Technology: A Threat And Enabler To National Security In The Digital Era

Jol Keegan

I recently had the pleasure of attending the Australian Security Summit in Canberra. The summit, principally for public sector delegates dealing with national security challenges, did a great job of attracting top speakers and senior current and former bureaucrats for their candid assessments of the global challenges of radicalisation, terrorism, and transnational crime.

What struck me was that this event – tangibly more than similar events I had attended in the past – was permeated by an undercurrent of technology enablement. Indeed, technology featured in the vast majority of presentations and roundtable discussions.

On reflection, the fourth industrial revolution, powered by the digital economy, has well and truly landed on the doorstep of national security policymakers and practitioners. While technology has always been a feature, they have not had to deal with  today’s ever-increasing pace of technology advancement.

“Technology enablement” has a ring of great promise to it for positive national security outcomes, but perversely, it also applies to the perpetrators of radicalisation, terrorism, and transnational crime. These perpetrators are incredibly agile with access to a highly distributed technology workforce not constrained by geographic boundaries or organisational infrastructures. They are not bound to procurement rules that for public-sector organisations are historically well-founded and seek to provide the best value for money for taxpayers. They operate at the bleeding edge of technology with a huge appetite for taking risk, simply because they can.

Bleeding-edge technological advancement in the 20th century was heavily influenced by that century’s depressing propensity for global warfare, including the Cold War, and by the space race. But this century has seen the emergence of a staggering array of technology innovation by sectors such as retail, finance, and utilities. Those with nefarious intent are harnessing those commercial advancements, whether to radicalise, plan and equip terrorist acts, commit crime, or conduct cyberattacks.

As @Richard Walton, one of the key speakers at the summit, suggested, in the context of globalisation and a digitally connected world, this has created a global, networked radicalisation and terrorism threat. He suggests the threat requires nations to have integrated systems, policies, and practices, and these need to be internationally as well as domestically focused. He has published similar insights when discussing how the UK tackled the 2012 Olympics counterterrorism effort.

So, how do governments and their national security agencies stay at the bleeding edge of technology to counter highly sophisticated, agile threat actors while managing risk? Some simple suggestions come to mind.

First, agencies should look to broaden the pool of technology providers beyond the traditional defence, aerospace, and space industries that served societal advancement so well in the 20th century. The co-existence and integration of specialist national security technologies with the latest, greatest commercial advancements could offer some powerful combinations for capability enhancement.

Secondly, identify and support business startups to plug holes in capability gaps. Agencies need not do this alone, but can draw on the university sector, research sector, and larger partner companies to help such startups navigate their way to commercial viability for the mutual benefit of all. University Innovation Districts open up such possibilities, a case in point being 22@ in Barcelona. The University of Canberra seeks to learn from this model as it develops its campus as part of a push to transform Canberra into a knowledge economy.

Finally, agencies need be innovative in the act of procurement itself. They should consider long-term service arrangements or innovation partnerships with industry rather than point-in-time hardware or software purchases. As a simple service arrangement example, companies can now purchase access to compressed air on an industrial scale from Kaeser rather than air compressors per se. In this service-based model, customers benefit continually as the provider innovates, without the risk of having to keep on investing on new products and capability.

To conclude, the digital economy does extend to national security. It is time, as Richard Walton suggests, to seek integrated systems, policies, and practices across the national security ecosystem. The more cognisant this ecosystem is of the digital economy beyond the normal purview of national security agencies, I would argue, the better chance of staying ahead of these ever-increasing security challenges.

To learn more about the SAP Institute for Digital Government, visit www.sap.com/sidg, follow us on Twitter @sapsidg, or email us at digitalgovernment@sap.com.

Comments

Jol Keegan

About Jol Keegan

Jolyon brings with him to SAP 27 years of experience in Defence, Government and Industry roles, including Special Forces, Intelligence, Policy, and Program Management. He is responsible for Defence and Public Security across ANZ, building go to market strategies, planning and executing demand generation activities, and being closely involved with accounts in deal support

Five Ignored Practices That Can Disarm Your Cybersecurity Time Bomb

Paul Kurchina

Year after year, data breaches become messier, bigger, and more dangerous – and no business or person is immune from cybersecurity attacks. In fact, any form of cyber crime can impact over half of the world’s population. That’s roughly 3.8 billion people, up from 2 billion in 2015 – and that attack population will grow to 75% as another 2.2 billion people gain access to the Internet by 2022.

Considering the risk, consumers are always shocked to hear that the companies they love exposed their information by missing much-needed patches, ignoring back-door vulnerabilities in their IT architecture, and choosing weak passwords. Furthermore, a good portion of these incidents are preventable. For example, delaying one patch update by as little as six weeks could lead to data theft that impacts hundreds of millions of people in a matter of minutes.

“News headlines warn companies of all sizes that they are putting themselves at risk literally every day,” observed Virtual Forge CEO Markus Schumacher during the Webcast “Achieving Baseline Security Within the SAP Environment,” hosted by Americas’ SAP Users’ Group (ASUG). “If executives fail to implement good controls and ensure that safeguards are in place and effectively used, they are not doing their jobs.”

Tick, tick, tick: It’s time to take control of cybersecurity

Businesses often overlook system configuration, custom code, and transports even though most CEOs are aware of the guidelines to keep their systems secure. Unfortunately, failure in any of these areas introduces security risks

To address these preventable cybersecurity risks, executives should reconsider five fundamental practices for maintaining the security integrity of IT landscapes.

1. Governance, risk, compliance (GRC) of authorizations

Functional and technical users need to be managed in a manner that ensures proper and secure access to the right information, when and where they need it. GRC considerations include restriction of standard users and profiles, segregation of duties, remote function call (RFC) interfaces, user provisioning and decommissioning, data encryption, and the secure use of cryptography. Businesses can also address their password policies by implementing best practices and single sign-on capabilities.

2. Setup security

The organization and maintenance of the IT landscape – as routine as it may sound – can significantly impact the security of your systems, data, and brand reputation. In this case, the IT organization should prioritize the installation of all security patches, monitor security settings continuously on all systems, secure RFC and all other interfaces, and implement end-to-end encryption.

3. Security of custom code

Since companies are unique in how they operate, serve customers, and approach the industry, every IT landscape will always have one or more applications with custom code. The rule for ensuring a secure software development lifecycle is to scan all custom and third-party code early and often. After identifying an exposure, the IT department should perform risk-based assessments and resolutions immediately.

4. Infrastructure security

When hacking a system, most cybercriminals attack the operational system (OS) and database (DB) first because they are the easiest to infiltrate. For this reason, it is important to patch and update the OS and the DB without undue delay and enforce practices around strong passwords for this layer. Additionally, profile parameters should be continuously monitored and controlled, as well as routers, Web dispatchers, gateways, and Java systems.

5. Change management

During development, testing, and production, companies must securely transport code without the risk of intrusion and corruption. Whether received from an internal or external source, all transported content should be inspected before the next stage in the release process. Otherwise, preventable risks may be introduced to the target system. Additionally, it is critical to remain vigilant by encrypting communication and controlling transport paths to meet business needs.

Attention to the fundamentals of IT integrity defuses preventable exposure

The vulnerability of systems to cyberattacks is nothing more than a ticking time bomb. Missing any aspect of cybersecurity puts everyone at risk. For the good of the business, their employees, their customers, and the economy, executives need to rethink their cybersecurity strategies now to protect the company from preventable breaches and the consequences that will follow an attack.

For more insights into securing your SAP software investments and strategy, watch the replay of the Americas’ SAP Users’ Group (ASUG) Webcast “Achieving Baseline Security Within the SAP Environment,” featuring Virtual Forge CEO Markus Schumacher.

Comments

Paul Kurchina

About Paul Kurchina

Paul Kurchina is a community builder and evangelist with the Americas’ SAP Users Group (ASUG), responsible for developing a change management program for ASUG members.

How To Look Back To The Future Of Cybersecurity

Derek Klobucher

As if to cap off an already eventful National Cybersecurity Awareness Month—and perhaps proving that there is no honor among thieves—a hacker breached a forum for hackers last week, and is ransoming fellow cyber-attackers’ user data for $50,000. And there certainly seems to be plenty of occasions to increase our awareness of cybersecurity issues.

About 1.9 billion data records got exposed in the 918 data breaches that occurred in the first half of 2017—up 164 percent from the last half of 2016—according to a digital security firm’s study. The U.S. Department of Homeland Security issued a warning last week about the Bad Rabbit ransomware, which is disrupting government, hospital and other systems internationally. And cybersecurity researchers confirmed last week that an enormous botnet has already infected more than one million organizations—and is on the verge of unleashing “the next cyber-hurricane.”

It’s crucial that we learn from these attacks. And—just as some are using high-tech for cyberattacks—others are using blockchain, artificial intelligence and other cutting-edge technology to improve cybersecurity.

Blockchain, AI, and IoT to the rescue

With so many cyberattacks targeting centralized services, blockchain’s decentralized technology offers cyber-defenses from many types of attacks, according to PC Magazine last week. Among the benefits are blockchain’s transparency and distributed nature, which eliminate the single failure points that many hackers prey upon. But …

“The best defense [organizations] have is the same thing that makes them such an appealing target for hackers: a mountain of data,” PC Magazine stated in a different story last week. “By using machine learning algorithms and other artificial intelligence techniques to identify data patterns, vulnerable user behaviors and predictive security trends, companies are mining and analyzing the wealth of data at their disposal to hopefully stop the next breach from happening.”

However, networks and Internet of Things sensors will still require cybersecurity technology, VentureBeat stated this month. Unsecured devices can be terrible liabilities, so organizations should earnestly evaluate the opportunities and vulnerabilities offered by AI and IoT—and ensure that all users are well trained.

Build a tech-savvy phalanx

Technical savvy helps employees across the organization better understand their work environment and, as a result, operate more securely, according to SmartBrief last week. This will only get more important, as data analytics is increasingly crucial to business success—and as workflow automation continues to get cheaper.

And making rules isn’t enough. For example, in healthcare, HIPAA regulations require that organizations train their workers to maintain patient privacy—and punish those who violate policies and procedures. But employee security awareness is the top healthcare data security concern for 80 percent of health IT executives, according to a 2017 healthcare security study.

“Build a culture of cybersecurity among your executive and physician leaders,” Theresa Meadows, CHCIO, Senior VP and CIO of Cook Children’s Health Care System, stated last month. “Educate them about the threats, myths and importance of good cyber hygiene … they can champion the cause among their peers and staff and get them to buy into safety processes.”

Of course, cybersecurity cultures don’t sprout up overnight.

Learning our lessons

Chief information security officers face the increasingly difficult job of convincing their c-suites that cybersecurity expenditures are worth the big bucks, according to Government Computer News this month. CISOs can use their organizations wealth of data to frame cybersecurity in terms that managers and executives can understand, such as managing risk, business continuity and regulatory compliance.

In short, it’s about taking a step back and learning lessons from the big picture.

“We are so overwhelmed with present security concerns that we don’t have the ability to look into the future — or we hesitate to second guess what cybercriminals might end up doing,” IT Business Edge stated last week. “It’s up to us to recognize what we’ve seen in the past in order to rethink our security solutions of the future.”

And last week’s hacking of the hackers’ forum—as well as other events from this year’s National Cybersecurity Awareness Month—have given us plenty of source material to learn from.

This story originally appeared on SAP’s Business Trends. Follow me on Twitter@DKlobucher

Comments

Derek Klobucher

About Derek Klobucher

Derek Klobucher is a Brand Journalist, Content Marketer and Master Digital Storyteller at SAP. His responsibilities include conceiving, developing and conducting global, company-wide employee brand journalism training; managing content, promotion and strategy for social networks and online media; and mentoring SAP employees, contractors and interns to optimize blogging and social media efforts.

More Than Noise: Digital Trends That Are Bigger Than You Think

By Maurizio Cattaneo, David Delaney, Volker Hildebrand, and Neal Ungerleider

In the tech world in 2017, several trends emerged as signals amid the noise, signifying much larger changes to come.

As we noted in last year’s More Than Noise list, things are changing—and the changes are occurring in ways that don’t necessarily fit into the prevailing narrative.

While many of 2017’s signals have a dark tint to them, perhaps reflecting the times we live in, we have sought out some rays of light to illuminate the way forward. The following signals differ considerably, but understanding them can help guide businesses in the right direction for 2018 and beyond.

When a team of psychologists, linguists, and software engineers created Woebot, an AI chatbot that helps people learn cognitive behavioral therapy techniques for managing mental health issues like anxiety and depression, they did something unusual, at least when it comes to chatbots: they submitted it for peer review.

Stanford University researchers recruited a sample group of 70 college-age participants on social media to take part in a randomized control study of Woebot. The researchers found that their creation was useful for improving anxiety and depression symptoms. A study of the user interaction with the bot was submitted for peer review and published in the Journal of Medical Internet Research Mental Health in June 2017.

While Woebot may not revolutionize the field of psychology, it could change the way we view AI development. Well-known figures such as Elon Musk and Bill Gates have expressed concerns that artificial intelligence is essentially ungovernable. Peer review, such as with the Stanford study, is one way to approach this challenge and figure out how to properly evaluate and find a place for these software programs.

The healthcare community could be onto something. We’ve already seen instances where AI chatbots have spun out of control, such as when internet trolls trained Microsoft’s Tay to become a hate-spewing misanthrope. Bots are only as good as their design; making sure they stay on message and don’t act in unexpected ways is crucial.

This is especially true in healthcare. When chatbots are offering therapeutic services, they must be properly designed, vetted, and tested to maintain patient safety.

It may be prudent to apply the same level of caution to a business setting. By treating chatbots as if they’re akin to medicine or drugs, we have a model for thorough vetting that, while not perfect, is generally effective and time tested.

It may seem like overkill to think of chatbots that manage pizza orders or help resolve parking tickets as potential health threats. But it’s already clear that AI can have unintended side effects that could extend far beyond Tay’s loathsome behavior.

For example, in July, Facebook shut down an experiment where it challenged two AIs to negotiate with each other over a trade. When the experiment began, the two chatbots quickly went rogue, developing linguistic shortcuts to reduce negotiating time and leaving their creators unable to understand what they were saying.

Do we want AIs interacting in a secret language because designers didn’t fully understand what they were designing?

The implications are chilling. Do we want AIs interacting in a secret language because designers didn’t fully understand what they were designing?

In this context, the healthcare community’s conservative approach doesn’t seem so farfetched. Woebot could ultimately become an example of the kind of oversight that’s needed for all AIs.

Meanwhile, it’s clear that chatbots have great potential in healthcare—not just for treating mental health issues but for helping patients understand symptoms, build treatment regimens, and more. They could also help unclog barriers to healthcare, which is plagued worldwide by high prices, long wait times, and other challenges. While they are not a substitute for actual humans, chatbots can be used by anyone with a computer or smartphone, 24 hours a day, seven days a week, regardless of financial status.

Finding the right governance for AI development won’t happen overnight. But peer review, extensive internal quality analysis, and other processes will go a long way to ensuring bots function as expected. Otherwise, companies and their customers could pay a big price.

Elon Musk is an expert at dominating the news cycle with his sci-fi premonitions about space travel and high-speed hyperloops. However, he captured media attention in Australia in April 2017 for something much more down to earth: how to deal with blackouts and power outages.

In 2016, a massive blackout hit the state of South Australia following a storm. Although power was restored quickly in Adelaide, the capital, people in the wide stretches of arid desert that surround it spent days waiting for the power to return. That hit South Australia’s wine and livestock industries especially hard.

South Australia’s electrical grid currently gets more than half of its energy from wind and solar, with coal and gas plants acting as backups for when the sun hides or the wind doesn’t blow, according to ABC News Australia. But this network is vulnerable to sudden loss of generation—which is exactly what happened in the storm that caused the 2016 blackout, when tornadoes ripped through some key transmission lines. Getting the system back on stable footing has been an issue ever since.

Displaying his usual talent for showmanship, Musk stepped in and promised to build the world’s largest battery to store backup energy for the network—and he pledged to complete it within 100 days of signing the contract or the battery would be free. Pen met paper with South Australia and French utility Neoen in September. As of press time in November, construction was underway.

For South Australia, the Tesla deal offers an easy and secure way to store renewable energy. Tesla’s 129 MWh battery will be the most powerful battery system in the world by 60% once completed, according to Gizmodo. The battery, which is stationed at a wind farm, will cover temporary drops in wind power and kick in to help conventional gas and coal plants balance generation with demand across the network. South Australian citizens and politicians largely support the project, which Tesla claims will be able to power 30,000 homes.

Until Musk made his bold promise, batteries did not figure much in renewable energy networks, mostly because they just aren’t that good. They have limited charges, are difficult to build, and are difficult to manage. Utilities also worry about relying on the same lithium-ion battery technology as cellphone makers like Samsung, whose Galaxy Note 7 had to be recalled in 2016 after some defective batteries burst into flames, according to CNET.

However, when made right, the batteries are safe. It’s just that they’ve traditionally been too expensive for large-scale uses such as renewable power storage. But battery innovations such as Tesla’s could radically change how we power the economy. According to a study that appeared this year in Nature, the continued drop in the cost of battery storage has made renewable energy price-competitive with traditional fossil fuels.

This is a massive shift. Or, as David Roberts of news site Vox puts it, “Batteries are soon going to disrupt power markets at all scales.” Furthermore, if the cost of batteries continues to drop, supply chains could experience radical energy cost savings. This could disrupt energy utilities, manufacturing, transportation, and construction, to name just a few, and create many opportunities while changing established business models. (For more on how renewable energy will affect business, read the feature “Tick Tock” in this issue.)

Battery research and development has become big business. Thanks to electric cars and powerful smartphones, there has been incredible pressure to make more powerful batteries that last longer between charges.

The proof of this is in the R&D funding pudding. A Brookings Institution report notes that both the Chinese and U.S. governments offer generous subsidies for lithium-ion battery advancement. Automakers such as Daimler and BMW have established divisions marketing residential and commercial energy storage products. Boeing, Airbus, Rolls-Royce, and General Electric are all experimenting with various electric propulsion systems for aircraft—which means that hybrid airplanes are also a possibility.

Meanwhile, governments around the world are accelerating battery research investment by banning internal combustion vehicles. Britain, France, India, and Norway are seeking to go all electric as early as 2025 and by 2040 at the latest.

In the meantime, expect huge investment and new battery innovation from interested parties across industries that all share a stake in the outcome. This past September, for example, Volkswagen announced a €50 billion research investment in batteries to help bring 300 electric vehicle models to market by 2030.

At first, it sounds like a narrative device from a science fiction novel or a particularly bad urban legend.

Powerful cameras in several Chinese cities capture photographs of jaywalkers as they cross the street and, several minutes later, display their photograph, name, and home address on a large screen posted at the intersection. Several days later, a summons appears in the offender’s mailbox demanding payment of a fine or fulfillment of community service.

As Orwellian as it seems, this technology is very real for residents of Jinan and several other Chinese cities. According to a Xinhua interview with Li Yong of the Jinan traffic police, “Since the new technology has been adopted, the cases of jaywalking have been reduced from 200 to 20 each day at the major intersection of Jingshi and Shungeng roads.”

The sophisticated cameras and facial recognition systems already used in China—and their near–real-time public shaming—are an example of how machine learning, mobile phone surveillance, and internet activity tracking are being used to censor and control populations. Most worryingly, the prospect of real-time surveillance makes running surveillance states such as the former East Germany and current North Korea much more financially efficient.

According to a 2015 discussion paper by the Institute for the Study of Labor, a German research center, by the 1980s almost 0.5% of the East German population was directly employed by the Stasi, the country’s state security service and secret police—1 for every 166 citizens. An additional 1.1% of the population (1 for every 66 citizens) were working as unofficial informers, which represented a massive economic drain. Automated, real-time, algorithm-driven monitoring could potentially drive the cost of controlling the population down substantially in police states—and elsewhere.

We could see a radical new era of censorship that is much more manipulative than anything that has come before. Previously, dissidents were identified when investigators manually combed through photos, read writings, or listened in on phone calls. Real-time algorithmic monitoring means that acts of perceived defiance can be identified and deleted in the moment and their perpetrators marked for swift judgment before they can make an impression on others.

Businesses need to be aware of the wider trend toward real-time, automated censorship and how it might be used in both commercial and governmental settings. These tools can easily be used in countries with unstable political dynamics and could become a real concern for businesses that operate across borders. Businesses must learn to educate and protect employees when technology can censor and punish in real time.

Indeed, the technologies used for this kind of repression could be easily adapted from those that have already been developed for businesses. For instance, both Facebook and Google use near–real-time facial identification algorithms that automatically identify people in images uploaded by users—which helps the companies build out their social graphs and target users with profitable advertisements. Automated algorithms also flag Facebook posts that potentially violate the company’s terms of service.

China is already using these technologies to control its own people in ways that are largely hidden to outsiders.

According to a report by the University of Toronto’s Citizen Lab, the popular Chinese social network WeChat operates under a policy its authors call “One App, Two Systems.” Users with Chinese phone numbers are subjected to dynamic keyword censorship that changes depending on current events and whether a user is in a private chat or in a group. Depending on the political winds, users are blocked from accessing a range of websites that report critically on China through WeChat’s internal browser. Non-Chinese users, however, are not subject to any of these restrictions.

The censorship is also designed to be invisible. Messages are blocked without any user notification, and China has intermittently blocked WhatsApp and other foreign social networks. As a result, Chinese users are steered toward national social networks, which are more compliant with government pressure.

China’s policies play into a larger global trend: the nationalization of the internet. China, Russia, the European Union, and the United States have all adopted different approaches to censorship, user privacy, and surveillance. Although there are social networks such as WeChat or Russia’s VKontakte that are popular in primarily one country, nationalizing the internet challenges users of multinational services such as Facebook and YouTube. These different approaches, which impact everything from data safe harbor laws to legal consequences for posting inflammatory material, have implications for businesses working in multiple countries, as well.

For instance, Twitter is legally obligated to hide Nazi and neo-fascist imagery and some tweets in Germany and France—but not elsewhere. YouTube was officially banned in Turkey for two years because of videos a Turkish court deemed “insulting to the memory of Mustafa Kemal Atatürk,” father of modern Turkey. In Russia, Google must keep Russian users’ personal data on servers located inside Russia to comply with government policy.

While China is a pioneer in the field of instant censorship, tech companies in the United States are matching China’s progress, which could potentially have a chilling effect on democracy. In 2016, Apple applied for a patent on technology that censors audio streams in real time—automating the previously manual process of censoring curse words in streaming audio.

In March, after U.S. President Donald Trump told Fox News, “I think maybe I wouldn’t be [president] if it wasn’t for Twitter,” Twitter founder Evan “Ev” Williams did something highly unusual for the creator of a massive social network.

He apologized.

Speaking with David Streitfeld of The New York Times, Williams said, “It’s a very bad thing, Twitter’s role in that. If it’s true that he wouldn’t be president if it weren’t for Twitter, then yeah, I’m sorry.”

Entrepreneurs tend to be very proud of their innovations. Williams, however, offers a far more ambivalent response to his creation’s success. Much of the 2016 presidential election’s rancor was fueled by Twitter, and the instant gratification of Twitter attracts trolls, bullies, and bigots just as easily as it attracts politicians, celebrities, comedians, and sports fans.

Services such as Twitter, Facebook, YouTube, and Instagram are designed through a mix of look and feel, algorithmic wizardry, and psychological techniques to hang on to users for as long as possible—which helps the services sell more advertisements and make more money. Toxic political discourse and online harassment are unintended side effects of the economic-driven urge to keep users engaged no matter what.

Keeping users’ eyeballs on their screens requires endless hours of multivariate testing, user research, and algorithm refinement. For instance, Casey Newton of tech publication The Verge notes that Google Brain, Google’s AI division, plays a key part in generating YouTube’s video recommendations.

According to Jim McFadden, the technical lead for YouTube recommendations, “Before, if I watch this video from a comedian, our recommendations were pretty good at saying, here’s another one just like it,” he told Newton. “But the Google Brain model figures out other comedians who are similar but not exactly the same—even more adjacent relationships. It’s able to see patterns that are less obvious.”

A never-ending flow of content that is interesting without being repetitive is harder to resist. With users glued to online services, addiction and other behavioral problems occur to an unhealthy degree. According to a 2016 poll by nonprofit research company Common Sense Media, 50% of American teenagers believe they are addicted to their smartphones.

This pattern is extending into the workplace. Seventy-five percent of companies told research company Harris Poll in 2016 that two or more hours a day are lost in productivity because employees are distracted. The number one reason? Cellphones and texting, according to 55% of those companies surveyed. Another 41% pointed to the internet.

Tristan Harris, a former design ethicist at Google, argues that many product designers for online services try to exploit psychological vulnerabilities in a bid to keep users engaged for longer periods. Harris refers to an iPhone as “a slot machine in my pocket” and argues that user interface (UI) and user experience (UX) designers need to adopt something akin to a Hippocratic Oath to stop exploiting users’ psychological vulnerabilities.

In fact, there is an entire school of study devoted to “dark UX”—small design tweaks to increase profits. These can be as innocuous as a “Buy Now” button in a visually pleasing color or as controversial as when Facebook tweaked its algorithm in 2012 to show a randomly selected group of almost 700,000 users (who had not given their permission) newsfeeds that skewed more positive to some users and more negative to others to gauge the impact on their respective emotional states, according to an article in Wired.

As computers, smartphones, and televisions come ever closer to convergence, these issues matter increasingly to businesses. Some of the universal side effects of addiction are lost productivity at work and poor health. Businesses should offer training and help for employees who can’t stop checking their smartphones.

Mindfulness-centered mobile apps such as Headspace, Calm, and Forest offer one way to break the habit. Users can also choose to break internet addiction by going for a walk, turning their computers off, or using tools like StayFocusd or Freedom to block addictive websites or apps.

Most importantly, companies in the business of creating tech products need to design software and hardware that discourages addictive behavior. This means avoiding bad designs that emphasize engagement metrics over human health. A world of advertising preroll showing up on smart refrigerator touchscreens at 2 a.m. benefits no one.

According to a 2014 study in Cyberpsychology, Behavior and Social Networking, approximately 6% of the world’s population suffers from internet addiction to one degree or another. As more users in emerging economies gain access to cheap data, smartphones, and laptops, that percentage will only increase. For businesses, getting a head start on stopping internet addiction will make employees happier and more productive. D!


About the Authors

Maurizio Cattaneo is Director, Delivery Execution, Energy, and Natural Resources, at SAP.

David Delaney is Global Vice President and Chief Medical Officer, SAP Health.

Volker Hildebrand is Global Vice President for SAP Hybris solutions.

Neal Ungerleider is a Los Angeles-based technology journalist and consultant.


Read more thought provoking articles in the latest issue of the Digitalist Magazine, Executive Quarterly.

Comments

Tags:

Death Of An IT Salesman

Jesper Schleimann

As software shifts from supporting the strategy to becoming the strategy of most companies, the relationship and even the sales process between the vendor side and the customer side in the IT industry is subsequently also undergoing some remarkable changes. The traditional IT salesman is an endangered species.

I recently had the pleasure of participating in a workshop with one of Scandinavia’s largest companies to create new business models in the company’s operations business area. As an IT vendor, we worked with the customer in an open process using the design thinking methodology—a creative process in which we jointly visualized, defined, and solidified how new flows of data can change business processes and their business models.

By working with “personas” relevant to their business, we could better understand how technology can help different roles in the involved departments deliver their contributions faster and more efficiently. The scope was completely open. We put our knowledge and experience with technological opportunities in parallel with the company’s own knowledge of the market, processes, and business.

The results may trigger a sale of software from our side at a point, but we do not know exactly which solution—or even if it will happen. What we did do was innovate together and better understand our customer’s future and viable routes to success. Such is the reality of the strategic work of digitizing here on the verge of year 2018.

Solution selling is not enough

In my view, the transgressive nature of technology is radically changing the way businesses and the sales process works. The IT industry—at least parts of it—must focus on completely different types of collaboration with the customer.

Historically, the sales process has already realized major changes. In the past, you’d find a product-fixated “used-car-sales” approach, which identified the characteristics of the box or solution and left it to the customer to find the hole in the cheese. Since then, a generation of IT key account managers learned “solution selling,” with a sharp focus on finding and defining a “pain point” at the customer and then position the solution against this. But today, even that approach falls short.

Endangered species

The challenge is that software solutions now support the formation of new, yet unknown business models. They transverse processes and do not respect silo borders within organizations. Consequently, businesses struggle to define a clear operational road. Top management faces a much broader search of potential for innovation. The creation of a compelling vision itself requires a continuous and comprehensive study of what digitization can do for the value chain and for the company’s ecosystem.

Vendors abandon their customers if they are too busy selling different tools and platforms without entering into a committed partnership to create the new business model. Therefore, the traditional IT salesperson, preoccupied with their own goals, is becoming an endangered species. The customer-driven process requires even key account managers to dig deep and endeavor to understand the customer’s business. The best in the IT industry will move closer to the role of trusted adviser, mastering the required capabilities and accepting the risks and rewards that follow.

Leaving the comfort zone

This obviously has major consequences for the sales culture in the IT industry. Reward mechanisms and incentive structures need to be reconsidered toward a more behavioral incentive. And the individual IT salesperson is going on a personal journey, as the end goal is no longer to close an order, but to create visions and deliver value in partnership with the customer and to do so in an ever-changing context, where the future is volatile and unpredictable.

A key account manager is the customer’s traveling companion. Do not expect to be able to reduce complexity and stay in your comfort zone and not be affected by this change. Vendors should think bigger, and as an IT salesperson, you need to show your ability for transformational thinking. Everyone must be prepared to take the first baby steps, but there will definitely also be some who cannot handle the change. Disruption is not just something you, as a vendor, deliver to a customer. The noble art of being a digital vendor is facing some serious earthquakes.

For more on how tech innovation is disrupting traditional business models, see Why You Should Consider Disrupting Your Own Business.

Comments

Jesper Schleimann

About Jesper Schleimann

Chief Technology Officer, Nordic & Baltic region In his role as Nordic CTO, Jesper's mission is to help customers unlock their business potential by simplifying their digital transformation. Jesper has a Cand.polit. from the University of Copenhagen as well as an Executive MBA from Copenhagen Business School.