D. Justhy's Blog

"Getting to Yes, Now!"


Honey: Will You and Your Enterprise Disappear?


Are you in the 40% who will disappear?

According to an IDC report released in October 2017, by the year 2020, 60% of all enterprises will have fully articulated an organisation-wide digital platform strategy, and will be in the process of implementing it.

Considering that we are now in December 2017, we are about two full years away, before the above mentioned enterprises would have articulated a platform strategy.

From what is observable in various business landscapes organisations have different levels of maturity in their digital journeys. Some are advanced and some are not.

What is worse, is if your organisation is making up the 40% who are just not prepared for the transition into the digital age! This is scary, of course only if you care about your enterprise, your career, your pensions and/or stock options.

In my book, The Billion Dollar Byte, I mentioned that four hundred plus companies disappeared from the Fortune 500 list because they were unable to transform. We labelled this as ‘creative disruption’.

And this sounds good to read and talk about, as long as it is not YOUR organisation or your enterprise, or indeed some one’s you care about.

But, what if it is?

What chances do you have to save a company from disappearing?

Our best bet as a society is to trust what each and every enterprise would have. And that is their data and indeed, their own people.

The best chance for any organisation to win in the digital age is their data and their people. These are the most valuable assets, which for some strange reasons do not appear on the balance sheets yet.

The important point for any organisation to consider, especially if you are in the 40% who are not prepared, where do you and your organisation stand in this journey, today? And how do you get to where you must be?

Want to See What the Journey into the Digital Age Looks Like? Check out in this graphic here.

Once you are clear about your road map, the data strategy blueprint will guide you in your journey in to the digital age.

The data strategy blueprint itself has three easy to understand stages which any company, in any sector can adapt to set the right course for the digital age.

Since most of these transformational journeys involve spends to the tune of billions of dollars, ideally the sponsors will be as careful as the shareholders.

Being in control of such spends and outcomes is critical. There is no excuse for not transitioning into the digital age.

Well, if we are honest with ourselves, if your organisation does not transform and transition successfully, there is a high likelihood that your organisation, as you know it today, may not be recognisable in about five years from now.

Please do let me know of your digital age journey.  Just drop me a line or connect with me on linkedin.

Let’s keep this conversation going and let make it well beyond the other end of the transition. May the force be with you, until the last jedi!

Knowing that I am RED

90 days to the life you desire.  This is the promise of author Tom Dutta in his heartfelt book, The Way of the Quite Warrior.

After a very hectic 2017, I managed to get some time in December to revisit this book. I read this book in a hurry a few months ago and was touched by it. So, made a self-note to revisit this. So, here’s my catalogue of my experiences as I now, study this book and apply the learnings to my life. Many people I know personally, will benefit from this too.

The first phase in the Way of the Warrior is called, ‘The Self’. If we are truly accountable individuals, no endeavour of any proportion or intent is ever possible without a thorough measure of the self. I strongly believe this.

Regardless of your profession, any conscious individual needs to be aware of their strengths, limitations and purpose – however, that is understood today. In my opinion, this is likely to change as our life experiences unfold.  Perhaps, that’s what makes life so meaningful.

Author Tom discusses the application of Dr. Taylor Hartman’s colour code personality assessment in the first phase of this book. I took the test. My test revealed that my Personality Style is RED.

The book revealed that a Red personality is motivated by power, not being good or bad, but a sense of getting things done, moving from A to B; this is how Red personalities love the world.

People who dislike or hate me could interpret this as my ‘sinister’ personality. We might have to do a poll to check how many people I would have interacted in my life felt “used and abused” in order to meet my selfish goals.

On the brighter side, the Reds are confident, assertive, motivated, decisive and often have a natural talent for vision and leadership. It appears that if you are lost in a strange city, you want people like ME, a Red personality by your side because, within minutes, Reds will find the nearest landmark and map out a route and they won’t stop until a problem is solved.

Apparently, Steve Jobs is a classic example of a Red leader, someone with an incredible vision who truly created a dent in the universe and inspired us all into the digital age, with www.apple.com.

My big idea of “Getting to Yes, Now!” with the combination of data and indeed people, and my journey of enabling professionals and leaders transition into the digital age is probably an expression of my Red personality.

Will keep you posted on my progress with ’The Way of the Quite Warrior”.

If you have not yet got your hands on it, it is available here.

Data Security – More than Just an IT Matter

Data, for the most part of the past few decades, has always been something that exclusively belonged to the IT departments. They would acquire it, transform it, enrich it, enhance it, and shape it. In fact, they would even protect it for the organisation.

At least, so it seemed up until recent years, when data breaches have started to become frequent events and even started to wipe out large financial value.

As the level of complexity associated with data compounds along with technology evolution, the role of protecting data is beginning to go beyond the confines of the IT department and rightly so. After all business models and business processes are not confined to just IT departments.

In order to protect data, companies need to do more than just reinforce their IT departments. They need to invest in not just tools and technologies but indeed in reskilling their workforce for the digital age. And this reskilling is not limited to technologists alone. That’s one of the main reasons that data security is not just an IT matter anymore.

In fact, company boards need to be made accountable for data breaches, if digital age success is an aspiration.

In a June 2017, an IBM sponsored Ponemon Institute Research Report on the Cost of Data Breaches, three root causes were highlighted as reasons for data breaches.

They are as follows:

  1. Malicious or Criminal Attack
  2. System glitch
  3. Human Error

Forty-seven percent of incidents involved a malicious or criminal attack, 25 percent were due to negligent employees or contractors (human factor) and 28 percent involved system glitches, including both IT and business process failures.

As per the report, the per capita cost of data breaches due to malicious or criminal attacks was $156. This is significantly higher than the per capita cost for breaches caused by system glitches and human factors ($128 and $126, respectively).

Malicious or criminal attacks cause the most data breaches and this includes negligent insiders who are actually individuals who cause a data breach because of their carelessness, as determined in a post data breach investigation.

Incidentally, malicious attacks can be caused by hackers or criminal insiders, in the form of employees, contractors or other third parties. However, the most common types of malicious or criminal attacks include malware infections, criminal insiders, phishing/social engineering and SQL injection.

While System glitches are understandably very IT centred in nature, both Malicious or Criminal Attack as well as Human Error are both indeed more about the human element of data breaches.

And the best place to address the human element of data breaches is probably the boardrooms and certainly not the IT back rooms.

Why a Disciplined Process is More Important than Expensive Technology

We all have a good idea of what cloud computing is by now and why organizations and businesses are moving towards it. The cloud is scalable, versatile, flexible, secure and what not! Plus, with names like Microsoft and Amazon providing these services, you might think there is very little that can go wrong.

However, as we have seen in the past few years, things do go wrong. More often than not, organizations, in their eagerness to transition into the cloud, end up exposing their data to possible breaches.

In fact, security experts state that configuration errors are a common occurrence when companies move to the cloud. They usually happen when the company makes the mistake of providing access to outsiders such as vendors. Vincent Liu of security firm Bishop Fox says that improper configuration is the number one cause of data theft or loss.

The cloud is a juggernaut

Cloud computing is an unstoppable force and the problem with unstoppable forces is that you can’t slow them down in order to measure the exact impact that they might have. Gartner predicts that cloud computing will be worth around $247 billion by the end of 2017, as cloud infrastructure services continue to dominate the race.

Ironically, these are the very cloud services that are prone to configuration problems. Since rapid cloud adoption has mainly been the result of users looking for quick access to computing services, there really is inadequate focus on security. A lot of the transition occurs under the shadows with IT departments being left ignorant of the transition.

The need for governance

Pete Chronis, Chief Information Security Officer at Turner Broadcasting System Inc., blames the trend on the lack of proper governance within organizations. IT departments have to be informed about concerns such as online assets, how critical applications are connected, software patching, and high risk changes made by employees such as software developers.

However, with cloud computing, that’s impossible, as the application exists in the cloud instead of the organization’s own data center.

So, how can companies/organizations overcome this?

The answer lies in establishing a disciplined process to ensure that the transition is carried out with the right approval and in a secure manner. Employees or vendors cannot be trusted to focus on security at all times and the technology itself is dependent on the user’s expertise.

However, by creating a robust process, organizations can ensure that the transition to cloud services occurs with minimal risk. For instance, they could create measures that would alert IT departments when an employee purchases a particular service using the corporate credit card.

We Need to Become an Ethical Society Before AI Becomes Mainstream

A few months ago, researchers at Stanford University created quite a stir by testing an Artificial Intelligence (AI) program that could detect and identify homosexuals. The program used a machine learning algorithm to look at images and guess who is more likely to be a homosexual.

Now, despite the researchers claiming that their intentions were good (they wanted the AI to help in protecting homosexuals), the study attracted major criticism. LGBT advocates such as GLAAD and the Human Rights Campaign came out strongly against the idea of what is now jokingly being referred to as “the gaydar.”

They believe that the AI can be misused by governments to actually persecute homosexuals, which, to be honest, isn’t hard to believe.

There’s a bigger problem

Using AI to identify gay people is a problem alright, but, this particular case points to something even more insidious – the sheer lack of ethics when it comes to matters involving AI. Even at the research level, there is no ethical framework to guide researchers on AI-related projects. Rules are often made up ‘on the go’ and naturally, this problematic attitude has leaked onto the commercial side of things as well.

In a world where AI is beginning to seep into our daily lives, the ethical aspects of this major transition are growing to be a major concern. In fact, the problems are already at our doorstep.

When robots, bots and AI become mainstream, replacing roles (not jobs!) are people adequately trained and educated to cope with this dramatic shift? In case of driverless vehicles for example, how are we going to deal with the dilemma of having to choose between having people employed and reducing human error on the road?

The need for ethics

The problems with AI have very little to do with the actual technology, itself; they have more to do with the ethical systems that seem absent. We need measures in place to establish ethical frameworks that can guide researchers, product and service creators. Other than that, we also need to have more consensus on AI-related matters from the wider society as well as our governments.

Only then can AI prove to be as fruitful as advertised.

Ethics has played a primary role in all human endeavours and to neglect its function within the area of Artificial Intelligence would be foolish.


What Every Leader can Learn from Satya Nadella’s Reading List

Ever since Nadella took over the reins at Microsoft, things have only gotten better for the software giant. So, what makes this CEO unique and, needless to say, effective? Well, there are a ton of factors involved. However, if you were to ask Nadella himself, he would tell you that a lot of his leadership prowess comes from his voracious appetite for books.

In fact, he’s even recommended a few of them for the benefit of other leaders like him across the globe. So, let’s explore the CEO’s reading list and find out what we can learn from them.

Deep Learning by Aaron Courville, Yoshua Bengio, and Ian Goodfellow

Deep Learning is probably the only example of its kind to delve into the more intricate aspects of machine learning. The book discusses a wide range of topics connected to the primary subject. We are introduced to matters such as numerical computation, probability theory, linear algebra, optimization algorithms, and a whole lot more.

Nadella considers this book to be very beneficial for software engineers who aim to incorporate deep learning into their products and for anybody who aims to make a career in this area.

The Great Transformation by Karl Polanyi

 It is believed that Nadella read this book after it was recommended to him by his father. The Great Transformation explores the concept of society-driven economic change against the backdrop of the British economy during its developmental phase.

The Great Convergence by Richard Baldwin

 The Great Convergence discusses how telerobotics and telepresence will change the way people will cross borders from one location to another. Nadella states that he found quite a few analogies in the book to Microsoft’s HoloLens, which he thinks will have the same impact in the near future.

The Boys in the Boat by Daniel James Brown

Nadella credits his leadership abilities to this book. The story in the book focuses on an underdog crew team from the University of Washington that took part in the 1936 Berlin Olympics. Nadella believes this book to be an excellent lesson on teamwork, which is something he considers to be a core focus of his as a CEO.

Nonviolent Communication by Marshall Rosenberg

Nadella used this particular book to fix the combative culture that plagued Microsoft before his arrival. The book highlights the importance of collaboration, authenticity, self-awareness, and empathy in the workplace and in every other atmosphere that people might find themselves in.

Five Steps to Preventing Data Breaches

Data breaches are now practically a daily event. This isn’t just a casual statement; it’s a fact. Recent statistics indicate that there were over 100 million data breaches in the beginning of 2017 alone. Cybercriminals are using innovative and advanced methods to gain unauthorized access and the only way to fight them is to take strong pre-emptive measures.

Data is everything in today’s business world and if your data gets into the wrong hands, you are looking at some serious consequences. So, make sure you’ve got everything covered. Here are 6 key steps to help you out.

  1. Automate your security

To prevent data breaches, whether they’re caused by insiders or hackers, companies must work towards establishing robust IT policies throughout their data protection systems and network. They must carry out a periodic assessment of the technical and procedural controls that have been established.

In fact, automating these checks can go a long way in preventing breaches.

  1. Create awareness among end users

The end user can often end up being the vulnerability. However, companies can avoid this by offering awareness training. The training program must be focused towards altering the entire organization’s mind-set towards being focused on security.

Other than that, the training must also aid the end user in identifying threats.

  1. Protect information wherever it may be

We live in an information era and the perimeter approach to online security isn’t applicable anymore. Information must be protected wherever it is located; this includes storage and the various channels through which the information is shared.

Unified data protection policies must be enforced across the enterprise.

  1. Assess vulnerabilities periodically

Vulnerability assessments must be carried out on a regular basis. Sadly, most organizations do not do this often enough. A weekly vulnerability assessment would be ideal. Also, the assessments must be done for each and every system that’s connected to the network.

  1. Prevent data exfiltration

Even when incursions are successful, it is still possible to prevent the actual breach by using network software. Network software can identify data exfiltration and block it. Outbound transmissions can be prevented by leveraging a combination of security event management and data loss prevention solutions.

Every CEO’s Data Security Checklist

Data security is more important than ever if we are to go by the latest statistics on security breaches and data theft. Equifax is only the latest example; mind you, there are attempts being made to breach organizations as you read this.

Now, cybersecurity is a massive area of interest that requires the involvement of everybody in the organization; right from the top to the bottom. This obviously includes the CEO. CEOs play a critical role in ensuring that everything is in perfect shape security-wise.

After all, we are talking about the company’s reputation here. So, if you’re a CEO who hasn’t paid attention to your company’s cybersecurity situation, it’s high time you went through this checklist.

  1. Meet the IT team

Meeting the IT team on a regular basis keeps you aware of what’s going on with regard to your organization’s security concerns. Maybe, there are new challenges that require solutions at the policy level. Whatever the need might be, it is good for a CEO to stay updated in order for those problems to be solved.

  1. Conduct an inventory of critical assets

Your organization obviously creates a ton of content and data footprint, and this is transmitted through various channels. The content and the data that you create are critical assets and you need to ensure that they are protected well enough.

The last thing you need is for your data and content to be compromised, so don’t compromise on their security. Fortunately, in the digital age these could be digital assets.

  1. Review your data security policies & processes

Data security policies as well as processes need to be reviewed on a periodic basis. The problem with data security is that the requirements keep changing as technology evolves and cybercriminals become more creative. As a result, reviewing and updating policies as well as the processes is a must.

As the CEO, you have to know what’s being done to keep up with the changing security trends as well.

  1. Establish an Incident Response Plan

Even if you’ve got the best security solution possible, things can still go wrong. When this happens, the only people you can depend on are your people – your employees, your partners. But, what happens if they have no clue to what an appropriate response should be?

This is exactly why you need an Incident Response Plan in place to ensure that mission-critical tasks can still continue. The plan must also include identifying the cause of the attack in order to ensure that another one can be prevented.

This certainly is not an exhaustive checklist but it sure is a good start for an enterprise of any size.

Equifax Data Breach: Humbled by a Business Strategy Breach

Google “security breach” and one of the first items of news you’re likely to come across would be about the recent breach at Equifax.

The Equifax hack led to the exposure of personal information that belonged to over a 100 million people. Naturally, the magnitude of the breach has stirred up discussions concerning ethics, legal liabilities, and public relations. Of course, Equifax has found itself in a great dilemma.

Now, we could spend all day debating where Equifax went wrong and what they should or could have done. However, that would be counterproductive. The best thing that other organizations can do right now is to learn from the mistakes made by Equifax. Here are a few key ones that are worth the observation.

Failure to protect data

The first round of reports placed the blame on an ignored bug within the Apache Struts application.

Now, we aren’t going to argue the authenticity of this report. But, it’s safe to assume that there were other vulnerabilities that existed as well. Single vulnerability points are rarely known to lead to breaches of this magnitude.

There are a few key questions that we need to ask. Firstly, why was so much data made available to a web application? Secondly, could there have been protective measures in place to avoid this kind of a compromise? Thirdly, should Equifax have assumed possible vulnerabilities in the web application?Finally, did Equifax do enough to prevent a data leak?

The answers to these questions need to deal with both, what caused the failure and what could have been done to prevent failure. It is necessary to look at the complete architecture in order to make sure that a single vulnerability does not impact the entire system. There must be other components withinthe architecture that can prevent further compromise.

Failure in detecting an intrusion

If protection doesn’t work, there must be robust detection capabilities in place to know that an intrusion is taking place. Equifax made a major mistake by allowing a single system to have access to all the data. Data access is a major area of concern and organizations must have the tools to assess data access at all times.

For example, network analytics is great when it comes to detecting strange or “out of the blue” activities. Similarly, behavioural analytics can be used to detect out of the ordinary access patterns.

It’s certainly NOT an IT only problem, especially in the digital age

 Most businesses which consider themselves to be ‘traditional’ in nature, would argue that these matters are for the back offices. However, the business models suitable for the digital age, would not tolerate that view point but would instead consider a business model that creates value in the digital age, and this would indeed consider the matter of data security well within the business strategy as well as the business model.

A data breach is breach to the business strategy.  Let’s have a business strategy that will minimize, prevent and then eventually eliminate data breaches

Three Superior Human Skills in the Digital Age

Technological advancements have allowed for organizations to stay connected to people within and outside the company walls. While face-to-face interaction isn’t the norm today, technology has brought forth the need for managers and subordinates to develop a specialized set of human skills that can help employees navigate these technological times.

In-season skills in the age of technology

While new skill sets are certainly prized, managers around the world stress on three traditional skills which are essential for employees of the digital age. In fact, managers and business leaders believe that these evolved traditional skills will help their personnel better manage the challenges and opportunities of new-age technology-based organizational environments.

Here are three superior human skills that you need to cultivate, in order to be successful in the digital age:

  1. Collaboration

With new technology being developed on a continuous basis, technical know-how will only get more specialized and out of reach. It’s important for personnel with this new knowledge to work together with their team, to facilitate sharing of technical knowledge and experiences.

Additionally, with team members working remotely from various corners of the world, collaboration with both people and machines becomes a priority to effect positive operational and strategic results.

  1. Communication

While technology has certainly been a blessing to organization-wide communication, it must be acknowledged that a lot of information gets lost in the system. Technology can only do so much when it comes to data processing, analysis, and communication. The rest is up to people.

From something as simple as tips on troubleshooting to highly confidential business information, employees need to learn how to navigate this complex technological landscape in order to effectively communicate pertinent information to their peers and supervisors.

  1. Emotional Intelligence

Technology has long been credited for being the cause of the loss of humanity in today’s organizational setting. While it’s debatable whether this is an undeserved allegation or not, the operational and strategic benefits of being emotionally responsible and responsive must be recognized.

The ability to sympathize, empathize and connect with people is a human gift, one that must be actively cultivated by employees across the organization. Being able to express and navigate emotions will help employees read non-verbal cues that data and technology fail to identify, allowing business leaders to take important decisions.

Human skills will only serve to complement digital know-how. Developing and cultivating these skills will equip employees with the skills needed to be successful in this digital age.