Dan Brody Chief Information and Technology Officer CITO

Blogs

Best Practices When Dealing With Critical Situations

Abstract

The success of a project depends on several variables such as the effectiveness of the project team, the involvement of the stakeholders, adherence to scope and budget, etc. However, even the best-run project can run into critical situations that can derail the project if not properly managed. While most project managers are great at managing projects, they often face challenges when confronted with dangerous situations. This paper examines best practices for effectively managing critical situations, with a focus on the IT industry. The best practices presented in this article have been developed, refined, and successfully utilized at a major software and services company.

Introduction

It is not uncommon for IT projects to run into roadblocks. Some of these situations may be severe enough to jeopardize the project timelines, possibly leading to increased cost, a reduction in project deliverables, and ultimately, a negative impact on customer satisfaction.

When critical issues impact a project, how are project managers expected to react? How should a project manager structure his or her communication during a crisis? What behaviors of a project manager can further deteriorate the situation?

During a crisis, all eyes are on the project manager. It is important that project managers have a good grasp of crisis management skills and understand the methodology to de-escalate a critical situation.

The authors manage a team of critical situation managers who step in to de-escalate critical situations, including projects where the go-live is endangered due to key issues. We have compiled a list of best practices based on our team’s collective experience in dealing with similar situations over several years.

In this article, we will discuss six best practices around communication, an approach toward problem solving, a categorization of issues, and behavior.

These guidelines are discussed below: 

  1. Look at the situation holistically

Most project managers are tempted to jump right in and try to resolve a crisis. While on the surface, this might seem like the fastest way to get the project back on track, there is a risk that the issues may manifest themselves again or that new issues may manifest themselves once the original issue is resolved. Depending on the situation, it might be prudent to take a step back and look at the issues end-to-end in a holistic manner. Let us take the example of an IT project where the project team identifies a critical performance issue with a business process step. Instead of jumping in and trying to optimize performance, it might be beneficial to work to understand if that business process step is necessary for what the customer is looking to achieve. Also, it is possible that there could be a more efficient way to achieve the client's requirement by understanding their condition holistically.

  1. Categorize the problems into top issues

Many project teams utilize software such as Microsoft Excel to manage points list. While there is nothing wrong in using software, it does not present an executive summary regarding the nature of the issues. Project stakeholders, especially those at the executive level, prefer to view top issues rather than individual problems. A top issue is a “negative statement.” An example of a top issue could be “poor performance of the solution” or “functional problems with the solution,” etc.

Each top issue could have several sub-issues that are being tracked. However, by rating progress against the top issue, stakeholders have better transparency into the nature of the issues, the risk involved, and the overall progress in working toward a resolution.

  1. Communicate, Communicate, Communicate

Often, we see situations where the team is actively engaged in resolving the critical issues. However, there is little to no communication to the stakeholders around the action plan and the steps made toward resolution. In the absence of communication, stakeholders will assume that no work is done even though that may not be factually correct.

We have seen several situations where decentralized communication leads to inaccurate and conflicting reporting—ultimately resulting in confusion and frustration. It is crucial to identify a point person who is in charge of all communication (ideally the project manager or a critical situation administrator) and to establish ground rules around communication.

It is paramount that all communications to stakeholders go through this person. Adopting this methodology ensures consistency, accountability, and a single point of contact if there are questions or concerns.

Also, it is also important to keep a few best practices in mind:

  • The update should be clear, concise, and to the point. Our research shows that stakeholders at the executive level tend to ignore long-winded status updates.
  • Tailor your update toward your audience. If your audience involves the CIO or the CEO, refrain from utilizing technical terms.
  • Avoid acronyms. If abbreviations are necessary, use the full form of the acronym at the first occurrence and then use the acronym in parentheses. For example, “Internet of Things (IoT).”
  • In today’s digital age, people often read emails on their mobile phones/tablets. Consequently, it is important to ensure your updates are device-friendly. You can guarantee your update is device-friendly by avoiding long sentences, using bullets, and using the appropriate indentation. When in doubt, send the update to yourself and view it on your mobile device to get a feel of what your audience will see.
  • Our experience with several customers shows that stakeholders prefer to see a “delta” update at the very top of the communication. These benefits recipients who read your updates on a daily basis and are only interested in knowing “what has changed” since the last update. Use colors, bold font, and italics if necessary, but refrain from using bright and light colors such as yellow and purple; stick to neutral colors like black, blue, and gray.
  1. State the facts

It is important always to stick to the facts and take emotions and personal opinions out of the equation. Your role is similar to that of a news reporter—where you report on the situation without taking sides. While it is possible that you may have an opinion on the situation, you should refrain from expressing it unless someone explicitly asks for it.

Our experience shows that when project managers communicate a problem to the stakeholders in a factual manner, it builds credibility and demonstrates their commitment to providing fair and accurate updates.

  1. Do not get defensive

When critical issues endanger a project, emotions could run high. If a stakeholder gets upset, allow him/her for venting. Do not try to be defensive, as it will not help diffuse the situation. Once the person has had a chance to vent, it is much easier to convey your thoughts in a calm and professional manner.

We have seen that customers are appreciative when the project manager is honest and upfront about the situation, no matter how bad the news is. If you have to provide bad news to a customer, invest some time in trying to identify possible solutions to circumvent the issue and use this information to build an action plan around the problem.

When project managers go the extra mile to provide an action plan with owners and timelines at the time of communicating a problem, it provides stakeholders with a sense of comfort in knowing that although there is a problem, it is being managed properly.

Let’s demonstrate this with an example. You are the project manager implementing ERP software for a customer. Four weeks before go-live, your team discovers a severe performance issue which is a showstopper to the upcoming go-live.

You have three ways to approach this scenario, as outlined in Table 1:

Scenario Approach Possible Outcome Our Recommendation
 1 Do not communicate bad news to avoid aggravating the customer. Have the team work on resolving this issue behind the scenes. The customer may find out about the problem eventually and will be upset that this was not brought to their attention. The project team’s credibility could be impacted. We do not recommend this approach.
 2 Communicate the problem to the customer as soon as you discover it. The customer will be upset at the beginning, but will then demand an action plan to circumvent the issue. We recommend this only if developing an action plan takes a time or requires collaboration with the customer.
 3 Identify an action plan with owners and timelines. Provide the customer with the action plan to correct the issue. If you have multiple approaches that can be utilized, present these options to the customer, along with the pros and cons of each approach so that a decision on the approach can be made jointly with the customer. The customer will be appreciative of the project team’s integrity and commitment toward making the project successful despite the obstacle. This approach is almost always successful.

Table 1: Possible scenarios when you’re faced with a critical situation.

  1. Utilize graphs when possible

There is an old saying—a picture is worth a thousand words. This is particularly the case when dealing with situations where there is a need to display large amounts of quantitative data, such as numbers, in an easy-to-consume format.

Our experience in dealing with hundreds of such situations have led to the following best practices:

When dealing with an escalated situation where the top issue involves a performance issue, it is best to display performance trends over the course of multiple iterations, as shown in Figure 1.

2016-06-02_14-45-37

For top issues affecting the performance of the solution, we recommend drawing a horizontal line depicting the customer’s Key Performance Indicators (KPIs). Allowing the audience to infer the deviation from the KPIs, as well as gauge progress toward meeting the end goal. There could be multiple KPIs on a particular project. However, for this article, the authors chose to utilize the “Performance of a Sales Order Creation” step as the only KPI.

It is also equally important to display the high-level recommendations corresponding to each iteration, as outlined in Table 2:

 Iteration  Recommendations Applied
 Iteration 1  Implemented parameter recommendations
 Iteration 2  Optimized code
 Iteration 3  Clean up redundant data

Table 2: Legend outlining high-level recommendations for each iteration.

Although graphs allow the audience to see large amounts of information in a single figure, it is equally important to identify what you, as the author, infer from the graph.

Let’s take the graph in Figure 2 as an example:

2016-06-02_14-49-33

Figure 2: Displaying performance trends over time.

The reader might be left to infer that performance deteriorated in iteration #3 because the recommendations did not work.

However, in this particular example, iteration #3 was performed with a significant increase in the number of concurrent users, which explains why performance deteriorated. If this is not explicitly highlighted in the graph, the audience will make incorrect assumptions.

Figure 3 illustrates an example of how the graph should be modified to prevent a reader from making false assumptions from the data presented:

2016-06-02_14-50-30

Conclusion

In conclusion, crisis management is a crucial skill that project managers are expected to have. During a crisis, the stakeholders and project sponsor look to the project manager to remedy the situation. The recommendations presented in this paper are the culmination of years of experience in de-escalating critical situations for a large software and services company. The authors hope that project managers implementing IT projects benefit from the recommendations presented in this paper and disseminate this knowledge to their team members.

Key to Optimum Outsourcing

Outsourcing IT projects have now become a very mature paradigm for many organizations (that is not to say that it does not come with its slew of potholes and disasters). Gartner surveys indicate that the Application Outsourcing (AO) segment has witnessed more growth in the recent years. Most of this increase can be attributed to organizations’ needs to manage their complex legacy application environments and their commercial off-the-shelf (COTS) packages that support their businesses. Data Center outsourcing, which had seen substantial growth in the past, is predicted to reach a plateau. However, the real winner could be Cloud computing service projects, which will see tremendous immediate growth. All these facts mean that outsourcing IT projects will still be a major factor in cost savings for many organizations.

The terms “011” are often used interchangeably because many outsourced projects nowadays implemented in offshore locations outside of the United States. Some studies have indicated that the issues can diminish the real benefits of offshore outsourcing in communication, skill sets, accountability and data security that have plagued many projects.

However, currently managed, offshore IT projects can reap substantial rewards. In one of its reports, the FDIC expected that financial institutions could save up to 39% in operational costs, especially in areas like IT implementing offshore outsourced projects.

Attractions for offshore outsourcing could be the presence of less stringent oversight on financial reporting, health, safety and environmental regulations in locations outside the States.

Project Responsibility

If an organization has decided to outsource its projects inshore or offshore, the ultimate responsibility of making the project(s) successful lies squarely with the initiating group. The fact that the performing organization or the service provider may have signed a Statement of Work (SOW) or any other binding contract does not relieve the “client” or the initiating organization from the responsibility of defining, controlling and delivering the quality of deliverables of the outsourced projects.

As an example, the management team at a major software consulting firm thought they had a good thing going--they seldom heard anything from their client about a project that was estimated to last one year. Then lo and behold on the ninth month, the initiating organization that was in the Fintech business raised red flags of all hues. Apparently, the Fintech banking organization was under the impression that the consulting firm had everything under control and stepped into conduct user acceptance testing as per published milestones. To their surprise, they found that the developed solution addressed not even 20% of their requirements.

This incident could very well be an exceptional case in the realm of outsourcing. However, the fact that such instances can happen between mature organizations when it comes to software outsourcing should be an eye opener. So what is the right approach to manage responsibility in outsourced projects?

A collaborative environment must be set up by the initiating organization where the “client” and “consulting” team members should constantly be communicating project ideas. Milestones defined in the contracts should be evaluated well before completion to make room for any adjustments. The initiating organization’s project manager should be given ultimate responsibility to determine the quality of the project deliverables. Moreover, the client and consulting organizations should be flexible and accommodate to make the project successful.

Service Selection

Nowadays, the mere promise of a lower cost is not the only criteria for selecting a suitable service provider. More than 10 years ago, major companies in the United States jumped on the offshore outsourcing bandwagon primarily to save costs. At that point, the emphasis was to shift “lights on” operations to other countries and focus on strategy operations inshore. However, after many years of successful (as well as failed) offshore outsourcing experiences, organizations have learned a major lesson: the importance of selecting your service provider based on their long-term growth goals, sustainable skill sets for the staff, comprehensive training programs, and financial status.

Many models can adopt outsourcing projects or services to offshore. However, the current preferred model has managed services, where the delivery management accountability is taken up by the servicing organization. From a cost perspective, this model provides better predictability for the initiating organizations. The service provider also gains flexibility in their staffing models as the project success will depend on more on success factors of the deliverables.

Other models like captive project teams and single-source providers need to be evaluated carefully based on an organization’s project needs. It is entirely possible that an offshore service provider who may not be a No. 1 firm has proven capabilities in delivering application development projects as compared to a No. 1 service provider who might specialize in data center operations. An evaluation based on the delivery strengths of these vendors will provide much better value in the long run. However, there is a risk of managing multiple providers for realizing the organization’s core outsource goals. It will very helpful if the client organization and the provider collaborate on the long-term strategy to develop solutions that align with the growing needs of both the organizations.

Flexible Contracts

Contracts that written over thousands of pages are not unusual for any outsourced contract agreements. While the inclusion of every imaginable clause provides an almost foolproof contract, it can also work as a major hindrance to project execution on an ever-changing technology and business landscape.

A good example is the case of a contract management team at a major telecommunications company struggling to meet the outsourcing contract that was established a few years back by a team of lawyers and consultants. When the telecom industry trends started changing overnight, they found that they could not hang on to the established service contracts with the service provider. As an added complexity, the service provider partner had already aligned their budget, technology goals and staffing for an extended period based on the five-year contract agreement. This particular situation put both the client and the provider at crossroads--the client not being able to accommodate its business needs, and the servicer not being able to change due to resource commitment.

The recent trend in outsourced projects is to start the contract with the bare minimum legal terms and expand on the quality, quantity and manageability of the deliverables on a periodic basis. As experience has shown over the last many years, businesses have a dire need to adjust their asset investments based on the market reality. There definitely will be resistance from legal and governance teams in the initiating organization to embark upon an outsourcing journey with a slimmer contract. A conscious effort must be taken to align the business and technology roadmap to the final negotiated outsource contract. However, in certain industries, innovation and change may not be the driver for some operations. In such scenarios, the classic approach to defining service-level contracts over an extended period will still work well.

If the initiating organizations can find their service partners who are willing to start small and grow in an organic manner, then heartaches over contract violation and dissatisfaction can be avoided to some extent. For an outsourced engagement to work, the relationship between the client and the servicer has to be symbiotic in many ways.

Five Weaknesses That Kill App Performance

Performance issues are at the heart of why many apps don’t meet user expectations and die a slow death. While the user might see a single application, on the backend many moving parts must align to deliver a consistent experience.

weaknesses

According to Forrester, nearly 60 percent of delivery challenges revolve around infrastructure-related performance issues.
Here are five performance weaknesses that impact the end user experience of any app:

1. SPINNING WHEELS

What the user experiences: Long wait times to pull or process information, dragging down productivity.

The Aberdeen Group reports that corporate revenues dip almost 10 percent due to slow performance while a three-second performance boost yields a nearly 25 percent revenue increase. The average website or web app relies on eight or more different components (analytics and tracking, payment systems, site search, aggregated content, social networks, etc.), so a lag in any one piece can degrade performance for the whole application.

2. APPLICATION CRASHES

What the user experiences: After a crash users attempt to enter information on the website, it stops responding, doesn’t save entered data, and then requires users to invest more time re-entering data instead of moving on to the next task. This fiasco plagued the HealthCare.gov website and caused a flurry of negative media attention and loss of confidence in the system.

Crashes usually result in lost data and user frustration. An application can crash for many reasons, from overloaded processors to a natural disaster sweeping across the country, to the Oprah-effect causing an unexpected traffic spike. A plan for scale, redundancy, and recovery with the appropriate infrastructure resources to support it is a must to ensure that a single failure doesn’t freeze up an entire app.

3. UNDER-TESTED ENHANCEMENTS

What the user experiences: A new feature is finally live in your app. It tested for 400 concurrent users but today 800 users attempt to use it. They experience slow response times and sporadic crashes.

Launch time isn’t the time to find out that new features or application updates don’t work or cause bottlenecks. Because of limited resources for testing environments, many IT teams can’t execute the rigorous testing needed to flesh out potential issues. Once launched, the lack of thorough testing becomes evident in features that perform inconsistently, leading to a lack of confidence in users.

4. STORAGE DEFICITS

What the user experiences: Adding content to the CMS, a user needs to be registered. However, due to resource constraints, user data is only updated once daily, making the users wait up for access.

When storage capacity is tapping out, resources take too long to commit saves and feed data to other apps to process transactions. Keep ballooning data stores and the need for real-time analysis of that data, and the IT team is straining its resources. Over a third of surveyed IT professionals report that it takes eight-plus hours to add new data targets – hours that could be better spent on high-value infrastructure improvements.

5. CUTTING COSTS ON PERFORMANCE

What the user experiences: Databases running on old hard drive disk servers can’t update inventory changes quickly enough, causing inaccuracies in things like the online catalog. Creating a constant flurry of customer phone calls, complaints, and bad word of mouth.

As noted in an IDG report, from year one to year seven, per server support costs more than quadruple during failures and outages triple. More importantly for the life of your application, maintenance and support costs go through the roof. Costly upgrades that increase ROI, like moving to solid state drive servers or boosting content delivery capabilities, are often delayed instead of the cost to maintain existing, support-hungry servers.

Learn how to increase performance and lowered costs with Performance Cloud Servers on Amazon AWS, Microsoft Azure, Rackspace Cloud. Contact Dan Brody CITO for Hire

How to track down the rat who’s selling your Gmail address to spammers

Want to figure out who’s selling your email address and causing you email spam you don’t want? Have you ever started getting regular emails that you know you never signed up for? Newsletters. Deals. That kind of thing. Well, it’s possible some site you did sign up for is selling your address to a third party. And that is not OK!

With a little bit of planning, you can do some email tracking to see exactly who’s selling your info across the internet. Here’s what you do.

This only works if you’re using a Gmail email address. Let’s say your email is daniel@gmail.com. Now, I have no idea who has that email address. Probably someone at Google!

Anyway, when you give your email address to any website, instead of typing daniel@gmail.com, you can type in daniel+website@gmail.com, where “website” is the name of whatever site you’re signing up for. Google doesn’t read the plus sign, so anything after that is irrelevant. It’ll only read the email as daniel@gmail.com. So when you start getting emails, you don’t want, check what email address it’s sent to. If it has the +website from a site you signed up for, but the email is from someone else entirely, you have your culprit!

Easy breezy! And now you can call yourself Sherlock Holmes! Have any tips you want to share with us? I’d love to hear them! Be sure to share this on your favorite social media site.

 

 

Run, Grow and Transform

How does one measure the success of IT projects? IT projects whose missions do not go beyond hoping the business stay in the race or drive to reduce the total cost of ownership  TCO.

Enhancement projects, which improve existing products and services, must increase the return on investment "ROI", by finding a way to help the business make more money, at the front line.

Transformation projects the change the way we the company does business must ultimately give that company a competitive advantage. The breadth of projects from run to transformation presents an exciting challenge for IT.  Businesses most interested in competitive advantages will let IT focus transformation projects.

Unfortunately, IT does not get a medal for reducing the total cost of ownership. IT is expected to reduce the TCO; IT gets to keep its job if it reduces TCO. IT gets a metal when it's projected contribute to growing and transform the business, which means IT must work closely with business as a value added partner.

A 2010 Deloitte's survey showed that 60% of respondents did not think that business views IT as a value adding partner but rather saw IT as a cost center for the supply of services. I am sure that not much has changed in viewpoints since the survey was done in 2010 to today.

CIOs need to have a seat at the CEOs table, but today most of them are not there. To get there, they need to be value adding partners. To be the value adding partner, they need to understand what the business is trying to do and help make that happen. Thus, they can contribute to change the mindset of the IT team and all their internal clients in the company.

CIOs need to get out in the office and get on the plant floor, with the road crews and work with salespeople and marketing people of their respective companies. CIOs can be great leaders of business when they help provide growth and transformation, doing so by innovating from within the enterprise.

I have found that if you get out of the office and talk to those people who use the current system or use ways to get around the systems that have been created, and understand how they do their jobs. The key is to ask them how they were doing their jobs better. You will be surprised to find that you can create many mini transformation projects "low hanging fruit" that will quickly if the bottom line of the company for the better.

By the way, CIOs and IT should not take credit for these ideas but should give credit to the people who provided the idea for improvement This way the front-line people of the company will be more forthcoming in providing insights to IT for constant improvement which provides the highest ROI.

Most transformation projects that I've seen are bets because it takes time before the business can quantitatively measure whether it will see an increase in the ROI or reduce the TCO. However if you follow the point above and have buy-in from the front-line people and the ideas come from them, you should see quantitative results more quickly as well as psychologically improve the view of the IT team in the eyes of the business user.

Dan Brody is CIO for hire and can help you improve your ROI and reduce your TCO

 

 

 

Blockchain Technology the Game Changer

Blockchain technology creates a secure transaction ledger database that records and stores every transaction that
occurs in a network of decentralized computers, essentially eliminating the need for “trusted” third parties such as
payment processors.The four pillars of blockchain technology are security.

The four pillars of blockchain technology are security, transparency, trust and speed. The manner in which transactions occur provides all four for all participants, and transactions occur in minutes, if not seconds, rather than over the longer time frame that many banking activities require.

Blockchain can be used to transform the way music, media and movies are obtained online. It enables the transfer of ownership and assets to be  completed and stored, and the provenance of information and items to be proven. The technology could offer new and innovative ways of storing, providing and tracking healthcare and insurance information. If the technology is successfully developed, the entire financial services and securities systems could be transformed.

Millions of dollars are being poured into investigating whether blockchain technology can transform business, financial services, and information storage and usage. Bitcoin—virtual currency used to transfer value between two parties without the use of a centralized controlling source—uses blockchain to insure transactions. Some feel that bitcoin may not survive, but are convinced that blockchain will change the way businesses and organizations operate around the globe.

Blockchain could change how contracts work, how secure voting occurs, how the financial sector works, how financial and asset ownership information is stored, how email works, and how music is purchased. It could change the way healthcare records are stored, how ownership of diamonds and art is determined and traced, and even how collectible sneakers are proven to be real or knock-offs.

Blockchain’s combination of security and speed particularly intrigues the financial sector, which could use it to save tens of billions of dollars currently being spent with clearinghouses, banks, and other centralized financial institutions. Because the technology is so new, and because only bitcoin and a few other applications have been run on it, there is much room for companies to experiment with it and develop ways to use it to further their own interests.

While all these uses for blockchain could be game-changing for businesses and industries, it is the financial services field where the technology could make the biggest impact—if developers can solve what many see as critical issues. Blockchain could revolutionize the way securities are traded, allowing trades to clear nearly instantaneously instead of over days. Entire industries— clearinghouses and exchanges, for example—could be wiped out, and billions of dollars in fees and escrow accounts could be freed up for both parties to a transaction. However, there are many issues that must be solved first.

Blockchain technology is in its infancy, and will have to go through the toddler stages before it grows into worldwide acceptance as a decentralized means of recording and verifying transactions. Many consider it a foundational technology, like the TCP/IP that enables the Internet: 25 years ago, no one imagined how thoroughly the Internet would change lives and lifestyles. But blockchain could have the same profound effect on the way business and financial transactions are conducted in the world. And every day, more potential uses for the technology are imagined and developed. Its use will be limited only by developers’ creativity and developmental dollars.

WILL BLOCKCHAIN TECHNOLOGY CHANGE THE WAY WE LIVE AND WORK?

Most people have already heard or read about bitcoin and its cousins—digital currencies used to complete transactions between two parties via computer without the need for a centralized source to confirm the transaction. Many think that, in the long term, bitcoin will transform the way people and industry conduct business. But whether bitcoin and other digital currencies will be viable long term has yet to be determined. What will survive, and perhaps become the worldwide standard for transacting business and storing information, is the blockchain system that digital currencies run on.

Peer-to-peer exchanges of digital currency allow the transactors to move the currency from one account to another without passing it through a centralized banking authority. Instead, the money is transferred through an Internet-connected network via computers of mobile devices such as tablets and smartphones. Those involved in the system, rather than a governmental or centralized authority, maintain the network of computers through which the currency is created and moved and through which transactions are recorded. Underpinning all digital currency transactions is the spine, a virtual ledger that records and stores every transaction. This is this underlying “blockchain” technology; it serves as the immutable record of the transaction. The parties involved in the transaction may not know each other, but they can exchange value with little fear thanks to the design of the blocks that record transactions and that make up the chain. The computers that form the network verify each transaction with sophisticated and complicated algorithms to confirm the transfer of value and create a historical ledger of all activity. The process is real-time and is much more secure than relying on a central authority to verify a transaction.

Blockchain technology creates a public ledger (center) with each block sealed after a majority of the independent computers (nodes) in the network agree that a transaction has occurred. A block is sealed with a complicated algorithm called a “hash” that is unique to that block and all but unalterable unless the majority of the computers can be forced to change their minds and “rewrite history.”

Because the information regarding a transaction is approved by a majority of the computers in the system at the same time (and sometimes this involves thousands of computers located throughout the world), it is virtually impossible to go back and change it. After the majority of computers agree that the transaction has taken place, the block is sealed with a hash and part of that hash comes from the previous block in the chain. This series of blocks becomes the virtual public ledger that traces the history of every transaction back to the beginning of the chain. Transactions take place in real time, 24/7/365, and can be completed in just minutes—and sometimes in just seconds. The beauty and strength of blockchain are its speed and security. Many compare the technology, still in its infancy, to the Internet in the 1990s, when no one truly knew what it would evolve into.

Blockchain could change how contracts work, how secure voting occurs, how the financial sector works, how financial and asset ownership information is stored, how email works and how music is purchased. It could change the way healthcare records are stored, how ownership of diamonds and art is determined and traced, and even how collectible sneakers are proven to be real or knock-offs.

Security is of utmost importance, and the many computers and computer generated algorithm protocols associated with the hash that completes each transaction and prepares the next block are key. The technology is virtually impossible to unlock, and because each block is built on the previous one, any effort to change or manipulate the information within a block requires massive computer efforts to change block after block and history after history. It is this built-in security that attracts those who see the technology as a virtual storehouse that could replace much of the paper now used to document many records.

Blockchain’s combination of security and speed particularly intrigues the financial sector, which could use it to save tens of billions of dollars currently being spent with clearinghouses, banks, and other centralized financial institutions. Because the technology is so new and because only bitcoin and a few other applications have been run on it, there is much room for companies to experiment with it and develop ways to use it to further their own interests.

Companies and consortiums ranging from startups to many of the world’s largest financial corporations are developing blockchain applications. One area under development is using blockchain for “smart contracts,” agreements written in code that can “self-execute” when certain conditions are met. These could be used for online purchases of movies, music or goods. News websites could use smart contracts to unlock stories after a reader renders payment.

Smart contracts could also be used to secure and verify transactions of high-value articles such as art, antiques, and diamonds, allowing parties to quickly trace ownership and certify provenance. These contracts could help remove illegal goods from the system and cut into fraud. In the diamond market, for example, fraud often occurs in documentation. To address the problem, Allianz Digital Accelerator, an emerging-technologies group at insurer Allianz Group, is working with startup Everledger to develop a blockchain to track diamonds from mine to retail sale. For each diamond, Everledger measures 40 attributes and then generates a serial number that is microscopically inscribed into the diamond and added to Everledger’s blockchain.

Even sneaker collectors could benefit from blockchain. These collectors have created a multimillion-dollar industry, with some people willing to spend many multiples of retail prices for rare shoes. But fake limited-edition shoes have seriously damaged the market, and Chronicled, a Silicon Valley company, has received $3.42 million in seed funding to continue development of its blockchain technology that will verify the authenticity of sneakers. Chronicled will use “smart tags” to identify authentic sneakers and blockchain to create an anonymous and encrypted registry of them. Collectors can scan the tags with a smartphone to verify shoes’ authenticity and use the Chronicled app to track and display their collections.

Tierion is a pioneer of verifiable data records that use the bitcoin blockchain, and the firm’s platform has been used to build practical use cases that include a verifiable audit trail of insurance claims and an audit trail for healthcare processes and patient data. Through Salesforce.com, Tierion can track the purchasing approvals of goods and services. Tierion can also archive every Slack communication at a company, creating a verifiable record of the company’s online conversations, which is of particular use in regulated industries such as finance and healthcare. Researchers at MIT are developing a blockchain that lets individuals store personal data securely and then selectively issue permission for its use. The Enigma project shifts power to privacy-seeking consumers, according to Alex Pentland, a computer science

Researchers at MIT are developing a blockchain that lets individuals store personal data securely and then selectively issue permission for its use. The Enigma project shifts power to privacy-seeking consumers, according to Alex Pentland, a computer science professor, and the project’s advisor. In one Enigma application, individuals could select portions of personal data to release to their doctors or for drug researchers to study. “You get to issue permissions that this person can use this data for this purpose, with an end date,” Dr. Pentland said. “We are going to start trading data more like money. You own it, you control it, you give it to people for a certain purpose and that’s it.” MIT hopes to establish Enigma, due to enter beta tests this year, as a standard blockchain infrastructure platform on which companies can build applications. Market researchers could, for example, use it to study anonymized personal data, Dr. Pentland said. He added that financial services companies could also use it to issue loans, having applicants submit encrypted personal data, and then

MIT hopes to establish Enigma, due to enter beta tests this year, as a standard blockchain infrastructure platform on which companies can build applications. Market researchers could, for example, use it to study anonymized personal data, Dr. Pentland said. He added that financial services companies could also use it to issue loans, having applicants submit encrypted personal data, and then using it to execute smart contracts. Other companies are looking into ways to use the technology to provide secure voting in elections and to create peer-to-peer email that encrypts the message and masks both the sender and the receiver.

While all these uses for blockchain could be game-changing for businesses and industries, it is the financial services field where the technology could make the biggest impact—if developers can solve what many see as critical issues. Transparency, security, trust and speed are the four hallmarks of blockchain technology—and each is of vital importance to the trading, clearing and profit making of the financial markets. Block by block, the chain can be examined, and every transaction can be traced back to the very beginning of the chain. This transparency engenders trust; parties know that they can trust that what the blocks say has happened has indeed happened.

The fact that transactions are examined and approved by many computers located around the world at the same time—and are then sealed with an encrypted algorithm that is impossible to change without a majority of those computers agreeing to it at the same time—provides an unprecedented level of security for transactions. And the fact that transactions are made, examined, agreed upon and then sealed and completed nearly in real time provides speed and savings. Accordingly, some of the world’s largest financial houses are investing millions to determine the feasibility and workability of blockchain technology in their future. In two years, venture capital funding for bitcoin and blockchain technology has nearly quintupled, to almost $500 million.

Blockchain could revolutionize the way securities are traded, allowing trades to clear nearly instantaneously instead over days. Entire industries—clearinghouses and exchanges, for example—could be wiped out, and billions of dollars in fees and escrow accounts could be freed up for both parties to a transaction. However, there are many issues that must be solved first. Presently, central clearinghouses are the managers and guarantors of settling each trade, and there is normally a three-day window over which buyers and sellers are matched, securities obtained, ownership transferred and financial matters settled. Eliminating the three-day window is appealing to many involved because it would speed up trading and settlement. But changing the current system would take years and many millions of dollars. Issues include information leakage about who owns what and when, confidentiality regarding investment decisions, manner of trading—because each security would need to be in the name of the person or company buying or selling it in order to trace provenance—and overcoming the time differences in international transactions. Also, incredible amounts of new paperwork could result from the restructuring that would be necessary to recognize and identify owners of individual shares and securities.

Despite these issues, many firms have become intellectually and financially attracted to the technology. Interest and investment in blockchain development by some of the world’s largest financial houses ballooned during 2015, and the surge is expected to continue in 2016. Financial institutions such as Citigroup, Deutsche Börse, Goldman Sachs and BNP Paribas have invested in it, and in September 2015, Barclays, UBS, J.P. Morgan and others partnered with financial technology company R3 to establish standards for a public ledger using blockchain. In February 2016, IBM announced a set of tools designed to let financial, logistics and other companies use blockchain.

In January 2016, a five-day pilot program saw 11 banks try Ethereum’s distributed ledger on Microsoft Azure. The following month, the R3 CEV blockchain consortium of 42 financial companies leading the way in research and development of blockchain usage in the financial system, undertook an expanded test. Forty banks tested five different blockchain vendors and three cloud providers to see how different combinations handled simulated transactions in commercial paper. Technology groups at Bank of America, Morgan Stanley, Deutsche Bank, RBS and 36 other banks helped build the ledgers using base technology from rivals Chain, Eris Industries, Ethereum, Intel, and IBM. Cloud infrastructure came from Amazon, IBM, and Microsoft. The test was intended to show a blockchain’s capabilities in executing smart contracts and help CIOs determine what criteria to use to evaluate blockchain technologies from competing vendors.

The banks simulated three kinds of transactions: issuing, trading and redeeming commercial paper. Identical smart contracts were written for the transactions and run on different combinations of ledgers and cloud programs. IBM, for example, ran its ledger on its own cloud, while Chain ran its ledger on Amazon Web Services’ cloud. Since testing is only in the pilot stages, much is still to be learned. R3 CEV plans to conduct similar tests with the participation of government regulators as well as tests for integrating blockchains with banks’ legacy transaction systems.

CONCLUSION

Blockchain technology is in its infancy, and will have to go through the toddler stages before it grows into worldwide acceptance as a decentralized means of recording and verifying transactions. Many consider it a foundational technology, like the TCP/IP that enables the Internet: 25 years ago, no one imagined how thoroughly the Internet would change lives and lifestyles. But blockchain could have the same profound effect on the way business and financial transactions are conducted in the world. And every day, more potential uses for blockchain are imagined and developed. Its use will be limited only by developers’ creativity and developmental dollars.

 

WEBSITE SECURITY 101

@CIOBrody So, many people think that cyber attacks only happen to big corporations like Sony and Target. But did you know that 40% of hacking attacks are on medium and small businesses. Two out of 10 data breaches hit small businesses with 250 or fewer employees. A hacking attack can destroy not only your reputation and finances, but there's a 60% chance your business won't recover if a hacker strikes.
Good news is that the odds are in your favor if you take measures to prevent a data breach.

2014 Was Just the Beginning of a Decade of Data Breach

It seems that writers were a little quick to name 2014, “The Year of the Data Breach,” as if were the only standalone year in digital chaos. This is our world now. Our entire lives are online so naturally the criminals are too. ​We didn’t peak in 2014: This is the decade of data breach.Better yet, the millennia of data breach, because it’s not a problem that will go away anytime soon.

Jay Johnson wrote for ​Forbes that, “Data breaches dominated headlines in 2014, While the cyber-security plights of certain high-profile retailers, financial institutions, and one prominent movie studio became common knowledge and headline fodder, these companies were far   from the year’s only victims. In fact, ​a recent study found that more than 40% of companies experienced a data breach of some sort in the past year – four out of ten companies that maintain your credit card numbers, social security numbers, health information, and other personal information. That number is staggering, and shows no signs   of retreat.”

Just five days into the 2015 New Year, headlines exploded with a possible security breach at Chick­-Fil­-A after the company noticed strange credit card activity in a number of restaurants.  In a recent statement they said:
“We want to assure our customers we are working hard to investigate these events and will share additional facts as we are able to do so. If the investigation reveals that a breach has occurred, customers will not be liable for any fraudulent charges to their accounts — any fraudulent charges will be the responsibility of either Chick­-fil­-A or the bank that issued the card. If our customers are impacted, we will arrange for free identity protection services, including credit monitoring.”

Since 2014 was the first year of real security breach, a glimpse into our future for years to come, it finally reset the bar for security standards. Unfortunately, it took thousands of security breaches last year, and countless victims, to inspire lawmakers, business owners, and customers to take security seriously. 2015, if anything, has set a precedent to prevent and quickly handle security breach for businesses. 2014 and 2015’s security breaches reminded politicians and lawmakers of the new era of data breach, and educated customers that things that are out of site, such as digital information, is not necessarily out of mind.

4 Expert Ways to Thwart Hackers

Alarming newspaper and industry reports show that no one, including small businesses, is immune from a potential data security breach. According to a ​2013 and 2016 report by National Small Business Association​, half of all small businesses surveyed had been a victim of a cyber attack and Secure Digital Data and Finances.

  • Ninety-four percent of small business owners say they are very or somewhat concerned about cybersecurity while nearly half of small businesses have been the victim of a cyber-attack.
  • Cyber-attacks cost small businesses on average $8,699 per attack.

The best way to protect yourself is with a comprehensive security protection plan and knowing some of the tricks hackers use that can cost you time, money and spur mistrust from your customers. Here are four risks that could make you a target for hackers – and how you can fix them.

Risk: Weak passwords

The necessity of a strong password is so basic it should be a no-brainer, right? But a strong password is one of your first lines of defense against unscrupulous hackers, so it bears a mention.

  • Fast Fact:Studies have shown that website users typically have only one password for   multiple accounts, leaving customer information and business data vulnerable to    hacking.
  • What you can do:Experts recommend you create a password that’s at least eight characters long, with a combination of capital letters and symbols. And it’s better if passwords aren’t real words, either, which makes them easier to hack. Create a password that’s gobbledygook (that you can remember) rather than a real word and you’re more likely to evade   hackers.

Risk: Phishing

We’ve all gotten those emails: An African prince needs us to transfer him money, etc., etc.  Some attempts to steal our data and get our money are so blatant it’s almost laughable. But there are subtler phishing techniques out there, that, if you’re not vigilant, could be as simple as one unaware­-click away to open the door to a hacking maelstrom. Phishing can   come in the form of a legitimate looking email with an attachment or link to a virus, malware or spyware.

  • Fast Fact: Phishing attacks have been steadily rising each year, according to the Anti­-Phishing Working Group, which works to create a unified global response to cyber crimes.
  • What you can do:Don’t click without thinking first. Copy and paste a link to a URL rather than clicking on it. Keep your operating system and software up to   date.

Risk: Untrained staff

You can have an exemplar internet security plan in place, but have your employees been trained on how not to let an intruder in through the gates? Employees not trained on cyber security methods is like having staff who don’t know how to set the code for the alarm system.

Fast Fact:Nearly 19 percent of Americans surveyed said they had never changed their PIN   or password without first being prompted, according to​ a survey conducted by The National Cyber Security Alliance and PayPal.

What you can do: The National Cyber Security Alliance​, a nonprofit focused on internet safety, recommends training employees to create strong passwords, to back up their work and how to spot and not click on suspicious links and attachments in emails.

Risk: Social engineering

Instead of tediously trying to hack into software, hackers try to get information directly from the source: you. They may try to get you or an employee to install malicious software or use you to gain access to unauthorized locations.

Social engineering is one of the latest tactics hackers use and is on the rise, according to a January 2014 recent article from Inc.  Magazine.

  • What you can do:Be careful of what personal information you reveal online. Beware of hackers pretending to be from your company’s IT department and asking for sensitive data or passwords.

6 Key Security Terms You Need to Know to Protect Your Site

If you're a business owner trying to make sure your website is safe, secure and trustworthy to customers, navigating your way through the dizzying array of cyber security related can be confusing, frustrating and just plain boring. We've put together this in nutshell guide to make   it as painless and simple for you to understand some key terms so you know what your site needs and why.

Trust Seal

  • What it is:Trust Seals are graphics for your website's homepage that show customers your   site is safe and secure and that you are who you say you are. There are many companies that offer various kinds of trust seals. The three main types are Privacy Seals, which lets    customers know their personal and financial information is safe; Business Seals, which show that an outside company has verified that you are who you say you are; and Security Seals, which demonstrate that your site has been scanned for viruses and security holes.
  • Why you need it:More customers, more sales! Trust seals have been shown   to increase consumer confidence, decrease shopping cart abandonment and boost sales.

When customers feel your site is secure, they're more likely to buy from you. ​Trust Guard offers three types of trust seals to meet your site's individual   needs.

Privacy Policy

  • What it is:A privacy policy lets visitors know what information you collect from them and what you do with it. In legal terms, a privacy policy is a disclosure document. There are state and federal laws governing internet privacy and the FTC and state attorney generals have jurisdiction in enforcing those laws.
  • Why you need it:A comprehensive, specific privacy policy tailored for your site can help protect you against complaints and potential lawsuits. Facebook and Google have each faced lawsuits connected to their privacy policies and use of user data. But be aware that simply copying and pasting an existing privacy policy from another company's website simply won’t do: you need one that matches the specific ways in which your company gathers and uses visitor information. Many companies, such as Trustee and ​FreePrivacyPolicy.com​, offer services to create privacy policies for your site in minutes.

SSL Certificate

  • What it is:An SSL (it stands for Secure Sockets Layer, if you really want to know) Certificate    is a digital form issued by an outside party that says your site is authentic and uses SSL encryption. SSL encryption scrambles data from a customer's computer to your server so their info is protected from third parties trying to access it. SSL certificates include the certificate holder's name, the certificate's serial number and expiration date, a copy of the certificate holder's public key, and the digital signature of the certificate issuing authority.
  • Why you need it:If your company takes online payments or collects sensitive information, you need it. An SSL certificate is an added layer of protection to help assure your customers that your website is safe. It won't protect you (or them) from hackers, but when visitors see the padlock in the browser window that indicates that SSL encryption is being used, it can help build confidence that your company is taking steps to protect their data.

PCI Compliance

  • What it is:Payment Card Industry Compliance applies to you your company collects, transmits, processes or stores cardholder information. Being PCI Compliant means you're following industry requirements to keep your customers' data safe. The regulations were developed by a council (Payment Card Industry Security Standards Council ­ aka PCI SSC) set up by the big credit card companies ­ MasterCard, Visa, American Express, Discover and JOB.
  • Why you need it:Do you want to pay massive fines? Didn't think so. If you're not PCI Compliant, then you've got to pay up. The regulations are too complex to get into in a brief summary, but we've got the lowdown for you  ​here​.

Vulnerability Scan

  • What it is:Vulnerability Scans check for security holes in computer networks to make sure you're not letting the bad guys in. They typically are automated scans and should be run continuously.
  • Why you need it:You don't want hackers stealing your info, causing your customers to   distrust you and costing you money, do you? Of course not! Vulnerability Scans help protect your network and your customers' data and are the first step toward being PCI Compliant and getting a Trust Seal (we mention both above.) For more details on vulnerability scans, we've got it covered ​here.

IT Penetration Test (PenTest)

  • What it is:PenTests actively, intentionally attack and exploit a computer system to see if   there are any holes in your network. It's basically like a hacker attacking your network, only they're on your side. PenTests require expertise and aren't automated like vulnerability scans are.
  • Why you need it:Combined with vulnerability scanning, Pen Tests give you comprehensive security coverage. PenTests should be done once a year by a computer security expert (or good guy hacker, if you will) to identify what data was compromised during the test. Need more on Penetration Testing? You can find it  ​here​.

Daniel Brody is chief information and technology officer - over 20 years of accomplished business builder diverse tech industries with a history of successful product launches. Daniel is an innovator who leads system development initiatives that improve operational efficiency & contribute to market expansion. If you need help with your next online cloud build contact Daniel.

[inbound_forms id="1516" name="CITO for HireContact"]

Analytics for the Steel Industry Webinar March 22 2016 10am EST

Join Us and learn how Analytics and leading tools can help your business in this volatile market!

Here is a chance to see what was talking about in my article Analytics in the Steel Industry was talking about.

AnalyticsROI presentation for Steel Manufacturers and Processors
- Tue, Mar 22, 2016 10:00 AM - 11:00 AM Eastern Daylight Time

Sign up here!

Analytics is the practice of using data to drive business strategy and performance. Analytics includes a range of approaches and solutions, from looking backward to truly understanding what happened in the past two forward-looking predictive modeling and scenario planning. To note as we see an improvement in the world of artificial intelligence I believe this will greatly affect the predictive modeling and scenario planning.

Analytics is a set of capabilities. These capabilities are the result of process that identifies business issues, assembles facts, reports on optimizing performance, provides deep insights and answers.

Analytics in the Steel Industry Webinar March 22 2016 10am EST

Here is a chance to see what was talking about in my article Analytics in the Steel Industry was talking about.

AnalyticsROI presentation for Steel Manufacturers and Processors
- Tue, Mar 22, 2016 10:00 AM - 11:00 AM Eastern Daylight Time

Sign up here!

Analytics is the practice of using data to drive business strategy and performance. Analytics includes a range of approaches and solutions, from looking backward to truly understanding what happened in the past two forward-looking predictive modeling and scenario planning. To note as we see an improvement in the world of artificial intelligence I believe this will greatly affect the predictive modeling and scenario planning.

Analytics is a set of capabilities. These capabilities are the result of process that identifies business issues, assembles facts, reports on optimizing performance, provides deep insights and answers.

Healthcare Technology for Seniors

  • The United Nations (UN) forecasts that the 60+ age group will grow from 12.3% of the global population in 2015 to 16.5% of the global population in 2030.
  • In 2015, consumers aged 65+ accounted for around $7 trillion, or approximately 17%, of total worldwide consumer spending. In 2030, seniors are projected to account for around $15 trillion, or approximately 23.5%, of the total.
  • Our estimates suggest that seniors accounted for around 16.1%, or $1.3 trillion, of healthcare spending globally in 2015, and that they will account for approximately 21.6%, or $3.5 trillion, of global healthcare spending in 2030.
  • BCC Research valued the global market for senior-care technology at $3.7 billion in 2014, and the firm expects it to grow to $10.3 billion by 2020, at a CAGR of 18.8%.
  • Healthcare tech has been enabled by instant accessibility and Big Data, both of which can help improve patients’ quality of life and caregivers’ ability to perform their jobs.
  • Healthcare tech’s role in administering healthcare could be key to driving down overall costs, as this will become a matter of growing concern to those who pay for seniors’ healthcare.

Helping manage your parents care and getting support of Doctors, Caregivers and community support groups is very tough. There is a new project on the horizon that will help you manage all your long term care information in one place.  Allowing for better communication between siblings, and other people on support list for an aging parent.  Life Care Portal out of Boston will be launching in the next few months to help you track all the key information and make those around the support group more accountable.

%d bloggers like this: