their rewards and bonuses are based purely on their customer satisfaction scores.”

Anthony Thomson, Chairman, Metro Bank

Quote courtesy of Institute of customer service

Life has a way of taking everything in its stride and I am often compelled to go through the related emotions. Sometimes, I marvel at the way life turns corners and obviously as human beings, we all have this uncanny ability to learn from mistakes and move on by not repeating those same mistakes. We learn, change and adapt.

Organisations are very similar to us (in theory) and are supposed to learn from their mistakes, change processes to reflect that and become ‘the ideal organisation.’ So, I have to ask myself then, ‘Why in today’s day and age, are we still dealing with organisations’ that are failing its customers, in terms of customer service?’

Obviously, during my life, I have had many good experiences of customer services and some pretty dire ones. The reason for writing this blog is that recently, I dealt with three organisations that should have excelled at customer service but in reality, they failed in their promise to provide even the basic levels of customer service. I have debated whether to play the ‘name and shame’ game but that just wouldn’t be me. So, instead, I have decided to write about how to provide excellent customer service.

According to a survey conducted in the U.S. and eleven other countries in 2010, by American Express Global Customer Service Barometer, Americans Will Spend 9% More with Companies That Provide Excellent Service

Although only a little more than a third of Americans (37%) believe that companies have increased their focus on providing quality service:

  • 27% feel businesses have not changed their attitude toward customer service.
  • 28% say that companies are now paying less attention to good service.

So, where do I start?

Let’s start with:

  1. Culture

According to Catherine Lovering, “Make the goal of providing excellent customer service a company-wide commitment. Put a customer-service policy in writing, and post it in a prominent place. Translate customer-service objectives into specific actions for employees to follow, such as: deliver prompt service, offer a polite demeanour, and make product information readily available.”

Inc.com says, “Start by hanging on the wall a set of core values, 10 or fewer principles that include customer service ideals, suggests Susan McCartney, Maggiotto’s colleague at the Buffalo SBDC. “Share them during the training, have employees sign them, and evaluate employees based on the values,” she says. “But don’t call them rules.”

Employee training on customer service precepts should be intensive: written materials, verbal instruction, mentors, and on-the-job demonstrations all ought to be part of the coursework, says McCartney.”

This theme continues in 10 Examples of Shockingly-Excellent Customer Service and  12 ways to dazzle your customers.

  1. Staff morale and motivation

Catherine Lovering says, “Treat your employees well, so they in turn will treat customers well. Employees will bring enthusiasm and a positive attitude to their job when they know they’re appreciated and respected. Recognize employees who continually provide good customer service and praise the entire staff for their efforts. Customer-service work can be emotionally draining unless the company involved is supportive and gains the loyalty of its employees.”

Inc.com says, “Companies renowned for their customer service — the online shoe retailer Zappos, for example — treat employees as they would have their employees treat their customers. “Employees take on more responsibility because they know they are appreciated and an important part of the team,” says the University of Missouri’s Proffer. “People who don’t feel like they’re part of the bigger picture, who feel like a small cog in a big machine, are not willing to go the extra mile.”

Not every business can afford to shower staff with generous pay and benefits, but not every business has to. Small companies, says McCartney, can show “intense interest” in employees, in their welfare, their families, and their future — what McCartney calls the family model. It’s also important to recognize an employee — publicly — for a job well done. Some companies also offer incentives for exceptional customer service, but if you can’t spare the cash, you might throw an office party or offer another token of appreciation. When he was a manager at cable provider Tele-Communications Inc., for instance, Proffer personally washed the cars of notable employees.”

  1. Knowledgeable staff

Staff need to know their products and services and that can only be achieved by a comprehensive induction and training programme for staff that not only includes products and services but also includes an initiation with an organisation’s processes and knowledge of the internal and external network of people who can help resolve issues and problems. A ‘can do attitude’ needs to be instilled in staff right at the outset while empowering customer service staff to engage in activities that resolve the problem while highlighting to management any processes that hinder resolution. That way employees are highlighting processes that hinder the delivery of excellent customer service while improving customer service delivery at the same time.

Inc.com says, “The best salespeople spend 80 percent of their time listening, not talking,” says Marc Willson, a retail and restaurant consultant for the Virginia SBDC network. Ask open-ended questions to elicit a customer’s needs and wants. ”

Further in the article, Proffer offers the The Five A’s. method, “It’s helpful to think of resolving a dispute as a five-step process called the Five A’s: Acknowledge the problem. Apologize, even if you think you’re right. Accept responsibility. Adjust the situation with a negotiation to fix the problem. Assure the customer that you will follow through.”

  1. Well trained staff

Training is paramount and well trained staff needs to help customers resolve their problems regardless of how much time they have spent resolving it (within reason). Many organisations tend to operate their measuring metrics for customer services advisors’ on calls closed rather than calls resolved. Well trained staff will have the ability to resolve calls and close them better than ill trained staff. Staff training should be reviewed periodically and refresher courses offered based around lessons learnt, processes improved and latest innovations in delivering better customer service.

Catherine Lovering in her article on customer service said, “Teach the staff stress-reduction methods and techniques in conflict resolution. Train staff to use language that promotes good customer service. Phrases such as “How can I help,” “I don’t know, but I will find out,” and “I will keep you updated” let customers know that their needs will be met. It also will demonstrate a willingness to find a solution to any problem and a commitment to communicate with the customer. This dedication will go a long way toward defusing dissatisfaction among clientele.”

She further adds, “Train staff to accept responsibility for errors and to apologize to upset customers. Good customer-service representatives must refrain from arguing with an upset customer and instead ask the customer what they can do to solve the problem. Advise employees to speak calmly to customers and to assure them that they’ll do what they can to help. Follow up with a clear resolution to the complaint.”

  1. Empowered staff

Catherine Lovering says, “Empower these staff members to not only deal well with upset customers on an emotional level but also to provide tangible benefits. For example, “Entrepreneur” magazine recommends giving employees the authority to give any dissatisfied customer a 10-percent discount.”

The emphasis should be on, “What can we do that will make the situation better for you? Add the wow factorFor example, one winner of The WOW! Awards is a restaurant in Leeds called Gueller’s. They keep a range of prescription spectacles, just in case customers forget their own and are having difficulty reading the menu.”

Give them something that will make them feel valuable. That could be a freebie, the ability to resolve their problem, following up the matter on their behalf and make them feel that their concerns have been heard and addressed (or will be addressed)

  1. Customer service, IT systems and process review – Capture, monitor and report

IT systems need to be setup according to effective measurement metrics. For example, it is not good enough to measure “How many calls did an agent take/close today?” An effective metric would be, “How many calls did an agent close today that was satisfactorily resolved for the customer?” Each call should also be followed up by the completion of customer satisfaction surveys and that opportunity utilised for creating other effective metrics and for highlighting process improvements.

Information Technology Infrastructure Library (ITIL) is used extensively within the IT industry and it can be modified to deliver excellent customer service. Karen Francis of Macanta consulting says, “My opinion is that we shouldn’t be too precious about what we use as long as it works for us. If an organisation is already using ITIL for the IT department and finds that it can be adapted for the non-IT departments, then why not do it.

ITIL may not cover things such as sales and marketing and HR, but if you already have effective and efficient processes for managing faults, problems, changes, inventory, capacity, business continuity, service levels and so on, why not use them for non-IT if they translate well?”

As a fan of Deming, I would like to add Danielle J Baker’s thoughts, “ITIL’s iterative approach and focus on continuous improvement is the basis of IT Service Management as defined by the ITIL set of best practices.

The following needs to be done prior to the installation of any IT system for customer service.

  1. Do we know what processes we have captured in existing systems?
  2. How do we go about capturing processes that are not captured by our existing systems?
  3. What processes can we improve, prior to using IT?

Use new innovative tools for interacting with customers, such as Desk.com (Or similar tool). According to Desk.com website, “Connect to your customers on Facebook and Twitter as easily as on traditional support channels like email, phone and web. Desk.com organizes all of your support in one place so you can respond efficiently wherever your customers reach out.”

One of their client’s, Bonobos said, “I was excited by the look and feel of Desk.com when I saw it. By lunchtime the next day we had switched over entirely.”

  1. Benchmark

As a big fan of benchmarking, I highly recommend benchmarking and covered this in my blog post, IT benchmarking

Catherine Lovering said, “Create customer service benchmarks for employees to meet, and reward the workers who meet and exceed them.”

  1. Customer service and relationship management

Catherine Lovering said, “Communicate with customers so you know what they want. Distribute surveys, request feedback, and make it easy for customers to let you know how they feel about their shopping experience. Add a personal touch to customer communication by answering comment letters with a note of thanks. Keep an eye on the competition to see how they implement customer-service policies, especially if it appears that those services are well-received by customers.”

Inc.com says, “The cost of acquiring a new customer is five times that of retaining an existing one.”

Contact with the organisation should be easy and should include an element of ‘self service’ via social media and an organisation’s own website. That could include, for example, a knowledge base or frequently asked questions (FAQ). This could be done by keeping track of the most common type of service desk requests and enabling access to them via these methods.

In her excellent article, 4 Steps to Overcome Being a Pain in the Ass Call Center that I would recommend reading (All 3 parts), Dr. Jodie Monger says, “According to W. Edwards Deming, the father of the quality evolution, “workforces are only responsible for 15% of mistakes, where the system desired by management is responsible for 85% of the unintended consequences. [1]”  In other words, 85% of a worker’s effectiveness is entirely out of his or her control!   It’s rather unfortunate that it is the 15% that is under workers’ control that call centers tend to focus on through quality monitoring efforts, Voice of the Customer programs, mystery shopping and the like.

A well-designed, well-executed quality program will provide a holistic view of your organization’s strengths and opportunities by answering ALL four of the vital questions:

  1. How are we—as an organization—doing at representing our company to its customers?
  2. What can we—as an organization—do to improve?
  3. How are you—as an individual agent—doing at representing our company to its customers?
  4. What can we—as a management team—do to help you improve?

Note that in accordance with Deming’s philosophy of systems and process management, only one of the four vital questions focuses on the activities of the worker.

What would your answers be?”

On that thought provoking question by Dr Judie Monger, I would like to end this blog and hope that this blog post contributes to even better customer service!

References and further Information:

10 Examples of Shockingly-Excellent Customer Service

12 ways to dazzle your customers

Why is Customer Service Still So Lousy?

Customer service frustration leads to lawsuit

Americans Will Spend 9% More With Companies That Provide Excellent Service

The high price of bad customer service

American Express – A story of customer service gone bad

Create a culture of excellent customer service

Institute of customer service

7 Secrets to Providing Excellent Customer Service

Providing Excellent Customer Service

Tips for excellent customer service

How to provide excellent customer service

How to deliver great customer service

How to provide excellent customer service

Salesforce.com Revolutionizes Customer Service for a Social and Mobile World with Desk.com

desk.com

Using ITIL for Non-IT Purposes

How ITIL Help Desk can help SMBs?

ITIL and Deming

Are you a Pain in the Ass Call Centre?

The Deming Centre for Quality, Productivity, and Competitiveness at Columbia Business School

The 6 Box Model – An Eco System for sustainable performance

“Thinking is the hardest work there is, which is probably the reason why so few engage in it.”

Henry Ford, industrialist, inventor (1863-1947)

There are so many new management techniques and tools published every year that it is often hard to select one that will actually work within an organisation. I recently came across the 6 box model (Created by Vlatka Hlupic, University of Westminister) and thought that it was a model that could easily be used by organisations that wanted to improve and sustain performance. Today’s business eco system is very different to the one that was prevalent, even quite recently as the early 80’s and 90’s. Professor Vlatka highlights that quite well, in the following slide:

Hlupic Slide

The 6 Box model identifies the main six key performance drivers required by organisations and how they are interlinked and rely on each other to deliver sustainable performance. Usually, when I come across business tools and techniques, the accompanying websites fail to deliver content that supports them. I was therefore quite pleasantly surprised by the 6 box model website that is a mine of information and contains a rich resource of content ranging from an article by professor Vlatka featured in Harvard Business Review that includes marked productivity improvement at both CSC and ANADIGICS. Please also view video on by Marcus Buckingham on ‘strengths’.

6BoxModel

Increasingly, Social Media has been used quite successfully by organisations to tap this resource already found within organisations and I covered this in my blog post, revised recently, ‘Organisations “Don’t get” social media’  . ‘Hlupic points to the example of HCL Technology, a software consultancy in India which developed its own Facebook-style application and used it to create a new business strategy. “Originally, 300 managers would put their strategy ideas to the CEO but with the social media application, they could put their ideas for new strategies to everyone in the global business, so 8,000 people could potentially comment. Everyone could contribute to the planning and everyone could really align themselves with the strategy and live and breath it,” she says. This all happened mid-recession and in the four years since, 70 per cent of all major deals closed by HCL were won against the big four global IT players, the number of customers has grown five-fold and employee attrition is down to 50 per cent. Revenues have also tripled over a four-year period and operating income has also tripled.’

6BoxModelCategories

I would like to conclude this article by requesting readers to read the article that I wrote in 2009 titled, ‘Can IT Management failure be caused by a deadly disease? Part II’  that discussed ‘Dr. Deming – The 5 Deadly Diseases 1984’ as that also discussed and emphasised the importance of employees and as the great man said,

“Unemployment is not inevitable but of bad management”- Dr Edward W Deming.

Choosing technology over customers

“Only buy something that you’d be perfectly happy to hold if the market shut down for 10 years.”

Warren Buffet (1930 – ) World’s most successful investor

I recently received a blog post from Software Advice on – Why the Technology Matters – An Analysis of Consona’s Acquisition of Compiere. That blog post made me think about my recent posts over the last few months on Cloud Computing and Google Apps etc in May, June, my blog post last year on ERP and this year’s – Leveraging IT for Competitive Advantage – Myth or Reality? The ERP blog post covered the recent acquisitions that had happened within the competitive ERP arena and Leveraging IT for Competitive Advantage – Myth or Reality? attempted to address whether competitive advantage could be realised through effective use of IT.

Now, as we all know from the blog post, Warren Buffet’s (World’s most successful investor) management style and CIOs, the technology business is not considered a viable investment by him as he admits that he doesn’t understand technology and considers technology too volatile.  So, when Don Fornes wrote that he thought Consona had acquisitioned Compiere ‘because the Compiere product is built on a very modern technology stack and is designed to run in a cloud computing environment’ it made sense.

This was also confirmed by a quote by Consona’s CTO, Steve Bailey, ‘Compiere is the world’s leading open-source ERP solution and the products are brilliantly architected. They run on a fully open-source stack (e.g., Java, Linux, JBOSS, Postgres), utilize a browser-based AJAX UI based on the Google Web Toolkit, and are fully operational either on premise or on a utility cloud platform like Amazon…’

Don went on to say, ‘While Consona has acquired a number of software companies based on this model, that doesn’t seem to be the strategy behind the Compiere deal. Compiere brings only 130 customers to Consona and I doubt Compiere’s open-source business model was generating big profits. Instead of buying customers and profits, Consona seems to be thinking ahead about how they can lead the market in the next generation of technology. The acquisition is more about growing organically – selling more Compiere systems – than it is about harvesting customer support contracts.’

‘Why is this all relevant to software buyers? Because there is a big shift underway from client/server systems installed “on premise” to cloud-based or software-as-a-service systems that are hosted in a secure data center and accessed through a web browser. Moreover, the open source movement is producing underlying technology that is not only free, but increasingly really good stuff. Software vendors that don’t make the transition will wither on the vine.’

‘To highlight the significance of this model, consider that a bunch of brilliant Google engineers built some cutting edge user interface technology (Google Web Toolkit) and open sourced it. Compiere turned around and used it in their products. Google did a big part of Compiere’s engineering for free…and will continue to do so. Now that’s efficient development.’

‘Compare that to an application software company that has to pay ongoing royalties to an infrastructure software company for the privilege of developing on its outdated database or development tools. The smart engineers long since left both companies so they could work on cooler projects at more modern software companies. The mediocre engineers that remain are having a hard time developing new features on old code. Sales are declining and customers are defecting (albeit slowly because it’s hard to switch).’

‘You don’t want to be that customer that is trying to defect but fears the switching costs. You want to be the delighted customer that loves their software because it works today and will work tomorrow, regardless of what new requirements emerge.’

As we are constantly bombarded by marketers and pushed towards cloud computing models, please remember that (as Marcela Cueli said in his article),

‘For a start, cloud computing is not a technology but a model of provision and marketing IT services that meet certain characteristics. Cloud is all about computer services, not products:

* The infrastructure is shared. Multiple clients share a common technology platform and even a single application instance.

* The services are accessed on demand in units that vary by service. Units can be, for example, user, capacity, transaction or any combination thereof.

* Services are scalable. From the user’s point of view, services are flexible; there are no limits to growth.

* The pricing model is by consumption. Instead of paying the fixed costs of a service sized to handle peak usage, you pay a variable cost per unit consumption (users, transactions, capacity, etc.) that is measured in time periods that can vary, such as hour or month.

* Services can be accessed from anywhere in the world by multiple devices. The cloud model leads to basically two different kinds of clouds: private and public. The public clouds are those that offer IT services to any customer over the Internet. Private clouds offer IT services to a predefined group of customers, with access through Internet or private networks. You might have also heard about internal and external clouds. The former are a subgroup of the private clouds, and provide services within the same company or corporate group. The latter may be public or private and provide services to other companies.’

To conclude, this is exactly what I have been discussing in my blog posts over the last year or so. Don’s thoughts are increasingly reflective of the technology blogosphere as technology writers’ such as Don and I understand the repercussions of the effects of cloud computing on traditional client/server models and associated revenue streams, licensing etc.

There are many facets that I have covered over the last year or so that lead companies to be in this vulnerable position where they have to resort to acquisitions to remain contenders within their marketplace. My blog posts mentioned earlier have considered these, so apart from the above posts, I will leave you with some other posts that should help companies and their management become successful.

What is Cloud Computing? Its Pros/Cons and making it work

Lawmakers question the security of cloud computing

Can IT Management failure be caused by a deadly disease? Part I

Can IT Management failure be caused by a deadly disease? Part II

I listened, you spoke but did we communicate?

IT benchmarking

The CIOs agenda and memberships

Challenges facing CIOs at the UK’s leading companies

 

Warren Buffet’s (World’s most successful investor) management style and CIOs

Warren Buffett speaking to a group of students...

Image via Wikipedia

“You are neither right nor wrong because the crowd disagrees with you. You are right because your data and reasoning are right.”

Warren Buffet (1930 – ) World’s most successful investor

Today’s article is the third in a series of articles (First was written on Steve Job’s – Apple CIO followed by Michael Dell (CEO Dell) analysing current and past leaders to ascertain how Chief Information Officer’s (CIOs) can learn better management by applying the management practices of leadership, practiced by these leaders.

PS: CIO is a generic term and other analogous titles are Head of IT, IT Director, Director of IT etc.

The Management Style

Warren Buffet is one of the world’s richest men and a very successful investor.  For today’s blog post I have selected a truly unique individual. He works from his office that lacks a computer and surprisingly his desk is bereft of research on stocks and shares.

Before we go any further, one particular event caught my attention that captures a facet of Warren Buffet’s management style. So, I have decided to share it with everyone. According to BusinessWeek, ‘We arrive late to Paris, touching down in a freakish, near-gale-force windstorm that both thrills and alarms our pilot. In four cars, we race as fast as rush-hour Paris traffic allows from Le Bourget to Dassault Aviation Group’s magnificent 19th century chateau–familiarly known as Le Rond Point–on the Champs Elysees. EJA is the largest commercial customer of Dassault Aviation, Europe’s leading manufacturer of business jets. Serge Dassault, the company’s chairman, is hosting tonight’s gala reception and dinner in Buffett’s honor. By the time we arrive, the reception is in full swing. But Buffett takes a few steps into the foyer and hustles up a flight of stairs. It will be a good 35 minutes until he descends and joins the party.

Downstairs, the guest of honor’s whereabouts is Topic A among Dassault’s distinguished guests. It might puzzle them to learn that Buffett is on a transatlantic call to one of his employees. The matter he is discussing with Ajit Jain this evening is not urgent. But it is Buffett’s custom to speak with Jain every evening. If that means keeping 200 of France’s richest people waiting, then c’est la vie.’

What can CIOs learn from Warren Buffet’s management style? Let’s investigate while allowing you to decide.  (In no particular order and a few other sources utilised):

1. Business assessment: When looking to invest, Warren Buffet looks to satisfy ‘five’ essential criteria, equally CIOs can apply similar criteria when looking to invest their expertise towards business assessment. Buffet – ‘Never invest in a business you cannot understand.’

Warren Buffet investment criteria CIO ‘business’ assessment criteria
1 Is the company simple and understandable? Is the business model, simple and understandable?
2 Does it have a consistent operating history? Has IT consistently assisted the growth or well being of the company?
3 Does it have favourable, and predictable, long- term prospects? Is IT viewed favourably within the company and can IT predict how it can help the company’s long-term prospects?
4 Is the management competent and honest? Is the IT management team competent and aligned to the business vision?
5 Is the underlying business undervalued? Is IT undervalued? How can IT deliver ‘more’ value from existing resources?

2. Ownership: In the 2010 Berkshire Hathaway (BRKA) annual report, Buffett wrote of his holding company: “We tend to let our many subsidiaries operate on their own, without our supervising and monitoring them to any degree. Most managers use the independence we grant them magnificently, by maintaining an owner-oriented attitude.” Buffett wants Berkshire Hathway’s managers to think like owners. Their rewards are tied exclusively to the achievements of their own businesses, not those of Berkshire Hathaway – a principle to which Buffett holds very strongly. “We delegate to the point of abdication,” Buffett says in Berkshire’s Owner’s Manual. CIOs need to instil their teams with similar beliefs. Every individual within the CIOs team needs to think as if they were the ‘owner’s’ of the business, especially the CIOs main management team.

3. Risk assessment and crisis management: Buffet – ‘If there is any significant bad news, let me know early’. The team need to have confidence in the CIO, in order that ‘bad news’ events/issues/problems can be resolved prior to them mothballing to the ‘point of no return.’ ‘An investor needs to do very few things right as long as he or she avoids big mistakes.’

4. Succession: Buffet – ‘send me a letter updating your recommendations as to who should take over tomorrow if you became incapacitated tonight. Anything you send me will be confidential’. CIOs need to have succession planning in order that the business has continuity in the unfortunate event of a CIO not being able to provide management.

5. Business reputation: Buffet – ‘Look at the business you run as if it were the only asset of your family, one that must be operated for the next 50 years and can never be sold’. He adds that ‘We can afford to lose money – even a lot of money. We cannot afford to lose reputation – even a shred of reputation.’ CIOs need to understand that IT systems can enhance and taint a company’s reputation. The recent BP oil spill crisis reflects that as it had a devastating effect on BP’s reputation, wiped millions off its share price, cost billions to settle claims and control the oil spill. Additionally, the irrecoverable loss of both human and marine life, coupled with the environmental damage leaves the oil giant in shambles.

6. Quality management: ”What I must understand is why someone will continue to get out of bed in the morning once they have all the money they could want,” Buffett says. ”Do they love the business, or do they love the money?” CIOs need to have a team that enjoys working within IT and associated line of business.

7. Competitive advantage: Warren Buffett was once asked what is the most important thing he looks for when evaluating a company to invest in. Without hesitation, he replied, “Sustainable competitive advantage.” CIOs need to ask themselves how they can help the business through leveraging IT to create competitive advantage? I covered this a few months ago, in my post, Leveraging IT for Competitive Advantage – Myth or Reality? Companies with a sustainable economic advantage need honest, capable and hardworking leaders to retain their lead. Berkshire-Hathaway’s managers have one instruction: Widen the moat. That keeps the castle valuable.

8. Use numbers to season the points you serve — they’re not the main dish: (Points 8,9,10,11 courtesy of the Harvard Business Review blog) Buffett doesn’t just report on the underwriting gains of their insurance businesses and let the numbers stand for themselves; he explains the terminology, what the numbers mean, and how he and Charlie Munger, his business partner, view them. Case in point: “Our $58.5 billion of insurance “float” — money that doesn’t belong to us but that we hold and invest for our own benefit — cost us less than zero. In fact, we were paid $2.8 billion to hold our float during 2008. Charlie and I find this enjoyable.”

9. Use analogies and metaphors. A great example is Buffett’s description of how many of us felt after the economic collapse in 2008: “By year end, investors of all stripes were bloodied and confused, much as if they were small birds that had strayed into a badminton game.” And he goes on to describe the government’s response: “In poker terms, the Treasury and the Fed have gone ‘all in.’ Economic medicine that was previously meted out by the cupful has recently been dispensed by the barrel.” These metaphors do more to explain his points than paragraphs of technical jargon ever could.

10. Be honest and transparent. Buffett follows-up a recap of 2008 successes with the following revelation: “During 2008 I did some dumb things in investments. I made at least one major mistake of commission and several lesser ones that also hurt. I will tell you more about these later. Furthermore, I made some errors of omission, sucking my thumb when new facts came in that should have caused me to re-examine my thinking and promptly take action.” Instead of deflating his credibility, this kind of refreshing candidness makes the audience more trusting of whatever else he might say: after all, he’s clearly not hiding anything. ‘It is more important to say “no” to an opportunity, than to say “yes”.’

11. Use facts to put things in realistic context. After explaining how bad the economic situation was in 2008, Buffett gave a fact-based context for how to view these realities. “Amid this bad news, however, never forget that our country has faced far worse travails in the past. In the 20th Century alone, we dealt with two great wars (one of which we initially appeared to be losing); a dozen or so panics and recessions; virulent inflation that led to a 21 1/2% prime rate in 1980; and the Great Depression of the 1930s, when unemployment ranged between 15% and 25% for many years. America has had no shortage of challenges. Without fail, however, we’ve overcome them. Compare the record of this period with the dozens of centuries during which humans secured only tiny gains, if any, in how they lived. Though the path has not been smooth, our economic system has worked extraordinarily well over time.”

12. Follow your instinct: Buffet – ‘Do not follow the crowd. Ignore the market, the crowd, and its fashions.’‘It is not necessary to do extraordinary things to get extraordinary results.’

13. Research: Buffet – ‘Do not rely on outside analysis. Do your own research – and do it thoroughly.’ Do not often act on a hunch. Always have sound, well-argued, well-researched reasons for your investments.’

14. Trustworthiness and integrity: Developing characteristics such as trustworthiness and integrity, Buffett believes, is a matter of forming the right habits. “The chains of habit are too light to be noticed until they are too heavy to be broken,” he says. People who stray from these values often show up on Wall Street; they may initially even shine; but eventually they self-destruct. “That is sad, because it does not need to happen,” says Buffett. “You need integrity, intelligence and energy to succeed. Integrity is totally a matter of choice — and it is habit-forming.”

15. Buy at the right price: Purchases must be made at the right price if they are to pay off.

No less an authority, John F. Welch, CEO of General Electric Co., considers Buffett a superb judge of managerial talent. Buffett and Welch have gotten to know each other over the years as golf partners and as rivals in auto insurance and other businesses. ”Take 20 people you know quite well but Warren has just met casually,” Welch says. ”If you ask Warren his opinion about them, he’ll have each one nailed. He’s a masterful evaluator of people, and that’s the biggest job there is in running a company.”

Asked why he has not retired despite his phenomenal wealth, Buffett said the reason is that he has more fun doing what he does than anything else. “The fundamental thing is that the process should be fun,” he said. “I had just as much fun when I had $10,000 to invest as I do now. It’s crazy to do things for your resume. It’s like saving up sex for your old age. You should do what you enjoy as you go along, and work with people you admire. I look forward every day to the next day. I’m wired for this game.”

For the long haul, Warren Buffett’s way must be best. As an associate says, ‘somehow Warren has been able to keep a diverse cast of characters working harder for him than they did for themselves. I see it every day – and I still don’t know how he does it’. Having read all the above, though, you will have a good idea of the maestro’s magic methods. Use them.

Weather bulletin – Google Cloud and icy Microsoft downpour

Updates 13.12.11

Why not read, something different – Influential Slaves, Bigots and Size Zeros

‘It is not the strongest of the species that survives, nor the most intelligent, but the one that is most responsive to change.’

Charles Darwin

I looked at the quote above from my post a few weeks ago and was quite surprised as it quite aptly grasped my thoughts for this post (so I’ll leave it there for this week as well). Last year, I wrote a post, What is Cloud Computing? Its Pros/Cons and making it work. Before, I start, I want to clarify that the Microsoft platform (includes all its business software) is, in my eyes, legendary. The world would be completely different, if it wasn’t for Microsoft’s computing vision. I trained on Microsoft, (MS-DOS days) as Novell started to falter and Microsoft continued with its visionary flare. Keep reading and all will be revealed!

Nine months is a long time within the IT world and for the past few weeks I have been researching Cloud Computing again. Hang on, now, let me finish. This time around, I have asked myself three questions:

  1. Can I create an IT strategy, infrastructure and business systems for a small business on Google Apps?
  2. Is Microsoft future proofed with Web Apps?
  3. Cloud based ERP. Fact or fiction? (I will post this separately soon)

This week, I will attempt to answer the first two questions and follow up with an answer to the third question soon. Now, don’t forget, there is no right or wrong answer to this question, just opinions (Pre-requisite: Visioning hat required). To make this a great debate, I welcome opinions from both camps (This is a test in social media monitoring as well; let’s see if Microsoft and Google are monitoring the web). It goes without saying that I value readers’ opinions, so feel free to have a say. So…

  1. Can I create an IT strategy, infrastructure and business systems for a small business on Google Apps (Announced 9/3/10)?

‘Seek and ye shall find.’ So, I did. The answer (in my opinion) is a resounding YES. Why, well, because, the cloud allows a business to do the following:

  • Fast ubiquitous accessibility 24/7, 365 days a year (Increasingly easily available Wifi and Internet connectivity).
  • Enables quicker, cost effective IT start-up for new businesses.
  • Faster product/application development.
  • Not machine dependant (Requires only a browser).
  • Accessible on entry level machines.
  • Cost savings through lower machine, maintenance and software costs.
  • Scalability can be provided very quickly.
  • Opex vs Capex costs.
  • Less environmental impact through virtualisation of hardware/software and other areas.

AND, Google Apps allows:

  • Entire Google Apps infrastructure built towards a vision of cloud computing.
  • Access to the Premier edition that contains a comprehensive suite of apps.
  • Access to a growing number of applications including ERP, Social media etc from the Apps store, many are free for 1-3 users .
  • A flat fee licensing system (£33 per user per annum) vs Microsoft licensing that even Microsoft don’t understand!
  • Collaborative features are enabled from the start allowing, for example, multiple users to edit documents simultaneously.

In effect, Google have created the perfect platform for a small business. It provides the infrastructure and a starter IT system. Once Google Apps are combined with the available ERP and social media solution, the IT system is raring to go.

Obviously, the larger an organisation and the larger the investment in Microsoft and/or other IT systems, the harder it will find to move into the cloud. As I said, in last year’s post, there are other considerations that need to be considered as well. Google, meanwhile continues to blow its trumpet for acquiring 2 million users and counts the USA city of Los Angeles move to Google as a major feather in its cap!

2. Is Microsoft future proofed with Web Apps?

The answer (in my opinion) is NO. Why, for a number of reasons.

According to CIO.com, ‘On the Microsoft Office side, price for the full suite range from $150 to $680 depending which of its many versions you are looking for. With Office 2010, Microsoft will be offering Office Web Apps, free but not fully-featured online versions of Word, Excel, PowerPoint and OneNote.

There will be three versions of Web Apps: One for consumers supported by ads; a hosted version for businesses that pay for hosted accounts on Microsoft Online Services, which is powered by SharePoint; and a corporate in-house version for enterprises with volume licenses for Microsoft Office and a SharePoint server.

Office 2010 will launch for businesses on May 12, but Office Web Apps are not scheduled to launch until mid-June.

Microsoft also has BPOS (business productivity online suite) – now superceded by Office365, in its arsenal, a part of Microsoft Online services that includes online versions of SharePoint, Exchange, Office Communications Server and Live Meeting for $10 per user per month for all four apps.

A version for OEMs will allow Office 2010 starter edition (Word and Excel 2010 only) to be shipped with the computer.’

REASON 1

Microsoft is a giant in the software world and one of the penalties it is paying for its enormous success is that:

  1. Its products are now so diverse that only IT experts can make any sense of them. Need convincing. Ask any non IT personnel to visit any Microsoft site and ask them to explain a particular Microsoft site’s products and what they can actually do for them.
  2. Sheer confusion. As a business owner, for my Microsoft IT system, where do I start? Do I need Office 2010? (What does it have that will improve my productivity?) What version do I use? (Client installation? Which one of the three Office Web Apps, do I need? What the hell is the BPOS (business productivity online suite) – now superceded by Office365?)
  3. Microsoft Licensing and its payment model – Again, this is an open challenge to Microsoft. How many Microsoft employees can explain Microsoft licensing without referring to a price model manual? The correct answer should be at least half its workforce. Why? You cannot sell what you don’t understand (Microsoft have actually done remarkably well then!). Ah, would an employee be able to explain it all in a pub, though?
  4. Microsoft’s entire business model is built on desktop/laptop client installation and as long as it has enough businesses that utilise that legacy because they have no other option, for the short term, it faces no financial problem. In the long term though, I believe businesses will start to abandon ship. Afterall, Google and others will start to offer simple (in licensing terms, products’, versions, etc), cost effective, non business owned infrastructure. Look at what happened to WordPerfect, Novell and many others.

Let’s continue with CIO.com, ‘Google itself concedes that any overnight success in the enterprise is unrealistic, yet remains fully committed to the enterprise, citing rapid growth in Google Apps’ short three-year life span.

“Google Apps have only been in the market since 2007 and we’ve gone from zero to two million business customers,” says Rajen Sheth, Google’s senior product manager for Google Apps. “There’s so much potential here and we’re in it for the long haul.”

Where Microsoft is trying to migrate its products into a cloud environment, Google is fundamentally a cloud company, says Sheth, and has gone to great pains to build extremely large data centers designed specifically for nimble Web-based applications.

“It will be tough to build up the cloud expertise that’s been built into Google’s DNA since day one,” Sheth says.’

REASON 2

That, as they say, is the fundamental problem. Google is fundamentally a cloud company as Sheth said.  Microsoft never was and never will be. It’s just not in its ‘DNA.’

FINAL THOUGHTS

So, Microsoft should be very worried. Microsoft should not get carried away with analyst reports that paint a rosy future but start to listen to customers, such as the city of LA. The paradigm is shifting and it’s shifting fast towards the cloud. After all, the other promise of the likes of Google is not just the simplicity of the entire model but the entire spectrum of cost savings!

It’s the dawn of a new era, where even financial wizardry by Gordon Brown could not save him. Globally, change is happening. The question to ask though within IT is, ‘Who will win this war, Google or Microsoft?’ Or, is there room for a coalition?

WANT TO READ MORE?

Search wars – Past, Present and future – Bing, Google or new entrant?

Will Office 2010 Shred Google Docs?

Microsoft Office vs. Google Apps: The Business Brawl

Google Apps vs. Office Web Apps: Can Microsoft compete in the cloud?

Microsoft Web Apps Will Force Google’s Hand

Free Microsoft Office – with Ads

Microsoft Office 2010: 3 Reasons to Switch

Microsoft vs. Google: Tech Giants’ Turf War Heats Up

Google and Salesforce: composite applications for better enterprise lift

Microsoft counterattacks Google for Apps sales pitch

Office 2010 goes into the cloud

Top 10 Google App Add-Ons for Business Users

Design Your Business Model With Google Docs!

Benchmarking IT

‘It is not the strongest of the species that survives, nor the most intelligent, but the one that is most responsive to change.’ Charles Darwin

Benchmarking is the process of comparing one’s business processes and performance metrics to industry bests and/or best practices from other industries. Benchmarking involves management identifying the best firms in their industry, or any other industry where similar processes exist, and comparing the results and processes of those studied (the “targets”) to one’s own results and processes to learn how well the targets perform and, more importantly, how they do it.

I have been reading, The Real business of IT – How CIOs create and communicate value and as I was reading chapter 3, Show value for money, I thought to myself that I had the title for my next post. The chapter discusses, well, value for money and the importance of benchmarks, especially for CIOs who have just joined or are thinking of joining/moving to pastures anew.

Benchmarking an organisation’s IT is important whether conducted internally or externally. As the cost is quite high for conducting benchmarking via the established players, such as Gartner, many smaller organisations may initially decide to do it internally. Benchmarking has evolved now to the extent that even universities have started to run benchmarking courses, such as Stanford university’s IT benchmarking certificate, aimed at, yep, CIOs!

As quoted by CIO.com; ‘in today’s business environment, says Bechtel CIO Geir Ramleth, IT needs to benchmark itself against a new set of peers: successful technology companies that built their IT systems in the Internet era. Doing so is a painful exercise for the ego. “Corporate IT is trying to break the sound barrier, and the Googles and Amazons are NOT supersonic. They’re hypersonic,” says Howard Rubin.’

My research has shown that Gartner has created a niche in IT benchmarking, as Gartner currently holds one of the largest global IT Trends and Benchmark Database. Dr Howard Rubin, created this global database and is a world authority on IT benchmarking and he offers the following thoughts and advice (Courtesy of Computer Aid Inc – CAI):

‘CAI: How do organizations interested in benchmarking best determine what they should be measuring and how they should be measuring?

Howard Rubin: I think the key thing for organizations is bi-directionality. That means your approach to benchmarking must come from both the top and from the bottom. From the top, you really have to understand your technology costs- the costs of your technology goods and services- almost as if you were a manufacturing company. You have to understand the cost structure of technology, what its impact is on your margin and what the impact of your technology investment is on growth, shrinkage and market share. And you have to integrate your understanding of the cost structure and performance structure of technology directly into the company’s financials.

You also have to figure out who you want to be looking at, in terms of comparisons. Is it direct peers or is it organizations that have a business performance structure that you aspire to meet? Another point I should make about the choice of measurements from the top is that there is this thing called the balance scorecard, in which people look at their finance measures, customer related measures, profit measures and organizational measures; but these are just static measures. That means that if a company’s strategic objective is to be the number one player within a given market, or to have the most comprehensive view of the customer, the balance scorecard isn’t going to cut it.

It is directional measures, as opposed to static measures, which will tell you where you are moving versus where you would like to be and what your corresponding rate of change is. And there are basically three kinds of directional measures: positional measures, directional measures, and velocity measures. In short, you need to be benchmarking where you are, where your targets are, how fast your organization is moving and how fast the world is changing. And all of this must be done within the context of strategy.

Approaching things from the bottom, you really have to understand a lot about technologies and about the technology organization itself. That means much more than just knowing how long it takes to develop an application, or the quality of your software, or the customer service component of your technology.

It means you need to look at technology as a commodity, at the unit costs. You need to be able to understand, almost like having a technology catalogue in front of you, what all of the technology components of your business consist of. What are your volumes? What are your unit costs? What are the costs to your competitors? What other alternatives are available out on the street in the open market?

And there are some other aspects, too. If you are a CFO, for instance, you really ought to understand where technology hits your P&L, where it impacts your salaries, your expense, and your depreciation. It is very important to understand how fixed or how variable your technology costs are.

Finally, there is a kind of ethereal dimension that sits on top of all of this, one which involves how well you are using technology to innovate and change your business, as compared to your competitors.

In the end, what companies really need is a full navigational system. Something that will give them the instrumentation to get them where they want to go, as well as the external calibration to see if someone is going to get there first, second, better, cheaper, or faster.

CAI: What are some of the major challenges that most organizations encounter when they first get started with measurements and benchmarking? What are some of the most common mistakes made? Do you have any caveats for organizations that are undertaking this for the first time?

Howard Rubin: When you first get started with benchmarking, and you haven’t done it before, you are basically going to be comparing data that you have internally with external data. Consequently, people will get their internal numbers and then they will get their external numbers and try to compare the two things right away. They will be looking for insights and conclusions and hypotheses. However, after the first round of benchmarking, you should really be making an effort not to look for insights and conclusions. You should be focused on rationalization. First time starters need to understand that rationalization is part of the benchmarking process. It is not a precursor to the process.

The other issue with first timers is the availability of data. It is very important to overcome the fact that you may not have a complete set of data available internally. This is always going to be an issue. Consequently, my recommendation is to look at your benchmark program as if it were a step function program: take a small core, build out, step up, sort of ratchet, take the key questions needed to answer the first, and have the benchmarking provider map your structure. You don’t need to do everything at once. You can build things up throughout the process.

A final caveat involves management by numbers. For example, you will find many large organizations that have gone through multiple mergers and that haven’t shed any of their redundant systems or redundant technologies. Certainly they can do better. But the path upwards is not going to be visible just by looking at the numbers. There may be a whole lot of other things that have to happen first. This is especially true if you are using benchmarking for internal target setting.

My brother is a really fine physician and he always advises his students not to look at the numbers but rather, to look at the patient. That’s an important caveat in benchmarking, too. The numbers will give you calibration. They will help you understand what side of the benchmark you may be on. But the goal is not to be better or worse than the benchmark. On either side of the benchmark, you can be learning how to improve your position.

CAI: You are known, among other things, for having collected and organized data into one of the world’s largest information technology databases. Could you give us more information about this repository? For example, what kinds of metrics get tracked? How broad is the technological and geographical representation?

Howard Rubin: The Worldwide IT Trend and Benchmark Database was really formalized in 1994. It was a project, as I mentioned before, which started out within the Canadian government. They were trying at the time to develop a global view of technology utilization in business.

In its current form, the Worldwide Benchmark Database maintains data on more than 10,000 large companies, each typically over 500 million dollars in revenue. It covers companies that are based across 100 countries, so it has a really massive geographic spread. There is also a large diversity of data, everything from basic business and IT spending data, to detailed data on technology platforms, programming languages, application development productivity, application quality, size and number of personnel, compensation, practices and processes, and process maturity. You will even find customer service related data.

The database is also updated continuously. We use internet based surveys for this as well as data collection mechanisms that originate from within our own consulting engagements. Consequently, we are able to keep the data fresh, on a daily basis, and we are able to update major trend levels on a quarterly basis. What that means is that if we see a major business or political change, we can sample thousands of companies within a 24 hour period to see if there is any movement. I don’t think anyone else in the world right now has the capability to determine, within 24 hours, the effect on business decision-making and technology that a world event may have.

You originally asked me about how benchmarking has changed over time. Traditionally, benchmarking has been used to compare current data to historical data. What we are seeing now with the worldwide benchmarking database, however, is the comparing of current data with current data. That’s an important development in my opinion because data is kind of like produce: it gets rotten after a very short period of time’.

An article in CIO.co.uk, said: ‘Two decades of research by Howard Rubin, president at Rubin Systems, reveals two key concepts that can enable CIOs to see whether their IT investments are really adding up. He found that measuring IT spend against two factors – operating expense and net revenue – is a more accurate gauge of IT effectiveness than the metric of measuring solely against net revenue.

In addition, Rubin discovered that enterprises spending slightly more than their peers tend to have better business results. But after a certain point, that extra spending does no good. Rubin calls the sweet spot of extra but not exorbitant spending “optimal IT intensity.” He calculates IT intensity by comparing the IT spend to both the operating expense and net revenue, and has developed IT intensity curves that help CIOs see if they are under-investing, investing an optimal amount or over-investing.’ Another good article, I recently read was Using Benchmarking Metrics to Uncover Best Practices and is worth reading if you want to embark on benchmarking your IT.

I would like to conclude with a quote from The Real business of IT – How CIOs create and communicate value – Randy Spratt, CIO, McKesson: ‘We opened up our finances and made them transparent. In mid 2006, we delivered a one line allocation to the business. Now we deliver a complete invoice. Between transparency, benchmarking, and competitive bid efforts, we have strengthened the view that our finances are under control, we’re driving to continual improvement on a per unit cost basis, and we hold ourselves accountable for delivering to service levels. “We don’t hear, ‘Why does IT cost so much?’ now. Do we still have expense level conversations? Yes, but they’re more about how we can jointly reduce costs.”

Further resources:

NCC IT Department Accreditation

NCC Benchmark Surveys

Benchmarking IT services

CIO Infrastructure Benchmark Assessment Tool

FREE IT Infrastructure Benchmark

Get a free instant benchmark of your SAP system

IT Benchmark Blog

Metricsboard.com Blog

IT security demystified

Updated 10.12.11

IT as a profession when compared to other professions is relatively new. As such even 10-15 years ago, many ‘control measures’ used within the profession currently either did not exist or were not used by many organisations. I will use the word ‘control measures’ to describe all the standards, laws, frameworks and best practice guidelines as a collective for the purpose of this blog post. As the profession has matured, a plethora of ‘control measures’ have continued to emerge and organisations have adopted these ‘control measures’ as their IT has matured. The purpose of today’s blog post is to clarify these ‘control measures’ to aid further adoption where required. All these ‘control measures’ arrive with a caveat however. Organisations need to find an acceptable level of ‘control measures’ that ensure that the organisation is adept at dealing with security threats and any prevailing laws that affect it, locally or globally. If organisations are not careful, they could spend unnecessary amounts of time implementing different but complementary ‘control measures.’ The best is to find happy mediums that will allow the organisation to meet its business objectives without spending too much time on ‘control measures.’

This is a topic for another day but I have seen many organisations’ spend enormous amounts of time on preparing the ‘perfect’ business case consisting of 100’s of pages and not enough time on planning to ‘fit business requirements’ or actually actioning the project (too much planning, not enough action). The same is true for ‘control measures’, even with ‘control measures’ such as Sarbanes Oxley and Basel II, the banks still managed to crash the world economy (averted only by global governments leading ‘control measures’). Let’s also not forget that no system is completely 100% secure either! I will cover as much as I can today and hope that if I miss anything, my readers can engage as usual and assist in not only filling in the blanks but making it a truly interactive discussion.

According to the Symantec 2010 state of enterprise security study (Click here for 2011 study)  You Tube 2010 (Click here for You Tube 2011), 75 % of organisations are losing on average $2 million annually ($2.8 million for the largest ones).The study found that 42 percent of organisations rate security their top issue. This isn’t a surprise, considering that 75 percent of organisations experienced cyber attacks in the past 12 months. These attacks cost enterprise businesses an average of $2 million per year. Organisations reported that enterprise security is becoming more difficult due to understaffing, new IT initiatives that intensify security issues and IT compliance issues. The study is based on surveys of 2,100 enterprise CIOs, CISOs and IT managers from 27 countries in January 2010.’ Symantec’s study found that organisations are exploring approximately 19 different standards or frameworks and are using 8 of them. I am predominantly covering these 8 and a few others.

Firstly, let me quickly define the four ‘control measures’ that I will be using (Courtesy of Dictionary.com):

1. Standards:

Something considered by an authority or by general consent as a basis of comparison; an approved model.

2. Frameworks or Best practice guidelines:

I. Frameworks – A set of assumptions, concepts, values, and practices that constitute a way of viewing reality.

II. Best Practice – A technique or methodology that, through experience and research, has reliably led to a desired or optimum      result. For example, a manual documenting best practices in the industry.

My research shows that these two terms are used inter changeably, so to avoid further confusion, I will be bundling them together.

3. Law:

Any written or positive rule or collection of rules prescribed under the authority of the state or nation, as by the people in its constitution. For example, statute law.

There is a good article in this week’s Computing regarding IT security that mentions a book by Alan Calder ‘IT Governance: a manager’s guide to information security and BS7799/ISO17799.’ The book is on my ‘to read’ list now and is the selected text for Open University’s Information Security Management Course, according to the reviews.

1. Standards:

I. ISO 27001 consists of two parts. ISO/IEC 27001:2005 (formerly BS 7799-2:2002) that specifies Information Security Management  and ISO/IEC 27002:2005 (previously named ISO/IEC 17799:2005) that specifies the code of practice for Information Security Management. An important aspect to remember regarding this standard is that it replaces and incorporates the old BS 7799 standard. In my opinion, this standard should be adopted by most organisations, especially global players.

II. ISO/IEC 20000 defines the requirements for a service provider to deliver managed services. ITIL provides good practice guidelines, advice and options that can be selectively adopted and adapted. ISO/IEC 20000 is a standard in two parts. Part 1, ISO/IEC 20000-1 is the distillation of the “must do” practices of service management. Part 2, ISO/IEC 20000-2 is a code of practice giving advice. Achieving ISO/IEC 20000 is undertaken when organisations want to test and prove they have adopted ITIL advice.

III. Basel II is the second of the Basel Accords that are recommendations on banking laws and regulations issued by the Basel Committee on Banking Supervision (BIS). The purpose of Basel II, is to create an international standard that banking regulators can use when creating regulations about how much capital banks need to put aside to guard against the types of financial and operational risks banks face. Basel II holds financial institutions accountable for the economic consequences of high operational risk (e.g., the neglect of data security) and helps reap the economic rewards of lowering operational risk (e.g., the deployment of data security measures). Within its three “pillars” of thought—(1) Minimum Capital Requirements; (2) Supervisory Review; and (3) Market Discipline—Basel II addresses several key security requirements.

IV. PCI DSS – The Payment Card Industry Data Security Standard . The Payment Card Industry (PCI) data security framework was created by American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International. Prior to 2004, each of the associations had a proprietary set of information security requirements which were often burdensome and repetitive for participants in multiple brand networks. The associations subsequently created a uniform set of information security requirements for all national card brands. These requirements became known as the PCI Data Security Standard (PCI DSS), governing all the payment channels: Retail, mail orders, telephone orders and e-commerce. The PCI DSS framework is divided into 12 security requirements.

V. The Standard of Good Practice for Information Security is compiled by the Information security forum with 300 member organisations globally. According to its website:

‘Included in the Standard are topics that are extremely important to many organisations including:

  • Controls aimed at complying with legal and regulatory requirements, such as Sarbanes-Oxley Act 2002, the Payment Card Industry (PCI) Data Security Standard, Basel II 1998, and the EU Directive on Data Protection.
  • Coverage of all the main security controls in other major information security-related standards, such as ISO/IEC 27002 (17799) and COBIT.
  • ‘hot topics’ in information security, such as Threat Horizon, Digital Rights Management, Eurosox and Virtualisation (e.g. reflecting the output from ISF Briefings and ‘Future Watch’ projects).’

2. Frameworks or Best practice guidelines

I. ITIL (UK) – The Information Technology Infrastructure Library (ITIL) is a set of concepts and practices for managing Information Technology (IT) services (ITSM) that includes security management. It describes the organisation of IT resources to deliver business value, documents processes, functions and roles in IT Service Management (ITSM). ITIL introduced the concept of service desks intended to provide a Single Point of Contact and a common database to meet the communication needs between the users and IT providers. The original version of ITIL was developed at the same time as, and in alignment with BS 15000, the former UK standard for IT Service Management. BS15000 was fast-tracked in 2005 to become ISO/IEC 20000, the first international standard in ITSM.

II. COBIT (USA) – The Control Objectives for Information and related Technology is a set of best practices (framework) for information technology (IT) management and is complementary to ITIL. It is an open standard published by the IT Governance Institute and the Information Systems Audit and Control Association. To read how ITIL, COBIT and ISO 17799 can be aligned, Click here. ISACA have recently made available mapping ITIL V3 to CoBit 4.1, click here for more details.

III. CIS – (The centre for Internet security) provides benchmarks for best practice standards for security configurations. When the Payment Card Industry Data Security Standard (PCI DSS) published its requirements it cited CIS Benchmarks.

3. Law (for more information, please refer to my previous blog post International and UK Law and how it relates to IT and Computers):

I. HIPAA (USA)The Health Insurance Portability and Accountability Act (HIPAA) of 1996 (enacted by US congress in 1996).  It protects health insurance coverage for workers and their families when they change or lose their jobs. The Security Rule is a key part of HIPAA. The primary objective of the Security Rule is to protect the confidentiality, integrity, and availability of EPHI when it is stored, maintained, or transmitted.

II. Sarbanes Oxley (USA)The bill was enacted as a result of major corporate accounting scandals including Enron and WorldCom. According to Mark Rasch, ‘IT security is important under SOX only to the extent that it enhances the reliability and integrity of that reporting. Because of SOX’s reliance on controls, the Committee of Sponsoring Organizations of the Treadway Commission (headed by former SEC member James Treadway) developed a series of controls for financial processes which are now known as the COSO guidelines. COSO was originally formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting. For IT auditors, the relevant guidelines are COBIT (Control Objectives for Information and Related Technologies) which is an open standard published by the IT Governance Institute and the Information Systems Audit and Control Association. (In the UK, there is the IT Infrastructure Library, published by the Office of Government Commerce in Great Britain which compliments COBIT.) These are a series of IT controls which should be in place in order to make such a SOX certification with respect to IT.’

III. Data Protection Act (UK) 1998 – Defines UK law on the processing of data on identifiable living people (extended the scope of data protection beyond automatically processed data). It was enacted to bring UK law into line with the European Directive of 1995 that required Member States to protect people’s fundamental rights and freedom, in particular their right to privacy with respect to the processing of personal data. In practice it provides a way for individuals to control information about themselves. In terms of IT security the data needs to be Secured against accidental loss, destruction or damage and against unauthorised or unlawful processing – this applies even if the business uses a third party to process personal information.

In summary, Symantec’s study found that organisations are exploring approximately 19 different standards or frameworks and are using 8 of them. This is without taking into account specific areas and industries. Any organisation’s IT security strategy should take into account these three areas of standards, Frameworks or Best practice guidelines and law and ensure that it selects appropriately from within these three areas. On going developments such as the recent health care reform bill (USA) will continue to have their own implications on IT security.

Michael Dell’s (CEO Dell) management style and CIOs

Today’s article is the second in a series of articles (First was written on Steve Job’s – Apple CIO) analysing current and past leaders to ascertain how Chief Information Officer’s (CIOs) can learn better management by applying the management practices of leadership, practiced by these leaders. It is interesting to note new technology leaders are remarkably similar in many ways. I’ll leave you to decide on their similarities.

PS: CIO is a generic term and other analogous titles are Head of IT, IT Director, Director of IT etc.

The Management Style

Michael Dell started his empire from his bedroom with $1000. Let’s see what CIOs and general management can learn from this icon of modern business and technology. (In no particular order and a few other sources utilised):

1. Constant analysis: Michael Dell (MD) – “There are a lot of things that go into creating success. I don’t like to do just the things I like to do. I like to do things that cause the company to succeed. I don’t spend a lot of time doing my favorite activities. What matters is our future plan of action. We are systematically moving to increase efficiencies, improve execution and transform the company. I constantly adjust my approach and way of doing things based on all the inputs and opportunities that I see.”

Successful businessman and leaders are constantly looking to improve their business. MD utilises this to maximum advantage. It is through constant analysis that Dell successfully started its own range of printers. From the early days, MD realised that a business MUST support itself from revenue generated and not through financial borrowing.

2. Family commitment: MD – “I think we make a priority to bring balance into our lives. To me, family is very important. So if you look at my schedule, one of the things I realized a long time ago is that there is a limit to how much productive work you can actually do in a given week. There’s also the happiness factor; if you want to do something for a long time and be really good at it, you’d better have a strategy that is sustainable and works within what’s going on in the rest of your life. For me that means that I’ve got to have time with my family; I’ve got to have time to exercise; I’ve got to have time to sleep; I’ve got to be able to take my kids to school.”

This is an aspect of life that I firmly believe in as well. Time cannot be turned around or replaced. It is very important that we spend time with spouses and spend time with our children. As they grow up we have to ensure that they become responsible and active citizens. A work/life balance is crucial and ensures that we work optimally.

3. Spotting opportunities: MD – “I do believe that you must find something you’re passionate about and follow your interests – not what others tell you to do.

We need to spot opportunities for improvement. It is not enough, however, just to spot them, the onus is to spot them and then to create an environment to leverage that opportunity and make it happen.

4. Business/IT Strategy: MD – “First of all, don’t start a business just because everybody else is doing it or it looks like it’s a way to make a lot of money. Start a business because you found something you really love doing and have a passion for. Start a business because you found something unique that you can do better than anyone else. And start a business because you really want to make a big contribution to society over a long period of time.”

When people enjoy their work, it is always more productive. Create an environment that encourages employees to deliver to their best capabilities. An environment that is not reliant on an individual’s contribution but where people work together, feel valued, are rewarded as a team and therefore can work towards a better future for the organisation.

5. Know your business and innovate: MD – “There are so many sectors of technology that are in different stages of development and maturity. If you want to be a part of that or create a masterfully successful company, that’s usually not done by replicating something which already exists. To create a real breakthrough, you have to do something which has never been done before or you have to do it in a way which is dramatically better than something that’s previously been done.”

The CIO and the entire IT department need to develop an innovative mindset. IT needs to help the business by understanding each department and then helping that department through innovative use of technology. That assists towards building relationships and reinforces the transformational capabilities of IT.

6. When the going gets tough, investment in people always pays: MD- “First, if you try to control things, that’s self-limiting. The easiest way to think about this is that if all the decisions inside an organization had to roll up to the center of the company or to one person, it’s a massive bottleneck. I believe in rules and having some order to things, but my natural proclivity is not to control everything myself. I am more inclined to provide frameworks and guidelines.”

One person alone cannot handle everything. The secret is to surround yourself with employees that are smarter than yourself. These smart people will challenge organisations and force them to think differently. I covered this, under mobility of management when I covered; can IT Management failure be caused by a deadly disease? Part II. CIOs need to understand the importance of retaining and investing in people as one of the business’s most important assets is yet again confirmed by another business leader.

7. Success in general may be built on failure: MD -. “I would say a few things. First, don’t be afraid to make mistakes. That’s how you learn, so I believe a lot in trio al and error and course corrections. Often companies are unwilling to admit when they’ve made a mistake. We tend to question things more in our business.                                                           

Businesses in general do not tolerate failure and that cascades down to the employees. Employees are encouraged to succeed at all costs. Yet, both at Apple and Dell, failure is accepted as a route to success. Dell’s venture into personal organisers (The Axiom) was not successful but its move into the printer market has been successful. The secret is to learn from your mistakes, put them behind you and move on.

8. Learning: MD – “Continuous learning is also important.”

All great leaders have made it a habit to constantly learn. MD visits the companies that impress him by paying them a visit to learn how to improve himself and Dell. Other leaders such as Bill Gates are very well read and read books to improve their knowledge. The knowledge of all great minds, past and current, is available. It is upon us to seek that knowledge.

The three principles (3C’s) for successful internet businesses.

Approximately 10 years ago, MD outlined three principles that internet businesses should adopt. Many of these have been adopted and enhanced and are reproduced for you to make your own conclusions.

1.        Content

“The first stage of content means providing compelling information. This is how we started our online operations in 1993, when we put our technical databases online for customers to access. It was a relatively simple start, but it showed us the tremendous interest from our customers. By content, we mean bringing information online. Anytime you have a form, a manual, or a document, put it online. This is the foundation of any Internet strategy. Once we brought information online, it became clear to us where the opportunities were in the transaction world: simple things like order status and commerce, and we have added more complex things over time. The key, again, is that it is experiential and you learn by doing.”

2.       Commerce

“The next stage is commerce, which should be thought of as all transactions, not just buying things over the web. In fact, our first activity in this area had nothing to do with purchasing. It was simply order status. Our ultimate goal is to deepen relationships with customers by providing added convenience, efficiency, and cost savings, and a wider array of services. The Internet creates an opportunity to move these key transactions online and drive transaction cost to almost zero.”

3.       Community

“The final stage is developing an online community. We are building two-way relationships over the web with both our customers and our suppliers. Establishing communities of suppliers and end users that share common interests. In summary, the Internet is changing the face of the entire economic and social structure of not only this country but the entire world, and governments have a great opportunity to embrace it. We are seeing a transition from a brick-and-mortar government to an online government. The advantages will include things like velocity, efficiency, and a better customer experience.”

It is appropriate to conclude this blog post with a quote from Michael Dell himself on his competitive strategies “speed to market; superior customer services; a fierce commitment to producing consistently high quality, custom-made computer systems that provide the highest performance and the latest relevant technology to our customers; and an early exploitation of the Internet.”

Organisations “Don’t get” social media

Social Media: Changing Business

Image by Intersection Consulting via Flickr

POST UPDATED 09.12.11

In general most organisations still don’t understand or don’t want to understand the impact, benefits and competitive advantage that social media can, in many cases, still provide. The problem lies in the half hearted way many organisations introduce social media within the organisation. Brian Glick, in his ComputerWeekly column said that (In summary) organisations in general still thought that employees, if given the option, would spend their time on social media sites instead of working are missing the important point. Organisations could reap significant benefits and it was in the interests of organisations to improve collaboration and communication with ‘customers, suppliers and partners.’ One of the reasons for not adopting social media is that social media is at the stage where email and the Internet were 15-20 years ago. I remember that at the time many organisations used to view email/Internet access in the same way. Now, email and Internet access forms the fabric of most organisations. For those organisations that just ‘don’t get’ social media, I will provide a simple three step process to ‘get you there.’

Step One – The social media policy

This does not have to be a completely new policy; this can be an addendum to the existing computer usage or Acceptable Use Policy (AUP) of an organisation. This should include acceptable/unacceptable behaviour for employees on social media such as blogging, social media sites such as LinkedIn, Facebook and Twitter etc. The secret is to embrace social media, get your employees involved and make them your ambassadors in the new world of social media. Tony Redshaw, Aviva CIO captures the essence well, “If you want people to use it, you have to tolerate them using it and not always in the way you expect.” To get you started, here are a few links:

Step two – Internal and external Social Media adoption

Harnessing the power of social media will provide you with two key benefits:

  1. Collaboration and knowledge sharing becomes easier. Organisations of all sizes have struggled for years to capture the expertise of their knowledge experts without much success. Internal Social media platforms make that process simple and employees are encouraged to create ‘expert’ content. Expertise becomes easier to access, as Aviva’s example (QUICK STATS – £350 Billion assets, £50 billion sales, 54000 staff, and currently 120 wikis with potential for 600 more) demonstrates. For example, in Aviva’s case, Tony Redshaw, Aviva CIO said, “One of our people in the Melbourne office was having a complex issue. Someone in our York (England) office saw their online post. Within 24 hours they had related their experience and suggested a way of fixing it, and…problem solved. There was no way before for the two to hook up and for that information exchange to happen.”
  2. The younger generation leaving schools and universities is social media literate. They already have social media profiles on Facebook, MySpace and Bebo etc. Organisations are finding it hard to recruit and retain youngsters where social media equivalents are not available internally and where social media access generally is restrained. The primary reason is that these younger people utilise these technologies to communicate and interact with the world at large. Embracing the younger generation through social media adoption can bring benefits that may not have been anticipated. They will utilise these platforms in innovative ways, providing competitive advantage and adding to the bottom line.

Step three – Setup and monitoring Social Media

Organisations’ spend tremendous amounts of their finances on marketing and advertising but tend to spend no money on correct setup, creating the correct social media culture and actually monitoring social media. For the past month, I have been researching an organisation that thinks that it ‘gets’ social media. The way they have decided to setup their social media, I am sure, in their opinion is correct. Let me just explain how they have setup their social media. They have a blog but only their wholesalers can access it and oh, by the way, they would have to register to read the blog articles. They have setup a social media account with one of the main social media platforms. End customers are not allowed to become members of that group, as it is aimed at the wholesalers only. Customers have been wandering the web looking for information about their products but cannot easily access information about their products or have anywhere or anyone to go to for further information; even product enhancements have been discussed by customers. An independent site talks about the chemical products in their products as naturally occurring and their website fails to display that information. Ok, so why am I telling you all this and why is it important?

Let me explain. Social media is not a tool where the success can be measured in a given time frame/short term. Relationships are developed and nurtured utilising various social media platforms over both short/long term. It is a tool that allows us to interact with each other and our customers. The need is to, ‘engage and interact.’ This particular organisation has not done that. In actual fact, it has unconsciously created all sorts of barriers stopping its very customers reaching and interacting with it. I couldn’t find any evidence of anyone utilising social media to have any conversations anywhere with its customers. Social media is not being monitored and so this organisation has no way of knowing if anyone is posting any comments (positive or negative) anywhere on social media.

For example, I did come across some negative comments that could have been countered by simply informing the customer on where to find the information. Another example covered in my blog post a few weeks ago showed that if , Toyota had monitored social media, it would have become aware much earlier that its customers were unhappy and that it could impact Toyota’s reputation. Here are a few links to get you started:

More SM Tools:

Hootsuite , Tweetdeck , Yoono , Wefollow , Listorious , Twellow , Twellowhood , Klout , Visibli , Quora, Instagr.am , Pitchengine , Addictomatic , Tubemogul , Untweeps, Twitalyzer , Topsy , Ping.fm , Friendfeed , Google Alerts , Postrank , Storify , Backtype , Big-boards/ , Getclicky , Twitterfeed , Twitter Search , Onlywire , Hashtracking , Socialmention , Seesmic.com/ , Flock , Pingdom.com/ , Hubspot , Diaspora , Monitter.com/

Top Commercial Tools for large organisations (Cost more, probably not affordable by small business or for personal use):

Top 20 Social Media monitoring vendors for business

Radian 6 , Lithium , Attensity 360 , Alterian , Spiral 16 , Buzz Logic, Cymfony , Cision , Trackur

In summary:

  • Ensure that you have appropriate policies/guidelines to help employees navigate social media.
  • Adopt social media in a way that benefits your organisation and interact with a wide audience.
  • Monitor social media and use it to interact with your customers, suppliers and partners.
  • The objective internally is to create an environment of collaboration that allows the open exchange of ideas.
  • The objective externally is to create a ‘buzz’ and awareness about your product and organisation, in addition to PR.