Cybersecurity

Business/Customer Sweet Spots: ECT News Roundtable, Episode 2

If you’re a small business owner or a key member of an enterprise executive team, you want your firm to succeed. If you’re a customer, you want to be treated well. Those goals are not diametrically opposed, but very often, it seems that companies and customers are at cross-purposes.

ECT News Network recently gathered together — virtually, that is — five technology experts who did some hard thinking on some of the issues businesses and consumers confront on a daily basis, and valuable insights were the payoff.

Our roundtable participants discussed technology priorities for small businesses, trends driving enterprises, the importance of the customer, and the effectiveness of personalization in today’s marketplace.

Contributors to the conversation were Laura DiDio, principal at ITIC; Rob Enderle, principal analyst at the Enderle Group; Ed Moyle, partner at SecurityCurve; Denis Pombriant, managing principal at the Beagle Research Group; and Jonathan Terrasi, a tech journalist who focuses on computer security, encryption, open source, politics, and current affairs.

SMALL BIZ BUDGET PRIORITIES

For most small businesses, there’s little wiggle room in budgets. Getting the most mileage out of limited funds often is critical not just to success but to survival. With the business environment constantly changing, what made sense for last year’s budget might be an expensive mistake this year.

How can small business owners make the best budget decisions while keeping their focus on core business activities at the same time? It often seems like a precarious juggling act.

To provide some perspective on the latest budgetary challenges, our panel identified three things small business owners should consider in the budget-making process:

  1. Guarding against cyberattacks;
  2. Investing in the right technology; and
  3. Doing business online.

Take Cybersecurity Very, Very Seriously

Cybersecurity deserves a large chunk of many small businesses’ budget allocations in 2020, based on our roundtable discussion.

“Cybersecurity is huge for small business, I think,” said Ed Moyle.

“We’re seeing increased attacks at the SMB — they’re a huge target. They also typically underfund, or don’t fund, security efforts,” he noted.

“The proliferation of ransomware, in particular, is very troubling,” said Rob Enderle.

“Criminal hackers of moderate sophistication — or less — are increasingly targeting small organizations, often with ransomware, because these organizations have minimal information security infrastructure and are very vulnerable to data loss,” Jonathan Terrasi pointed out.

“Economics clearly favor it: It is much more profitable for these attackers to extort a few dozen small organizations for a modest ransom than to attack one larger organization with more resources but more formidable defenses,” he said.

One of the reasons many small businesses fail to take security as seriously as they should is the prevalence of the “it can’t happen here” mentality.

 

Rob Enderle, Tech Analyst

 

“The thing that many SMBs don’t realize is that there’s no distance for an attacker,” said Moyle.

“For example, why didn’t fraudsters in other countries target U.S. regional and local credit unions in 1980? Because to do so, they’d need to board a plane. Nowadays, attacks can come from anywhere with no latency, and a business’s online presence is just a click away for anyone around the globe. Smaller companies are soft targets — poorly defended in most cases — and equally accessible as large companies. This makes them a more attractive target,” he explained.

“Ed is right that the process for SMBs implementing adequate security breaks down at a number of points, not the least of which is access to reputable providers with measurable benefits,” said Terrasi.

“I do think it is slowly getting better, though, for the simple reason that managed security providers are tapping out the large enterprise market and need to turn to fresh markets at competitive price points to continue growing. My hope is that the prospect of market expansion leads to security providers crafting solutions that meet the needs and budgets of SMBs,” he added.

“I’m coming around to the idea that what the small-to-medium market needs is a chief security officer or security operations center in a box or service,” suggested Enderle.

Many small firms outsource operations like human resources and accounting, he pointed out, because they just don’t have the needed skills in-house.

“Don’t skimp on training for your IT staff,” said Laura DiDio.

“Security hacks like email phishing scams, ransomware, CEO fraud, and targeted attacks by professional hackers are all on the rise, so small businesses are well advised to get training for their staff and end users, and investigate and install the appropriate security packages,” she noted.

“Always stay up-to-date on the latest fixes — and in the digital age, conducting vulnerability testing at least on an annual basis is a must. If your organization lacks the necessary internal expertise within its IT department, hire a third-party security provider,” DiDio advised.

“Given the trends in malicious actor behavior in the last year, I think small businesses clearly need to invest in some kind of managed detection and response or comparable service that offloads network monitoring and defense to a contractor,” agreed Terrasi.

Moyle spelled out some of the challenges involved in implementing this seemingly obvious solution: “One, SMBs don’t know they need this until it’s too late. Two, it’s hard to find service providers that cater to SMBs. They’re out there — just hard to find. And three, there’s no touchstone for quality of SMB-focused security providers — meaning, how does a business know if they’re getting a quality service or pure crap?”

That could be why so many businesses delay addressing the problem, for many, until it’s too late.

Make Technology Expenditures Count

Small business operators want to embrace technology solutions that will contribute to the bottom line, but deciding which tools are the right stuff for their business is another daunting challenge to surmount.

“Small businesses understandably have limited budgets. That said, they should not be penny-wise and pound-foolish,” said DiDio.

“In other words, don’t put off making a critical hardware or software purchase or upgrade if old or outmoded technology is hampering your business,” she continued.

“Don’t make the mistake of overloading the server or waiting too long to replace aged desktop or tablet devices. You don’t want to risk unnecessary downtime or system failures,” DiDio advised.

“Any technology advance you make will be better than doing nothing, provided you do it right,” Pombriant said.

That “doing it right” part might be easier said than done, however.

“SMBs should be careful to evaluate their needs before entering the market to buy things,” Pombriant cautioned.

Failure to make the proper assessments “can have disastrous effects on small businesses,” he noted. “Don’t get too far out over your skis.”

Go Online, Young Firm

One area of investment that some SMBs still haven’t made comes with a few risks of being poorly targeted: doing business online.

“Black Friday and Cyber Monday sales indicate that those small businesses that were able to effectively work online did far better than those that didn’t,” noted Enderle.

Those findings “point to a sea change that the firms that didn’t do as well should take more seriously,” he said.

ENTERPRISE TECH TRENDS

When our roundtable turned to the enterprise, cloud computing, artificial intelligence and analytics, containers, and the rise of the software platform dominated the discussion.

Denis Pombriant, Author, Analyst and Consultant

Shifting Clouds

“Cloud computing has come into its own over the past 10 to 15 years. Now it’s maturing beyond just public, private, and hybrid clouds. In 2020 and beyond, look for cloud computing services to become more decentralized and distributed,” said DiDio.

“Instead of having the cloud services running on a single, centralized server, they will increasingly be located in local servers situated closer to the source of their end users around the globe. The distributed cloud services model will deliver tangible and immediate benefits like faster, more reliable, and more secure and efficient peer-to-peer data exchanges,” she predicted.

“At this point, the vast majority of businesses above a certain size and sophistication have begun migrating to the cloud, so I wouldn’t even call cloud computing a trend at this point. Cloud computing is the new normal,” remarked Terrasi.

“While I agree the cloud isn’t new, the recent moves by the major providers suggest a power shift in process,” said Enderle.

“The JEDI U.S. government contract is a case in point. None of the traditional players even came close to winning, and it largely came down to a disputed match between Microsoft and Amazon,” he pointed out.

“With the advent of 5G, there is a shift to decentralize data centers, shift much of the load to the cloud, and watch the trend for the cloud players to vertically integrate,” Enderle observed.

“Amazon’s move for Outposts mirrors to some degree the VCE (VMware, Cisco, EMC) joint venture that was transformational and adds the critical cloud element. I expect Microsoft and Google to follow with similar efforts,” he continued.

“This is a fundamental shift of power, which was already occurring and now will only accelerate. The traditional OEMs should be more concerned than they are. While IBM and Dell Technologies are pivoting, time isn’t on their side,” said Enderle.

AI and Big Data

“The Internet of Things is expanding and maturing as it interconnects more people, devices, networks, and ecosystems,” noted DiDio.

“In 2020 and beyond, expect IoT networks to incorporate more data analytics, and artificial intelligence as more efficient and fine-tuned organizations sift through the data deluge to make informed decisions and derive real business value from their applications,” she added.

“Utilizing data analytics and AI in IoT environments can make businesses more efficient and allow them to reduce costs and lower daily operational expenditures. Ultimately, it will also allow organizations to compare and contrast prior and current expenses and sales against future trends,” DiDio continued.

“AI and data analytics usage, combined within IoT deployments, ultimately will enable businesses to be more competitive, respond more quickly to changing market conditions, and drive their top-line revenue,” she maintained.

“The companies that are able to perform big data analysis on the data they have sitting in that cloud, and derive insight as a result, will have an edge,” agreed Terrasi.

“The efficacy of big data analysis is going to hinge on how judiciously businesses apply it. Big data is not a panacea and only produces insight insofar as its context and limitations are firmly understood,” he added.

Laura DiDio, High Tech Analyst

Taking a step back, DiDio drew attention to the necessity of maintaining the infrastructure underpinning critical enterprise operations.

“With all of the focus on crucial technologies like cloud computing, data analytics, IoT, AI, and security, the overall reliability of the core foundational infrastructure server hardware, server operating system, and application technology has never been more important. Simply put: There is no good time for downtime,” she said.

“This will be pivotal going forward as more and more IoT deployments move to the network edge or perimeter — where network administrative resources are scarcer, and reliability and security are paramount,” DiDio pointed out.

Containers, Containers, Containers

The most important tech trend for enterprises is containers, argued Moyle.

“The transformation in containerization has been huge over the past few years. It’s really important for orgs to pay attention to this,” he urged.

“And service mesh, which is also containers. And Kubernetes, which in practice is also containers,” Moyle added.

“The reason I think this is so important is the disconnect between developers and the rest of the enterprise on this front. Meaning, it’s already late-mainstream in developer circles — whereas it’s pre-chasm for infrastructure, operational, and most security folks,” he explained.

“If this sounds like an oxymoron, I get it, but I’m not talking about straight adoption here. I’m talking instead about mentality — most important — and usage. People just aren’t building non-microservice apps anymore outside of specific use cases, legacy, or apps designed to run only on one specific platform — for example, a phone app that doesn’t talk to anything else,” Moyle noted.

The Rise of the Platform

For Pombriant, the most important trend in the enterprise arena is the rise of the software platform.

“Everyone talks about digital disruption, but few people understand why it’s important or what it can do,” he remarked.

“The software platform drives the disruption and makes a business agile. Business agility is the most important outcome of tech,” Pombriant said.

“We’re increasingly seeing that tech is less important than tech plus human — what we can do together, how we can get the best results for our limited input,” he continued.

“Garry Kasparov, the Russian chess grandmaster pointed this out a few years ago after he beat IBM’s Deep Blue, a predecessor of Watson, in chess,” Pombriant recalled.

“Enterprises are increasingly realizing that their fates are tied to their ability to be agile in business, and that depends on the software platform that best enables them to change process functionality or spin up new business models in response to changing market conditions,” he observed. “So again, the software platform is, in my mind, the most important tech trend.”

WHERE THE CUSTOMER STANDS

It’s become a cliche that “the customer is king,” but our panel took exception to that notion — and even to the idea of using monarchy as a metaphor in discussing the customer’s place.

 

Jonathan Terrasi, Tech Journalist

Where’s the Royal Treatment?

Though vendors are making strong advances toward elevating the customer, “it is often the activist investor that has the stronger voice,” noted Enderle.

There’s also the question of whether companies actually are bowing to the customer or merely want the customer to think so.

“I think organizations will always say that they are, but in reality, I don’t think it’s the truth. I think you can see this in everything from how they treat privacy to issues like software vulnerabilities in IoT and Biomed,” said Moyle.

“I think there’s a strong case for contending that if the customer ever was king, they have since been dethroned,” quipped Terrasi.

“You don’t need to look much further than the manicured garden approach taken by both major mobile OSes,” he continued.

“Whether you’re running Android or iOS, you’re basically locked into that platform and however it is engineered to operate at a low level, and there’s not really anything you can do to configure it differently. You’re locked out of the root account. Logging and metadata handling are opaque, and exposed settings for privacy and other core functionality are meager,” Terrasi pointed out.

“When your OS is out of its security support cycle, you have to either buy a new phone or accept almost 100 percent odds that it gets compromised,” he added.

“This dearth of user agency is not a consumer OS preference for proprietary over open source software. Rather, it’s an issue of walling off most of the users’ ability to define their own computing experience in the name of ‘usability’ and security — but additionally in the service of user lock-in,” he argued.

Muddled Metaphor

“The customer has always been the one paying the bill, and we conflate this with the idea of the consumer,” Pombriant said.

“More realistically, in the wake of the Business Roundtable’s declaration over the summer about the mission of the corporation, the kings and queens of all this are all of the stakeholders, which includes customers, employees, suppliers and partners, local communities — and of course, shareholders. We’re becoming far less hierarchical and more networked, so maybe the monarch as a metaphor is pass,” he said.

“There’s definitely a case to be made for Denis’ suggestion that analyzing product development trends through the lens of who is ‘king’ is becoming a clumsy diagnostic,” said Terrasi.

“There are too many interests that are — and should be — party to decisionmaking for any one of them to be preeminent,” he continued.

“For example, government and civil infrastructure rely on digital technology, so these groups will naturally divert some of the home consumer buyer’s product development influence in favor of themselves, and manufacturers and developers ignore these new concerns at their own peril,” Terrasi noted.

“However, I still think that a big part of it is that developers paternalistically user-proof their products because if the device stops working, even if it is purely due to user error, the user blames the developer,” he suggested.

“In reality, the user loses because it is an all-too-tempting pretext for just locking the user in and making the threat of user defection in retaliation for an undesirable feature less viable,” Terrasi said.

It’s the Data – Not the Customer

“It might be easier to say that while the customer is not yet king, their data is,” said Enderle.

“Customer data is, in many cases, becoming more valuable than customers themselves,” agreed Moyle.

“What is the implication of that to the value that a company places on the customer? The value that they place on customer privacy? When it’s not who the customer IS but what the customer DOES that’s important, the actual upside for the company of delivering a good experience is less important than being able to track, record, and store what the customer does,” he pointed out.

“There’s an excessive focus on profits,” Enderle said.

“The moves of companies like Apple and Oracle to mine customers for money and the continuing issues surrounding Google’s sales of customer information remain problematic,” he added.

“Companies are prioritizing other things over protecting their customers,” said Moyle. “If that’s true, how can the customer be ‘king’? It’s a logically unsound conclusion for it to be so.”

PERSONALIZATION: CAN’T LIVE WITH IT, CAN’T LIVE WITHOUT IT

There’s a love-hate relationship between marketers and consumers when it comes to personalization. Everyone’s got to have it, it seems, but how can it be accomplished without giving people that unpleasant tingly feeling that someone is creeping up behind them?

Ed Moyle, Security Advisor

What Personalization Looks Like

When personalization works, “it’s just creepy. When it doesn’t work — which is most of the time — it doesn’t really do much in terms of impact,” contended Moyle.

“We’re at the halfway point where personalization is more valuable than not having it. It is getting better despite some obvious flaws,” Pombriant maintained.

Progress is being made in correcting some of those flaws, according to Enderle, “and Net Promoter Scores are coming up as a result.”

“Personalization isn’t currently effective because we still have issues with producing personalized offerings at scale. 3D printing should eventually change that, but right now, firms still use personas, which the book Technically Wrong correctly identifies as problematic,” he said.

“We are developing the tools to do this better, but they aren’t there yet, and real progress is likely at least five years out,” Enderle predicted.

“Some of the more interesting progress here is with the music services, which have this year announced stations that are automatically designed to curate content based on what they have learned about you,” he noted.

“YouTube has been doing this for some time, and it is only a matter of time before those that have deep product lines realize they need tools to drive their customers to their ideal product and better capture what that ideal is,” Enderle said.

What Customers Want

“Personalization has a one-track mind too often. I’d love to find some that don’t automatically assume I want to purchase something. That one assumption makes it look inept and will delay adoption or acceptance,” said Pombriant.

“Personalization can be effective — targeting directly to a given customer — but it needs to be invisible,” argued Moyle. “If people know they’re being personalized to, they hate it.”

Mick Brady is managing editor of ECT News Network.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Mick Brady
More in Cybersecurity

Technewsworld Channels