Monday, November 29, 2010

Electronic Invoicing: A Dog Chasing the Car

By Tom Walker of Open Text

What is electronic invoicing? Just a simple search of the Internet provides several answers. What is the correct way to write the term … spell it out or abbreviate with a big E or little e? Does this relate to outbound invoices or inbound invoices? Is this just electronic data interchange (EDI)? I ask for your comments based on my observation below; when you hear e-invoice…what comes to mind?

For my comments, I will use e-invoice and assume it relates to inbound invoices and I will assume that SAP is the backend solution.

Invoices can be received electronically through several methods. EDI has been around for many years and seemed to have reached its peak. Most major trading partners were EDI-enabled. EDI also requires a specific internal skill set to maintain. The maturity of EDI provides a proven electronic methodology but somewhat relegated to large corporations. Both large companies and small to mid size receive invoices through direct loads from vendor website and upload of files sent from vendors. The direct link to vendors is common with purchasing cards while files uploads are common with utilities.

The thing all of these electronic methods have in common is the elimination of mail room activity and manual data entry. Another commonality is that all may still contain errors in the invoice meta data. Some consider fax or email attachment as electronic but both of these typically require first capture of the image and from that point they are handled the same as paper invoices.

There is a current trend to consider electronic invoice presentment and payment (EIPP) to be e-invoicing as provided by vendor networks. These networks accumulate invoices (typically those invoices still received by paper) from multiple Vendors and then submit them to the respective multiple clients…a many to many relationship. While these networks continue to be unique to specific providers, it is assumed they will eventually provide the ability to “roam” similar to cell phone networks.

Regardless of how a corporation receives e-invoices, it is how you process the header and line item meta data that creates significant additional value to e-invoicing. Moving from paper to e-invoice does not eliminate the vendor from providing incorrect meta data. It does not remove the labor required to correct invoice meta data, to route for approval or to report on the overall end to end processing. It does not provide the necessary process control or audit trails.

SAP not only provides the vendor network capabilities through their Crossgate solution, they also provide SAP Invoice Management which is designed to work with all forms of e-invoice.

So, not unlike the dog chasing the car, it is what you do with it when you catch it that makes the story most interesting.

What do you think?

There’s a Bounty on your Applications

By Anthony Haywood of Idappcom

In the last year there have been a number of organizations offering rewards, or ‘bounty’ programs, for discovering and reporting bugs in applications. Mozilla currently offers up to $3,000 for crucial or high bug identification, Google pays out $1,337 for flaws in its software and Deutsche Post is currently sifting through applications from ‘ethical’ hackers to approve teams who will go head to head and compete for its Security Cup in October. The winning team can hold aloft the trophy if they find vulnerabilities in its new online secure messaging service – that’s comforting to current users. So, are these incentives the best way to make sure your applications are secure?

At Idappcom, we’d argue that these sorts of schemes are nothing short of a publicity stunt and, in fact, can be potentially dangerous to an end user's security.

One concern is that, by inviting hackers to trawl all over a new application prior to its launch, just grants them more time to interrogate it and identify weaknesses which they may decide is more valuable if kept to themselves. Once the first big announcement is made detailing who has purchased the application, with where and when the product is to go live, the hacker can use this insight to breach the system and steal the corporate jewels.

A further worry is that, while on the surface it may seem that these companies are being open and honest, if a serious security flaw were identified would they raise the alarm and warn people? It’s my belief that they’d fix it quietly, release a patch and hope no-one hears about it. The hacker would happily claim the reward, promise a vow of silence and then ‘sell’ the details on the black market leaving any user, while the patch is being developed or if they fail to install the update, with a great big security void in their defences just waiting to be exploited.

Sometimes it’s not even a flaw in the software that can cause problems. If an attack is launched against the application, causing it to fail and reboot, then this denial of service (DOS) attack can be just as costly to your organisation as if the application were breached and data stolen.

A final word of warning is that, even if the application isn’t hacked today, it doesn’t mean that tomorrow they’re not going to be able to breach it. Windows Vista is one such example. Microsoft originally hailed it as ‘it’s most secure operating system they’d ever made’ and we all know what happened next.

A proactive approach to security
IT’s never infallible and for this reason penetration testing is often heralded as the hero of the hour. That said technology has moved on and, while still valid in certain circumstances, historical penetration testing techniques are often limited in their effectiveness. Let me explain - a traditional test is executed from outside the network perimeter with the tester seeking applications to attack. However, as these assaults are all from a single IP address, intelligent security software will recognize this behavior as the IP doesn’t change. Within the first two or three attempts the source address is blacklisted or fire walled and all subsequent traffic is immaterial as all activities are seen and treated as malicious.

An intelligent proactive approach to security
There isn’t one single piece of advice that is the answer to all your prayers. Instead you need two and both need to be conducted simultaneously if your network’s to perform in perfect harmony: application testing combined with intrusion detection.

The reason I advocate application testing is, if you have an application that’s public facing, and it were compromised the financial impact to the organization could potentially be fatal. There are technologies available that can test your device or application with a barrage of millions upon millions of iterations, using different broken or mutated protocols and techniques, in an effort to crash the system. If a hacker were to do this, and caused it to fall over or reboot, this denial of service could be at best embarrassing but at worst detrimental to your organization.

Intrusion detection, capable of spotting zero day exploits, must be deployed to audit and test the recognition and response capabilities of your corporate security defences. It will substantiate that, not only is the network security deployed and configured correctly, but that it’s capable of protecting the application that you’re about to make live or have already launched irrespective of what the service it supports is – be it email, a web service, anything. The device looks for characteristics in behavior to determine if an incoming request to the product or service is likely to be good and valid or if it’s indicative of malicious behavior. This provides not only reassurance, but all important proof, that the network security is capable of identifying and mitigating the latest threats and security evasion techniques.

While we wait with baited breath to see who will lift Deutsche Post’s Security Cup we must not lose sight of our own challenges. My best advice would be that, instead of waiting for the outcome and relying on others to keep you informed of vulnerabilities in your applications, you must regularly inspect your defences to make sure they’re standing strong with no chinks. If you don’t the bounty may as well be on your head.

What do you think?

Tuesday, November 23, 2010

Network Security Facing Dual Challenge

By Dan Joe Barry, Napatech

Network security systems are under pressure. You might not be experiencing it yet, but you will soon. The dual challenge of dealing with more attacks at higher speeds threatens to undermine the stability of the most important commercial platforms of the 21st century; namely the Internet.

What can be done to address these challenges and avert the economic impact of an Internet collapse?

For many, the Internet is synonymous with web browsing, email and chat. But, the Internet and, IP-based networks in general, are now the foundation for a host of commercial services with significant impact on our daily lives.

On-line shopping is familiar to many, as is net-banking, but the financial world has now become reliant on the Internet for executing banking and investment transactions, sometimes thousands per second. Government services have also moved on-line. The Internet is used extensively in education and healthcare to provide distance services and expert consultation. The advent of cloud computing means that corporations will be more reliant than ever on the Internet to support their business.

In short, without the Internet, our lives would come to a grinding halt.

The development of the Internet as a commercial platform has not gone un-noticed by criminal organizations, which are exceptionally innovative in finding new ways of generating revenue! They have displaced the amateur hacker enthusiasts as the key threat to the Internet.

The open and global advantages of the Internet are now suddenly disadvantages as cybercriminals can attack from any location in the world, beyond the reach of domestic law enforcement agencies.

To understand the scope of the network security challenge, consider figures from Trend Micro, a leading provider of network security solutions, who have reported an explosive growth in the number of unique malware samples (i.e. types of attack) over the last 20 years.

Network security system vendors are struggling to respond to these new attacks as quickly as they occur. In a sense, they are playing a cat-and-mouse game with adversaries who are at least as intelligent and innovative at exploiting weaknesses in networks and applications, as they are at detecting attacks.

Higher data rates compound the challenge facing network security system vendors. IP networks are now being upgraded from 1 Gbps to 10 Gbps link speeds with 40 Gbps and 100 Gbps on the horizon. At 1 Gbps, a network security system needs to analyze up to 1.5 million packets per second. At 10 Gbps, this becomes 15 million packets per second. This is per port and only in 1 direction.

The challenge for network security system vendors is to ensure that their systems:

• Can handle up to 15 million packets per second per port in each direction

• Have the necessary processing power and memory to analyze packets in real-time

• Can scale to detect millions of new malware samples and higher line rates

The traditional approach to building network security systems is to build customized hardware including ASIC chip development. However, with the exponential growth in malware and higher line-rates, network security systems need to scale in both terms of data handling and computing power on a regular basis. This in turn means that the lifetime of a product revision will be shorter.

This begs the question: can network security system vendors keep up and have they got the deep pockets required to fund custom hardware and chip development on a regular basis?

It also leads to the question: is there another way?

High-performance network security systems can be based on standard, off-the-shelf PC servers when these are combined with Intelligent Real-time Network Analysis adapters for handling full line-rate data.The advantage of this approach is that it takes advantage of the strong roadmap of PC server and CPU chip vendors who are updating their performance and the number of processing cores they support on a yearly basis.

Basing high-performance network security system development on standard PC servers with Intelligent Real-time Network Analysis adapters provides a path to addressing the dual challenge of more malware at higher line-rates. It provides a cost-efficient, yet high-performance model that allows network security system vendors to focus on their expertise, namely combating cybercriminals and protecting the vital commercial platform that the Internet has become.

What do you think?

Monday, November 22, 2010

Congress Should Amend COICA

Last week, the U.S. Senate Judiciary Committee unanimously voted to approve the "Combating Online Infringements and Counterfeits Act" (COICA). The bill would allow the U.S. Attorney General to obtain a court order disabling web domains deemed to be “dedicated to infringing activities.”

Intellectual property scholars at the Competitive Enterprise Institute praised the bill in principle but warned that the legislation's current provisions threaten free speech and lack crucial safeguards to protect against the unwarranted suspension of Internet domain names.

“Combating piracy and counterfeiting on the Internet should be a priority for Congress, but care should be taken to ensure that legislative attempts to protect intellectual property rights do not harm other vital interests,” said Ryan Radia, CEI Associate Director of Technology Studies. “COICA’s overbroad definition of Internet sites 'dedicated to infringing activities' risks ensnaring legitimate websites. The bill also lacks a provision ensuring that Internet site operators targeted by the Attorney General have an opportunity to defend their site in an adversary judicial proceeding."

Over three dozen law professors recently submitted a letter to the U.S. Senate raising concerns about COICA, arguing that the bill suffers from “egregious Constitutional infirmities.”

“In its current form, elements of COICA raise serious First Amendment concerns,” said Hans Bader, CEI Senior Attorney. “If enacted, the law will not likely survive a constitutional challenge.”

Radia argued that Congress should amend COICA to provide for more robust safeguards, including:

• Providing a meaningful opportunity for Internet site operators to challenge before a federal court an Attorney General’s assertion that their site is “dedicated to infringing activities” prior to the domain name's suspension;

• Requiring that the Attorney General, prior to commencing an in rem action against a domain name, make a reasonable attempt to notify the site’s actual operator;

• Clarifying the definition of an Internet site “dedicated to infringing activities” to ensure that Internet sites with cultural, artistic, political, scientific, or commercial value that facilitate infringing acts by third parties do not face domain name suspension if their operators comply with legitimate takedown requests;

• Instructing the Department of Justice and federal prosecutors not to request that domain name registrars, registries, or service providers suspend domain names that have not been deemed to be “dedicated to infringing activities” by a federal court;

• Requiring the Department of Justice to compensate domain name registrars, registries, and service providers for any reasonable costs they incur in the course of disabling infringing domain names.

What do you think?

Data: Lost or Misplaced?

By Rich Walsh

In taking a look at the Kroll Ontrack “Global Data Loss Causes” survey, I found it interesting that 90 percent of responders have lost data, and 18 percent did not know how the data went missing. Mind you, these losses could be attributed to such occurrences as data that has been corrupted by a virus or just human error – files being misfiled or accidentally deleted. But, I immediately thought, “Perhaps it wasn’t lost; it just couldn’t be found.”

Having written and spoken about data storage for years, one theme has remained constant: the amount of data that corporations must manage is growing and shows no signs of stopping. Keeping track of this mass of data is a daunting challenge for many companies.

I often hear from IT executives that they are frustrated by the multitude of archiving systems at their organizations as more and more repositories are installed to meet data growth. Misplacing data becomes very plausible, and even typical, in this type of environment.

Losing data is never a good thing and when it happens, whether in a household or at a major corporation, it can create some headaches – to put it mildly. In the current environment, losing data is simply not an option as new regulations are sure to put more demands on data recovery. The consequences for missing data can be severe; you only need to read the mortgage-foreclosure headlines to get a sense of this.

Storage professionals may be feeling pressure from IT executives to fix the problem while managing costs. Data management should not be an obstacle to a corporation’s primary business objective. Now is the ideal time to address this issue because there is no apparent end in sight for the onslaught of data.

How is your company handling the barrage?

Rich Walsh is President, Document Archive & Repository Services at Viewpointe. He has more than 25 years of operational information technology experience.

Wednesday, November 17, 2010

Efficiency and Transparency Key Issues in Healthcare Payments Automation

By Lee Barrett of EHNAC

There are major industry shifts already underway that will change how the payment and document industry transacts business. With the complexity of changes taking place in relation to how ARRA, HITECH and HIPAA affect our industries, every payment processor and document manager would be wise to keep a finger on the pulse of the hot topics of the day and trends that provide indication of future directions for the industry.

One important change is the fact that providers and banks will be able to provide reconciled data streams so that any needed claim adjustments can be minimized and there can be a marrying of the remittance and electronic funds transfer. The benefit of this reconciliation is that manual intervention becomes minimal for inputting data into accounts payable applications, and there are few additional contractual adjustments required as compared to the large number needed today. This is, of course, all to the benefit of the provider organization and ultimately the patient or payer.

The second recent trend is, in fact, the revitalization of an old trend. With the ever-increasing cost of health insurance, organizations are seeking more economical solutions to meet the needs of their employees. As a result of this, the industry is seeing healthcare savings plans regaining traction at a significant rate. Health savings accounts or HSAs are most frequently used in conjunction with a benefit debit card, and give employees the benefit of being able to put pre-tax dollars toward deductible payment or coverage of other health related services. Given the complexities of HITECH, HIPAA and COBRA, organizations and financial institutions offering HSAs are required to keep track of changing regulations regarding excise taxes and concerns related to health and financial data security, privacy and confidentiality.

A third recent trend the industry is witnessing arises from the consumer demand for transparency in their healthcare experience, and the desire to have all healthcare payment and records available through a single portal. These “Wealth Care portals” provide for connections and efficient processing of all healthcare needs for a patient, allowing a patient to determine what they owe different providers, by tracking their invoices and payments through a single site. These portals would also give patients the ability to make better-informed decisions, make use of calculators and tools to determine costs and savings and track the status of claims made to their health insurance.

The electronic healthcare and payment-document processing worlds are changing rapidly, with exciting developments coming to light almost daily. To ensure that these trends truly benefit our own customers, it makes sense to stay abreast of the changes, and constantly analyze what the changes mean to our organizations as well as to our stakeholders.

Lee Barrett is executive director of the Electronic Healthcare Network Accreditation Commission (EHNAC).

Going Green with ECM

By Derrick Murphy of ibml

There's no doubt that reducing or eliminating paper-based processes presents clear and sizeable economic advantages. In large part, these cost savings have driven the demand for enterprise content management (ECM) solutions. But digitizing paper-driven processes is also an essential component of the sustainability, or "green," initiatives now underway at companies large and small.

By its nature, ECM promotes efficiency and optimal use of resources. By replacing paper-based processing with electronic processes -- and eliminating paper-related transportation, storage and handling -- ECM solutions can help organizations more quickly realize their green initiatives.

In fact, when you consider the hefty environmental impact of office paper (the U.S. alone consumes about 100 million tons of paper each year, according to the Forest Stewardship Council, or FSC), ECM is a great way to get your organization started down the path to sustainable and green practices.

ECM and the 'Green Movement'
Information and communication technology account for about 2 percent of all carbon dioxide emissions, according to the Energy Information Administration. That might not seem like a lot, but it can easily be reduced. ECM solutions support green initiatives by providing users the ability to:

Reduce paper consumption -- The average worker generates an estimated 45 to 15,000 sheets of paper every day, according to the American Records Management Association (ARMA). ECM solutions allow documents to be processed, managed and stored electronically, including delivery via e-mail, which significantly reduces the amount of paper the average worker consumes each day.

Automate paper-based processes -- Compared to electronic processes, processing paper documents is slow and expensive. ARMA and IDC estimate that the average company spends between 7 to 14 percent of its total costs on document processing in a paper environment. By digitizing document-driven business processes, ECM solutions can automatically identify and route content, such as invoices requiring approval, to the appropriate users or applications, eliminating the need for transportation or multiple copies as well as downstream document storage or shredding/destruction.

Reduce document shipping -- Studies have shown that the average document in an organization is photocopied 19 times. ECM solutions allow organizations to distribute electronic documents securely via intranets, extranets and broadband connection. The more work organizations perform online, the shorter paper trail and the less waste produced. Additionally, this real-time 24/7 access enables employees to review, approve or collaborate on documents without printing or shipping.

Reduce document storage -- Storage requirements for hard copy documents double every three years, according to ARMA and IDC. Storing documents electronically helps companies reduce their carbon footprint by reducing real estate/facilities needs and the associated energy consumption.

Less paper waste -- The average American office worker disposes of 100 to 200 pounds of paper per year, studies show. OB10 cites estimates that production of paper invoices would take up as much space as 10 football fields stacked 100 feet deep (and this doesn't count the storage space before they get to the landfill). ECM solutions address the paper trail that follows many people around and reduce the amount of waste employees generate as well as the energy they consume shredding.

The Financial Benefit
Each of the "green" benefits of ECM solutions mentioned above has an economic benefit:

Reduced paper consumption -- It costs almost $10,000 to fill a four-drawer file cabinet. By leveraging technologies such as e-invoicing, companies can eliminate these paper expenses. For instance, one company is saving $8,000 to $10,000 a month in paper and toner by using ECM.

Reduced document shipping -- Without an ECM solution, an organization might have to copy a document to send to various people. By sharing documents electronically, companies avoid the expenses associated with transporting documents across sites, including courier fees, postage, gas, and vehicle upkeep. Similarly, sharing documents electronically also eliminates the 280 hours per employee that ARMA and IDC say companies spend each year tracking down lost documents.

Reduced document storage -- Paper storage costs an average of $0.14 per page or $1,400 per file cabinet, according to ARMA and IDC. Storing documents electronically eliminates this cost.

Less paper waste -- Digitizing documents reduces a company's costs for destruction/shredding. What's more, in a scanning environment, organizations can physically out-sort and re-use batch headers -- or eliminate them altogether depending on the scanner they use -- to reduce paper waste.

ECM in Action
These aren't hypothetical benefits. Organizations of all sizes, across industries, are achieving "green" benefits -- financial and environmental -- through digital technologies. Here are some examples:

... Banner Life Insurance eliminated the need to photocopy checks and oversized documents (to make them scanner-ready) by deploying scanners that can handle comingled documents of different sizes.

... Wyoming Medical Center (WMC) implemented a solution for scanning medical records. This will eliminate the energy consumption associated with storing its over 13 million pages of patient files in a 5,000 square-foot records room. Additionally, with all of its medical records available online, WMC no longer needs to fax information to physician offices, in turn, reducing paper consumption.

... Humana eliminated the need to insert paper separator sheets between the batches of work it scans by deploying intelligent scanners that can automatically identify different document types.

The bottom line? There's no need to worry that your organization will have to sacrifice operational efficiency or effectiveness to be environmentally friendly. ECM technology can help you do both.

What do you think?

7 Major Projects CIOs Should Consider

Posted by Mark Brousseau

With 2011 predicted to be the year when the IT industry will reach nearly $3.5 trillion in revenue and show long-term growth for the next five years, Gartner analysts say there are seven business and IT issues that warrant the greatest attention and demand the clearest strategies for the future.

“We are increasingly living, playing and working in a digital world where people will have no alternatives but to become ‘more digital’ with the assets they have available,” said Stephen Prentice, vice president and Gartner Fellow. “In 2012, the Internet will be 75 times larger than it was in 2002, and if Facebook was a country, it would be the third largest in the world (after China and India). Device and data proliferation is also a reality that cannot be escaped. Smart devices will rise from 60 billion devices in 2010 to more than 200 billion in 2020.”

“Technology is no longer the preserve of the CIO,” said Ken McGee, vice president and Gartner Fellow. “It has become everyone’s property and everyone’s issue.”

With the IT industry on track to show a compound annual growth rate (CAGR) of 4 percent for the next five years Gartner has identified seven business and IT issues that CIOs should act on during the next three years. “CIOs will need to begin implementing these technologies within three years to meet the six year predictions,” McGee said. The seven issues include:

IT/OT Alignment- Inadequate software management of operational technology (OT) systems will result in a major business failure of a top Global 100 company by 2013.

Executives are realizing there are cost savings and management efficiencies to be gained by integrating the IT and OT groups together. Although efforts to integrate groups are challenging, benefits from streamlined budgets, coordinated planning, consistent technology architectural decisions and maximizing technology purchasing power make for extremely compelling cases for IT and OT group integration.

Business Gets Social -Through 2015, 80 percent of organizations will lack a coherent approach for dealing with information from the collective.

Today, social media is changing the way business is conducted. “Understanding the power of communities, the multiple personas of their members expectations, their aspirations and how to interact with them will become essential skills for business in the 21st century,” said McGee. “However, vast sums of money and enormous amounts of time will be spent during this decade and beyond to discover how IT and business leaders best capitalize on the growing spread, power and influence of social networks.”

Pattern-Based Strategy- Through 2015, pattern-seeking technology will be the fastest-growing intelligence investment among the most successful Global 2000.

A Pattern-Based Strategy provides a framework to proactively seek, model and adapt to leading indicators, often-termed "weak" signals that form patterns in the marketplace. It will allow IT leaders to seek-out patterns amidst the burgeoning information sources and model future possibilities. “We have found that senior business and IT leaders see lack of information shareability as a barrier to growth,” Prentice said.

Cloud Computing- By 2016, all Global 2000 companies will use public cloud services.

Cloud computing represents a shift in the relationship between the providers and consumers of IT-based solutions. It constitutes the basis of a discontinuity that amounts to a new opportunity to shape the relationship between those who use IT services and those who sell them. Gartner said worldwide cloud services revenue (including public and private services) is forecast to reach $148.8 billion in 2014.

Context-Aware Computing- By 2016, one-third of worldwide mobile consumer marketing will be context-awareness-based.

Context-aware computing will foster people to be more digital with the assets they have available. Context-aware computing is taking advantage of location and time and is a new era of augmented reality. More than $150 billion of global telecom spending will shift from services to applications by 2012, and the global market for context-aware services will amount to $215 billion.

“Unlocking this potential will be one of the next major challenges for IT,” said McGee. “For example, we expect 75 percent of new search installations to include a social search element. The world is digital and business leaders can’t ignore it.”

Sustainability- By 2016, sustainability will be the fastest-growing enterprise compliance expense worldwide.

As long as the current science surrounding climate change remains credible, organizations should anticipate that the current focus on energy, water and greenhouse gas (GHG) emissions will continue, and this will draw attention to other environmental issues, such as resource depletion, species extinction, bio-diversity and environmental justice. There will remain many hard trade-offs between an organization’s financial and operational performance and that of its environmental performance. Information systems will be critical in the role — from governance, risk and compliance, through corporate social responsibility systems, to enabling new and more-sustainable business models.

New Realities of IT: Balancing Cost and Innovation with Risk and Governance- Innovation accomplishments will be among the top-three selection criteria for new CIOs by 2016.

With the recent global recession, innovative thinkers must find new ways to create growth — in revenue, jobs and industries — in this new business climate. Cost and value optimization must remain a top priority, while the search for growth continues.

Regulatory and corporate demands for greater attention to risk have already begun to emerge. Gartner also foresees a new emphasis on business change governance.

Beyond 2020, Gartner analysts forecast that two emerging trends will become $1 billion markets. First, human augmentation, a technology that focuses on creating cognitive and physical improvements as an integral part of the human body is slowly but steadily becoming a reality and enhancing peoples’ lives.

The second trend is wireless power devices. By 2011, there will be more than 1 billion PCs and 5 billion mobile phones in use in the world, and based on the levels of demand Gartner foresees cumulative sales from wireless power products surpassing $1 billion by 2020.

“We are reaching these observations by exploring future IT growth and future adoption projections upon demand,” McGee said. “We are looking at emerging business and societal trends and based upon our findings, we will indicate likely future IT winners and losers. This methodology will not replace any existing methodologies, but simply complement existing models.”

“Looking forward, we expect to see more deployment of existing technologies in new and innovative ways, and fewer and fewer genuinely new technologies emerging in the mainstream,” said Prentice. “That is not to imply that no new developments will occur, but we are now starting to see the early indications of precursor and trigger technologies for the next wave of technology, which is likely to run from about 2025 through 2080.”

What do you think?

Monday, November 15, 2010

AFP Conference Attendees Ready to Buy

Posted by Mark Brousseau

After years of being relegated to the sidelines as a result of the economic downturn, attendees at this week's AFP Annual Conference at the Henry B. Gonzalez Convention Center in San Antonio, Texas, appeared to be back in the buying game, reports Mario Villarreal (, president and COO of Houston-based US Dataworks, Inc. ( As evidence, Villarreal pointed to the advertised 30 percent bump in attendance, better booth traffic, and the more substantive conversations with prospects compared to last year.

"After several years of sitting through vendor presentations and strategizing internally about enterprise payments, many of the organizations at AFP appeared ready to buy," Villarreal said. "Based on the conversations we had at AFP, I think we will see a significant number of enterprise payments deals close next year." Villarreal said banks, in particular, appeared interested in enterprise payments.

Two key factors are driving the demand for enterprise payments, Villarreal said. First, operations have reached the breaking point in terms of effectively managing their existing payment silos. By consolidating all of their paper-based and electronic payment channels onto a single platform, organizations can reduce cost, eliminate redundant systems and processes, improve availability, gain better visibility into their payments, and apply consistent controls across their payment streams.

Second, organizations are more confident that they will have the budget necessary next year to kick-off an enterprise payments initiative. Furthermore, banks may be looking to make internal investments that deliver a reasonable rate of return rather than parking their cash and earning a measly 25 basis points, Villarreal said. "By no means are operations flush with cash, but IT budget dollars are loosening up for projects with a clear ROI, and enterprise payments fit that bill," he said.

What do you think?

Friday, November 12, 2010

The Top 5 Compliance Issues That Smolder Beneath The Surface

By Dan Wilhelms

When firefighters arrive at a burning building, their first priority (of course) is to knock down the visible flames. Yet experienced firefighters know that when those flames are extinguished, the job isn’t done yet. That’s the time they go in and start looking for the hidden flames – the smoldering materials in a ceiling or behind a wall that could suddenly erupt and engulf them when they’re not expecting it. They know those hidden fires can be the most dangerous of all simply because they can’t be seen until it’s too late.

For the past few years, IT and compliance managers have been like those firefighters first arriving on the scene. You’ve been putting out the compliance fires – the big issues that have been burning brightly since SOX legislation was passed in the early part of the millennium. You’ve done a good job too, creating a new compliance structure where roles are defined, segregation of duties (SOD) is the standard and transactions are well-documented.

Yet just like those firefighters, the job isn’t finished yet. There are still all kinds of compliance issues that, while not as visible as the first ones you tackled, can still create a back-draft that will burn your organization if you’re not careful. Following are five of the most pressing (and potentially dangerous).

Excessive access – With the complexity of the security architecture that is part of modern ERP systems, it’s easier than you might think to accidentally give some users access to potentially sensitive transactions that might be far outside their job descriptions. Access is usually assigned by the help desk, and in the heat of battle, with many pressing issues, they may not be as careful about assigning or double-checking authorizations as they should be. When that occurs, it can lead to all types of dangers.

Imagine a parts picker in the warehouse being given access to every SAP transaction in the organization (which has happened, by the way). In that instance, the warehouse worker started running and looking at transactions (including financial transactions) just out of curiosity. But what if he’d had a different agenda? He could have changed the data, either accidentally or maliciously, or executed a fraudulent transaction, creating a serious compliance breech.

Even if he didn’t change anything, there’s still a productivity issue. After all, if he’s busy running a myriad of SAP transactions, he’s not busy picking orders.

Excessive access is not the type of issue that will show up in a SOD report. The best way to address it is by installing governance, risk and compliance (GRC) software that makes managing security and authorization easier. The software should also provide you with tools that help you measure and monitor actual system usage so you can see whether the things users are doing and the places they’re going within the system are appropriate to their job requirements. Having automated systems in place is particularly important in smaller enterprises that usually do not have the resources for a lot of manual inspection.

Access to sensitive data – Users don’t necessarily need access to a broad variety of data to pose a risk; they just need access to particular data. For example who can open and close posting periods. Who can view HR salary and benefits information? Again, this is nothing that is likely to show up on a SOD report, yet it’s a very real risk.

We’ve all heard the stories about how a certain soft drink manufacturer’s formula is better-guarded than the launch codes for nuclear weapons. Imagine if the formula was sitting on the ERP system and the wrong person was given access to it – or given access to payroll, HIPAA or other sensitive information.

One key to controlling access to sensitive data, of course, is to exercise more care when assigning authorizations. This is called preventative controls. It’s also important to use reverse business engineering tools to see who does have access to sensitive transactions, whether that access is appropriate, and what they did with the information once they had it. This is called detective controls. It’s like following the smoke to discover where the hidden fire is.

Poor segregation of duties – Although SOD has already been mentioned, some organizations are not familiar with what it is and its purpose. Let’s look at the nuclear missiles analogy again. In order to launch, there are two keys controlled by two different people. Two keys are used to assure that no one person has control of the missiles in case someone decides to “go rogue.”

It’s the same with financial transactions in an enterprise. You don’t want one person to be able to create a vendor in your SAP system and then initiate payment of that same vendor; you’re just asking people to steal from you.

That’s why it’s important to have value-added tools that analyze user access against the enterprise’s SOD rulebook and flag any conflicting functions. An ongoing analysis will point out any areas of risk so they can be remediated, and keep you informed should the situation change.

Of course, in a smaller organization, conflicting duties may not be avoidable. Everyone is expected to wear multiple hats, and sometimes those hats do not allow for proper segregation. In those instances, you need to have tools that can monitor actual transactions and report against them so you can see if a compliance violation is occurring. In other words, if someone has to carry both keys, you know when they’ve inserted them both into the control panel through mitigating controls.

Even with the proper tools, it’s unlikely you’ll ever bring SOD conflicts down to zero. But you can get awfully darned close, and keep an eye on what happens from there.

Introduction of malicious programs into production systems – The modern reality is that ERP systems are rarely steady state. Often enterprises have multiple initiatives going on that introduce new data, configuration and programs into the production systems.

With lean staffing and urgent deadlines, often changes are not properly tested or audited. In other words, they don’t use proper change management. A developer who has the means to do it, the motive to do it and knows whether he/she can get away with it can wreak all kinds of havoc by including malicious code along with legitimate code when new applications are moved into production. Malicious code can download sensitive data, create fraudulent transactions, delete data or crash the systems.

It is critical to have a second person reviewing any changes at every step of the way. What that means is the person who requests the change can’t be the person who develops it; the developer can’t be the person who tests it; the person who tests it can’t be the same person who migrates it into production. In other words, transport development and approvals cannot be given by a single person – instead, an independent approver or even a committee must be controlling the entire process.

Change management duties need to be segregated and managed throughout the entire process. Even if not malicious, poorly coded, untested programs can result in a catastrophic outage. Given that in a large enterprise an hour of downtime can cost $1 million, it’s easy to see why proper change management is worth the investment.

Emergency access – In large ERP environments, there’s always the chance that emergency maintenance of production systems will need to be performed. When it does, and the enterprise is dialing 9-1-1, someone needs to be given emergency “super user” access to everything in the system. Such emergency maintenance is often by outside parties (e.g. the software vender or 3rd party consultants).

The problem is these emergency all-access passes aren’t always tracked very well. Everyone is so fixed on putting out the fire – for example unlocking a sales order that has frozen the entire system – that they never think about documenting what transactions were performed or what data was changed. The risk is increased by the widespread use of generic “firefighter” user IDs whereby the individual performing the actions isn’t definitively known.

You’d like to think that the person you give super user access to can be trusted. But blind trust is what has gotten other enterprises into trouble in the past. The person with full access may make other changes while he/she is in there – either accidentally or on purpose. You need to be able to monitor who has all-access and what they do while they have it.

It is critical to have tools that allow you to track what these super-users do while they’re in the system. Not just for the day-to-day operation of the business, but for the auditors as well. When auditors see someone has been given this additional emergency access, their job is to immediately assume the person did something nefarious. It will be your job to prove they didn’t. You’ll need to show why access was granted, what was done while the person was in there, when/how long the person was in the system, what changes were made and when the person exited.

While it’s important to put out the big compliance blazes, keep in mind those are the ones that are also easy to see. Once they’re under control, take a tip from the professional firefighters and be sure to check for the smaller, smoldering flashpoints. It’s your best insurance against getting burned.

Dan Wilhelms is President and CEO of SymSoft Corporation (, the makers of ControlPanelGRC, professional solutions for compliance automation. He can be reached at

Tuesday, November 9, 2010

Beware of "enterprise surprise" with collaboration tools

Posted by Mark Brousseau

Enterprise social networking and collaboration tools that perform adequately at a departmental level can demonstrate surprising shortcomings when implemented enterprise wide, according to vendor evaluation research from independent analyst firm Real Story Group (formerly CMS Watch).

Organizations are increasingly attempting to extend pilot collaboration and social software efforts across the enterprise, but IT leaders typically run into unexpected scalability problems. “Functional shortcomings or missing administrative services that don’t crop up in a departmental pilot can provide significant challenges when a customer tries to scale a system enterprise wide,” explains Real Story Group Principal, Tony Byrne.

Real Story Group customer research uncovered significant common shortcomings, including:

... A lack of lifecycle management services, including archiving
... An absence of clustering and multi-instance management services
... Clumsy or non-existent configuration management services and testing environments
... An inability to integrate with enterprise role and group management (entitlements) systems
... User interfaces that are not internationalized or localized

“Not every vendor suffers from all of these weaknesses,” notes Real Story Group Analyst Adriaan Bloem, “but even the most platform-like offerings from the likes of Microsoft and IBM can come up short in one or more areas – much to the surprise of the customer assuming that a tool was explicitly designed for large-scale deployment.”

“Customers should remember that many of these products matured in departmental environments,” counsels Byrne, “so in addition to investing in essential governance, adoption, and education programs, organizations that must support enterprise-wide collaboration and networking should carefully simulate large-scale conditions before committing to any single vendor.”

What do you think?

The OIT booth at ARMA 2010

Jim Thumma (left), vice president of sales and marketing for Optical Image Technology, Inc. (OIT), and Vijay Magon, technical director for ccube solutions, in the OIT booth at ARMA 2010 in San Francisco.

The OPEX booth at ARMA 2010

The OPEX booth at ARMA 2010 in San Francisco this week.

ibml's booth at ARMA 2010

ibml's booth at ARMA 2010 this week in San Francisco. ibml was demonstrating its ImageTrac Lite scanner at the conference.

What’s keeping CEOs up at night?

By Rich Walsh

Storage professionals who want to bring new ideas to their organizations on how better to manage corporate data might want to take note of Gartner, Inc.’s “seven major CEO concerns that CIOs should address.”

Gartner’s guide for CIOs provides some excellent insight into what management (CEOs in particular) expects from any new project that involves additional spending or technology upgrades. For example, what Gartner outlines in “investing in new cost efficiencies” is consistent with offsite e-storage management plans that I have been discussing with companies of late.

Not surprisingly, anything that saves money will be viewed favorably. As Gartner’s analysts put it, “CIOs proposing larger structural cost-saving ideas, such as major end-to-end process changes or automations, will likely receive CEO approval.”

Additionally, Gartner points out that CEOs are increasingly expecting that solutions be long-term and sustainable. Ideally, anything proposed should not simply be a quick fix.

Offsite data storage projects can meet those requirements and, done right, can produce long-term cost savings and sustainable solutions. Your management team might be interested to know that many businesses have been gradually moving to offsite data management, successfully trimming costs while being able to continue to access, control and monitor their records.

What steps are you taking to improve operations, your role in IT and data management overall?

Rich Walsh is president, Document Archive & Repository Services at Viewpointe. Rich has more than 25 years of operational information technology experience.

Monday, November 8, 2010

The Challenges in Records Management

Posted by Mark Brousseau

The convergence of physical and digital records management – and tying them together to create an “umbrella” information governance model – is the top concern of records managers, Jim Cuff, vice president of strategy, Iron Mountain Digital, said today during a panel discussion at the ARMA Annual Conference. “Complicating matters is the growing volume of digital data and the issues of eDiscovery.”

Cuff said that the most significant stumbling block in creating an information governance model is that organizations have content – which Cuff affectionately calls “stuff” -- everywhere. “Records managers must figure out where all of this stuff is, and how to bring it all together in a sane approach,” Cuff said.

“Records managers are most successful are those instances where they involve other groups, whether they are IT, legal, compliance or even business folks,” said panelist Victor Owour, senior director, Oracle.

Historically, there hasn’t been a lot of collaboration in records management technology, Cuff noted.

But these stakeholders must determine the components that records managers should focus on. “What we found is that a number of our customers have been successful by planning the obit for their records management program early on in the process. They think through the entire problem and what they hope to achieve,” Owour said. “You want to tie records management into your business processes so it fits seamlessly into what the organization does; this way, it’s no longer a task, it is a convenience.”

Regardless, organizations need a retention hold policy, said Perceptive CTO Darren Knipp.

What do you think?

Sunday, November 7, 2010

SharePoint and eDiscovery Readiness

Posted by Mark Brousseau

When it comes to eDiscovery readiness, getting involved in their organization’s SharePoint initiatives should be a top priority for records managers, Martin Tuip, senior technical product marketing manager, Iron Mountain Digital, said during a presentation today at the ARMA Annual Conference in San Francisco.

SharePoint broke the $1 billion revenue mark last year, and has continued to rise past that total this year, making it the hottest-selling server-side product ever for Microsoft, Tuip said, adding that many organizations are planning to deploy SharePoint 2010 or have already done so.

“But the problem at many organizations is that SharePoint initiatives are being driven by IT, without much involvement from records managers. IT and records managers need each other,” Tuip said. “All of the content in SharePoint might have to retained, depending on your business.”

“From a legal perspective, eventually you will have a matter that will require information out of SharePoint. Those lawsuits will eventually come,” Tuip predicted. “Export functionality is available in SharePoint, but in an extremely limited fashion.” Records managers need to be proactive about working with their IT team to prepare for these inevitable eDiscovery actions, Tuip explained.

“You know that this is coming down the line,” Tuip said.

The first step in implementing SharePoint governance, Tuip said, is to determine what is going to be a vital record for your organization. Then get IT involved in setting the governance standards and determining how to implement them. Organizations can leverage their existing infrastructure to provide for seamless retention of SharePoint content, or “pick a new product that can assist with all of your retention concerns,” Tuip said. He warned that, “eDiscovery is risky. The problem with eDiscovery is that content hides in multiple places. That’s why organizations need an eDiscovery application that provides comprehensive enterprise-wide search queries of the most requested ESI types. A proper eDiscovery application can significantly reduce the collection time associated with lawsuits.”

Tuip concluded: “I love SharePoint. I think that it’s a phenomenal solution. But records managers need to understand that it doesn’t have eDiscovery capabilities, and they’ll have to work with IT to determine how to deal with that.”

What do you think?

Organizations Ramp-up Records Management Technology Adoption Plans

Posted by Mark Brousseau

Enterprises plan to accelerate records management adoption in 2011, Brian W. Hill, senior analyst, Forrester Research, said today during a presentation at the ARMA Annual Conference in San Francisco.

Sixty-three percent of records management stakeholders plan to expand or roll-out new records management products in 2011, Hill said, citing the results of a study conducted by Forrester Research and ARMA. The key drivers of this growth include the need for organizations to manage a broader array of electronic content, support regulatory requirements, and ease eDiscovery pain.

Hill said records management software spending next year will top $250,000 for 17 percent of respondents to the study by Forrester Research and ARMA. “If you factor in some of the other costs associated with records management – such as change management – the figure is actually quite a bit higher,” Hill added.

While spending on records management solutions is on the upswing, satisfaction rates are declining. Fifteen percent of respondents to the study by Forrester Research and ARMA indicated that they are “very satisfied” with their records management solution – down from 23 percent the year before. “Given the maturity of records management, this is cause for concern,” Hill said, adding that there are a lot of reasons for low satisfaction. “Some of them have to do with technology, but others have to deal with people and processes, such as complex and lengthy deployments and the high costs of software and services,” Hill explained.

Synchronizing eDiscovery, records management and archiving efforts was identified as a challenge by about half of the organizations surveyed. “These handoffs are a big headache for organizations,” Hill noted.

And the problem could get worse. “Records management professionals must recognize that expected storage volumes for records systems are significant and growing fast,” Hill said. “Records management stakeholders expecting more than 50 percent storage growth may need to reset their expectations with those of IT storage stakeholders to ensure that capacity plans are appropriately aligned.”

To improve the likelihood of success for your eDiscovery program, Hill suggested the following seven habits:

Effective habit No. 1: Get executive support and build the right team.
Effective habit No. 2: Stop saving everything.
Effective habit No. 3: Streamline legal hold and look to leverage ‘early case assessment’ applications.
Effective habit No. 4: Focus on a broad array of ESI as part of your legal risk mitigation efforts.
Effective habit No. 5: Seek to rationalize systems and processes that support eDiscovery.
Effective habit No. 6: Strategically plan for global eDiscovery implications.
Effective habit No. 7: Accelerate eDiscovery program formalization.

What do you think?

Consumer Bill Payers Want Incentives To Go Electronic

Posted by Mark Brousseau

Consumers pay a lot of bills, and they pay those bills in myriad combinations of channels and methods. Consumers’ bill pay behavior isn’t a trivial matter—changes in behavior can result in millions of dollars of additional or lost revenue, or millions of dollars in cost savings.

Despite the increasing popularity of the Internet and the emergence of the mobile channel as a way to transact and interact, checks sent through the mail remain the most prevalent method for paying bills in the United States.

Aite Group says the number of bill payments made through the mail will fall just short of 5 billion for 2010, accounting for about one-third of all payments made, whereas payments made at a biller site—including recurring and mobile payments—will account for 23% of all bills paid in 2010.

Looking to the future, however, consumers’ bill pay behavior is very likely to change, Aite Group predicts. Roughly four in 10 consumers say they would change how they pay their bills if they received rewards for paying with a debit or credit card, or received a cash incentive for changing their behavior, the research and advisory firm reports. In addition, the rapid adoption of smartphones will help drive bill pay behavior change over the next three years.

“There’s an emerging segment of consumers—which we call Smartphonatics—that will lead to an increase in the use of the online and mobile channels for paying bills,” says Ron Shevlin, senior analyst with Aite Group. “These young and affluent consumers are chomping at the bit to use their smartphones, and are very likely to change how they pay bills if it becomes easier to do so via mobile. The growth of biller-direct over consolidator, coupled with the projected growth in mobile payments, means an opportunity for bill pay solutions providers to create an industry-leading mobile platform.”

What are you seeing?

A Growing Opportunity for Banks in Healthcare?

Posted by Mark Brousseau

The banking industry has been an integral part of the healthcare world for decades, providing back-end financial administration services to health plans, ranging from processing premium payments and the financial part of the claims payments through medical lockbox services.

For banks, growing opportunities exist in the healthcare market, and revenue potential is apparent, according to Aite Group. To this end, banks are developing new products and services by applying business rules from existing products and services to cater to the healthcare space. With increased consumerism in the healthcare space since the beginning of the consumer-directed healthcare (CDH) movement, banks have been leaning on the core strengths and capabilities they have mastered in the retail environment in order to develop new product strategies, Aite Group says.

“Banks are in the unique position to be able to leverage their existing relationships with various stakeholders, including health plans, clearinghouses, healthcare providers, and healthcare vendors,” says Kunal Pandya, senior analyst with Aite Group. “Although banks’ overall focus in targeting the healthcare market is similar across the board, their approach to targeting specific areas varies widely based on their understanding of the space, relationships in the space, and overall corporate strategy.”

What do you think?

Thursday, November 4, 2010

Companies Unprepared to Address Risks Created by New Technology

Posted by Mark Brousseau

Less than a third of global businesses have an IT risk management program capable of addressing the risks related to the use of new technologies, according to Ernst & Young’s 13th annual Global Information Security Survey. In spite of the rapid emergence of new technology, just one in ten companies consider examining new and emerging IT trends a very important activity for the information security function to perform.

A significant increase in use of external service providers and business adoption of new technologies, such as cloud computing, social networking and Web 2.0, is recognized to increase risk for 60% of respondents. Yet, in spite of this, less than half intend to increase annual investment in information security.

Paul van Kessel, Ernst & Young Global IT Risk and Assurance Leader,comments: “Technology advances provide an increasingly mobile workforce with seemingly endless ways to connect and interact with colleagues, customers and clients. These advances represent a massive opportunity for IT to deliver significant benefits to the organization but new technology also means new risk. It is vital that companies not only recognize this risk, but take action to avoid it.”

Over half of respondents state that increased workforce mobility poses a considerable challenge to the effective delivery of information security initiatives, due to widespread use of mobile computing devices. For almost two-thirds employees’ level of security awareness is recognized as a considerable challenge.

"As the mobile workforce continues to grow, so does the level of risk. In addition to implementing new technology solutions and re-engineering information flows, companies must focus on informing the workforce about risks. The delivery of effective, and regular, security awareness training is a critical success factor as companies attempt to keep pace with the changing environment,” van Kessel adds.

Among the other findings in the report:

•Half of respondents plan to spend more over the next year on data leakage and data loss prevention – up 7% from last year. To address potential new risks, 39% are making policy adjustments, 29% are implementing encryption techniques and 28% are implementing stronger identity and access management controls.

•For the first time, continuous availability of critical IT resources was identified as one of the top five risks.

•23% of respondents are using cloud computing services, a further 15% plan to use within the next 12 months. For 85% of respondents, external certification of cloud service providers would increase trust; 43% state that certification should be based upon an agreed standard and 22% require accreditation for the certifying body.

What do you think?

Wednesday, November 3, 2010

Social Nation Building Done Right

Posted by Mark Brousseau

When social media first came on the scene, companies couldn't wait to get on board with the new trend, because they saw it as a way to expand their brands and grow their businesses—and, of course, they had high hopes for return on investment. Now, fast-forward several years. Today, many of these same companies have hired employees devoted to using social technologies but are now faced with answering the all-important question, Now what?

"There's no denying that social networking has worked for some companies and been a flat-out flop for others," asserts Barry Libert, author of the new book Social Nation: How to Harness the Power of Social Media to Attract Customers, Motivate Employees, and Grow Your Business. "Most companies are confused about what social networking really is and about how to successfully leverage it.

"The good news," he continues, "is that these companies don't have to give up their goal of building a successful 'Social Nation,' as I call it. They simply have to change the way they think about it and develop effective strategies. Primarily, they have to learn it's not about technology, as is commonly's about community."

Libert knows what he's talking about. After all, he's the chairman and CEO of Mzinga, a company that provides social software to businesses. Quite literally, it's his job to be social media savvy. And he's adamant that before you start building your own Social Nation, you need to have a well-researched game plan. In fact, it's that knowledge, gathered through years of Mzinga's real-world experience, that prompted him to write Social Nation, a sort of social networking best practices manual.

"There's no denying that people know how to use tools like Facebook and Twitter—they just do it to no avail," Libert explains. "What they should be doing is focusing their attention on their customers, partners, and employees. Listening, acknowledging, connecting, and rewarding these people—and implementing what they have to say. I can't stress enough that social networking isn't about accumulating followers for the sake of having them—it's about building a community that brings real value and true ROI to your company."

It almost sounds too simple—but when faced with skepticism, Libert points out that a focus on building community spelled success for his company's clients long before the advent of Facebook. To date, Mzinga has worked with hundreds of companies to manage a total of 2.5 billion interactions a month through online communities.

Ready to rethink your own company's social networking strategy and start seeing some real value? Then throw out what you thought you knew about social media and read on to learn what really works in the land of social networking, as explained in Social Nation:

Build your own community. "Social Nation" is a catchy phrase, sure—but what does it really mean? Well, social is the construct of wanting to belong with another, and nation is being part of something that has purpose. Taking that into account, then, your company's social networking goal should be to bring like-minded people together in order to achieve a common purpose.

"It's all about connecting people who need to be connected, allowing them to become a part of your company experience," says Libert. "I've said it before and I'll say it again: Technology is important, but it will never be a substitute for community. If you want to see growth, you've got to develop a social network that helps people grow, engages their minds, satisfies their unmet needs, and connects them to one another."

Don't broadcast but share. Talking to someone whose conversation is constantly "me-me-me" isn't anyone's idea of a good time...and that principle also holds true in the world of social networking. It doesn't matter how frequently you update your company's status or blog about its achievements if you never deliver information that your followers actually want and need to hear.

"Always remember to create and disseminate quality content that helps people make good decisions, improves businesses, and enhances lives," advises Libert. "They want to read about topics that are actionable and applicable—so we always make sure our clients at Mzinga are providing their constituents with information, tools, and tips on subjects that are of interest to them."

Don't be a guest in someone else's home. Think about the differences between a house and a home. A house is only a structure—but a home is a place where you feel like you belong. That, Libert insists, is the difference between joining random social media sites for the sake of doing it and embracing and building a truly social business.

Realize that might does not make right. Just as your company should avoid disseminating "me-me-me" information via social networking, it should also avoid dominating the conversation. And make no mistake—a symbiotic two-way conversation is exactly what's going on here. A successful Social Nation always lets its community be part of telling the story, from start to finish. Look at it this way: Employees, customers, and partners are essentially volunteering their time and energy to serve as developers, sounding boards, and advertisements for your company. They want to belong—so let them, and listen to them.

"Recently, a company came to me and asked what they needed to do to become the leader in their industry," Libert recounts. "The first thing they had to do, I told them, was to stop trying to 'lead' everything! Instead, make it your goal to be the definitive 'community.' This will draw people in, and it will turn them into raving fans."

Social Nation tells the stories of companies that have embraced this shift to more open, social business models in substantive ways, forging new paths to workplace collaboration, product development, customer relationship management, brand loyalty, innovation, and profitability.

"What businesses should be doing is focusing their attention not on social media itself, but on how they can use it as a channel in every facet of their business to establish the genuine connections that are increasingly becoming the new path to profitability," says Libert. "As a business leader today, your job is to make sure these things happen, and I believe Social Nation can help you get there."

What do you think?

Tuesday, November 2, 2010

Doing "Different" Right

Posted by Mark Brousseau

In today's business world, "business as usual" is likely to put you out of business. If you're using the same old marketing strategies today because they brought in business in years past, you're in danger of being pummeled by your competition. In order to keep your customers happy (and happily spending!), explains Maribeth Kuzmeski, you have to get their attention, and that means your typical tried-and-true marketing tactics aren't going to cut it anymore. To beat your competition, she says you have to stand out and find ways to be you—uniquely!

"With all the noise in your clients' and potential clients' daily lives, it certainly hasn't become any easier to attract attention and appeal to your target market," says Kuzmeski, author of the new book ...And the Clients Went Wild! How Savvy Professionals Win All the Business They Want (Wiley, 2010, ISBN: 978-0-470-60176-1, $24.95, "But for your business to survive, you have to find ways to cut through that noise. Attracting attention often means that you have to step outside of the current norms and stand out."

If you aren't sure where to get started, Kuzmeski suggests taking a cue from other companies that have taken innovation to heart and used it to successfully win and keep customers.

Read on for some innovation inspiration from companies that found ways to make their customers take notice—while sticking with their values:

The Difference Maker: Buc-ee's
The Dared to Be Difference: Banking on bathrooms. Sometimes what your competitors consider to be "unimportant" may just turn out to be the differentiation that gets customers coming back for more. Buc-ee's gas stations—located throughout Texas—have focused their number-one offering on what people dread most about stopping at a gas station: the bathrooms! Each of the 30 locations has incredibly clean, substantially sized bathrooms, along with full-time attendants to keep them in tip-top shape. Buc-ee's built their entire business around the bathrooms—a feature they knew they could use to differentiate their business.

"This is a great example of how looking at things from a different perspective can really pay off," Kuzmeski says. "Instead of focusing on what clients liked about their industry, they chose to plan their strategy around what customers liked the least and improve upon it. Think about what people dislike most about your industry, service, or product offering. What solutions can you offer? It's a great way to differentiate yourself from your competition and to create some buzz in the process!"

The Difference Maker: Odwalla
The Dared to Be Difference: Juicing with a conscience. Juice company Odwalla was founded in Santa Cruz, California, in 1980 by Greg Steltenpohl, Gerry Percy, and Bonnie Bassett. The trio took the idea of selling fruit juices from a business guidebook. They began by squeezing orange juice with a secondhand juicer in a shed in Steltenpohl's backyard. Their plan was to make enough profit to help fund music programs in local schools.

Odwalla was driven by a corporate conscience and a goal of leading the public toward a closer-to-nature way of nourishing their bodies. The juices were very highly rated for taste. But the true success came in the way that they appealed to their customers. The founders hired marketing and advertising experts and created what they called their "Drink Tank"—a group responsible for developing and managing the Odwalla brand. In building the brand, members of the "Drink Tank" focused on authenticity, alignment, clear narrative, and the value of a strong corporate culture.

"With very little advertising, Odwalla differentiated their brand by extolling the benefits of drinking and supporting a 'juice with a conscience,'" says Kuzmeski. "As a result, people cared and followed and bought. Odwalla appealed to their customers' consciences and it paid off. Essentially, they called their customers' consciences to action. But the strength of that call to action led them to success. How strong is your call to action? Do you frequently tell your customers what you want them to do? It can be an incredible way to drive your customers and potential customers to do exactly what you want them to do."

The Difference Maker: Geico
The Dared to Be Difference: Ensuring brand awareness. When you think Geico, what comes to mind? Perhaps their slogan, "Fifteen minutes could save you 15 percent or more...." Or maybe that gecko with the British accent. Or the stack of money with the eyeballs that seems to distract and attract everyone near it. Or those oft-offended cavemen. Or maybe—just maybe—you think of all four! Geico has done a particularly remarkable job at grabbing attention for their insurance products. And they've done it by frequently and consistently distributing their simple and somewhat annoying messages to establish brand awareness.

"For Geico, frequency of their messages has brought them incredible brand awareness," explains Kuzmeski. "You don't have to have millions to spend on TV, radio, and print advertising to achieve the level of recognition Geico has achieved. What Geico has done is simply repeat, over and over, their message to their prospects. Think about what you can do to repeat your marketing messages to your target market. Do you frequently repeat your core benefits or offerings to your prospects? It's a simple tactic that can yield high results."

The Difference Maker: The Australian Government
The Dared to Be Difference: Offering the world's best job. The Australian Government promoted what they described simply as "the best job in the world" with a creative and extremely successful Internet campaign. The position they were advertising was a six-month contract to be caretaker of a series of islands in the Great Barrier Reef. The government released the story through traditional media (Reuters) and then sustained the buzz over an array of online networks including YouTube, Ning, Twitter, and Facebook. The contest's website received one million hits the day after its launch when the campaign's goal had been to receive just 400,000 hits over the course of the year. Furthermore, the program attracted over 34,000 applicants and generated over $70 million worth of global publicity.

"The lesson here is an important one," asserts Kuzmeski. "You have to evoke an emotion in your customers if you want a response from them. Whether it's hope, love, happiness, anger, or even hate, you want them to feel something. When people are passionate about something, they will act on it, tell their friends about it, and get involved. Think about what messages your company can convey that might provoke an intense reaction."

The Difference Maker: Vistaprint
The Dared to Be Difference: Giving it away for free. As a global company, Vistaprint employs more than 1,850 people, and ships to more than 120 countries around the world. The secret to their huge success? Business cards. Vistaprint wanted to offer their customers something that no other printing company did, so they decided that their hallmark would be jaw-dropping value. By offering 250 business cards for free, with a nominal $5.67 shipping and processing charge, they were able to appeal to their target market: cost-conscious small businesses. Today, 66 percent of Vistaprint's business comes from returning customers. In the first quarter of 2010 alone, they acquired 1.4 million new customers—many who started with a free order.

The Difference Maker: The Bargains Group
The Dared to Be Difference: Teaming up for A-level customer service.Jody Steinhauer began The Bargains Group in 1988 from her kitchen table by purchasing a variety of different clothing and reselling it to discount clothing stores. Today, she runs a multi-million-dollar firm with over 4,000 different items for sale, but the most interesting aspect of the company is its employees.

The Bargains Group is a discount wholesaler of promotional business products, family clothing, accessories, gifts, toys, bedding and linens, personal hygiene products, and tradeshow promotional materials. So how exactly does a small firm with only 20 employees manage to make millions every year without offering prices much lower than their competitors? It's simple: They hire the right people. By focusing on hiring fun, vivacious people who believe strongly in the culture of service, they are able to actually service each of their customers personally. They don't even have a voicemail system!

"While a lot of firms advertise how 'different' their people are, or how they focus on service, The Bargains Group actually proves this assertion," says Kuzmeski. "They don't advertise or employ salespeople—yet they manage to make millions of dollars selling their products. Make sure that your staff is a differentiator for your company. There is great value in good customer service. Happy customers will not only stick around, they will also spread the word!"

The Difference Maker: Dillard's Septic Service
The Dared to Be Difference: Doing the dirty work (literally). James Dillard, owner of Dillard's Septic Service in Annapolis, Maryland, runs a business that most others might consider "beneath" them. Yet Dillard earns a six-figure income doing what many of us would call mundane, boring, or downright disgusting. An October 10, 2007, article in USA Today by Del Jones, entitled "A Dirty Job, But Someone Has to Get Rich Doing It," featured Dillard and other business owners who have entered into careers that many others simply would not. And it is a potential avenue for business owners who are looking for a way to generate more income. In fact, in the Forbes 400 list of the wealthiest Americans for 2009, less than glamorous fields and products—including discount tires, roofing, salsa, lumber, and tequila—have produced extraordinary income.

"You might not consider these to be businesses that would create such great wealth," says Kuzmeski. "But all of these business owners found their niche, and, through it, their differentiation. Think about a product or service that you can offer that no one else will. You don't always have to be wracking your brain to come up with a product or service that is better than anything your competitors offer. You can also come up with a product or service that they simply won't offer. Products or services that others are afraid to touch can mean big opportunities for you!"

The Difference Maker: Man Cave
The Dared to Be Difference: "Manning" up before the rest. Who would have thought a Tupperware-type party for men would be a good idea? Cofounders Nick Beste and Kevin Carlow saw the success stories from female-centric companies like Tupperware, Silpada, and Partylite and thought, why not? As a result, they created Man Cave, an in-home party where hosts throw "Meatings" complete with a set of "Man Laws." For years, thousands of companies have demonstrated and sold products to groups of women in their homes. Now Man Cave does it for men. They aren't just the leader in their industry; they ARE the industry—and they anticipate crossing the $3-million mark by November 2010.

"Don't shy away from an idea just because it's never been done before," Kuzmeski explains. "In fact, discovering an untapped market can be like striking gold in this economy. Instead of following trends, you have to be brave enough to be a trendsetter. It can be the gateway to a big idea and a big payoff."

The Difference Maker: Realtor and Inventor Jean Newell
The Dared to Be Difference: Recognizing it's not what you know, it's who you know.
Veteran Realtor Jean Newell had an idea for her fellow real estate agents. She invented a personal utility pouch (PUP)—a multi-zippered mini-pack designed to carry all the technical tools, keys, contracts, and more that a real estate agent needs. Judging by the initial reaction she received, she knew she was on to something that people wanted. Her objective was to get on QVC, but she was turned down by gatekeepers again and again.

So she decided to reach out to her network, which consisted of other agents, buyers, sellers, etc., and ask for their help. She sent out an email requesting help to find a contact person at QVC for her new product and received an overwhelming response. Within a few days, she had 40 emails from people providing contacts at QVC. She created a quick video to show how she would promote the bag and sent it off to QVC. Within two weeks, she was accepted! Since her initial appearance on QVC, Newell has become a sales superstar and media darling.

The Difference Maker: Toy House
The Dared to Be Difference: Advertising curiosity. In Jackson, Michigan, a city and state hit hard by the economy, toy store owner Phil Wrzesinski was struggling to compete against local big box competitors like Toys "R" Us, Target, and Walmart. And then he had an idea. In August 2008 he began running ads on the local radio station that had local DJs wondering what was in the men's bathroom of the store. Droves of customers started coming in to see what actually wasin the men's bathroom. (The product in question, by the way, was a nightlight that projects stars on to the ceiling and walls of a darkened room.) The result? Despite the down economy, Toy House has seen a steady increase in both loyalty and sales ever since!

"Just because your product may be ordinary, it doesn't mean your promotion of it has to be," advises Kuzmeski. "Clever advertising can peak interest, create buzz, and get people talking—exactly what you want at a time like this. Don't be afraid to take risks with your promotion. Show that your company has an edge. It will set you apart from your competitors."

"To beat your competition in today's economy, you have to be offering something that no one else is—be it a unique product, promotion, offer, staff, or culture," says Kuzmeski. "You can't expect to keep customers coming back if you are offering only the status quo. Don't be afraid to take risks, think outside the box, and be a little daring. Not only will you grow your business, you'll find yourself inspired, recharged, and motivated."

What do you think?

Privacy Laws Must Change with the Times

By Todd Thibodeaux and David Valdez

A brave new world of technological innovation is emerging - some would say it has already emerged. Although we cannot predict the next killer app or revolutionary invention, we can be fairly sure that it will involve the use of personally identifiable information. Consumers have enthusiastically adopted personalized applications of all varieties, yet the way things stand now they must be prepared to sacrifice something at least as valuable: their privacy.

Congress is just beginning the complex process of developing legislation to protect consumer privacy while nurturing innovation in products and services. An important way to achieve the delicate balance between encouraging technology and preserving privacy is for Congress to expand the capabilities of the Federal Trade Commission (FTC) to ensure that it can keep up with the rapidly evolving marketplace.

In the mid to late 1990s, the FTC began reviewing how websites collected and managed consumers’ personally identifiable information. This led to the creation of a set of self-regulatory rules known as the Fair Information Practice Principles, which created four basic obligations: (1) consumers must be notified as to whether their online information is being collected, (2) consumers must provide consent as to whether or not they want their online information collected, (3) consumers must be able to view information a company has collected about them and verify its accuracy, and (4) businesses must undertake measures to ensure that information is accurate and stored securely.

The framework of the Fair Information Practice Principles is a good place to start when considering future privacy legislation. Over the past two decades it has demonstrated a suitable balance between responsible privacy standards and room for innovation. However, as technology evolves, the FTC should be able to keep up. The FTC should be provided with the discretion and flexibility to adapt, update and strengthen the Fair Information Practice Principles as well as its own role in safeguarding consumer privacy in response to changing technologies and consumer needs.

The FTC, in partnership with the private sector, should create privacy notices that are easy to read and understand in conjunction with an education campaign to inform consumers about their rights. Many privacy notices are dense and contain so much legalize that the notices become ineffective because consumers don’t read them.

Congress should provide the FTC with the resources to create an Online Consumer Protection bureau that focuses exclusively on online crimes such as identify theft, e-mail scams, and privacy enforcement. This would expand the FTC’s capabilities to investigate, prosecute and enforce consequences against breaches of privacy.

Any attempt to impose new privacy standards should distinguish between good actors that slip-up inadvertently versus bad actors that aim to cause trouble. A safe harbor program will accomplish this task by reducing liability if actions are preformed in good faith. Safe harbor programs provide a combination of carrot and stick which allow the FTC to execute different programs for different actors.

As policymakers continue to deliberate the best path for balancing the various stakeholder interests around the issue of online privacy, they must remember that any proposed legislation should not be absolute. The current set of privacy principles adopted by the FTC has worked well for over a decade and should serve as a framework for any new legislation. Technology is a moving target and privacy laws should be sufficiently flexible to adapt.

Todd Thibodeaux is CEO and president of CompTIA, a non-profit trade association advancing the global interests of information technology (IT) professionals and businesses ( Todd can be reached at David Valdez is the organization’s senior director of public advocacy. David can be reached at