These Aren’t The Data Files You’re Looking For

Branwell Moffat

Rebels hacked the Death Star: Is your organization next?

A long time ago in a galaxy far, far away, the Empire made one critical and fatal mistake that would lead to their eventual downfall. They never believed that the rebels would be able to breach their defenses at Scarif and steal the plans for their most prized weapon: The Death Star.

Plans were placed in a vault, in a tall tower, surrounded by thousands of heavily armed troops and Imperial Walkers, on a planet completely surrounded by an impenetrable force field, defended by hundreds of spaceships.

Yet it only took a group of highly motivated and determined individuals to get through their defenses, and the consequences were dire.

Where was the Empire’s incident plan? Why weren’t the Death Star plans encrypted? Why didn’t they user two-factor authentication?

Every day brings news of another data breach. Some are huge data breaches like eBay, Equifax, or Yahoo, while others are much smaller. However, they all have one thing in common: Once in, hackers were able to get a lot of data.

Often, hacks are limited to users’ personal data, but sometimes customers’ credit card details are also stolen. Many companies that suffer a breach already have security measures in place: They patch servers, firewalls, wide-area file services, and intrusion detection systems. Many have an information security policy and carry out penetration tests, but the hackers get through anyway.

Plan for the breach

No matter how high you build your walls, someone with enough skill, determination, and resources can get in. Nation states are now engaging in corporate espionage, and if North Korea really wants your data files, you are going to find it very difficult to keep them out.

Humans are often the biggest attack vector in any system, and highly sophisticated security systems can be breached through clever social engineering. In an effort to keep their data safe, organizations are spending more and more to build taller walls with increasingly sophisticated technology, but, time and again, these are breached and data is exposed – sometimes through very sophisticated attacks, and sometimes through human error.

While it is extremely important to focus on strong information security, what the Empire forgot to study was how to mitigate the damage if and when rebels managed to breach their security. They didn’t plan for a breach because they never thought it would happen. This is the same mistake that many organizations on this planet are making, too.

Create an incident plan

Every organization should have a data-breach incident plan. When the proverbial item hits the fan, the last thing needed is employees running around like headless chickens, desperately trying to manage the situation, and making things up as they go along.

The moments after a breach is discovered are extremely stressful for all involved, but they are also the most crucial. Without a plan, matters can be made much, much worse.

Forensic evidence can be destroyed, further data exposed, and misinformation can be disseminated. During this time, everyone should know what they need to do so that the crisis can be managed.

Audit your data

One of the great features of the forthcoming GDPR regulations is that European organizations are being forced to audit their data. Many organizations don’t know what data they hold, how much of it they have, and where it is located.

Organizations that have grown organically over time are likely to have many legacy systems with different data residing in each. Companies should consider what personal data they actually need and ensure that the rest is removed, or at least fully encrypted. Is it really necessary to keep the personal details of someone who bought from you five years ago?

Separation of systems to avoid cross-contamination

A chain is only as strong as its weakest link. Many secure systems have been breached because of a weak entry point. It is important to ensure that systems are separated. That way if one is breached, the breach is contained to that system rather than across all systems, thus limiting your exposure.

Implemented correctly, an e-commerce site built on a highly secure platform is going to be very difficult to breach. You may also have a WordPress blog sitting within the same environment. WordPress is by far the most-hacked web platform in the world. Data released by Securi showed that 74% of a sample of hacked websites in 2016 ran WordPress.

While some of that blame is on WordPress users not keeping their software up to date, this number should concern you if you run a WordPress site. You concern should be magnified if you run a WordPress site hosted on the same environment as your e-commerce store.

If your WordPress platform is breached, it could be used as an entry point into your e-commerce website, where the most valuable data resides. The WordPress site should be hosted on an entirely different and separated hosting environment than your e-commerce platform to ensure that there is no cross-contamination.

Data encryption

Data encryption is more complex than it may immediately appear. In theory, it makes complete sense to encrypt all personal data held within your e-commerce platform’s database. If the data is breached without the key, it is meaningless.

The biggest problem is that your application generally needs to be able to decrypt data on the fly, meaning that somewhere within your code is the key. Therefore, if someone gets hold of your application and the data, they may be able to decrypt the data using that key.

Another encryption challenge is performance. If your application needs to decrypt data in real time, this can significantly increase performance overheads, and often it is just not practical. Encryption is a great way to protect your data, but it comes with its own set of challenges.

Deception-based security

Deception-based security presents hackers with fake vulnerabilities, or even fake data that can obscure the real thing.

Hackers generally look for the most basic vulnerabilities, like known exploits, before deploying more advanced techniques. Once they find a vulnerability, they are likely to focus on that. If they are then given access to data that appears sensitive and real but is, in fact, fake, you have a chance of throwing them off the scent.

You can also more easily monitor that activity, which increases your odds of identifying, then blocking, the attacker. By deploying decoy systems and data, you can give the attacker the illusion of successfully breaching your network.

Best cybersecurity practices for the future

Organizations should not solely focus on keeping hackers out, as this alone will not protect their data from everyone. A determined, experienced, and well-resourced team could probably hack almost any e-commerce platform if they tried hard enough.

Building a bigger wall will only deter them for so long. A greater focus on mitigating breaches rather than just trying to prevent them is needed to ensure that all of your data is as protected as it can be.

If the Empire had tasked someone with auditing their data and creating a robust and tested incident plan, things could have turned out very differently.

Do or not do. There is no try!

The first step in breach remediation is knowing you’ve been hacked. See The Future of Cybersecurity: Trust as Competitive Advantage.

This article originally appeared on Future of Customer Engagement and Commerce.

Comments

Branwell Moffat

About Branwell Moffat

Branwell Moffat is the e-Commerce director of Envoy Digital, an award-winning SAP gold partner and systems integrator in London, UK. He’s a highly technical e-commerce solutions expert and business manager, with over 18 years experience helping companies grow their e-commerce and omni-commerce businesses to levels of individual revenues in excess of £100 million per year.

Digital Remix 2018: Digitalization Changes The Nature Of CIO Leadership

Michael Golz

Change may be the law of the natural world, but digitalization is taking it to a whole new level of Darwinism. In his book On the Origin of Species, Charles Darwin speculates that the survival of any species depends on its ability to adapt and adjust to environmental changes. Not intelligence, not physical strength – just adaptability and responsiveness.

Now that technology and society are evolving faster than businesses can keep up, this 19th-century observation has become a 21st-century strategy. The more digital transformation takes hold of entire industries and creates more disruption, the more the whole business needs to commit to change.

Although the 2017 Harvey Nash/KPMG survey of CIOs suggests that adoption of enterprise-wide digital strategies has risen sharply from 27% in 2015 to 52% in 2017, cultural resistance – not budget – has become the top impediment to digital success. In turn, CIOs are forced to adapt to a new era of leadership, business innovation, and mindset. Whether the change impacts a business model, business process, or the way people work, CIOs must focus more on how to leverage the underlying technology throughout the business and less on how the technology works.

The 2018 CIO makeover: From IT leader to business executive

According to Thomas Saueressig, chief information officer and global head of IT services at SAP, CIOs are encountering an immense sense of urgency when guiding digital transformation. In his Digitalist Magazine article “The Digital CIO: An Experience In The Digital Economy,” he said: “The digital reality has changed forever the way we live and do business. And no one better understands the opportunities and the challenges of digital enterprise transformation than the CIOs of today. Staying engaged on this topic is critical to ensure the success of the digital journey.”

Everything people need to know about an emerging technology is available in the palm of their hand – their smartphone. Outside of a browser search, people can become familiar with how the innovation works as they use the apps and functions that excite them as consumers. It’s highly likely that your fellow executives and employees are using them every day and applying them to fulfill their professional duties and simplify their personal lives.

CIOs who understand the digital habits of their audience have a front-seat view into the immediate future. Here are some examples of how they can help users engage with the latest crop of emerging technology on their mobile devices.

1. Humanized digital interfaces

 The use of artificial intelligence and natural language processing found in Siri, Alexa, and a range of chatbots are enabling a high level of productivity and engaging brand experiences. Even the Pokémon Go craze in 2016 taught us about the capabilities – and limitations – of augmented reality and virtual reality and how it can be applied to business operations.

A mobile app, for instance, can connect to smart glasses to provide a hands-free, informational experience. For employees, this approach can reduce the need for scanning shipments and simplify the overall process by eliminating the use of multiple handheld devices or pen and paper.

2. The Internet of Things

It’s a safe bet that the opportunity to capture data from location-based apps and embedded sensors can yield tremendous value. And when this information is sent to intelligent cloud services that give every line of business better visibility, the benefits will only grow.

Although consumer device sensors appear to be much more basic compared to sophisticated, industrial IoT scenarios, the underlying capabilities are quite similar. For example, dashboards that continuously track asset health can send an alert immediately when a machine or production process is beginning to show signs of a malfunction. This digital capability allows plant managers to avoid the risk of unintended downtimes by triggering an order for preventive maintenance with a single click.

3. Artificial intelligence and machine learning

As artificial intelligence and machine learning continue to enjoy escalating adoption rates, it’s highly likely that these technologies will eventually be embedded into every product or service we use at work and home. When a personal digital assistant or an app on your phone can anticipate your next question or need before you think of it, you know that a fundamental technology shift is taking place.

Sooner than later, this form of intelligence will make its way into every business process. For example, a machine learning application became a crucial enabler in streamlining invoice processing for our global finance team based in Singapore, which processes upwards of 85,000 invoices each year for the Asia-Pacific region. The application automates invoice matching by identifying more than 40 features – including differences in amounts and data as well as misspelled words – to reconcile bank statements with receivables. In addition, the Singapore team uses the application to predict the future financial needs of the business and pinpoint opportunities to optimize cash flow.

4. Blockchain

While the impact of blockchain may be less apparent in today’s consumer apps, a lot of change is happening behind the scenes. Whether we are making a digital payment or participating in crowdfunding, the technology can turn a middleman-driven process into a more direct way of handling everything from financials to contracts.

Although blockchain might be most known in the context of cryptocurrencies, it is uniquely suited to support interactions between business partners in a transparent and trusted way. One prime example is the automation of contract processing. Self-validated, self-monitored, and self-enforced contracts can help bridge the trust gap during negotiation and enforcement without the intervention of a third-party intermediary.

5. Cloud

Gartner defines cloud as “a style of computing in which scalable and elastic IT-enabled capabilities are delivered as a service using Internet technologies.” Whether we realize it or not, every piece of data we record and access on our mobile devices is enabled by cloud technology. From file syncing and sharing information to streaming content services and downloading app updates, none of these capabilities could exist without the cloud.

The running joke “there is no cloud, just someone else’s computer” doesn’t quite capture the value and built-in capabilities of today’s cloud services. Whether we’re talking about infrastructure, platform, or software as a service, the days when everything will reside in the cloud are not far away. In fact, cloud computing is reaching a high level of maturity on many fronts as businesses reveal its full value.

For example, a cloud platform managed by a third-party provider can help businesses achieve the speed, scalability, and flexibility required to evolve as quickly as their customers – or, in some cases, faster than their competitors. But perhaps more impressive is the reality that these capabilities can be achieved while keeping information, connected machines, and business systems more secure.

A new role for the CIO, a new opportunity for the business

The ability to understand the latest technologies and apply them in a way that furthers digital maturity will become a paramount asset in the coming year. This imperative requires a new kind of leadership where scaling digitalized practices and operations are prioritized over technology experimentations and pilots.

Whether they’re innovating business models, setting up new organizations, or maintaining IT operations, CIOs who choose to embrace this new mindset will be the ones guiding their business through a transformation that can lead to long-lasting competitive power.

Find out how your business can bring these new technologies together to power your digital strategy in 2018 and beyond. Explore the SAP Leonardo digital innovation system.

Learn more about how to use these technologies to turn your data into a strategic asset that can be quickly analyzed to discover previously hidden insights. Read the IDC Analyst Connection paper, The Value of Data and Analytics in Digital Transformation.

Comments

Michael Golz

About Michael Golz

Michael Golz is senior vice president and CIO Americas at SAP. He frequently speaks to customers about IT’s first-hand experiences with SAP solutions in the areas of digital transformation, digital core, cloud, business networks, and leading-edge technologies overall. Previously, Mr. Golz was senior vice president of Application Services with worldwide responsibility for SAP's internal business applications and external platforms, covering the entire spectrum of SAP solutions for SAP’s employees. Prior to joining SAP, he led the Information Management organization at OTTO Group in Cologne, Germany. Mr. Golz holds a bachelor’s degree in Business Administration and Information Technology from European Business School in Germany.

Testing: The Most Undervalued Part Of Application Development

Branwell Moffat

Why should I pay you to test your own work?

This is a question I have heard a lot over the years when discussing testing budgets with clients. To the uninitiated, it sounds like a fair question. However, anyone involved in software development knows how complex and time-consuming testing can be. Testing is, in fact, one of the most important parts of any software development project.

A large e-commerce platform is an incredibly complex thing, with millions of lines of code, gigabytes of data, and many integration points. There are so many interlinked moving parts –  so many links in the chain – that it is very easy for something to go wrong. The application will be used in millions of different ways through a multitude of browsers across numerous desktop and mobile devices. The development project will have lasted at least six months and involve many different people. The scenarios that can be tested are almost limitless. It’s a wonder anything works at all!

Testing can be split into a number of different areas, but each is important to consider. Every project is a little different; some clients like to take on much of the testing themselves; some like to outsource it, and some expect their developer to do it all. Testing is not a fixed entity; you can do a lot of testing, and you can do a little. The more you test, the more you will de-risk the project, but the more time it will take and the more it will cost.

Unit testing

A unit test is one which tests small “units” of code to ensure that they function as expected. For example, when a form is submitted, it should save the inputted details into a database table. It is a standalone test that specifically, and only, ensures that the unit functions as expected. Using a true test-driven development methodology, a developer will first write a test before actually creating any code; the code is considered completed only when the test is passed. In practice, unit testing is only used in some key areas of the application to ensure that core functions are working as expected. While unit testing can reduce the likelihood of functional issues occurring, it can also increase development time.

Smoke testing

You will probably hear your development agency talk about smoke testing. A smoke test is a pragmatic subset of test cases covering the key user journeys and functions throughout your application. At the very least, your developer should be expected to carry out smoke tests before handing anything over to you for user acceptance testing.

UI testing

User Interface (UI) testing can be very complex and time-consuming. The huge range of operating systems, browsers, and mobile, tablet, and desktop devices that will be used to access a website means that comprehensively testing every combination manually is almost impossible. Because of the vast number of different variations that need to be covered, UI testing is a perfect candidate for automated testing. Automated test tools are able to follow a scripted journey through your website and test whether the expected results are achieved. They can also record each journey so that each one can be played back. Although this method is not perfect, it can significantly reduce the number of major UI issues a website may face.

Some third-party testing services such as Bug Finders offer a crowd-sourced service where hundreds of freelance human testers from around the world are used to test a website and are paid when they find an issue. This approach can be a relatively cost-effective way of testing your application across hundreds of device/platform/browser combinations. It is normal for a test cycle to result in around 200 issues being raised. The challenge is often in categorizing and prioritizing the issues so that you focus your resources on dealing with the most important ones. Every website will have a constant backlog of low-level issues that are unlikely to ever be resolved.

Regression testing

Regression testing is an extremely important part of ongoing development. It is designed to test whether any changes to one part of the application have caused an issue to another part. For example, a change to a JavaScript function used to validate the “Contact Us” form could potentially impact forms used in the checkout process. Due to the complex nature of any e-commerce platform, regression issues are not uncommon. Devising a solid regression test plan is vital to ensure that your users’ experience is not adversely impacted by these issues.

User acceptance testing

User acceptance testing (UAT) is a critical part of any development project and involves full end-to-end testing of the platform before going live. UAT is the process that I most often see underestimated, and the first to suffer when timelines are tight. However, this is likely to lead to higher rate of failure. For any new website build, we advise planning at least two months of UAT. Your e-commerce website is only one part of your e-commerce business. The end-to-end process involving search, checkout, order management, payment, despatch, customer services, finance, and all of the other parts of the chain need to be tested.

UAT is often confused or merged with system integration testing (SIT), where you will be specifically testing the integration between multiple systems. SIT is part of the end-to-end testing that ensures that all parts of the chain are working correctly together.

Good UAT involves the creation of test cases and test plans. These generally take the form of a set of scripts (a set of tasks) that a manual tester will run through and either pass or fail the test according to the outcome. It is not unusual for an end-to-end UAT test plan to include more than 500 test cases.

The “A” in UAT is one of the reasons why it is so important. At the end of the UAT process, you will generally be deemed to have accepted the application. It is important that you have thoroughly tested it to ensure that it works in exactly the way you expected. This does not mean that undiscovered bugs will not be under warranty. But if there is functionality that does not work in the way that you expected, this needs to be picked up in UAT. It is also important because it is the final chance to pick up issues before it goes live. Any bugs and issues are likely to negatively impact the user experience.

UAT requires a lot of effort on behalf of the client and is often underestimated. Some clients use external testing agencies to support them during UAT, which can significantly de-risk a project when the client lacks in-house staff to carry out UAT effectively.

Security testing

I am sometimes surprised to observe retailers that fail to take security testing seriously enough. It is not unusual to find that the retailer does not know when a penetration test was last performed on their Web platform. These are generally the ones who have not yet been hit with a cyber attack (or don’t yet know that they have been hit). In the current climate where cybercrime continues to grow in frequency and sophistication, and especially with GDPR on the horizon in Europe, security testing is increasingly important. All e-commerce Web platforms should be penetration-tested by a specialist third party at least annually, and ideally twice a year. It is also advisable that your application is scanned for vulnerabilities using specialist software such as Nessus on a regular basis. At Envoy, we tend to scan our clients’ Web platforms on a weekly basis to ensure that application vulnerabilities are picked up very quickly. At the very least, you should carry out application security scans before each release to production. It is no good waiting for six months until the next penetration test when you have introduced a new application vulnerability.

Performance testing

Performance testing is generally used to determine how much traffic, page requests, concurrent users, and order volume your website can handle. It is more difficult than you may imagine because accurate testing requires that you mimic real user behavior and, of course, real users do a lot of different things. The best you can do is mimic your key user journeys such as search, add to basket, and check out. You ideally want to carry out load testing on your production environment rather than a staging environment as it will give you a much truer picture. But this is also likely to take your platform offline at some point during the test.

Most retailers tend to carry out load tests once a year, normally before peak periods such as Black Friday or Christmas. However, since the last annual test, a large number of changes may have been made to the application with an incremental impact on performance. If an annual load test shows a drop in performance compared to the previous year, it is very hard to determine which change or changes are responsible. This also may not give you enough time to resolve the performance issues before peak trading starts.

To counter this, it is advisable to carry out performance benchmarks before each new code release.  These do not need to be performed in a production environment as long as each test is carried out in the same environment. The aim is to determine whether performance has increased or decreased relative to the last release. This of course takes time and therefore will increase development time and costs

While the list above is not exhaustive, you can see that the scope of testing within software development can be large and complex. Each type of testing takes time and effort, and you should not assume that it is all done as standard with no additional charge. Companies with a strong focus on testing will allocate up to 40% of any project time to testing. Good testing can de-risk a project and pay for itself in the long run, as it will result in fewer bugs, better performance, and a better overall experience for your customers.

For more on this topic, see The Importance Of Cybersecurity In Modern E-Commerce.

Learn how to develop your own mobile apps

This article originally appeared on The Future of Customer Engagement and Commerce and is republished by permission.

 

Comments

Branwell Moffat

About Branwell Moffat

Branwell Moffat is the e-Commerce director of Envoy Digital, an award-winning SAP gold partner and systems integrator in London, UK. He’s a highly technical e-commerce solutions expert and business manager, with over 18 years experience helping companies grow their e-commerce and omni-commerce businesses to levels of individual revenues in excess of £100 million per year.

Hack the CIO

By Thomas Saueressig, Timo Elliott, Sam Yen, and Bennett Voyles

For nerds, the weeks right before finals are a Cinderella moment. Suddenly they’re stars. Pocket protectors are fashionable; people find their jokes a whole lot funnier; Dungeons & Dragons sounds cool.

Many CIOs are enjoying this kind of moment now, as companies everywhere face the business equivalent of a final exam for a vital class they have managed to mostly avoid so far: digital transformation.

But as always, there is a limit to nerdy magic. No matter how helpful CIOs try to be, their classmates still won’t pass if they don’t learn the material. With IT increasingly central to every business—from the customer experience to the offering to the business model itself—we all need to start thinking like CIOs.

Pass the digital transformation exam, and you probably have a bright future ahead. A recent SAP-Oxford Economics study of 3,100 organizations in a variety of industries across 17 countries found that the companies that have taken the lead in digital transformation earn higher profits and revenues and have more competitive differentiation than their peers. They also expect 23% more revenue growth from their digital initiatives over the next two years—an estimate 2.5 to 4 times larger than the average company’s.

But the market is grading on a steep curve: this same SAP-Oxford study found that only 3% have completed some degree of digital transformation across their organization. Other surveys also suggest that most companies won’t be graduating anytime soon: in one recent survey of 450 heads of digital transformation for enterprises in the United States, United Kingdom, France, and Germany by technology company Couchbase, 90% agreed that most digital projects fail to meet expectations and deliver only incremental improvements. Worse: over half (54%) believe that organizations that don’t succeed with their transformation project will fail or be absorbed by a savvier competitor within four years.

Companies that are making the grade understand that unlike earlier technical advances, digital transformation doesn’t just support the business, it’s the future of the business. That’s why 60% of digital leading companies have entrusted the leadership of their transformation to their CIO, and that’s why experts say businesspeople must do more than have a vague understanding of the technology. They must also master a way of thinking and looking at business challenges that is unfamiliar to most people outside the IT department.

In other words, if you don’t think like a CIO yet, now is a very good time to learn.

However, given that you probably don’t have a spare 15 years to learn what your CIO knows, we asked the experts what makes CIO thinking distinctive. Here are the top eight mind hacks.

1. Think in Systems

A lot of businesspeople are used to seeing their organization as a series of loosely joined silos. But in the world of digital business, everything is part of a larger system.

CIOs have known for a long time that smart processes win. Whether they were installing enterprise resource planning systems or working with the business to imagine the customer’s journey, they always had to think in holistic ways that crossed traditional departmental, functional, and operational boundaries.

Unlike other business leaders, CIOs spend their careers looking across systems. Why did our supply chain go down? How can we support this new business initiative beyond a single department or function? Now supported by end-to-end process methodologies such as design thinking, good CIOs have developed a way of looking at the company that can lead to radical simplifications that can reduce cost and improve performance at the same time.

They are also used to thinking beyond temporal boundaries. “This idea that the power of technology doubles every two years means that as you’re planning ahead you can’t think in terms of a linear process, you have to think in terms of huge jumps,” says Jay Ferro, CIO of TransPerfect, a New York–based global translation firm.

No wonder the SAP-Oxford transformation study found that one of the values transformational leaders shared was a tendency to look beyond silos and view the digital transformation as a company-wide initiative.

This will come in handy because in digital transformation, not only do business processes evolve but the company’s entire value proposition changes, says Jeanne Ross, principal research scientist at the Center for Information Systems Research at the Massachusetts Institute of Technology (MIT). “It either already has or it’s going to, because digital technologies make things possible that weren’t possible before,” she explains.

2. Work in Diverse Teams

When it comes to large projects, CIOs have always needed input from a diverse collection of businesspeople to be successful. The best have developed ways to convince and cajole reluctant participants to come to the table. They seek out technology enthusiasts in the business and those who are respected by their peers to help build passion and commitment among the halfhearted.

Digital transformation amps up the urgency for building diverse teams even further. “A small, focused group simply won’t have the same breadth of perspective as a team that includes a salesperson and a service person and a development person, as well as an IT person,” says Ross.

At Lenovo, the global technology giant, many of these cross-functional teams become so used to working together that it’s hard to tell where each member originally belonged: “You can’t tell who is business or IT; you can’t tell who is product, IT, or design,” says the company’s CIO, Arthur Hu.

One interesting corollary of this trend toward broader teamwork is that talent is a priority among digital leaders: they spend more on training their employees and partners than ordinary companies, as well as on hiring the people they need, according to the SAP-Oxford Economics survey. They’re also already being rewarded for their faith in their teams: 71% of leaders say that their successful digital transformation has made it easier for them to attract and retain talent, and 64% say that their employees are now more engaged than they were before the transformation.

3. Become a Consultant

Good CIOs have long needed to be internal consultants to the business. Ever since technology moved out of the glasshouse and onto employees’ desks, CIOs have not only needed a deep understanding of the goals of a given project but also to make sure that the project didn’t stray from those goals, even after the businesspeople who had ordered the project went back to their day jobs. “Businesspeople didn’t really need to get into the details of what IT was really doing,” recalls Ferro. “They just had a set of demands and said, ‘Hey, IT, go do that.’”

Now software has become so integral to the business that nobody can afford to walk away. Businesspeople must join the ranks of the IT consultants.

But that was then. Now software has become so integral to the business that nobody can afford to walk away. Businesspeople must join the ranks of the IT consultants. “If you’re building a house, you don’t just disappear for six months and come back and go, ‘Oh, it looks pretty good,’” says Ferro. “You’re on that work site constantly and all of a sudden you’re looking at something, going, ‘Well, that looked really good on the blueprint, not sure it makes sense in reality. Let’s move that over six feet.’ Or, ‘I don’t know if I like that anymore.’ It’s really not much different in application development or for IT or technical projects, where on paper it looked really good and three weeks in, in that second sprint, you’re going, ‘Oh, now that I look at it, that’s really stupid.’”

4. Learn Horizontal Leadership

CIOs have always needed the ability to educate and influence other leaders that they don’t directly control. For major IT projects to be successful, they need other leaders to contribute budget, time, and resources from multiple areas of the business.

It’s a kind of horizontal leadership that will become critical for businesspeople to acquire in digital transformation. “The leadership role becomes one much more of coaching others across the organization—encouraging people to be creative, making sure everybody knows how to use data well,” Ross says.

In this team-based environment, having all the answers becomes less important. “It used to be that the best business executives and leaders had the best answers. Today that is no longer the case,” observes Gary Cokins, a technology consultant who focuses on analytics-based performance management. “Increasingly, it’s the executives and leaders who ask the best questions. There is too much volatility and uncertainty for them to rely on their intuition or past experiences.”

Many experts expect this trend to continue as the confluence of automation and data keeps chipping away at the organizational pyramid. “Hierarchical, command-and-control leadership will become obsolete,” says Edward Hess, professor of business administration and Batten executive-in-residence at the Darden School of Business at the University of Virginia. “Flatter, distributive leadership via teams will become the dominant structure.”

5. Understand Process Design

When business processes were simpler, IT could analyze the process and improve it without input from the business. But today many processes are triggered on the fly by the customer, making a seamless customer experience more difficult to build without the benefit of a larger, multifunctional team. In a highly digitalized organization like Amazon, which releases thousands of new software programs each year, IT can no longer do it all.

While businesspeople aren’t expected to start coding, their involvement in process design is crucial. One of the techniques that many organizations have adopted to help IT and businesspeople visualize business processes together is design thinking (for more on design thinking techniques, see “A Cult of Creation“).

Customers aren’t the only ones who benefit from better processes. Among the 100 companies the SAP-Oxford Economics researchers have identified as digital leaders, two-thirds say that they are making their employees’ lives easier by eliminating process roadblocks that interfere with their ability to do their jobs. Ninety percent of leaders surveyed expect to see value from these projects in the next two years alone.

6. Learn to Keep Learning

The ability to learn and keep learning has been a part of IT from the start. Since the first mainframes in the 1950s, technologists have understood that they need to keep reinventing themselves and their skills to adapt to the changes around them.

Now that’s starting to become part of other job descriptions too. Many companies are investing in teaching their employees new digital skills. One South American auto products company, for example, has created a custom-education institute that trained 20,000 employees and partner-employees in 2016. In addition to training current staff, many leading digital companies are also hiring new employees and creating new roles, such as a chief robotics officer, to support their digital transformation efforts.

Nicolas van Zeebroeck, professor of information systems and digital business innovation at the Solvay Brussels School of Economics and Management at the Free University of Brussels, says that he expects the ability to learn quickly will remain crucial. “If I had to think of one critical skill,” he explains, “I would have to say it’s the ability to learn and keep learning—the ability to challenge the status quo and question what you take for granted.”

7. Fail Smarter

Traditionally, CIOs tended to be good at thinking through tests that would allow the company to experiment with new technology without risking the entire network.

This is another unfamiliar skill that smart managers are trying to pick up. “There’s a lot of trial and error in the best companies right now,” notes MIT’s Ross. But there’s a catch, she adds. “Most companies aren’t designed for trial and error—they’re trying to avoid an error,” she says.

To learn how to do it better, take your lead from IT, where many people have already learned to work in small, innovative teams that use agile development principles, advises Ross.

For example, business managers must learn how to think in terms of a minimum viable product: build a simple version of what you have in mind, test it, and if it works start building. You don’t build the whole thing at once anymore.… It’s really important to build things incrementally,” Ross says.

Flexibility and the ability to capitalize on accidental discoveries during experimentation are more important than having a concrete project plan, says Ross. At Spotify, the music service, and CarMax, the used-car retailer, change is driven not from the center but from small teams that have developed something new. “The thing you have to get comfortable with is not having the formalized plan that we would have traditionally relied on, because as soon as you insist on that, you limit your ability to keep learning,” Ross warns.

8. Understand the True Cost—and Speed—of Data

Gut instincts have never had much to do with being a CIO; now they should have less to do with being an ordinary manager as well, as data becomes more important.

As part of that calculation, businesspeople must have the ability to analyze the value of the data that they seek. “You’ll need to apply a pinch of knowledge salt to your data,” advises Solvay’s van Zeebroeck. “What really matters is the ability not just to tap into data but to see what is behind the data. Is it a fair representation? Is it impartial?”

Increasingly, businesspeople will need to do their analysis in real time, just as CIOs have always had to manage live systems and processes. Moving toward real-time reports and away from paper-based decisions increases accuracy and effectiveness—and leaves less time for long meetings and PowerPoint presentations (let us all rejoice).

Not Every CIO Is Ready

Of course, not all CIOs are ready for these changes. Just as high school has a lot of false positives—genius nerds who turn out to be merely nearsighted—so there are many CIOs who aren’t good role models for transformation.

Success as a CIO these days requires more than delivering near-perfect uptime, says Lenovo’s Hu. You need to be able to understand the business as well. Some CIOs simply don’t have all the business skills that are needed to succeed in the transformation. Others lack the internal clout: a 2016 KPMG study found that only 34% of CIOs report directly to the CEO.

This lack of a strategic perspective is holding back digital transformation at many organizations. They approach digital transformation as a cool, one-off project: we’re going to put this new mobile app in place and we’re done. But that’s not a systematic approach; it’s an island of innovation that doesn’t join up with the other islands of innovation. In the longer term, this kind of development creates more problems than it fixes.

Such organizations are not building in the capacity for change; they’re trying to get away with just doing it once rather than thinking about how they’re going to use digitalization as a means to constantly experiment and become a better company over the long term.

As a result, in some companies, the most interesting tech developments are happening despite IT, not because of it. “There’s an alarming digital divide within many companies. Marketers are developing nimble software to give customers an engaging, personalized experience, while IT departments remain focused on the legacy infrastructure. The front and back ends aren’t working together, resulting in appealing web sites and apps that don’t quite deliver,” writes George Colony, founder, chairman, and CEO of Forrester Research, in the MIT Sloan Management Review.

Thanks to cloud computing and easier development tools, many departments are developing on their own, without IT’s support. These days, anybody with a credit card can do it.

Traditionally, IT departments looked askance at these kinds of do-it-yourself shadow IT programs, but that’s changing. Ferro, for one, says that it’s better to look at those teams not as rogue groups but as people who are trying to help. “It’s less about ‘Hey, something’s escaped,’ and more about ‘No, we just actually grew our capacity and grew our ability to innovate,’” he explains.

“I don’t like the term ‘shadow IT,’” agrees Lenovo’s Hu. “I think it’s an artifact of a very traditional CIO team. If you think of it as shadow IT, you’re out of step with reality,” he says.

The reality today is that a company needs both a strong IT department and strong digital capacities outside its IT department. If the relationship is good, the CIO and IT become valuable allies in helping businesspeople add digital capabilities without disrupting or duplicating existing IT infrastructure.

If a company already has strong digital capacities, it should be able to move forward quickly, according to Ross. But many companies are still playing catch-up and aren’t even ready to begin transforming, as the SAP-Oxford Economics survey shows.

For enterprises where business and IT are unable to get their collective act together, Ross predicts that the next few years will be rough. “I think these companies ought to panic,” she says. D!


About the Authors

Thomas Saueressig is Chief Information Officer at SAP.

Timo Elliott is an Innovation Evangelist at SAP.

Sam Yen is Chief Design Officer at SAP and Managing Director of SAP Labs.

Bennett Voyles is a Berlin-based business writer.

Read more thought provoking articles in the latest issue of the Digitalist Magazine, Executive Quarterly.
Comments

Tags:

CEO Priorities And Challenges In The Digital World

Dr. Chakib Bouhdary

Digital transformation is here, and it is moving fast. Companies are starting to realize the enormous power of digital technologies like artificial intelligence (AI), Internet of things (IoT) and blockchain. These technologies will drive massive opportunities—and threats—for every company, and they will impact all aspects of business, including the business model. In fact, business velocity has never been this fast, yet it will never be this slow again.

To move quickly, companies need to be clear on what they want to achieve through digital transformation and understand the possible roadblocks. Based on my meetings with customer executives across regions and industries, I have learned that CEOs often have the same three priorities and face the same three challenges:

1. Customer experience – No longer defined by omnichannel and personalized marketing.

Not surprisingly, 92 percent of digital leaders focus on customer experience. However, this is no longer just about omnichannel and personalized marketing – it is about the total customer experience. Businesses are realizing that they need to reimagine their value proposition and orchestrate changes across the value chain – from the first point of interaction to manufacturing, to shipment, to service – and be able to deliver the total customer experience. In some cases, it will even be necessary to change the core product or service itself.

2. Step change in productivity – Transform productivity and cost structure through digital technologies.

Businesses have been using technology to achieve growth for decades, but by combining emerging technologies, they can now achieve a significant productivity boost and reduce costs. For this to happen, companies must first identify the scenarios that will drive significant change in productivity, prioritize them based on value, and then determine the right technologies and solutions. Both Mckinsey and Boston Consulting Group expect a 15 to 30 percent improvement in productivity through digital advancements – blowing the doors off business-as-usual and its incremental productivity growth of 1 to 2 percent.

3. Employee engagement – Fostering a culture of innovation should be at the core of any business.

Companies are looking to create an environment that encourages creativity and innovation. Leaders are attracting the needed talent and building the right skill sets. Additionally, they aim for ways to attract a diverse workforce, improve collaborations, and empower employees – because engaged employees are crucial in order to achieve the best results. This Gallup study reveals that approximately 85 percent of employees worldwide are performing below their potential due to engagement issues.

As CEOs work towards achieving these three desired outcomes, they face some critical challenges that they must address. I define the top three challenges as follows: run vs. innovate, corporate cholesterol, and digital transformation roadmap.

1. Run vs. innovate – To be successful you must prioritize the future.

The foremost challenge that CEOs are facing is how they can keep running current profitable businesses while investing in future innovations. Quite often these two conflict as most executives mistakenly prioritize the first and spend much less time on the latter. This must change. CEOs and their management teams need to spend more time thinking about what digital is for them, discuss new ideas, and reimagine the future. According to Gartner, approximately 50 percent of boards are pushing their CEOs to make progress on digital. Although this is a promising sign, digital must become a priority on every CEOs agenda.

2. Corporate cholesterol – Do not let company culture get in the way of change.

The older the company is, the more stuck it likely is with policies, procedures, layers of management, and risk averseness. When a company’s own processes get in the way of change, that is what I call “corporate cholesterol.” CEOs need to change the culture, encourage cross-team collaborations, and bring in more diverse thinking to reduce the cholesterol levels. In fact, both Mckinsey and Capgemini conclude that culture is the number-one obstacle to digital effectiveness.

3. Digital transformation roadmap – Digital transformation is a journey without a destination.

Many CEOs struggle with their digital roadmap. Questions like: Where do I start? Can a CDO or another executive run this innovation for me? What is my three- to five-year roadmap? often come up during the conversations. Most companies think that there is a set roadmap, or a silver bullet, for digital transformation, but that is not the case. Digital transformation is a journey without a destination, and each company must start small, acquire the necessary skills and knowledge, and continue to innovate.

It is time to face the digital reality and make it a priority. According to KPMG, 70 percent to 80 percent of CEOs believe that the next three years are more critical for their company than the last fifty. And there is good reason to worry, as 75 percent of S&P 500 companies from 2012 will be replaced by 2027 at the current disruption rate.

Download this short executive document. 

Comments

Dr. Chakib Bouhdary

About Dr. Chakib Bouhdary

Dr. Chakib Bouhdary is the Digital Transformation Officer at SAP. Chakib spearheads thought leadership for the SAP digital strategy and advises on the SAP business model, having led its transformation in 2010. He also engages with strategic customers and prospects on digital strategy and chairs Executive Digital Exchange (EDX), which is a global community of digital innovation leaders. Follow Chakib on LinkedIn and Twitter