Saturday, January 30, 2010

The Cell Phone Security Threat

Posted by Mark Brousseau

The majority of large and medium businesses are failing to adequately protect themselves against the growing threat of mobile voice call interception; leaving them vulnerable to loss of sensitive and confidential corporate information. That's according to a new survey by ABI Research on behalf of Cellcrypt.

Businesses clearly recognize the threat of cell phone interception: three-quarters of the surveyed corporations have a security policy covering cell phone calling and four out of five IT professionals surveyed believe that cell phones are equally or more vulnerable to interception than email.

Yet, the research shows that while mobile phones and email are both used routinely to communicate confidential information – with 79 percent of organizations that discuss sensitive or confidential information over mobile doing so at least weekly and 51 percent daily – only 18 percent have explicit mobile voice call security solutions in place.

Research has shown that data loss can have a major impact on market capitalization, reducing it by as much as 5-10 percent, as well as resulting in lawsuits for senior executives, severely damaging their reputation.

The growing problem was highlighted in August, when German hackers announced a project to create a code table that cracks the encryption of GSM mobile calls, used in 80 percent of the world’s cell phone calls. This codebook is planned to be freely available within the next 6 months, and significantly lowers the bar for everyday hackers to crack GSM calls using only a high-end laptop.

One alarming fact emerging from the survey was that 55 percent of respondents in IT roles thought that their organisation had implemented mobile voice call encryption solutions but on further investigation only 18% had actually done so.

“Effective email security has become routine but our research shows most businesses do not apply anything like the same level of robust security to cell phone calls. Companies that do not respond are exposing themselves to attack,” said Stan Schatt Vice President and Practice Director, Healthcare and Security, ABI Research.

“Equally concerning is that a significant number of people who identified themselves as being responsible for cell phone voice call security incorrectly believe the organisations’ mobile calls have been protected when they have not. This perception that they are protected when in reality they are not suggests a serious hole in the information security of many businesses. It is important that companies take urgent steps to review their measures for countering this growing corporate risk area,” Schatt continued.

“In light of this summer’s news that a GSM cracking codebook will be made widely and freely available very soon – possibly before the New Year – and sub-$1000 interception equipment being available soon after, this lack of security is particularly worrying,” says Simon Bransfield-Garth, CEO of Cellcrypt.

“Businesses must plan now for the eventuality that their mobile voice calls will come under increasing attack within the next 6 months. A ‘policy of hope’ towards mobile phone security is not adequate, voice is another data service and should be afforded the same security considerations as email and other corporate communications,” continued Bransfield-Garth.

Security of mobile voice calls is not limited to interception of radio waves between a cell phone and a base station mast: interception risks occur at various segments along a call path which may involve multiple network operators in a variety of countries each having a different levels of security measures and risks.

Among the key findings of the survey:

... 75 percent of the businesses surveyed discuss sensitive or confidential information via cell phones and 81 percent do so via email

... Of that 75 percent, 79 percent of businesses do so at least weekly, 51 percent do so daily

... Of the businesses sampled, 82 percent have a high level of concern about the security of email and 69 percent about cell phone security

... 41 percent of the individuals surveyed think mobile phones are more vulnerable to interception than email and 39% think they are equally as vulnerable to interception as email

... 74 percent of businesses discuss financially sensitive information on cell phones and of those 77 percent believe that if this were intercepted it would have a major impact

... 55 percent of respondents thought that their organisation had implemented mobile voice call encryption solutions but on further investigation only 18 percent had actually done so

What do you think?

Friday, January 29, 2010

Safety on the Health Information Highway

Posted by Mark Brousseau

New HIE Accreditation could act as a safety signpost on the healthcare information highway. Lee Barrett, executive directory of the Electronic Healthcare Network Acceditation Commission (EHNAC) explains:

It’s almost impossible to imagine the engineers and architects behind the scenes of highway and road design and construction approaching their jobs without due concern for road-user safety. After all, building a transportation system and ensuring that its users are safe are intrinsically linked. So it is too with the Nationwide Health Information Network (NHIN). With the NHIN taking on more tangible form and function, the realities of enabling health information to be exchanged securely over the Internet take on new significance and dimension. More specifically, there are compelling concerns for the protection of patients whose records are disseminated throughout this electronic super-highway system.

The NHIN is built on a foundation of trust among all stakeholders in the system, so the major concerns relate to making sure that all stakeholders are equipped with the appropriate protocols in place, and that patient privacy, security and confidentiality are protected. There’s also the question of controlling stakeholder access to patient records and ensuring that the system is protected against breaches to the security of the Network. Without doubt, any breach of this system’s security would be nothing less than catastrophic, since a patient’s confidential records would become quickly available to a large population. Public trust is an intangible component of the NHIN, but it remains a fundamental priority for all stakeholders. If that trust is compromised, it’s difficult, if not impossible, to regain it.

The transmission of healthcare-related data among facilities, health information organizations (HIOs) and government standards, or Health Information Exchanges (HIEs), are integral components of the National Health Information Network. To meet national standards and requirements, HIE technology must enable reliable and secure transfer of data among diverse systems and also facilitate interoperability.

The fundamental definition of an HIE is that it exists to allow access to clinical data toward safer, timelier, more efficient and effective patient care. In effect, HIEs are the “on-ramps” to the NHIN, and like any transportations system, the safety of the entire system is a factor of the safety of these tributaries. With this in mind, HIE accreditation is essential to the success of the NHIN. In essence then, the safety of the HIE at the national level can only be ensured through an accreditation process.

The Electronic Healthcare Network Accreditation Commission (EHNAC), which established standard criteria for the accreditation of organizations that exchange healthcare data recognizes the broader significance of NHIN integrity and has developed a program that protects the integrity of HIEs. Designed for regional health information organizations (RHIOs), community health data/network partnerships and other groups that promote data sharing across multiple, independent stakeholders, EHNAC’s HIE accreditation program assesses the privacy policies, security measures, technical performance, business practices and organizational resources of participating entities.

In order to achieve ENHAC’s HIE accreditation, the HIE must have specific measures in place including:

... Policies for access to the exchange to ensure that those accessing the exchange are permitted users;
... Agreements to provide transparency, foster trust, and establish expectations among participants;
... Auditing and monitoring protocols to ensure that unauthorized access does not occur;
... User authentication to ensure that only the appropriate persons are accessing the exchange;
... Consumer consent policies to ensure consistent practices in obtaining consumer consent;
... Separate and distinguished databases that maintain specific information;
... Governance to oversee the activities of the HIE, and ensure that appropriate privacy and security standards are enforced;
... Private and confidential data maintenance, with appropriate measures to mitigate any potential violation or breach;
... Data is released following strict guidelines established to protect the privacy and security of the data in instances where the HIE engages in appropriate and purposeful secondary uses of data.

By having a national accreditation program for HIEs and HIO’s, stakeholders are held to high standards of accountability, efficiency, scalability and interoperability. Ultimately, this means greater assurance that patient security, privacy and confidentiality are protected and the integrity of the NHIN is preserved as the infrastructure of the electronic highway system is built.

Wednesday, January 27, 2010

The Domino's Theory

Posted by Mark Brousseau

Recently, Domino's Pizza did something practically unheard of in the business world. First, it asked its customers for honest feedback. Second, it actually listened to the painful truth (according to its documentary ad, "The Pizza Turnaround," unflattering words like "cardboard" and "totally void of flavor" were tossed about with abandon). Finally—and here's the shocking part—the company reinvented its product "from the crust up."

Now, if you're the typical business leader, you might be protesting, "But we listen to our customers all the time!" Don't be too sure, says new product development expert Dan Adams. You might think you're giving your customers what they want—but there's a good chance you're actually giving them what you want them to want.

"Many companies are essentially saying to their customers, 'You do need this product, right? Right?'" laughs Adams. "They're starting with a product and trying to talk their customers into giving it their stamp of approval. What looks like soliciting feedback is really a bit of a dog and pony show."

Adams should know. He has spent his career helping some of the largest business-to-business companies in the world learn how to develop new "stuff" that customers want to buy. Through New Product Blueprinting (the process described in his book), his company helps clients bring clarity to the "fuzzy front end" of product development.

So with the Domino's ad campaign making headlines for its boldly honest approach, you might be wondering how your company can follow its lead. Adams offers several tips:

... Ask your customers what they want—in a way that lets them know you really hear them. A lot of companies pay lip service to this idea. As consumers we've all had survey cards slapped down in front of us or fielded post-purchase telemarketing calls. Reconsider how you are collecting customer feedback. Are you doing it in a way that really engages the customer so that you can get the truth?

"There's no substitute for respectful dialogue with customers," says Adams, whose own process helps B2B suppliers elicit idea-generating, peer-to-peer conversations with their customers. "When you can get people truly engaged in the feedback process—I mean really focused on what they need and want from you—you'll get their honest opinions. And that raw honesty is what you need to serve them the right way."

... Don't rely on sales reps alone to capture customer needs. A salesperson is unlikely to uncover a full set of market needs if he is a) rewarded for near-term selling, b) unable to reach true decision makers, or c) not calling on most of the customers in your target market segment. But put a good salesperson on a team with marketing and technical colleagues, train all in advanced interviewing methods, and you'll run circles around your competitors.

Be wary of VOC (voice-of-the-customer) consultants who want to exclude your sales force from interviews because "they can sell but not listen," warns Adams. In the long run, your company will fall behind competitors that have taken steps to develop a team of engaged and enlightened salespeople.

... Take action on what you're hearing. Many companies ask their customers for feedback with the best of intentions. But when they start hearing things they don't want to hear, they find a million reasons to explain it away. As a result, the feedback never gets translated into action.

"A lot of companies will say, 'Oh, they're a difficult client,' or, 'That's not really what they want; it's just what they think they want,'" says Adams. "Either they don't really want to change what they're doing or they don't trust the customer or they don't trust themselves to understand what the customer wants.

"A good interviewer knows how to dig deep and figure out the customer's hidden needs," he adds. "And a smart company will take action to meet those needs—no matter what."

... If you have to scrap your existing products and start from scratch, so be it. Here's the real truth, says Adams: Most suppliers start with their solution, "validate" it by showing it to some customers, and measure market needs by watching sales results... after the product launch! In other words, they're getting it exactly backwards.

"Companies should invert this process: Begin with customer needs and end with supplier solutions," asserts Adams. "While doing things in the wrong order may 'feel' better to you, it is far less likely to result in sales and customer satisfaction. Besides, intelligent customers can detect your 'validation' a mile away. They correctly sense you are more interested in your idea than in them... and that doesn't do much for the long-term relationships you need to build."

... Get everyone in your company connected to the customer's reality. If you watch Domino's new ad, you can see how ego crushing it was for the company's employees to hear customers speak their minds about the flavorless crust and ketchupy sauce. Yet, you can also see how necessary it was for them to hear the harsh truth—it energized them to revamp their product and make it much, much better.

"People inside companies tend to get defensive about their products and processes," admits Adams. "It's only human. But when you can cut through that defensiveness and show them 'Hey, this really isn't working for our customers'—well, that's where true service and value finally begin."

If you're thinking this is a message recession-strapped companies need to hear, you're right, says Adams. The quicker they get it, the more likely they are to survive.

"Figuring out what people really want from your company, and giving it to them, is the whole point of being in business," he notes. "When money is flowing, you can stand some trial and error, some experimentation. When it's not, you'd better get it right now—and 'right' means whatever the customer says it does."

What do you think?

Friday, January 22, 2010

7 Deadly Sins that Stunt Corporate Organic Growth

Posted by Mark Brousseau

You already know that organic growth makes for a stronger company. In today's tough economy it just makes sense to grow from within by developing outstanding products and services that win over new customers and keep current ones coming back. (The alternatives are to grow via debt financing or an army of flush-with-cash buyers on a spending spree—and clearly, neither is easy to come by these days!) Problem is, your competitors are playing by the same rules. But according to Dan Adams, you can outwit them...simply by putting a halt to the mistakes you (and they) are making right now.

"Unless your company has smarter employees, some inherent unassailable advantage, or a markedly different approach to satisfying customers, those competitors always seem to throttle your growth," notes Adams. "But what if you and your competitors were committing some serious mistakes that stunt organic growth—and you corrected them? Wouldn't that be enough to propel you to the front of the line?"

It makes sense. And Adams should know: He has spent his career helping some of the largest business-to-business companies in the world overcome the obstacles that clog up their organic growth engines—the ability to develop new "stuff" that customers want to buy. Through New Product Blueprinting (the process described in his book), his company helps clients bring clarity to the "fuzzy front end" of product development.

"In 20 years the common mistakes B2B companies make will be as glaring as trying to improve quality with inspectors rather than statistics," he says. "Correct them now and you'll enjoy a substantial head start on years of healthy organic growth."

Adams identifies the seven deadly sins that too many B2B companies commit:

Sin #1. Imagining customers' needs in your conference rooms. Does your new product process begin with the word "idea," perhaps with a light bulb next to it? So whose idea is it: yours or your customers? Unfortunately, says Adams, most suppliers start with their solution, "validate" it by showing it to some customers, and measure market needs by watching sales results...after the product launch!

"Companies should invert this process: Begin with customer needs and end with supplier solutions," asserts Adams. "While doing things in the wrong order may 'feel' better to you, it is far less likely to result in sales and customer satisfaction. Besides, intelligent B2B customers can detect your 'validation' a mile away. They correctly sense you are more interested in your idea than in them...and that doesn't do much for the long-term relationships you need to build."

Sin #2. Relying on sales reps to capture customer needs. A salesperson is unlikely to uncover a full set of market needs if he is a) rewarded for near-term selling, b) unable to reach true decision makers, or c) not calling on most of the customers in your target market segment. But put a good salesperson on a team with marketing and technical colleagues, train all in advanced B2B interviewing methods, and you'll run circles around your competitors.

Be wary of VOC (voice-of-the-customer) consultants who want to exclude your sales force from interviews because "they can sell but not listen," warns Adams. In the long run, your company will fall behind competitors that have taken steps to develop a team of engaged and enlightened salespeople.

Sin #3. Counting on just a few VOC experts. Some companies rely on a handful of internal VOC experts to interview customers. You'll do far better training a critical mass of employees—who routinely interact with customers—to gather customer needs. Keep your VOC experts as coaches and trainers, but implement "VOC for the masses." You'll overwhelm competitors by turning a trickle of customer feedback into a torrent.

Sin #4. Using hand-me-down consumer goods methods. "Traditional VOC methods rely on questionnaires, tape recorders, and post-interview analyses," says Adams. "That's fine for consumer goods, but your B2B customers are insightful, rational, interested, and fewer in number. They're smart and will make you smarter if you engage them in a peer- to-peer dialogue. Use a digital projector, let them lead you to their areas of interest, probe with skill, and you'll be shocked at how much you'll learn you never knew."

Sin #5. Gathering only qualitative customer feedback. "I once had a new client who came to me extremely frustrated," recalls Adams. "He had spent months interviewing customers, only to hear his boss say, 'Nah, I don't think they want that; they want this.' Unfortunately, interviewers often hear want they want to hear... and then parade some customer quotes for support."

What you need, adds Adams, is quantitative data, which measure customer importance and satisfaction on key outcomes. Skip quantification and your new product will be based on assumptions, bias, and wishful thinking.

Sin #6. Listening only to immediate customers. Unlike B2C producers, your product might be part of your customers' products, your customers' customers' products, and so on. It's a mistake to interview only your direct customers, because they are usually unable or unwilling to disclose downstream customers' deepest needs. Also, B2C producers assign "one vote" per consumer...while you need to weight the buying power and value chain position of downstream customers.

Sin #7. Ignoring competitors when you design your product. "I find most product development processes are far too casual—and late—in assessing competitive offerings," says Adams. "Your new product makes a lot of money only if two conditions are satisfied: a) it offers significant value to customers, and b) customers cannot get this value elsewhere. Interviews tell you only about Condition A. You need side-by-side testing to learn about Condition B. This allows you to attack competitive weak spots, avoid getting blind-sided, and optimize pricing."

So why is it so important to focus so intensely upon customer needs? Consider three points, says Adams: First, the average new product success rate is only one in four. Over 30 years of research says the number one reason is inadequate market understanding.

Second, the "how" continues to get easier than the "what." You have twin goals of understanding what your customers want, and then how to satisfy them with your solutions. In these days of open innovation and global access to technology, the "how" is easier than it's ever been...if you have a solid grasp of the "what."

Finally, you reap benefits beyond good product design when you use respectful peer-to-peer interviews. You engage customers in the design process, which primes them to buy your product later.

"Our clients often enjoy benefits well before product launch," says Adams. "Their interviews cast them as caring, competent suppliers, so they have a better shot at other near-term business.

"Never forget that relationship building is everything," he adds. "We're living in an age where anyone, anywhere on the globe, at any time can start a business that competes with yours. By engaging customers in a respectful peer-to-peer dialogue and genuinely soliciting their ideas, you position yourself as a valuable partner and not just a vendor—and that in and of itself is a reason to stick with you."

What do you think? Post your comments below.

Thursday, January 21, 2010

Data Hung Out to Dry

Posted by Mark Brousseau

A new survey reveals that in the last year, 4,500 memory sticks have been forgotten in people’s pockets as they take their clothes to be washed at the local dry cleaners.

However, when compared with the same study twelve months ago, the number of these devices languishing forgotten in people’s pockets has halved, and yet it’s still a staggering number of possible data breaches.

However, the study sponsor, CREDANT Technologies, has a theory that this decline is likely to be a change in users’ habits as opposed to a significant breakthrough in people’s vigilance. In fact, its experience on the frontline of this battle is that users are now downloading information onto smartphones and netbooks, which have boomed in popularity in the last year, so although on the surface the decline looks promising in reality the situation has just been spread across a multitude of other devices.

Sean Glynn, vice president and chief marketing officer at Credant Technologies said “Although this study shows a positive drop in the number of lost memory sticks we would urge users to take more care than ever not to download unprotected customer details and other sensitive information that if lost could lead to a security breach, especially now there are harsh fines afoot.”

Concluding Sean Glynn said “This survey is just one illustration of the stark truth that device losses are happening everywhere, everyday, worldwide. Organizations want to leverage the business benefits of mobile computing and provide their employees the flexibility to work wherever and whenever they want to. However, this must be balanced with the requirement of protecting the organizations data. If sensitive or valuable data is being carried then people should protect it with encryption to prevent unauthorised access at any point - as it could easily end up in the wrong hands.”

Wednesday, January 13, 2010

Growing Data Center Challenges

Posted by Mark Brousseau

Data center managers could be facing even more pressure. R. Edwin Pearce (, executive vice president of sales and corporate development for eGistics, Inc. (, explains:

Just when data center and IT managers assumed things couldn’t get any worse, along comes a report from Gartner predicting that the critical issues facing data centers – namely, technology, space and energy challenges – will worsen in 2010. Coupled with the tremendous cost pressures brought on by the economic downturn, the Gartner report should provide a heightened sense of urgency for data center and IT managers looking for pragmatic ways in which to deal with their operations issues.

In its report, Gartner provides several tips for helping reduce data center costs:

• Eliminate those systems that are underutilized or old
• Consolidate multiple sites
• Better manage energy and facilities costs
• Better manage people costs
• Delay the procurement of new assets

To be sure, these are all sound strategies. But savvy data center managers already have implemented (or at least considered) these strategies in response to the economic downturn. In other words, most data centers may have already squeezed as much savings as possible from their infrastructure.

Responding to the data center challenges that Gartner predicts requires a different approach.

Hosted Archive and Delivery
A better strategy is to leverage a hosted image and data archive to address today’s today data center challenges. Able to support images and data from any source, in virtually any format, a hosted archive provides authorized users with access to business information, anytime and anywhere via the Internet. Further, hosted archive solutions can integrate easily into an organization’s existing operations and IT environment, underlying a heterogeneous applications infrastructure.

Assuming companies partner with a provider that leverages redundant Tier 1 state-of-the-art facilities using national communications firms, hosted solutions offer other benefits compared to in-house:

Totally Variable Expense – Hosted archive solutions require no capital investment; customers typically are charged a one-time load fee to add documents. And when an array fills up, or a server must be replaced, it’s the hosted archive vendor’s problem.

Improved Compliance and Security – No one can argue the alphabet soup of stiffer regulatory requirements to control information. Leveraging a hosted redundant archive solution allows companies to offload much of this burden on their vendor. To address the compliance and security issues a vendor must use facilities that are SAS-70 I and II certified, HIPAA compliant, provide audit trails on all activity, and puts stringent controls on access.

Solution Flexibility –Hosted archive solutions vendors already are adept in providing services for multiple applications, processes and document types, and with distributed environments. Most vendors also have the ability to deliver tailored solutions that an internal IT department may not have the expertise to develop. Similarly, hosted solutions can be rapidly installed, and applications quickly added.

Scalability – The performance of in-house archives deteriorates with high volumes and the addition of applications. But there are hosted solutions that archive tens of billions of documents – growing by hundreds of millions per month – with no negative impact. What’s more, the ability to scale hosted archive load rates depending on needs opens unprecedented opportunities for companies who need scalability and availability during times of peak demand, but also need to keep their costs low.

Guaranteed Performance – By virtue of their redundancy and automatic failover, most hosted solutions providers will offer service level agreements (SLAs) guaranteeing 99.999 percent availability – or just 26 minutes of downtime per year. That’s piece of mind.

This all adds up to a comprehensive solution that can help organizations meet worsening data center challenges, while laying a solid foundation that can improve corporate agility and enhance service.

What do you think? Post your comments below.

Monday, January 11, 2010

Mobility Brings ... Hope?

Posted by Mark Brousseau

Nokia CEO Olli-Pekka Kallasvuo told attendees at the International Consumer Electronics Show that the world's developing economies are places of increasing opportunity and upward mobility, where wealth is being created at an incredible rate and business opportunities abound - in part due to the spread of mobile communications.

"Mobile communications have played a big role in bringing hope and higher living standards to literally billions of people," Kallasvuo said during a keynote speech. "The trend promises to accelerate in the coming decade, as the power and capabilities of smartphones spread across the globe."

Kallasvuo discussed how innovators, particularly software developers, can join Nokia in its efforts to be a force for good by helping to accelerate development in these growth markets. He announced the $1 million Nokia Growth Economy Venture Challenge - a $1 million investment from Nokia to encourage innovators and developers to come up with innovate ways to help people and promote upward mobility around the world.

"We've seen what the tech community can do when it focuses on problems that are also opportunities," Kallasvuo said. "We want to channel that energy toward improving lives in the developing world."

Kallasvuo noted that there are about 4.6 billion mobile subscriptions among the planet's 6.8 billion people today. "For the majority of the world's people, their first and only access to the Internet will be through a mobile device - not a PC. And this access is spreading very, very fast."

"In China, every month more than 7 million people gain access to the Internet for the first time, and mostly on mobile devices," he said. "This trend shows no signs of slowing. The mobile device has become a necessity for upward mobility."

Kallasvuo spoke of the importance of understanding every market in which a company does business.

"Business people often tend to lump all of the growing countries outside the West into one category. They call them 'developing countries,' 'emerging countries' or 'emerging markets.' Each of these markets is uniquely different and complex. A one-size-fits-all approach just doesn't work."

Kallasvuo shared the CES stage with Jan Chipchase, whom he described as the "Indiana Jones of Nokia." Chipchase travels the far corners of the world to help Nokia understand how people live and how mobile phones might help them to live better.

"People around the world have shown us that adversity leads to real innovation," said Chipchase. "People in some of the world's most remote and poorest countries have inspired us and amazed us. They know what they need and they find ways to make it happen."

Sunday, January 10, 2010

Time for a Check Up?

Posted by Mark Brousseau

The care and feeding of your scanning operations requires regular audits. ibml President and CEO Derrick Murphy explains:

The television infomercial for a popular kitchen appliance tells viewers that they can, "Set it and forget it!" While that claim might work for rotisserie ovens, it's a bad idea for scanning operations.

Operations require constant monitoring and evaluation to ensure that the right technologies and processes are in place to meet the organization's needs.

Unfortunately, many organizations only take a hard look at their operations when problems become too large to ignore. By then, it's too late.

It's not that organizations are intentionally turning a blind eye to operations challenges. It's that most companies mistakenly believe that implementing state-of-the-art technology -- whether it's software or hardware -- will address their operations needs indefinitely. This thinking couldn't be farther from the truth. Like most things in business, operations requirements and dynamics always are in flux. Documents change. Staff turns over. New business rules are introduced. Technologies evolve.

For instance, there may be opportunities to add technology that has evolved since an initial install, assuming your current hardware and software supports it. You might also have an opportunity to re-engineer your operations based on technology advancements. If neither of these opportunities are available in your current systems environment, the new technology might provide the justification for an upgrade. What's more, as your documents change, you may find that your pre-configured job settings are no longer set for "peak" job performance, since they were designed for other work.

If an operation's infrastructure and processes don't adapt, its effectiveness will suffer.

Organizations must regularly analyze the technology and processes at work in their operations, to identify and correct inefficiencies that may not have existed during their last system implementation. With this information, organizations can be proactive about deploying remedies, ensuring that their business case stays on track, reducing cost, and heading off potential customer service issues.

Elizabeth Herrell, an analyst with Forrester Research, notes that "by evaluating all of the elements of their operations, organizations can identify gaps and recommend changes that will eliminate those gaps and help them better meet their goals." Companies that undertake a review of their processes and technology are better equipped to align their operations with their business objectives, she adds.

This operations review should focus on document preparation, operator proficiency, and scanner maintenance and performance -- the three areas where scanning operations most frequently falter.

Be Prepared
Document preparation is essential to the scanning process.

All staples, tape, paper clips, adhesives and other fastening devices must be removed from all documents prior to scanning. Adequate document preparation aids in keeping the scanners running with minimal downtime due to jams, skews, piggybacks, feeder errors or foreign items interfering with scanner functions. Documents must also be oriented correctly and batched in the right jobs.

Without proper document preparation, operators must correct problems at scan time, significantly reducing throughput. What's more, poor document prep is likely to cause errors on the scanners. Similarly, if staples are not removed, chances are that documents will not be batched correctly.

By auditing its operations, one ibml user determined that scanning its small documents individually would significantly reduce its document preparation time, while increasing scanner throughput. The review also showed that the customer needed a person to back up the operator of its two scanners; the extra person, who removes documents before the feeder tray empties and conducts quick "eyeball" quality assurance tests, has helped eliminate the idle time that previously dogged the customer.

Do Your Best
Well trained and experienced operators also are vital to the scanning process.

An operator who has been running the scanner for a period of time can pick up short cuts that help to minimize downtime from jams, and decrease the amount of time changing from one job to another. For instance, in the event of a jam, experienced operators can identify the last item scanned and pocketed correctly, without having to use a jam recovery wizard. This speeds recovery times.

Conversely, it takes less experienced staff longer to recover from jams and more time to pick up and hand feed documents that need to be scanned. They are more tentative, which slows things down.

As a result of a comprehensive review of its operations, one ibml customer found that it needed to temporarily send someone from its seasoned day shift crew to its night shift to transfer knowledge.

Leave No Trace
Scanner maintenance is absolutely critical to the scanning process.

An operation can have perfectly prepped documents and well-seasoned operators, but if maintenance is not performed properly, and frequently, its scanner will not operate effectively. It is important that maintenance is performed prior to each shift. This includes cleaning the feed tires and reverse belts, making sure the ink jet cartridge is not gummed up and sprays properly, and seeing that all sensors are clear of dust and paper debris. Operators should also record when belts and tires are changed.

Less experienced operators may forget critical steps that seasoned staff know intuitively: how to put belts on the scanner's reverse-belt assemblies or how to put tire assemblies together, as examples.

Through an operations audit, an ibml customer found that operators were placing open drink containers on top of its scanners, where they could spill and damage the machines. The audit also determined that the customer should move trash cans that were placed near the scanner's pocket frame, to avoid accidentally tossing dropped documents -- a hazard to document integrity.

The Payoff
Conducting a regular operations audit can pay big dividends. In the case of one ibml user, a service bureau, the remedies it implemented after an audit resulted in a 60 percent increase in throughput and a 25 percent reduction in jams. Those cost-saving benefits can have a significant bottom line impact.

The key is remembering that your operations requirements won't stop changing just because you implemented new technology. In other words, don't believe everything you see on late-night TV.

What do you think? Post your comments below.

Saturday, January 9, 2010

Greatest Cyber Risks

Posted by Mark Brousseau

More than 40 percent of executives polled by Deloitte believe remote internet access to corporate systems, embedded malware in computers, applications and devices, and little visibility into the security protocols of suppliers and business units are the greatest cyber risks today.

"Cyber attacks today are not only about identity theft, but about stealing information behind companies' firewalls," said Mark White, principal, Deloitte Consulting LLP. "An entire underground economy has been built for the purpose of stealing, packaging, and reselling electronic information. Never before in history has the threat landscape been as deeply penetrated or more rapidly evolving. Never before have nations, corporations or individuals been more electronically exploited."

Richard Baich, a principal in Deloitte & Touche LLP's Security & Privacy practice, noted that security programs need to be strengthened as it has become increasingly evident that criminals with advanced cyber skills continuously invent new and insidious ways to perpetrate criminal acts. "The cyber crime landscape has evolved into a set of highly specialized criminal products and services that are able to target specific organizations, regions, and customer profiles by using a sophisticated set of malware exploits and anonymization systems, which routinely evade present-day security controls," said Baich.

Baich also stated that cyber criminals are now able to target specific individuals within an organization, such as a payroll clerk, and misuse that role to steal information for direct monetary gain. Nation-states are also able to recruit and leverage cyber criminal resources to target organizations or other nations for the purposes of espionage, monetary gain, or to gain military advantage.

"This leaves executives asking what they can do to quickly identify and contain malware and then protect their data. This is after they already spent a good deal of money on traditional protection programs," said Baich. "Companies should consider establishing cyber threat intelligence programs as well as leveraging existing technology and architecture investments to help detect and prevent these problems."

"Data is more valuable than money. Once money is spent it is gone. Data can be reused and can give you the ability to access online banking applications, use credit cards and penetrate firewalls over and over. A famous bank robber from the 1900s was asked why he robbed banks. He said 'because that is where the money is.' Cyber criminals today go to where the data is, because it allows them to access money. Executives need to develop cyber programs to stay ahead of criminals and stop old cat and mouse games," added Baich.

Other polling results included:

... Only 2.8 percent of the participants indicated they did not need a type of cyber threat intelligence or detection program.
... 62.2 percent of respondents did not know how their organization understands what data is leaving the company's network, though 14.1 percent did confirm that their organizations were using a data loss prevention solution.
... 41.4 percent reported that they did not know how their organizations found compromised devices inside of their network.
... More than a quarter (27.4 percent) indicated their organizations rely on some type of antivirus and intrusion detection system.

Peter Makohon, senior manager, Deloitte & Touche LLP, said that "cyber crime may already be in their neighborhoods" and cited the following issues facing executives:

... Current signature-based information security controls are not effective against sophisticated, cyber threats and exploits, which are evolving at a phenomenal rate.
... Companies lack the automated systems and skilled analysts to rapidly analyze, identify, contain, analyze, and remediate compromised devices.
... Information provided by various cyber intelligence sources is often outdated and high level; therefore, companies cannot take effective counter-actions based on that information alone.
... Organizations lack expertise, resources, technology, and process capabilities for taking timely action on these near real-time cyber threats.

What do you think? Post your comments below.

Wednesday, January 6, 2010

New PCI Compliance Challenge

Posted by Mark Brousseau

Remittance operations face even greater challenges from new PCI compliance guidelines. Doug Myers, vice president of sales and business development for Creditron, explains:

A flurry of new regulations, guidelines and clarifications designed to improve credit card security has remittance operations that handle credit card payments -- in the back-office or via walk-up locations -- scrambling. With three new pieces of guidance on the docket for Payment Card Industry (PCI) compliance, and larger fines for non-compliance, these operations face external pressures to beat the deadlines, as well as internal pressures to meet requirements in a strategic and cost-effective manner.

PCI and RP
The PCI Standard is the result of a collaborative effort formed by the five major credit card companies (Visa International, MasterCard Worldwide, American Express, Discover Financial Services and JCB) to develop an efficient approach to safeguarding sensitive data and for the prevention of credit card fraud, hacking and various other security concerns. Any merchant, organization or software that processes, stores or disseminates credit card data must be PCI DSS compliant or they risk hefty fines and/or losing the ability to process credit cards altogether.

Remittance processors that accept credit card payments in lieu of checks must meet the standard.

Failure to comply with PCI standards exposes an organization to two types of liability: substantial penalties, and, more importantly, "charge-back" liability for damages suffered by the card issuer as a result of a data breach. The losses sustained by card issuers includes not only the fraudulent charges made on the accounts of the victims of identity theft, but also the administrative costs associated with the issuance of new cards to customers whose personal information may have been compromised. As a result, these costs can be significant. Add in the damage to reputation associated with the loss of customer card details, and the importance of PCI compliance to remittance processors becomes clear.

Conversely, in an environment where consumers are concerned about privacy and online security, there is an opportunity for businesses to improve their security posture by meeting the PCI standard.

What You Should Do
Remittance operations put their organizations at great risk if due diligence is not practiced and steps are not taken to protect cardholder and member data. Managers must take a very active approach to operational risk management, and not assume that the PCI DSS standard doesn't apply to them.

One strategy to ensure PCI compliance for remittance operations is to work with vendors that have already deployed a PCI compliance program for their entire end-to-end suite. With this approach, the onus is on the vendor to ensure that their underlying software and processes gain and maintain PCI compliance. This won't let operations off the hook for PCI, but it is a lower cost route to compliance.

To see if your vendor has a validated PCI application, visit

Saturday, January 2, 2010

5 IT Spending Tips

Posted by Mark Brousseau

With the new (budget) year upon us, Siamak Farah, CEO of InfoStreet (, offers his top 5 tips for getting a jump on IT spending for 2010:

1. The OS Is Irrelevant!
As the battle of operating systems (OS) wages on between Apple and Microsoft, many businesses feel caught in the middle, unclear of which system to choose. Once a side has been chosen, there is still the ever-present (and recurring) dilemma over which version to choose – not to mention the potential nightmare of migration! (e.g., Should we migrate from XP to Windows 7; What pitfalls, if any, might we encounter?, etc...). Consider, instead, going OS neutral. With the growing popularity of Web-delivered software (also referred to as Software as a Service – or SaaS), companies can relieve themselves of a tremendous headache by relying on experts who deliver always-up-to-date applications via a simple Web browser. This path allows employers to avoid worries over software updates, PLUS, you have the added benefit of being able to “take your desktop with you” (as you can login to your desktop from any computer in the world with a browser and Web access).

2. Ditch the Servers
Perhaps the most significant line item of any IT budget is the costs of hardware (servers); And the hidden cost associated with this occurs when the IT department is pressured to estimate the right size. Assuming a large growth path, many servers must be ordered in advanced to be ready to support the growth. Should downsizing be in the cards, then one needs to plan on decommissioning servers which are hard to dispose of, as they often are worth a fraction of their purchase price. SaaS takes the guesswork out of your budget. In the same fashion that one does not think about the cell phone infrastructure and just orders or decommissions cell phones based on the number of employees, IT managers, can always have the right amount of server power and be poised for growth with SaaS providers.

3. Give Your Employees a (Virtual) Key to the Office
The average American now works longer hours than even our overseas counterparts. If your company makes use of next-generation SaaS tools, your employees can have ANYTIME/ANYWHERE access to their desktop, allowing them to work remotely and during off-hours if that is what is necessary to get the job done. We’ve found that by making remote access to ALL aspects of the work environment easy for our employees, they have become infinitely more efficient – many log-in to check for urgent issues before starting their morning commute and check-in again in the evening – from home. This type of employee dedication can help propel a company from being just a player in their industry to being THE PLAYER.

4. To Thy Own Client Be True
Okay, perhaps that isn’t how the saying actually goes however the sentiment is valid. In this day of aggressive competition, it’s important to use every tool and advantage you can afford to keep in touch with your clients (and have a reliable means for including personal details and generating automated follow-up reminders). CRM (customer relationship management) software is not new, however the leaders in this industry charge more than a pretty penny for their tools. Consider one of the “optimally-sized” versions (such as StreetSmart's Web-based CRM) that can be literally a fraction the cost and which offer the core functionality you need. Don’t be left without such a valuable tool just because you’ve heard CRM software can be too price prohibitive.

5. Automate Your Protection
Every industry has its own set of compliance rules and best business practices. However, many companies overlook one of the most basic – yet most crucial – practices: email archiving. This simple step can offer tremendous piece of mind and protection. Investigate automatic email archiving software which has the potential to serve as the most affordable business insurance you have ever had. Such software works invisibly in the background to back-up ALL employee email, protecting your company from accidental or intentional email deletion.

What do you think?