Conclusion:

While discussions regarding industry trends and customer priority shifts have remained prominent this month, vendor innovation in light of expected growth has also been a focus. In particular, managed service providers required to innovate beyond evolving technologies to include hybrid and integrated offering structures, effective business operations and external sources to support vendor growth. The need to access external sources for funding, skills, offerings and client base has become apparent. The demand for improved internal frameworks to allow for hybrid solutions, offering delivery and customer interactions has also been flagged. Accelerated activity in a critical and complex industry requires vendors to continue to provide high quality, innovative service provision frameworks in order to remain competitive.

Read more ...

Conclusion:

As is common in security, a buzzword becomes a product segment which is then flooded with new entrants or even old players with new offerings. A classic case is the detection and response segment. Initially, it was one approach – endpoint detection and response. But as vendors entered the segment they were driven to find differentiation points to stand out from the crowd.

What was a simple segment became one with many new acronyms, new problem definitions and of course a plethora of products. To help understand the basic differentiation of products in this segment this advisory provides a direct and simple definition for each main sector along with points to note about how to select any specific product in the segment.

Read more ...

Conclusion:

COVID-19 has presented a number of challenges for business and the underlying Information and Communication Technology (ICT) in particular. These challenges have presented both as crisis and opportunity but all have been compelling events. To paraphrase Winston Churchill, ‘never let a good crisis go to waste’. In each case, this will only be possible when the lessons learned are properly investigated and documented, allowing evidence-based decisions to ensure organisations improve the way business is done.

The COVID-19 pandemic has resulted in many changes to the way business is done, how employees contribute, and how customers interact. Taking the time to evaluate performance, document the lessons learned, and to improve your business decision processes is invaluable. Applying the technical and business lessons learned from the period of this pandemic will add value for many years to come. It will allow your organisation to reinforce successes, avoid possible errors, and potentially improve its position in the marketplace.

Read more ...

Conclusion:

Australian organisations in both public and private sectors enthusiastically identify and implement best practices from around the world. After considerable time and effort has been allocated to implementing these processes and the associated tools the results are all too often less than satisfactory. There are many best practices, frameworks and tools to assist in the optimisation of IT but there are two key problems areas that if overcome, can make a significant difference in the benefits that organisations will derive from best practice implementation.

Read more ...

Conclusion:

For enterprises and small to medium businesses (SMBs), Artificial Intelligence (AI) opportunities are widespread and industry-specific. Each industry will grapple with conversations to understand how AI can:

  1. Create competitive advantage.
  2. Complement existing business.
  3. Disrupt, or even destroy the business model that exists today.

What businesses need to plan for is that AI engineering and AI ops are destined to be the essential umbrella to govern AI in the coming decade. Hyper-automation (HA) of business processes will see some business models fail whilst others thrive into the 2030s.

Read more ...

Conclusion:

The recent SolarWinds security compromise provides a timely reminder that a cyber security compromise from third parties is a clear and present threat. Virtually all organisations utilise third party vendors to provide services, software solutions and to store data. For these reasons, it is essential that all organisations have a third party risk assessment and compliance program as part of a broader cyber security strategy. Given that organisations utilise a multitude of vendors it is impractical to adopt a one-size-fits-all approach to third party risk management. This article provides a pragmatic approach to mitigating this risk.

Read more ...

Conclusion:

Minimising risks from systems specification errors and cyber risks from network intrusions when an enterprise-wide digital transformation is underway is a daunting task, as many stakeholders could be impacted. Depending on the severity of the error or network intrusion, an incident could damage a brand’s image and shareholder confidence in the board. In the public sector, a cyber incident could result in the leaking of citizens’ private data and put an unwelcome spotlight on ministers and bureaucrats.

While boards are ultimately responsible for monitoring and minimising risks, they must ensure management creates a risk abatement framework and strategy, and executes it. The problem is compounded when the organisation’s aim is to transform or reshape its business model and the changes proposed are resisted by staff concerned at possible job losses or fear of failure – risks which must be addressed in the strategy.

Read more ...

Conclusion:

Too often, information communications technology (ICT) and business analytics groups focus on business intelligence and analytics architectures and do not explore the organisational behaviours that are required to take full advantage of such solutions. There is a growing recognition that data literacy (a subset of digital workforce maturity1) is just as important, if not more important, than the solutions being deployed. This is especially true for organisations embracing self-service analytics2.

The trend is to give self-service analytics platforms to management that are making critical business decisions. However, this trend also requires managers to be trained in not just the tools and platforms, but in understanding how to ask meaningful questions, select appropriate data (avoiding bias and cherry-picking), and how to apply the principles of scientific thinking to analysis.

Read more ...

The Latest

27 January 2020: Sitecore, which offers a web content management and online customer experience platform, announced a US$1.2 billion investment plan to grow its global footprint. 

Why it’s Important

In the market for online customer experience, Sitecore is the key rival to Adobe. While Sitecore does not provide the breadth of digital design services that Adobe offers, its web content and digital marketing capabilities are competitive. This US$1.2 billion investment plan signals Sitecore’s desire to take advantage of the increased demand for digital service delivery in the wake of the pandemic. 

Sitecore’s offering is price-competitive against Adobe, though still at the high-end of the market. However, it does need to boost its support network and partners if it wishes to encroach on Adobe, while also defending against mid-tier players and modern CRMs such as Salesforce and Netsuite ecommerce and customer service offerings. 

Who’s impacted

  • CMO
  • Sales / Marketing teams

What’s Next?

While Sitecore is well-known in Australia and the Asia Pacific / Japan region, strengthening its implementation partners and support network will go a long way to positioning it against Adobe. IBRS has noted that some Australian Sitecore clients have expressed frustration with the availability of local Sitecore skills and sought US-based contractors to fill the gaps. Investment in building an international footprint may help alleviate local skills shortages.

Related IBRS Advisory

  1. CRM modernisation Part 1: Strategy, planning & selection
  2. CRM modernisation Part 2B: Creating a customer experience strategy
  3. Positive customer experiences must lead digital transformation

The Latest 

19 January 2021: Salesforce has added a customer loyalty management module to its Customer 365 Platform. The new module allows organisations to define and deploy programs for incentives and rewards, linked to customer data held within the core Salesforce and customer experience platform.

Why it’s Important

During the pandemic and related lockdowns, digital service delivery has surged. More significantly, as consumers adopted more online service delivery, they also tried out new brands. McKinsey estimates that 80% of US consumers stuck with their new channels, with digital customer loyalty programs being a significant force in this trend.  

Who’s impacted

  • CMO
  • Sales executives
  • E-commerce teams

What’s Next?

While data for Australian consumers' adoption of digital channels and digital loyalty programs is not readily available, anecdotal evidence from discussions with IBRS clients and from well established online retailers such as Kogan and Woolworths, suggests Australia has also seen a similar pattern to that of North America, though perhaps not as pronounced.  

Loyalty programs will likely become a key differentiating factor for brands to maintain repeat business as more (niche) Australian retailers take up digital channels to meet their client demands. Organisations should begin to explore how digital loyalty programs can:

  • drive repeat and regular online engagement 
  • build brand awareness and affiliation, and 
  • increase life-time-value measures.

Related IBRS Advisory

  1. CRM modernisation Part 1: Strategy, planning & selection
  2. CRM modernisation Part 2B: Creating a customer experience strategy
  3. Positive customer experiences must lead digital transformation

The Latest

27 January 2021:  M-Files, which provides a document and content management solution, has raised US$80 to develop an AI to analyse, categorise and manage enterprise information. 

Why it’s Important

There are two forces driving the destruction of traditional electronic documents and records management (EDRMS) solutions: 

  • collaboration, which breaks legacy information lifecycles, and
  • the explosion of information types and stores, which hinders the ability to have a single repository of digital records

When combined, it becomes clear that legacy EDRMS solutions are not only incapable of providing the flexibility needed to manage enterprise information is a way that enables new ways of working, but also cannot address the ‘mess’ (really, complexity) of these work practices.

Leading EDRMS vendors are looking to leverage AI to address this ‘mess’ by:

  • analysing and automatically applying meta-data / classifications to information
  • determining which information policies need to apply to content, and enforcing such policies automatically
  • seeking out information across an organisation for the purposes of applying information lifecycle policies, e-discovery and security. 

By investing in AI, M-Files is ensuring it remains relevant and able to compete in the future of enterprise content management. 

Who’s impacted

  • CIO
  • Information Managers

What’s Next?

While legacy products such as TRIM (now Micro Focus Content Manager) remain in place and are being supplemented by add-on solutions (eg. Micro Focus Control Point), the future will be products with AI taking centre stage within the core information management functionality. 

Organisations considering their future information management strategies must factor the disruptive impact of collaboration, including the Office 365 platform, and the ever growing amount, variety and location of information. EDRMS solutions that feature AI as a core component should be short-listed.

Related IBRS Advisory

  1. Disruptive Collaboration - Whiteboard Session
  2. Making work, work better: digitisation, digital workflow, & the new normal
  3. Teams Governance: Emerging better practices
  4. Planning your next generation Office Suite? Consider Records Management
  5. Records management discipline must not be ignored during digital transformation

Future of Work expert and IBRS advisor Dr Joseph Sweeney has made seven recommendations towards good Microsoft Team governance after surveying and speaking to 80 CIOs across Australian organisations. 

Microsoft Teams usage grew to more than 44 million global daily active users during COVID-19 and has still continued to grow. Dr Sweeney's findings discovered a number of concerning issues for organisations with Teams implementation and the risks associated with them. Businesses rushed to deploy Teams in a way that left them at risk of exposing critical data and damaging productivity.

Dr Sweeney emphasised Microsoft hasn't created an insecure environment with Teams. "Out of all the vendors Microsoft actually has a really good security Story" said Dr Sweeney. "The problem is, a lot of organisations in the rush to get people working from home turned Teams on, and they've deployed (it) without full consideration of all of these new risks."

Full story.

 

Related Articles

Microsoft teams governance: Emerging better practices

Better Practice Special Report: Microsoft Teams Governance

IBRSiQ is a database of Client inquiries and is designed to get you talking to our advisors about these topics in the context of your organisation in order to provide tailored advice for your needs.

Read more ...

The Latest

15 January 2021: Samsung released a set of three Galaxy S series smartphones, aimed at the consumer market. All models support 5G. The high-end model - the Galaxy S21 Ultra - has features that rival its flagship executive-level smartphone, the Galaxy Note. In addition, the announcement stressed Samsung’s workplace features:

  • Wireless DeX for using smartphone as desktop
  • Office 365 integration
  • Knox Suite for device management and end-point security.

Why it’s Important

Despite the market for smartphones declining sharply in 2020 (a drop of 16 percent), Samsung gained around 5% market share. The decline in the market is due to consumers retaining their smartphones for longer periods of time due to the increasing costs of premier devices.  

Samsung’s efforts to sell into enterprises - blending consumer and enterprise features - are proving effective in shoring up its strength against rivals. The vendor has been making inroads into the enterprise space with both consumer-grade devices and semi-ruggedised devices. The S21 series of devices support Samsung’s enterprise security features, DeX and the Knox (as well as third-party) end-point management services. 

The devices also include new cameras that make them attractive for field-based asset management activities. The S21 Ultra is a large format device that supports pen-input (via an add-on pen and case) positioning it against Samsung’s popular Galaxy Note.

Who’s impacted

  • Field support teams
  • Telecoms / comms teams
  • Workforce transformation strategists
  • End-point / security teams

What’s Next?

While Samsung’s DeX feature is interesting, IBRS has seen very few organisations launching DeX desktop experiences from smartphones. For now, this remains an ‘experimental’ idea, limited to tech. However, launching DeX desktop experiences from tablets is growing in popularity.

Samsung is betting heavily on 5G, especially in regard to new services on its devices. The new cameras can produce not only high-resolution images, but high-colour sensitivity (12-bit) RAW images and depth of field information, which open up new applications for asset management, field maintenance, and design. Any files that leverage these camera capabilities will be large. 5G networks will make such files viable in field applications.

From recent client research, IBRS notes that organisations using premium consumer-grade devices (namely Apple and Samsung) for field force tasks overestimate the battery life of these devices, and as a result, the replacement cycle needed. When such devices are used for ‘typical’ consumer use, batteries last for 3-4 years before their capacity diminishes to a point where they are problematic. In contrast, such devices used for field-forces result in batteries decaying within 2 to 2 ½  years. Therefore, buyers of enterprise smartphone devices need to monitor device health, adjust their device procurement lifecycles - and budgets - accordingly.

Samsung’s new S21 range supports enterprise features and cameras that make them attractive for field use. The range of price points for the S21 series make them attractive against their rival in enterprise smartphones.

Related IBRS Advisory

  1. Redefining what ruggedised means
  2. Keeping your mobile device strategies up to date

The Latest

11 January 2021: IBRS interviewed low-code vendor Kintone, exploring its unique capabilities. The Japanese company is looking to expand its presence in the Australian market through traditional channels and some unexpected partners.

Why it’s Important

As detailed in the ‘VENDORiQ: Cloud low-code vendor Webflow secures US$140 million’, the low-code market is growing rapidly.  Kintone Australia is a subsidiary of Cybozu, one of Japan’s largest software companies, which was founded in 1997. The firm’s platform focuses as much on collaboration around digitised processes as it does on the development of applications - with every process having ‘conversational threads’. The firm’s clients in Australia are predominantly Japanese firms with local operations.

Who’s impacted?

  • Development team leads
  • Workforce transformation leads

What’s Next?

Kintone addresses the low to mid-range of the IBRS spectrum of services for eforms and low-code environments. It is suited for less-technical staff (including business analysts) to create structured processes that include collaboration. 

Kintone’s approach is worth noting, since many of the processes digitised by low-code platforms are replacing ad-hoc, messy processes that are often managed with manual activities and collaboration. There is an active evolution from manual, collaborative processes to digitised processes.

Kintone has a stable financial base via its strength in the Japanese market. Skills, training and support for Kintone are comparatively weak in the domestic market. However, Kintone is looking to partner with IT services organisations and partners with strengths in providing printing and digitisation technologies. 

Related IBRS Advisory

  1. How to succeed with eforms Part 1: Understand the need.
  2. Workforce transformation part 4: Non-techies are taking over your developers’ jobs – Dealing with the fallout
  3. Aussie vendor radar: Nintex joins the mainstream business process automation vendor landscape
  4. VENDORiQ: Cloud low-code vendor Webflow secures US$140 million

The Latest

14 January 2021: IBRS interviewed Appian, a low-code vendor that specialises in providing business analysts and developers with a platform to deliver custom enterprise applications. The vendor has seen strong growth in the later half of 2020 due to organisations needing to quickly develop new applications to address lockdowns and new digital service delivery demands. The vendor also detailed how it is leveraging machine learning to guide users through the development of applications. The use of machine learning to recommend low-code application designs and workflows is a key differentiator for Appian.

Why it’s Important

As detailed in the 'VENDORiQ: Cloud low-code vendor Webflow secures $140 million', the low-code market is growing rapidly. Appian is a major global vendor in the low-code market. It positions itself above the non-technical / citizen-developer tools such as Forms.IO, but below the specialised development team platforms such as OutSystems. Appian’s ‘sweet spot’ is teams of business stakeholders working with business analysts and developers to jointly prototype and then put into production applications. 

Appian has been expanding the use of machine learning algorithms to application design. During application development, the algorithms will make recommendations on fields that are needed on forms, workflow steps, approval processes, etc.

Who’s impacted

  • CIO
  • Development team leads
  • Business analysts

What’s Next?

When selecting a low-code platform, organisations should be very clear about who the stakeholders are, who will use the platform, the project management model for application development and the applications to be developed.  

In the case of Appian, there is clearly a close alignment with Agile business methodologies, which extend beyond the ICT group as outlined in the 'IBRS Snapshot: Agile Service Spectrum'.

The use of AI during the development applications is a feature more than a gimmick. This ‘guided’ approach to design not only speeds up application development, but by analysing a large body of existing applications and drawing inferences based on usage and effectiveness, it helps ensure that ‘best practices’ in workflows are not overlooked.

Related IBRS Advisory

  1. How to succeed with eforms Part 1: Understand the need.
  2. Workforce transformation part 4: Non-techies are taking over your developers’ jobs – Dealing with the fallout
  3. Aussie vendor radar: Nintex joins the mainstream business process automation vendor landscape
  4. VENDORiQ: Cloud low-code vendor Webflow secures US$140 million

The Latest

12 January 2021: Webflow, a Cloud-based low-code vendor, has secured US$140 in investment. The new round of investment values the vendor at US$2.1 billion. 

Why it’s Important

The low-code market exploded over the last year. Newer entrants, such as Webflow (founded in 2012), are attracting significant venture capital. Just 17 months ago, Webflow took $72 million investments which valued the company at $400 million. The new investments thrust the vendor into unicorn status. At the same time, well-established low-code vendors such as Nintex and Microsoft are consolidating and expanding their portfolios to include robotic process automation, process modelling and integration tools.

The market for low-code is not yet at the peak of its feverish growth, but IBRS cautions that current rates of investment and hype are unsustainable. There will be turmoil as the mark begins to consolidate, likely in 2023 to 2026.

Who’s impacted

  • CIO
  • Development team leads
  • Workforce transformation leads

What’s Next?

Low-code development is not a new concept. However, the uptake of Cloud platforms, common data models, robot process automation and business modelling are extending the notion of low-code development from simple ‘e-forms’ tools to services that enable enterprise-grade process digitisation.  

The pandemic and working from home has supercharged the need for process digitisation, and low-code vendors are all seeing strong sales growth. 

Unfortunately, the term ‘low-code’ is starting to become meaningless, as vendors that provide very different application development tools and platforms attach the term to their products.  IBRS recommends organisations view ‘low code’ as a broad term that covers a spectrum of capabilities, as detailed in 'How to succeed with eforms Part 1: Understand the need'. It is likely that most organisations will need to acquire two low-code products to cover different parts of this spectrum: one product aimed at non-technical staff for simple e-forms, and another product to increase the agility of pro-developers in the ICT group.

Consider the financial backing and stability of a vendor when selecting low-code tools, as market consolidation is on the horizon. You do not wish to be developing business processes on a platform they will outlive.

Related IBRS Advisory

  1. How to succeed with eforms Part 1: Understand the need.
  2. Workforce transformation part 4: Non-techies are taking over your developers’ jobs – Dealing with the fallout
  3. Aussie vendor radar: Nintex joins the mainstream business process automation vendor landscape
  4. IBRSiQ: Can IBRS assist in identifying a mobility platform other than Xalt?

With the rush to deploy Teams to enable remote work in 2020, the majority of organisations have not yet fully considered the highly disruptive nature of deep collaboration. Governance has been largely overlooked in the effort to ‘just get people working’. IBRS outlines the seven critical areas of governance that must be immediately addressed for Teams to be sustainable and to mitigate the new risks (and benefits!) of deep collaboration. Find attached a PDF of the webinar to download for free. Or to view the webinar, click on the video below.

 

Conclusion: Most organisations have vast pools of data (a. k.a. information assets) lying underutilised, as many IT and business professionals are unsure where it is stored and are unaware of its value. To turn the situation around organisations must strive for data mastery1, which is the ability to embed the data into products and services to increase efficiency, revenue growth and customer engagement.

Read more ...

Conclusion: Cyber attacks are a clear and present threat. Some organisations now have varying degrees of detection, monitoring and response capability in place, while other organisations still rely on their major incident response process to identify and manage cyber security incidents. In these organisations, cyber security operational responsibility is still embedded in traditional ICT operations. Such a siloed approach is suboptimal and presents risks in the effective management of cyber security risk. CIOs and other cyber security professionals should ensure that they have implemented a SOC capability that is appropriate to their organisation.

Read more ...

Conclusion: Credential theft is still one of the prime means of attacking systems. Dictionaries of passwords are readily available (many with millions of passwords). These allow attackers to perform credential stuffing attacks – often successfully.

Eliminating passwords has been difficult in the past. However, the consensus amongst vendors of both software and hardware is to bring to market methods of achieving authentication without passwords. The ubiquity of mobile devices with touch or facial authentication is one prime element.

This is a necessary evolution of authentication.

Read more ...

Conclusion: To improve call centre resources scheduling, some organisations have implemented software agents to either improve users’ experience and/or reach the right expert at the right time. However, self-service success depends on the quality of information available to the software agent and its analytical ability to provide reliable recommendations. Any deficiency in these resources will leave the software agent with no alternative but to call the live agents, thereby making the investment in agent technology questionable. Organisations should assess the software agent maturity and determine which level should be reached to fulfil the business imperatives. This note provides a self-assessing approach to address software agent shortcomings.

Read more ...

Observations: In theory, Virtual Desktop Infrastructure (VDI) technology enables organisations to be nimble, providing flexible, remote working and (for some use cases) more cost-effective deployment of digital workspaces. Recent events and technology advances have tested this theory and spawned several major changes. The rush to cater for remote working has increased adoption to Cloud-based VDI for ‘burst workloads’, at least in the short term. The need to quickly address scalability issues for organisations that had previously invested in VDI has favoured increased sales of hyperconverged solutions.

Longer term, organisations are looking to leverage VDI to enable compute and data-intensive tasks while keeping information ‘inside the data centre’. Some organisations – especially in financial services – are looking to expand previous VDI experiments to transform workplaces and service delivery models.

Read more ...

Conclusion: Agility to respond to change has become essential. Compared with previous years, CIOs are expected to produce results over longer periods of time, now expectations have become much higher. Stakeholders are expecting results as soon as possible. With the trend geared towards an increase in technology dependence, the pressure of delivering results has therefore increased for CIOs and IT leaders.

Part of this new set of expectations is improved efficiency and productivity, which in most cases requires a thorough evaluation of business processes to garner potential inefficiencies. One of the primary tools organisations have at their disposal is the enterprise resource planning (ERP) systems. Eventually, it all boils down to whether or not the migration to S/4 HANA can be justified in terms of value-add-services. Implementation effort and run costs are only a part of the business case, not the whole.

Read more ...

Conclusion: This month, discussions regarding expected industry trends in 2021 have been prominent. In particular, the growth of providers that support digital transformation projects and associated infrastructure, as well as security, Cloud services and automation tools. This growth is expected to be driven by industry shifts resulting from COVID-19 and the need to adapt to new operating environments and business processes. Vendors are preparing for heightened activity and expanding offerings to cater to customer needs. Customers will require integrated vendor services that respond to external issues, internal business changes, and the adoption of new technologies and frameworks to improve efficiencies.

Read more ...

Conclusion: Regardless of its digital strategy, many organisations have not been positioned to properly leverage the digital and data assets that are available to them. A Chief Data Officer (CDO) role can improve this situation by advancing an organisation’s data portfolio, curating and making appropriate data visible and actionable.

The CDO position is appropriate for all larger organisations, and small-to-large organisations focused on data-driven decision-making and innovation. These organisations benefit from a point person overseeing data management, data quality, and data strategy. CDOs are also responsible for developing a culture that supports data analytics and business intelligence, and the process of drawing valuable insights from data. In summary, they are responsible for improving data literacy within the organisation.

Read more ...

Conclusion: It is no longer viable for telecommunication providers to simply offer Session Initiation Protocol (SIP) trunks for voice connectivity or Multi-Protocol Label Switching (MPLS) links to connect office and data centre locations. Nor does it make good business sense for the telco or for the customer.

The modern architectures of Cloud and Software-as-a-Service (SaaS), mixed with the need to maintain on-premise for critical elements are key components that support most digital strategies. Using older telecommunications architectures with fixed connections and physical infrastructure for routing and switching can be costly, and can stifle agility and therefore productivity.

However, modern telecommunication architectures bring an ability to virtualise connections and network switching. The abstraction of these capabilities allows dynamic management of the services providing substantial agility, as well as potential productivity gains and cost savings to the customer.

Read more ...

The latest

14 December 2020: FireEye announced it had been breached. An extremely comprehensive overview is available from FireEye. This blog post includes timelines, technical recommendations, and IoCs (indicators of compromise). 

FireEye, a company that exists to track and thwart advanced and persistent adversaries, was itself compromised by an advanced and persistent adversary. FireEye was compromised through a product from SolarWinds. 

What now?

There are four main areas worth exploring. 

1) Check your SolarWinds instance(s) 

The FireEye blog post includes instructions for what to look for. Good asset management will be useful in this verification process. One CISO noted they found an unmaintained SolarWinds instance in one of their OT environments. 

A core lesson that many security executives drew from the MobileIron vulnerability (CVE-2020-15505) was that anything an organisation has that is internet facing needs to consistently receive critical patches quickly, even out of cycle. 

This will require a process to identify critical patches, but for the process to actually be executed. Citrix, VPNs, staff home routers (see FF no.02), and now MDMs have all been leveraged this year for compromise. Everything is up for grabs, so logically, anything internet facing needs to be aggressively maintained. This relates to patching but also asset management. 

Further, it's an opportunity to review privilege. Just because a product can do something, doesn't mean it should. Does SolarWinds really need to talk to the Internet? There are technical controls like host firewalls and properly profiled application allow-listing that will significantly frustrate an adversary in this scenario. It’s a great example where a zero trust architecture would make a big difference.

2) Organised crime 

The ACSC has noted that once a vulnerability is disclosed, threat actors can develop an exploit within 48 hours. We've seen this timeline achieved this year, with both F5 and MobileIron vulnerabilities. Now that the advanced and persistent actor has been ejected from FireEye (and hopefully from SolarWinds) it could be a matter of time before organised crime tries to exploit unpatched SolarWinds instances. 

FireEye will recover, and have an even better story to tell. At this early stage it seems that FireEye was the last target compromised by this adversary, and probably compromised for the shortest duration before the adversary was detected and ejected. It sounds like FireEye was targeted as a source for further intel on government agencies.  

I've got no evidence for this, but I wouldn't be surprised if FireEye was the last, trophy, "let's see if we can do this" target. 

3) Supply chain

The critical point about FireEye being breached, is it points to what industry has been saying for years - "it's not if, it's when". What matters after bang (or 'right of bang'), is how the organisation responds and FireEye is giving a master class on how to respond. But FireEye is only able to do this on the back of years of refining their art. 

However, going left of bang will encourage technology and security executives to look at their supply chain. What other products have access to systems, data and privileges that would be a nightmare if you did not have sole occupancy?

What other software has pervasive access like SolarWinds? What protocols are my service providers following when they use tools like SolarWinds on my environment? We cannot boil the ocean but, as Kevin Mandia said at a CISO Lens gathering in 2016, "protect most what matters most". 

4) Cyber insurance

I've not heard anyone talking about cyber insurance regarding this whole hostile campaign. It seems inevitable that public attribution will end up pointing to a particular nation. If this is the case, many insurers will likely point to exclusion clauses that indemnify the insurer from costs incurred through nation-state activity.

If you have cyber insurance, it may be worth getting a position from your insurer on whether you would have been able to make a claim against your policy if your organisation had been compromised.

The Latest

8 Dec 2020: AWS has announced plans to open a second region in Australia in the second half of 2022. This venture will consist of three availability zones supporting hundreds of thousands of AWS customers. This promotes lower latency, enhanced fault tolerance, and resiliency for critical Cloud workloads. 

Why it’s Important

This is not a competitive response to Microsoft Azure, which already has several data centres across Australia. Instead, it is the result of Amazon's continuing growth in the market. AWS needs to build significant additional domestic capacity to meet expected demand up to 2025. Hence, doing so in a new location provides AWS an additional benefit with on-shore multi-zone resilience. 

A new AWS region in Melbourne will also fuel different organisation innovative efforts. Government, private organisations, and the education sector will continue to transform their research and development endeavours that aim to protect, prioritise and benefit people across the country.

Who’s Impacted

  • Cloud architects
  • Cloud engineers

What’s Next?

In practical terms, this move has little direct impact on most organisations’ Cloud strategies. However, it does provide an additional option for resilience for organisations that need to keep all data on-shore. 

Related IBRS Advisory

The Latest

2 December 2020: Salesforce introduces Hyperforce. This move is a re-architecture of Salesforce’s design to continually support its global customer base. It has B2B and B2C performance scalability, built-in security, local data storage, and backward compatibility.  

Hyperforce allows Salesforce solutions to be run on a hyper scale Cloud service based on the client’s choice. These solutions include:

  • Sales Cloud
  • Service Cloud
  • Community Cloud
  • Chatter
  • Lightning Platform (including Force.com)
  • Site.com, Database.com
  • Einstein Analytics (including Einstein Discovery)
  • Messaging
  • Financial Services Cloud
  • Health Cloud, Sustainability Cloud
  • Consumer Goods Cloud
  • Manufacturing Cloud
  • Service Cloud Voice
  • Salesforce CPQ and Salesforce Billing
  • Customer 360 Audiences

Why it’s Important

Being able to move a SaaS solution to the Cloud based on client's preference, is a radical departure from convention for most major SaaS vendors. It is likely to be followed by other SaaS solution vendors, though Oracle’s close ties with Netsuite and Microsoft Dynamics with Azure, suggest Salesforce’s two main rivals will not be following this strategy any time soon.

This is a long-overdue overhaul for the entire Salesforce architecture as it needs to offer both architectural and commercial elasticity to aid customer’s global digital transformation.

It solves data sovereignty issues and provides all the advantages of using public Cloud resources. It also reduces implementation time despite being an enhanced architecture designed from the ground up to help customers deliver workloads to the public Cloud of choice.

Who’s Impacted

  • CIOs
  • CTOs
  • CRM leaders
  • Salesforce developers

What’s Next?

While the Hyperforce announcement is welcoming, there are still loopholes in the horizon. The solution is not available for on-prem implementations of the major Cloud vendors. Meaning, Hyperforce is not a path to an on-prem or hybrid Cloud solution.

For Australian organisations that aim to gain more control over how Salesforce stores information, either for compliance or cost control, to bring it closer to other Cloud services, Hyperforce is worth considering. It offers greater flexibility but also comes with a greater need for managing resources and costs. 

Before making any decision on moving to Hyperforce, Salesforce clients should have clear understanding of the following migration aspects:

  • Who will do the migration (i.e. the client or Salesforce)?
  • Who will deal with the public IaaS provider on a daily basis?
  • How will the current service cost be impacted?
  • Who will be responsible for the service management of public IaaS including the service desk?
  • What are the new risks that should be identified and mitigated?
  • Are there any changes to the current backup arrangements?
  • Are there any changes to the disaster recovery and business continuity arrangements?
  • How will the current change management arrangements change?
  • How the exit fees might change?

Related IBRS Advisory

The Latest

8 Dec 2020: Veeam announced the general availability of AWS v3 Backup. This is a timely endeavour with the continuous growth of multi-faceted Cloud apps built in AWS that necessitates backup and disaster recovery solutions.

Veeam offers automated backup and disaster recovery solutions that provide additional protection and management capabilities for Amazon EC2 and Amazon RDS. There are two options to consider:

  • Veeam Backup for AWS - protects data housed on AWS using its standalone AWS backup and recovery solution.
  • Veeam Backup & Replication™ - safeguards and consolidates AWS backup and recovery with another Cloud, virtual or physical, across different Cloud platforms with unlimited data portability. 

Why it’s Important

Cloud backups are no longer an option. Competition now requires additional redundancy and security for businesses. This ensures that their important data is available and retrievable if and when disasters strike.

Backing up Cloud resources appears to be a simple process. Taken on as service-by-service, this might be true. However, in reality the backup becomes increasingly challenging. As more and more applications are made up of a myriad of components, this leads to a rapidly evolving ecosystem of solutions. Hence, data recovery and restoration are also getting more complex.

Who’s Impacted

  • Cloud architects
  • Business continuity teams

What’s Next?

Tech management should explore which Cloud services, both IaaS and SaaS, need to be backed up. Establish strategies and choose the appropriate interplay between these services. For a growing Cloud usage or a forecast usage growth, evaluate how the services can be backed up reliably. This is possible through knowing beforehand the important parts that may be reconstructed into a recovered state if needed. 

Related IBRS Advisory

The Latest

2 December 2020: Salesforce Einstein is being extended into the Mulesoft automation and data integration platform. The newly announced Flow Orchestrator enabled non-technical staff to transform complex processes into industry-relevant events. The new AI-assisted MuleSoft Composer for Salesforce will allow an organisation to integrate data from multiple systems, including third-party solutions.

Why it’s Important

AI enables business process automation as a key technology enabler that favours organisations with a Cloud-first architecture. Salesforce will leverage its experience and connections with selling to organisation’s non-IT executives to secure a strong ‘brand leadership’ position in this space.

Who’s Impacted

  • CIOs
  • CTOs
  • CRM Leaders

What’s Next?

In mid-2019, IBRS noted a significant upswing in interest in Mulesoft and integration technologies more broadly from the non-ICT board-level executives. In particular, COOs and CFOs expressed strong interest in, and awareness of, process automation through APIs.  

Digging deeper, IBRS finds that Salesforce account teams, who are well-known for bypassing the CIO and targeting senior executive stakeholders, are also bringing Mulesoft into the business conversation. Also, Microsoft is expected to double-down on AI-enabled business process automation with the PowerPlatform. 

As a result, the addition of Salesforce Einstein AI into the discussion of automation and integration is expected to land very well with COOs and CFOs. 

CIOs need to be ready to have sophisticated discussions with these two roles regarding the potential for AI in process automation. Expectations will be high. Understanding the possible challenges of implementing such a system takes careful consideration. CIOs should be ready to build a business case for AI-enabled business process automation.

Related IBRS Advisory

The Latest

2 December 2020: DXC Technology is partnering with Microsoft to create modern workplace experience. This effort is aimed at addressing the demand by enterprises to improve workplace agility, which has come into sharp relief during the pandemic.

Why it’s Important

This announcement clearly shows Microsoft’s strategy for securing not just segments of the enterprise architecture of the future but the lion’s share. 

Enterprise companies are driving the business transformation to enhance collaboration, increase mobility, and improve customer engagements. This announcement comes as competition such as Salesforce heats up through several acquisitions, and Microsoft’s long-time rival, Oracle, makes inroads into new models of SaaS.

Who’s Impacted

  • CIO / CTO
  • Enterprise software architecture team

What’s Next?

Microsoft, like all vendors, has a strategy to extract ever more revenue from its clients.  However, Microsoft's unique position in the market gives it huge power. Understanding how Microsoft will evolve its services and licensing models is essential for keeping budgets in control.

As explored in this week’s Salesforce Slack announcement, IBRS sees that one option for the future digital workplace architecture is based on five platforms.

  1. A platform consisting of central systems of record (e.g., CRM, ERP, etc.) in the Cloud or Cloud-like environments
  2. An integration platform that surrounds the mentioned platforms 
  3. A one (or likely two) low-code platform(s) 
  4. A platform that provides the needed collaboration tools  
  5. A federated information management platform.

Indeed, Salesforce is buying the platforms it needs and integrating them then, leveraging its strength in selling it to both technical and non-technical executives. On the other hand, Microsoft is starting from a position of technical strength and deep connection with the systems integrators. 

This is evident with the DXC agreement, which is a classic strategy. Leveraging larger SIs as a strategy to deliver a future digital workplace architecture, with Microsoft 365 and Teams (collaboration), Dynamics 365 (core systems), Power Platform (low code and automation), and Power BI (business intelligence).  

Related IBRS Advisory

The Latest

2 Dec 2020: Salesforce Signs Definitive Agreement to Acquire Slack. The forthcoming merger of Salesforce and Slack provides an avenue for a new operating system of how e-commerce organisations and companies grow and succeed in the digital space. The merger is anticipated to close in the second quarter of Salesforce’s fiscal year 2022. 

Why it’s Important

Salesforce has struggled to shore up offerings in the collaborative side of the business, which will evolve to be an important part of modern CRMs and ERPs, along with low code dev and integration for process automation and business intelligence tools for analytics. The planning acquisition of Slack rounds out Salesforce’s ‘magic four’ components of a modern digital workplace. 

The Slack acquisition aims at heading off increasingly strong competition from Microsoft’s Dynamics, the Power Platform, Power BI, and Teams.

Who’s Impacted

  • CIOs
  • CFOs
  • COOs

What’s Next?

Consider your future digital workplace architecture based on these five high-level platforms: 

  • A platform consisting of central systems of record (e.g., CRM, ERP, etc.) in the Cloud or Cloud-like environments
  • An integration platform that surrounds the mentioned platforms 
  • A one (or likely two) low-code platform(s) 
  • A platform that provides the needed collaboration tools  
  • A federated information management platform 

Though these five platforms need not all come from the same vendor, nor even be made up of a single vendor’s solutions, Microsoft, Salesforce, and little-known Zoho are all vying for the entire set. The competition for the overall ‘Enterprise Digital DNA’ will heat up significantly through to 2025.  

IBRS expects Salesforce and possibly Microsoft to make new investments in information management platforms from 2021 to 2022. There will be rapid expansion, followed by feverish consolidation of the low code platform market.

Related IBRS Advisory

The Latest

5 December 2020: Australian education solution vendor Tribal, has upgraded its digital learning design chatbot. The move is illustrative of how chatbots can be leveraged to aid complex tasks - in this case, learning content, delivery, and leaner coaching.

Why it’s Important

Chatbots are not unique to Tribal. However, Tribal is demonstrating how such agents can deliver new capabilities into the LMS market, which can be glacial in the adoption of innovation. The Tribal chatbot is aimed at improving knowledge transfer inside an organisation. It assists domain experts to build learning content and share knowledge by recommending approaches to online training.

Who’s Impacted

  • CIO / CTO
  • Service delivery teams 

What’s Next?

Like most forms of AI, chatbots will make their way into organisations through their addition to existing software solutions, either via paid upgrades or as part of the ongoing improvements of SaaS solutions. Chatbots will increasingly act in an advisory manner or as a guide for complex processes inherent in the vendors’ solutions. 

As a result of this trend, staff will be presented with a growing number of chatbots embedded in different vendor’s solutions, each serving a specific purpose. This itself will present a new challenge for digital maturity and staff satisfaction.

Related IBRS Advisory

The Latest

10 Nov 2020: CyberArk launches an AI-based Cloud entitlements manager. The solution combines principles of ‘least privilege’ and ‘zero trust’ to reduce risks of poorly configured access privileges for the major hyperscale Cloud platforms. CyberArk uses AI to determine the context and intent, which in turn provides risk assessment and recommendations for appropriate actions, and automation of remediation. 

Why it’s Important

Poorly configured privileges to Cloud solutions - in particular storage services - is a major cause of data breach. It is a significant risk for all organisations that leverage Cloud resources. Reviewing and maintaining privileges over resources is problematic, even with high levels of automation, because automation will only impact known entities in the environment, and can only address well-defined use cases. 

Who’s Impacted

  • CISO
  • Cloud Teams

What’s Next?

The use of Machine Learning algorithms to interrogate Cloud services and identify and remediate risks is a welcome addition to Cloud security management. While the efficacy of the CyberArk solution is not yet known, IBRS anticipates that this approach will be beneficial and at least provide an additional ‘check’ over sprawling Cloud environments.

Related IBRS Advisory

Conclusion: This month, discussions regarding managed service provider expansion plans, both locally and globally, have been prominent. A number of vendors are expanding bases and offerings, and acquiring skills in preparation for heightened customer demand across areas in the Asia-Pacific region, with a particular focus on digital transformation initiatives. The need for customers to transform and optimise operational frameworks as well as transition workloads has driven a range of mergers, acquisitions and site establishment projects in new markets. Customer demand for assistance with navigating and transitioning during difficult periods is high, but vendors must also prepare to accommodate shifts in buying behaviour resulting from the market growth which is expected to follow.

Read more ...

Conclusion: Organisations wishing to re-engineer their old legacy systems to modernise their environments, leverage the power and cost-effectiveness of Cloud and prepare themselves for the future should explore the new SaaS offerings when developing their service go-to-market strategies and tenders.

Read more ...

Conclusion: Organisations that laid off IT and business professionals during the pandemic due to cost pressures will find it challenging post-pandemic to reset IT services needed to meet client service requirements and those of much leaner organisations.

With many employees working remotely, organisations will need to enhance their cyber security skills while providing secure services in a price-sensitive and cost-constrained environment in which many clients will also be struggling financially.

Vendors will also find it difficult to grow a client’s technology base post-pandemic due to their clients being short of capital, which will frustrate both parties, and once the solution is justified fewer skilled staff (than pre-pandemic if lay-offs occurred) will be available to implement them.

Read more ...

Conclusion: Employees who feel their voices are heard are 4.6 times more likely to feel empowered to perform their best work, and 96 % of employees believe showing empathy is an important way to advance employee retention1. Many organisations understand the importance of employee engagement, yet many organisations also do not develop and deliver successful staff engagement plans or activities2.

Many published strategies centre on the aspirational and critical elements of vision, leadership and growth3. This paper focuses on three practical steps that organisations can implement easily, to help tangibly begin the journey to turn employee engagement results into informed, believable and actionable plans.

Read more ...

Subscribe

Want to get the latest papers from all our advisors? Subscribe, and we'll send you the information you need.

Invalid Input
Please enter a valid email address
Invalid Input
Please enter your mobile phone number
Invalid Input