computerweekly.com retail’s...
TRANSCRIPT
computerweekly.com 13-19 May 2014 1
HOME
NEWS
RETAILERS STRUGGLE TO EXPLOIT DATA
DATACENTRE LESSONS FROM
HEARTBLEED
BIG DATA ISPAYING OFF
FOR EBAY
HJ HEINZ CIO PLAYS KEY ROLE IN
GROWTH PLAN
EDITOR’S COMMENT
OPINION
BUYER’S GUIDE TO ENTERPRISE
COLLABORATION
CISOs DISCUSS THREATS TO IT SECURITY
HOW DIGITAL TECHNOLOGY WILL AFFECT IT LEADERS
DOWNTIME
Retail’s data challenge
TRADERS STRUGGLING TO CASH IN ON BIG DATA COULD LEARN FROM EBAY’S APPROACH
13-19 May 2014 | ComputerWeekly.com
THIN
KSTO
CK
computerweekly.com 13-19 May 2014 2
HOME
NEWS
RETAILERS STRUGGLE TO EXPLOIT DATA
DATACENTRE LESSONS FROM
HEARTBLEED
BIG DATA ISPAYING OFF
FOR EBAY
HJ HEINZ CIO PLAYS KEY ROLE IN
GROWTH PLAN
EDITOR’S COMMENT
OPINION
BUYER’S GUIDE TO ENTERPRISE
COLLABORATION
CISOs DISCUSS THREATS TO IT SECURITY
HOW DIGITAL TECHNOLOGY WILL AFFECT IT LEADERS
DOWNTIME
THE WEEK IN IT
Risk managementRBS splits systems to reduce IT riskRoyal Bank of Scotland (RBS) has split the IT system behind its high-profile outages into three to reduce the risk of a single failure affecting operations, as part of a £750m investment to improve its troubled IT. In its financial statement for the first quarter of 2014, the state-owned bank described the actions it had taken to avoid a repeat of the disastrous IT glitch that left customers unable to access accounts.
Legislation & regulationApple wins $119.6m in latest battle in patent infringement war with SamsungA US court has ordered Samsung to pay $119.6m to Apple for infringing two of its patents in the latest round of court battles between the two. But the court in San Jose, California, also ruled that Apple had infringed Samsung’s patents and awarded the Korean smartphone manufacturer $158,000 in damages.
Privacy & data protectionTarget CEO quits after data breachGregg Steinhafel, the chief executive of US retailer Target, resigned four months after hackers breached Target’s IT sys-tems and two months after the resigna-tion of the firm’s CIO, Beth Jacob. The hackers are believed to have stolen 70 million records that included the names, addresses, email addresses and phone numbers of customers, as well as details of 40 million credit and debit cards.
Datacentre hardwareThe future of the datacentre’s evolution defined by energy use, says researchThe use of solar power, increased cloud adoption, higher utilisation rate and increased density will characterise the datacentre by the year 2025, according to a study polling IT professionals. The report Data Center 2025: Exploring the Possibilities by Emerson Network Power forecast substantial changes to the data-centre ecosystem over the next decade.
Cloud computing servicesCloud the most disruptive force in business in 20 years, says KPMGA KPMG report on the future of invest-ment banking has concluded that cloud computing is proving one of the “most disruptive forces in business in the past 20 years”. The report warned banking institutions to move away from traditional ways of doing business and embrace the latest technologies.
Education & trainingCity University London launches data science and cyber security coursesCity University London will this year begin its first postgraduate courses in data science and cyber secu-rity. City University said this would help busi-nesses fill skills gaps as they try to get more out of the large volume of data they have while protecting it from cyber threats.
access the latest it news via rss feed
UK ASSISTS IN US DRONE SYSTEM
The UK has helped the US military write software to share intelligence for weapons such as drones for the past 14 years.
Those efforts will reach a significant milestone this year when the UK arranges to export software that will interface with a US structure called the Network-Centric Collaborative Targeting (NCCT) system. The NCCT system harvests intel-ligence data for automatic and computer-assisted weapons’ targeting systems. The US pursued this and related Nato intelligence-sharing initiatives as part of a doctrine of net-work-centric warfare, to combine all defence and intelligence systems into one seamless, global military network. TH
INKS
TOC
K
computerweekly.com 13-19 May 2014 3
HOME
NEWS
RETAILERS STRUGGLE TO EXPLOIT DATA
DATACENTRE LESSONS FROM
HEARTBLEED
BIG DATA ISPAYING OFF
FOR EBAY
HJ HEINZ CIO PLAYS KEY ROLE IN
GROWTH PLAN
EDITOR’S COMMENT
OPINION
BUYER’S GUIDE TO ENTERPRISE
COLLABORATION
CISOs DISCUSS THREATS TO IT SECURITY
HOW DIGITAL TECHNOLOGY WILL AFFECT IT LEADERS
DOWNTIME
THE WEEK IN IT
access the latest it news via rss feed
Privacy & data protectionNHS England rethinks Care.data roll-outNHS England has revised plans to fully roll out the Care.data patient record sharing scheme in Autumn. A trial of up to 500 GP practices will go ahead as planned, before a decision is made over future timescales. The initiative – involving GP patient records uploaded to a central database, to improve medical data analytics – was delayed after a public backlash over privacy concerns.
Education & trainingVirgin invites 20,000 students to answer the Big Digital QuestionRichard Branson is encouraging 20,000 young people across the UK to share their opinions in a study investigating the role of technology in education. Virgin Media Business is calling for submissions from pupils and teachers to answer the Big Digital Question: how schools today are embracing the 21st century classroom and how it will enhance learning in the future.
Cloud computing servicesHP pumps $1bn into hybrid cloudHP is investing more than $1bn over the next two years in cloud-related products and support services, including an invest-ment in open-source cloud. The company is launching a range of cloud services called HP Helion to help users build hybrid IT. HP Helion will include existing HP cloud offerings and support services in a unified portfolio.
Legislation & regulationTim Berners-Lee demands a Magna Carta for the worldwide web by 2015The founder and inventor of the world-wide web, Tim Berners-Lee, has repeated his call for a bill of rights for the internet, and urged mass action to achieve it in the face of powerful opposing interests. Berners-Lee first discussed his ideas for a global Magna Carta earlier this year, to mark the 25th anniversary of the develop-ment of the worldwide web at Cern.
Financial servicesCaixaBank launches social media appSpanish bank CaixaBank has launched an app that enables customers to view their accounts and make transactions via Facebook. The social network will be given regulatory approval as an e-money insti-tution soon, which will enable it to offer consumers the ability to store money and pay others by Ireland’s central bank.
Education & trainingGovernment launches Your Life campaign to boost Stem interestThe government has launched a campaign to accelerate participation in science, technology, engineering and maths (Stem) subjects. The Your Life campaign, launched by chancellor of the exchequer George Osborne, will see 170 businesses and institutions offer more than 2,000 jobs and apprenticeships. n
INFLUENTIAL WOMEN IN IT
Nominations are now open for Computer Weekly’s Most Influential Women in UK IT list.
Now in its third year, the women in IT awards focus on role models and IT leaders making a difference to the future of IT. Judges will nar-row down all nominations into a shortlist of 25 women based on the nominees’ influence, achievements, profile, leadership and potential.
Computer Weekly will then invite readers to vote for their choice of the most influential woman in IT in an online poll. TH
INKS
TOC
K
computerweekly.com 13-19 May 2014 4
HOME
NEWS
RETAILERS STRUGGLE TO EXPLOIT DATA
DATACENTRE LESSONS FROM
HEARTBLEED
BIG DATA ISPAYING OFF
FOR EBAY
HJ HEINZ CIO PLAYS KEY ROLE IN
GROWTH PLAN
EDITOR’S COMMENT
OPINION
BUYER’S GUIDE TO ENTERPRISE
COLLABORATION
CISOs DISCUSS THREATS TO IT SECURITY
HOW DIGITAL TECHNOLOGY WILL AFFECT IT LEADERS
DOWNTIME
ANALYSIS
Merchandisers say they lack the analysis tools and expertise to exploit the large amounts of data building up around their customers. Caroline Baldwin reports
Retailers struggle to join up the dots and turn data analysis to advantage
The power of data is becoming clear to organisations of all shapes and sizes, but many in the retail sector are failing
to exploit the benefits of data analysis.Research from eCommera found only 23%
of UK retailers could quickly use available data to take business decisions. Nearly 50% of retailers believed their business intelli-gence tools fell short of their needs, with only 16% saying they were confident that their data analytics tools provided the organisa-tional visibility they needed.
Computer Weekly attended Demandware’s Xchange event in Miami, and it was clear from the keynote that data is going to be a key trend for retailers over the coming year.
Demandware president and CEO Tom Ebling said retailers should make data an important part of their business strategy.
“The future is going to be so personalised, you’ll know the customer as well as they know themselves,” he said.
Tom Davis, global lead for e-commerce at Puma, said retailers were disadvantaged by failing to gain insight into their customers. “If you can’t control your data, you can’t move fast enough,” he said.
The loyalty opportunityFootwear brand Crocs has collected data for some time in the US. But it has not yet managed to tie that data to customer profiles on a global basis.
So far, Crocs has used transactional data to drive product assorting and recommen-dations. But the introduction of a new customer relationship management (CRM) programme will give the retailer a “big data view” of customers, helping it identify customers who have a propensity to buy more easily and more readily, as well as identifying loyal customers to create a loyalty programme.
Only 23% of UK retailers say they could quickly use the data available to take business decisions
THIN
KSTO
CK
Retailers must change and adapt to
technology disruption
wholesalers
fill data void with online
loyalty programmes
“We know the customer who shops in multiple channels has a much greater value and provides us an opportunity for growth as we bring new lines to market and expand the brand,” said Harvey Bierman, vice-president of global e-commerce at Crocs.
Over the years, many retailers have imple-mented loyalty programmes, gaining insights into customers’ habits. Tesco has offered its Clubcard for nearly 20 years while Boots has run its Advantage Card since 1997.
The wholesale problemWholesale retailers use loyalty schemes to fill the data void of in-store shopping. Wholesalers, in particular, face difficulty in gathering information on consumers who buy branded products from resellers such as department or shoe stores.
computerweekly.com 13-19 May 2014 5
HOME
NEWS
RETAILERS STRUGGLE TO EXPLOIT DATA
DATACENTRE LESSONS FROM
HEARTBLEED
BIG DATA ISPAYING OFF
FOR EBAY
HJ HEINZ CIO PLAYS KEY ROLE IN
GROWTH PLAN
EDITOR’S COMMENT
OPINION
BUYER’S GUIDE TO ENTERPRISE
COLLABORATION
CISOs DISCUSS THREATS TO IT SECURITY
HOW DIGITAL TECHNOLOGY WILL AFFECT IT LEADERS
DOWNTIME
Another challenge lies in retailers collating masses of data from all channels.
Jeff Barnett, chief operating officer of Demandware, said: “Millions of consumers are coming to the website every day from different touchpoints, as well as the data from the social universe that retailers are not even able to tap yet. Trying to stitch that together – I don’t think anyone’s been able to really nail that.”
He said real-time analytics is important: “If retailers know you have an affinity for a particular line, they can put a product in front of you that you’re interested in.”
Last year, the cloud-based software-as-a-service provider added the ability to analyse data in real time for anonymised online users as well as registered users. Based on behav-iour and the cookies or trail users leave, retailers can determine where customers are and merchandise to them differently.
Demandware demonstrated a system for retailers to offer online services in-store, which recognises returning customers and connects channels. US sunglasses retailer, Solstice, used the system to show how a customer had browsed online, put an item in the basket but didn’t complete the purchase. They then entered a store to try on sun-glasses and, when a pair was out of stock, the retailer checked stock levels, viewed her abandoned basket and offered a deal.
Sheldon said consumers are likely to shop across many channels before purchasing, perhaps researching online before buying in store days, weeks or even months later.
“But most retailers can’t draw back to the path to purchase,” he said. “There’s a lot of data all over the place, but it’s hard to join up the dots.” n
When a wholesaler sends its products to a reseller, it surrenders all data insight of the customers who buy those products.
Puma’s Davis has experienced this diffi-culty: “In the world of footwear, getting data from the wholesalers is very difficult. We don’t have loyalty programmes, so we have no way of connecting to those consumers if they’ve bought through an indirect channel.”
But both Clarins and Lancôme have regained consumer data by encouraging end customers to register products bought through resellers in exchange for offers, information and free samples.
Martin Aubut, head of e-business and interactive marketing at L’Oréal, said: “You should hire an analytics ninja to make sure you can look at the data, and you are putting energy in the right places.”
But Peter Sheldon, vice-president and principle analyst of commerce technology at Forrester Research, said most retailers are only dabbling in big data analytics. “From a vision perspective, they are seeing the value they can gain from it, but the maturity is low – retail is behind in some respects,” he said.
Sheldon said retailers are fairly mature with web analytics which provide data insights, but struggle for insight into offline channels.
The retail data analytics challengeWhile retailers concentrate on their omni-channel strategies – linking in-store, online and mobile channels to create a seamless customer experience – data is key to tying up offline and online channels.
“There’s not a lot we don’t understand about the online shopper,” said Sheldon, “but we don’t understand the in-store shopper or cross-channel behaviour.”
He said part of the challenge lay in the different systems retailers use for online and
in-store sales. Retailers have been identify-ing consumers with either cookies or
email addresses online, and credit card details or loyalty offerings at the point of sale in store. But more retailers are beginning to offer in-store shoppers a digital receipt that can be emailed.
› UK retailers forge on with click and collect› Tesco CIO Mike McNamara: the digital future› High street retailers deploy multi-channel IT
“There’s a loT of daTa all over The place, buT iT’s hard To join up The doTs”peTer sheldon, forresTer
ANALYSIS
computerweekly.com 13-19 May 2014 6
HOME
NEWS
RETAILERS STRUGGLE TO EXPLOIT DATA
DATACENTRE LESSONS FROM
HEARTBLEED
BIG DATA ISPAYING OFF
FOR EBAY
HJ HEINZ CIO PLAYS KEY ROLE IN
GROWTH PLAN
EDITOR’S COMMENT
OPINION
BUYER’S GUIDE TO ENTERPRISE
COLLABORATION
CISOs DISCUSS THREATS TO IT SECURITY
HOW DIGITAL TECHNOLOGY WILL AFFECT IT LEADERS
DOWNTIME
ANALYSIS
Lessons datacentre professionals can learn from the Heartbleed bug
The Heartbleed bug, an OpenSSL cryptographic library flaw that allows attackers to steal sensitive informa-
tion from remote servers and devices, has affected nearly two-thirds of websites.
Ever since the bug was made public, hard-ware, software and internet service providers have moved quickly to apply patches and advise customers to change passwords.
But what datacentre lessons can be learnt from Heartbleed?
Heartbleed was introduced to the OpenSSL code in December 2011, but the bug was only made public on 8 April 2014 after research-ers at Google and Finnish security firm Codenomicon discovered that a coding flaw could enable hackers to access unencrypted data repeatedly from the memory of systems using vulnerable versions of OpenSSL.
The bad news with the Heartbleed bug is that there is no data on the server that can be used to determine whether you have been
compromised, said Gartner research direc-tor Erik Heidt. This means response has to be fast, holistic and strategic. “Organisations that just apply the patch and take no other remedial actions will regret it later,” he said. “Applying patches and changing passwords does not mean victory. A patch is just like a Band-Aid – it does not cure the sore.”
One lesson that datacentre profession-als could learn from Heartbleed is to enable application automation in datacentres.
Application automation offers a better response to security breaches across serv-ers, said Heidt. This is because a datacentre is home to thousands of web servers and updating the servers with automation will be easier and quicker.
“Having a good privilege access manage-ment strategy and datacentre orchestration are other ways datacentre professionals can respond better to such crises,” he added.
Such an unprecedented security breach requires holistic action. IT professionals must have good relationships with technical experts inside and outside the company to solve the problem, said Heidt.
Companies that had provisioned for data-centre orchestration and centralised server management, as well as having up-to-date management tools, were able to respond quickly to the Heartbleed crisis.
While at a technical level Heartbleed had fewer lessons, it did offer lessons on how datacentre owners should react when the news broke, some experts have said. Another important lesson for datacentres is that open source hardware is not necessarily risk-free.
Application automation is one of the important lessons datacentre professionals can learn from the Heartbleed bug, says Archana Venkatraman
Tests prove Heartbleed bug
exposes OpenVPN
private keys
Infosec 2014: Threat
knowledge is key to cyber security, say
experts
“a paTch is jusT like a band-aid – iT does noT cure The sore”erik heidT, GarTner
MA
ART
JE V
AN
CA
SPEL
/IST
OC
K/T
HIN
KSTO
CK
computerweekly.com 13-19 May 2014 7
HOME
NEWS
RETAILERS STRUGGLE TO EXPLOIT DATA
DATACENTRE LESSONS FROM
HEARTBLEED
BIG DATA ISPAYING OFF
FOR EBAY
HJ HEINZ CIO PLAYS KEY ROLE IN
GROWTH PLAN
EDITOR’S COMMENT
OPINION
BUYER’S GUIDE TO ENTERPRISE
COLLABORATION
CISOs DISCUSS THREATS TO IT SECURITY
HOW DIGITAL TECHNOLOGY WILL AFFECT IT LEADERS
DOWNTIME
Datacentre expert and Quocirca direc-tor Clive Longbottom said: “Any datacentre operator should have been able to provide cool, calm advice to its customers, and should have had the tools in place to patch OpenSSL to get rid of the problem and then advise customers to change their passwords.
“There was far too much FUD [fear, uncer-tainty and doubt] around this – too much ‘advice’ to change all passwords now – which only makes the problem worse, because the changed password could be compromised.”
Server virtualisation provider VMware, which has nearly 500,000 customers, started issuing Heartbleed patches last month. As many as 27 VMware products were affected by Heartbleed.
Its security announcement email to users read: “Throughout the week commencing 14 April, VMware will be releasing prod-uct updates that address the OpenSSL Heartbleed issue. VMware expects to have updated products and patches for all affected products by 19 April.”
But some VMware users took to Twitter to complain about the security patches, saying the update was slow and came late.
Evaluate the issueEach operator should have been able to evaluate the scale of the issue rapidly and advise accordingly, experts said.
A datacentre disaster recovery strategy should have been in place and datacentre professionals should be scaling that up only to respond to Heartbleed, not modifying it or devising a new strategy after the incident, said Gartner’s Heidt.
London-based datacentre provider City Lifeline said a well-run professional datacen-tre should have consultancy services avail-able to help its customers test their systems in advance, and it should train staff to make them aware of information security threats.
Roger Keenan, City Lifeline’s managing director, said an example of this is “penetra-tion testing”, otherwise known as “ethical hacking”, whereby a benign expert attempts to evade the security precautions taken by the target company and gain access to confi-dential information. The expert then reports back to the company on its success, with recommendations for improvements.
“Although on this occasion the process would not have identified Heartbleed, it pro-vides datacentre users with confidence that it has identified and mitigated against many other, more common threats,” said Keenan.
The big issues for datacentre operators are how they manage customer services and how they deal with the OpenSSL vulnerability.
Andrew Kellett, principal analyst, infrastructure and software, at Ovum, said: “If an operator was affected and believed customers’ passwords had been put at risk, it has to clearly state it will fix the problem and, at the appropriate time, users must change
passwords.” Such communication was not very clear this time, he said.
“Some operators and big tech giants reas-sured customers by saying they were not at risk, but it was not clear whether there was a breach and it had been fixed or whether their servers were not affected at all,” said Kellett.
Longbottom added: “A holding page on their websites could explain what [the bug] means to customers and what steps the operator is taking.”
If the operator is dealing with highly sensi-tive data, it should suspend logins and deal with each customer separately, experts said.
There will be more Heartbleeds, and the likes of Google and Amazon will probably handle the problem very efficiently, said Kellett. But the smaller datacentre providers may take time to respond.
He advised CIOs: “Look to your service level agreement and see what it says about security and check with your datacentre provider that, if it has had the problem, it has dealt with it.” n
ANALYSIS
“There was Too much advice To chanGe passwords now, which only makes The problem worse”clive lonGboTTom, Quocirca
computerweekly.com 13-19 May 2014 8
HOME
NEWS
RETAILERS STRUGGLE TO EXPLOIT DATA
DATACENTRE LESSONS FROM
HEARTBLEED
BIG DATA ISPAYING OFF
FOR EBAY
HJ HEINZ CIO PLAYS KEY ROLE IN
GROWTH PLAN
EDITOR’S COMMENT
OPINION
BUYER’S GUIDE TO ENTERPRISE
COLLABORATION
CISOs DISCUSS THREATS TO IT SECURITY
HOW DIGITAL TECHNOLOGY WILL AFFECT IT LEADERS
DOWNTIME
CASE STUDY
Auction site is using web analytics to create a ‘local shop’ experience for customers, but there is a daunting volume of data to handle, says Cliff Saran
How big data is powering success for eBay’s customer journey
With 50TB of machine-generated data produced daily and the need to process 100PB of data all
together, eBay faces a huge data challenge.This deluge of data is helping eBay to emu-
late the know-how that customers used to get from a local shop owner; the only differ-ence is, it is trying to achieve this across its global auction sites.
Speaking at the Gartner CRM Summit in London, David Stephenson, head of global business analytics at eBay, said the auction site’s goal is to make shopping successful.
As a marketplace, eBay’s primary business involves being successful from a buyer’s and a seller’s perspective, he said.
The company is using analytics to help it understand its customers better. Stephenson’s ambition is to take the kind of personalisation possible in a small shop and apply it to the world of eBay. “In a small store, engaging the customer is key, helping them with search and recommendations, understanding their preferences and learning from existing customers,” he said.
Web metricsWeb metrics data is the raw material at Stephenson’s disposal. The auction site generates a huge amount of web analytics, which Stephenson called “the customer journey data”. This tells him what people do on eBay and how they use the site.
“The web can offer the same experience [as a local shop], and provide customers with comparisons,” said Stephenson. “We can learn customers’ intentions.” All this insight drives technology changes at eBay.
The challenge for eBay is that web analyt-ics is like having a video camera mounted on the head of every customer going into a supermarket, said Stephenson. Recording everything every customer does generates
100 million hours of customer interaction per month, creating an unmanageable amount of customer data. “There is no way to start if you want to process 100 million hours [of web analytics],” he said.
“We need to understand customers, learn from our customers and apply data science techniques to allow us to get more data and new types of data.”
The eBay site has 100 million customers who list items in 30,000 categories. The site processes thousands of dollars’ worth of transactions per second, and Stephenson described this transactional data as “just the tip of the iceberg”.
He admitted eBay is starting to struggle to process all the customer journey data. The big data challenge is that asking a simple business question such as “What were the top items that showed up in searches yes-terday?” involves processing five billion page views. “So there is a huge problem just to ask a basic business question,” said Stephenson.
But eBay needs to do more than ask simple questions. Stephenson said the site wanted to run sentiment analysis, network analysis and image analysis, all of which cannot be
eBay’s 100 million customers can generate a staggering 100 million hours of web analytics each month
eBay goes big on Nimbus
all-SSD system
eBay boosts virtual servers
with 100TB of flash memory
computerweekly.com 13-19 May 2014 9
HOME
NEWS
RETAILERS STRUGGLE TO EXPLOIT DATA
DATACENTRE LESSONS FROM
HEARTBLEED
BIG DATA ISPAYING OFF
FOR EBAY
HJ HEINZ CIO PLAYS KEY ROLE IN
GROWTH PLAN
EDITOR’S COMMENT
OPINION
BUYER’S GUIDE TO ENTERPRISE
COLLABORATION
CISOs DISCUSS THREATS TO IT SECURITY
HOW DIGITAL TECHNOLOGY WILL AFFECT IT LEADERS
DOWNTIME
second data initiative. Seven years ago, the company began a project to store all its cus-tomer data. “For the customer journey data, we wanted to scale our big data solution 100-fold for the same price [as the enter-prise data warehouse],” said Stephenson.
The auction site needed a product that could handle hundreds of petabytes of raw customer journey data, but would be easy to maintain by a team of five people, yet could be accessed easily by analysts.
It worked with Teradata to develop a custom appliance built with several hundred user-defined functions. The system was built on commodity hardware, with proprietary software to process all the customer journey data and store it cheaply. The end result is a custom data warehouse called Singularity.
The system eBay has developed can run ad-hoc queries in 32 seconds. Stephenson said that at the time, Hadoop would have taken 30 minutes to run such queries. “Hadoop may not be best [suited] for business-critical issues such as really under-standing your customers,” he added.
Along with the enterprise data warehouse and Singularity, eBay is also using Hadoop, which completes the third side of its data analytics triangle. It has built two 20,000-node Hadoop clusters with 80PB of capacity, said Stephenson. These work alongside the Teradata data warehouse and Singularity custom data analytics appliance to give eBay the tools it needs to use data analysis to fol-low the customer journey.
Test ideasStephenson said Singularity is proving its value in “A/B testing” on the site. This allows eBay to test ideas on the site and assess what works, such as whether site visitors prefer bigger pictures in search results.
The technology can also power search hints, a concept Stephenson called “an economist in a box”. It is possible for eBay to present search query tips based on topics that power users have already asked. “Just about every question that could be asked has already been asked by a power user,” he said.
Such searches enable eBay sellers to see whether it is best to set a low auction reserve price, whether free shipping matters, and other questions related to selling on eBay. n
run in a traditional transactional database.The company has split its data analytics
across three platforms, the first of which is a traditional enterprise data warehouse from Teradata. This core transactional system must be extremely reliable, said Stephenson. “The system can’t go down. Every day we process 50TB of data, accessed by 7,000 analysts with 700 [concurrent users].”
In 2002, eBay built a 13TB Teradata enter-prise data warehouse, which effectively pro-
vides a massive parallel relational database. This has now grown to 14PB, with the system built on hundreds of thousands of nodes.
The enterprise data warehouse gives great performance on standard structured queries, said Stephenson, but it is unable to meet eBay’s needs for storage and processing flex-ibility. “These systems are fairly expensive, so when you are looking at adding 50TB of data every day, costs are prohibitive,” he said.
In terms of customer journey data, eBay used to keep a sample of 1% and throw the rest away, said Stephenson. It may make sense to record what customers do, then throw away the data that is not required, he said, but added: “For a lot of questions, we don’t know ahead of time what we want to ask about the customer journey. About 85% of the analytics questions we ask are new or unknown. If you impose structure and throw out data, you cannot ask questions you don’t know, but if you store everything, you will have 100 million hours of data [per month] and won’t be able to analyse it all.
“There is a tension, either to impose struc-ture on the huge [web analytics] data set by throwing away data, or keeping all the data collected but not being able to work on it.”
To address this issue, eBay started its
“when you are lookinG aT addinG 50Tb of daTa every day, cosTs are prohibiTive”david sTephenson, ebay
CASE STUDY
computerweekly.com 13-19 May 2014 10
HOME
NEWS
RETAILERS STRUGGLE TO EXPLOIT DATA
DATACENTRE LESSONS FROM
HEARTBLEED
BIG DATA ISPAYING OFF
FOR EBAY
HJ HEINZ CIO PLAYS KEY ROLE IN
GROWTH PLAN
EDITOR’S COMMENT
OPINION
BUYER’S GUIDE TO ENTERPRISE
COLLABORATION
CISOs DISCUSS THREATS TO IT SECURITY
HOW DIGITAL TECHNOLOGY WILL AFFECT IT LEADERS
DOWNTIME
INTERVIEW
HJ Heinz CIO full of beans over IT’s major role in global expansion plans
Despite being a ubiquitous brand worldwide, food
production giant HJ Heinz is gearing up to
expand its international presence further – and a huge technology modernisation programme encompassing 23 countries is expected to be a core part of that process.
The executive responsible for IT at Heinz is Leandro Balbinot, a veteran who previ-ously ran technology at Brazilian retail chain Renner and beverages company AmBev.
After five months as a consultant at one of Heinz’s owners, investment firm 3G Capital, he set out to re-energise the agenda of the company’s lean 190-strong global tech team.
After joining Heinz as global chief informa-tion officer (CIO) last June, Balbinot had the remit of “preparing the company to be more efficient and ready for global expansion”.
In practice, this meant accelerating projects that the IT chief says were running at a “very low pace”, standardising platforms and inno-vating in areas “where it makes sense”.
SAP roll-outBalbinot is a proponent of buying off the shelf and standardising, so the first and largest project to tackle was the global roll-out of the latest version of SAP’s enterprise resource planning (ERP) suite.
He says the SAP roll-out had been going on for years and was complete in only a few countries, so it was decided to change the plan and start a faster implementation of the system in the company’s biggest markets.
“At the time I joined, only 30% of company revenues were covered by the system,” says Balbinot. “We then decided to do a very fast implementation of SAP to the rest of the firm and we have been rolling it out in the UK, to Russia and the US, our three biggest markets.
The SAP platform replaces myriad setups, including industry-specific ERP systems and older versions of SAP – as in the UK, where version 4.2 had been running. Most of Heinz’s big markets will have the new ERP platform running this year, including China.
Another area where Heinz is removing older systems and standardising is human resources (HR). Balbinot says Heinz had a “very different standard” for HR in every country and wanted to replace its portfolio – which included platforms such as PeopleSoft – with cloud-based application WorkDay.
“We are looking seriously at cloud solu-tions for most of the things we’re implement-ing for now,” he says. “Workday is cloud-based, very dynamic and fast to implement.”
Another example of Heinz using cloud-based systems for core areas is the imple-mentation of Salesforce.com across its FoodService operation in most countries. This is already in place in the UK and Canada and the company is introducing it to the US, China and all Asia-Pacific operations, includ-ing Singapore and Australia.
Heinz also uses the SAP-owned Ariba cloud-based procurement system, which allows streamlining of sourcing and the
Leandro Balbinot, global CIO at HJ Heinz, tells Angelica Mari how he is handling a technology modernisation programme covering 23 countries
CIO interview:
Carlos Morgado,
Just Eat
CIO interview:
Paolo Cinelli, Ikea
CW500 interview
computerweekly.com 13-19 May 2014 11
HOME
NEWS
RETAILERS STRUGGLE TO EXPLOIT DATA
DATACENTRE LESSONS FROM
HEARTBLEED
BIG DATA ISPAYING OFF
FOR EBAY
HJ HEINZ CIO PLAYS KEY ROLE IN
GROWTH PLAN
EDITOR’S COMMENT
OPINION
BUYER’S GUIDE TO ENTERPRISE
COLLABORATION
CISOs DISCUSS THREATS TO IT SECURITY
HOW DIGITAL TECHNOLOGY WILL AFFECT IT LEADERS
DOWNTIME
purchase of raw and indirect materials through networks of over a million suppliers.
“We are working hard to create our ‘shop-ping mall of global solutions’,” says Balbinot. “So for the areas where we see a gap, we are bringing in solutions to be rolled out glob-ally. We did that with Salesforce and SAP, so standard market solutions, and something working well in a country, we will consider that as a global solution as well.”
As well as driving standardisation across the large platforms Heinz uses, the CIO is simplifying its hardware infrastructure.
“We want to create something that is efficient and doesn’t need administration,” he says. “We also want to be able to duplicate our infrastructure very quickly if we need it.”
The cloud approach in current big roll-outs is instrumental in Balbinot’s plan to simplify infrastructure, including an upcoming global implementation of Microsoft Office 365.
Datacentre consolidation is also part of that exercise. The company has one such facility in Europe and two in North America, one in Brazil and one in India, as well as other small, local datacentres around the world.
According to Balbinot, the aim is to scale that down to three locations by the middle of this year. The sites will be managed by Xerox.
Value of ITTo meet the expectations of the business and demonstrate the value of IT, Balbinot says involving IT in the overall business strategy, as well as driving transparency, is key. “We normally don’t have targets, such as ‘we have to implement the product by this date’, in our area,” he says. “Instead, we have to achieve the results this project is bringing and that helps IT to be more connected and interested in what the business wants to do.”
The same approach goes for charging mod-els. Contrary to many of his peers, Balbinot believes charging back to the business unit in a service fashion is not good because it cre-ates a burden that can be hard to manage.
“I don’t believe in charging every cost to the business. I believe in visibility – being able to track and share [expenditure] with every area of the business, so how much they are making IT work for them, how much IT is investing for them and what is the result.
“Normally, it is difficult for the business to
understand what service levels are about and how they are linked to the services they are receiving. We have a lot of targets and meas-urements to guarantee we are delivering according to business needs, but I present all that in a way the business understands.”
The CIO is equally pragmatic about the emergence of shadow IT and business areas procuring their own IT systems. Having a centralised budget also helps to mitigate that issue, says Balbinot, because IT needs to approve every technology-related pur-chase and that helps his team to understand whether someone is looking at technology products in isolation and also to ensure that no one creates a shadow IT unit.
An example of the company’s focus on driving innovation internally is its efforts around big data. Balbinot says Heinz is look-ing seriously at advanced analytics, “not because it is hot in the market, just because it makes sense from a business perspective”.
He adds: “We are talking to companies established in the field, and niche businesses as well, to understand how we can, say, inte-grate the data we have on sales and link that to our market share information and social feedback from our ads and integrate that in a way that gives us even more market insight, such as why we are over-selling in certain areas, is our advertising better than expected or is it because the price is very competitive.”
Improving IT is a continuous process, says Balbinot, but the important processes and systems at Heinz should be standardised by the end of 2015. By that time, all the com-pany’s main markets will be SAP-ready, with Salesforce available in most countries. The transformation programme should be com-plete by the end of 2018. n
This is an edited excerpt. Read the full interview online.
INTERVIEW
“we are workinG hard To creaTe our ‘shoppinG mall of Global soluTions’”
computerweekly.com 13-19 May 2014 12
HOME
NEWS
RETAILERS STRUGGLE TO EXPLOIT DATA
DATACENTRE LESSONS FROM
HEARTBLEED
BIG DATA ISPAYING OFF
FOR EBAY
HJ HEINZ CIO PLAYS KEY ROLE IN
GROWTH PLAN
EDITOR’S COMMENT
OPINION
BUYER’S GUIDE TO ENTERPRISE
COLLABORATION
CISOs DISCUSS THREATS TO IT SECURITY
HOW DIGITAL TECHNOLOGY WILL AFFECT IT LEADERS
DOWNTIME
EDITOR’S COMMENT
Big data technology has its work cut out to harness web analytics
What can we learn from companies such as eBay and Amazon? These internet businesses are at the cutting edge of technology.
The recent Gartner CRM summit gave delegates an understanding of what CRM means to a web-only retailer. The processing eBay conducts to understand customers better, for example, is eye-watering.
The web gives retailers incredible insights into cus-tomer service. It is not only possible to track a custom-er’s identity but, thanks to smart web analytics, eBay can follow the buyer’s journey. David Stephenson, head of global business analytics at eBay, says it’s a bit like strapping a video camera to a customer’s head.
Recording every interaction a customer makes means the auction site collects millions of hours of web analyt-ics. Making sense of it all is a big data problem. In fact, eBay produces 50TB of machine-generated data daily. It also needs to process 100PB of data every day to under-stand what its customers are doing.
Sampling this data may have worked in the past, but this only gives a statistical snapshot. In the era of customer focus, eBay strives to collect and analyse all the data it collects. With this information, Stephenson believes eBay can offer its customers intuitive, almost intelligent, recommendations.
The technology supporting the web analytics eBay undertakes does not come cheap. Nor is it available off the shelf. There is no such thing as a “big data solution” for the level of data processing eBay shoulders.
The company needs to work with suppliers to build bespoke hardware and software for its requirements, because using a traditional data warehouse would be too slow and prohibitively expensive to scale. But even a custom data processing engine cannot comprise the whole answer. The firm uses three systems: a traditional data warehouse appliance, a NoSQL database and the custom appliance to analyse its customers’ journeys.
So while it makes perfect sense for businesses of all sizes to use web analytics to understand customer interaction, an immense amount of technical invest-ment and expertise is required to do so effectively. n
Cliff SaranManaging editor (technology)
Computer Weekly/ComputerWeekly.com1st Floor, 3-4a Little Portland Street, London
W1W 7JB
GENERAL ENQUIRIES
020 7186 1400
EDITORIAL
Editor in chief: Bryan Glick 020 7186 1424
Managing editor (technology): Cliff Saran 020 7186 1421
Head of premium content: Bill Goodwin 020 7186 1418
Services editor: Karl Flinders 020 7186 1423
Security editor: Warwick Ashford 020 7186 1419
Networking editor: Alex Scroxton020 7186 1413
Special projects editor: Kayleigh Bateman020 7186 1415
Datacentre editor: Archana Venkatraman020 7186 1411
Storage editor: Antony Adshead07779 038528
Business applications editor: Brian McKenna 020 7186 1414
Business editor: Caroline Baldwin 020 7186 1425
Editorial content assistant: Clare McDonald 020 7186 1426
Production editor: Claire Cormack 020 7186 1417
Senior sub-editor: Jason Foster 020 7186 1420
Senior sub-editor: Craig Harris020 7186 1416
DISPLAY ADVERTISING
Sales director: Brent Boswell 07584 311889
Group events manager: Tom Walker 0207 186 1430
computerweekly.com 13-19 May 2014 13
HOME
NEWS
RETAILERS STRUGGLE TO EXPLOIT DATA
DATACENTRE LESSONS FROM
HEARTBLEED
BIG DATA ISPAYING OFF
FOR EBAY
HJ HEINZ CIO PLAYS KEY ROLE IN
GROWTH PLAN
EDITOR’S COMMENT
OPINION
BUYER’S GUIDE TO ENTERPRISE
COLLABORATION
CISOs DISCUSS THREATS TO IT SECURITY
HOW DIGITAL TECHNOLOGY WILL AFFECT IT LEADERS
DOWNTIME
The people who inhabit it don’t play by the normal rules. The companies that do well in it don’t work in the same ways as large con-ventional IT providers and the relationships are less established. So corporate IT needs to get better at understanding this world and, where appropriate, emulate it.
Stop thinking of your intranet as a single, managed, strategic place, and see it more like the internet. Encourage a tactical melting pot of services coming and going and adopt a hacker approach to change. Become entre-preneurial and opportunistic.
Be seen as enablers and leaders of growth and change in your businesses. Get your head around agile, not just as a way of delivering projects but as a way of managing things generally. Instead of burying people under processes and documentation, be more willing to work with “good enough”, to work out loud and document as you go. Be ever vigilant in the face of the inexorable creep of bureaucracy.
Become an influential communicatorBecome skilled communicators and influ-encers. Find a way to convey things in plain language and use the language of users where possible. They feel the pressure of change and need reassurance. You can pro-vide this.
Rather than making people feel small, or having impersonal corporate training schemes, a coaching approach is more appropriate. Learn the ropes and help oth-ers catch up. Share knowledge as a common good rather than a means of control. n
OPINION
As a flood of consumer technology enters the enterprise, CIOs need to find ways of wresting back their diminishing influence, says Euan Semple
Time for CIOs to regain IT control
Corporate computing is hard. It takes work. But too often the need to man-age risk, contain costs and reduce
duplication has led to IT being seen as the guys who say “no”.
CEOs are fed up with being told “no”, and are comparing what they can do at home on their own technology with what they can do at work, which leads them to wonder what they are paying all this money for.
There is naivety though. People still don’t really understand what it takes to keep big, complex systems going or to manage large-scale change. They are quick to point the finger of blame when things go wrong, or complain about not keeping up with the latest cool toys, but don’t always appreciate what it takes to do that in the real world.
In the face of these challenges, those in charge of enterprise technology are losing influence. IT staff are not seen as the world’s enablers. Their skills are becoming less val-ued and their influence in their organisations is diminishing.
Rebranding doesn’t help. Most people don’t know the difference between a CTO and a CIO. There is a pressing need to take the intel-lectual high ground – to be seen as inspiring leaders of an exciting, technology-led world.
Become an enabler of changeTo address this, CIOs can do three things: keep up better with the increasing rate of change; become enablers rather than gatekeepers; and then get better at making people aware that you are doing both.
The first challenge is to break out of the norm and keep up with change. It has been too easy to stay with the familiar enterprise players such as Microsoft and IBM, to remain stuck in large, self-contained worlds, and to ignore what has been going on outside.
I often suspect IT departments have hoped that if they ignore the internet it will go away. With all its unfamiliar protocols and unruly processes it looks incredibly messy.
How digital technology will change
the way organisations
work
How digital technology will change
the role of IT leaders
Euan Semple is a public speaker, writer and consultant.
This is an edited excerpt. Click here to read full version online.
computerweekly.com 13-19 May 2014 14
HOME
NEWS
RETAILERS STRUGGLE TO EXPLOIT DATA
DATACENTRE LESSONS FROM
HEARTBLEED
BIG DATA ISPAYING OFF
FOR EBAY
HJ HEINZ CIO PLAYS KEY ROLE IN
GROWTH PLAN
EDITOR’S COMMENT
OPINION
BUYER’S GUIDE TO ENTERPRISE
COLLABORATION
CISOs DISCUSS THREATS TO IT SECURITY
HOW DIGITAL TECHNOLOGY WILL AFFECT IT LEADERS
DOWNTIME
BUYER’S GUIDE
The collaboration market has diversified and now offers a variety of software. Some is suitable for users working on time-sensitive projects using Gantt charts, while others champion Kanban boards designed for projects with multiple consecutively moving parts. These feature Post-it note-style tickets that can be moved around
between project phases. Others embrace Scrum-based working, where holistic teamwork tactics reign supreme. Nowadays there is no standard type of collaboration tool.
“A few years ago, differentiating yourself in the collaboration software market meant focusing on the people and relationships side of collaboration (the social aspect), but today the emphasis is more on facilitating and supporting the practical side of our day-to-day activities, through tasks and projects,” says Angela Ashenden, principal analyst of collaboration at MWD Advisors. “We are starting to see increasing use of workflow and analytics technology to help smooth the progression from social collaboration activity to the creation and management of tasks, making it more intuitive for the user.”
Tibco TibbrAs a self-styled “information decision” company, Tibco launched its Tibbr workplace collaboration platform in January 2011. Tibbr aims to bring together systems, content and people into a single central interface for work. Collaboration tools rarely amount to much today without mobile support. As such, Tibbr works on iOS, Android and BlackBerry. Tibco says the mobile element takes users “beyond passively browsing updates” in collaborative terms, so they act on information with more immediacy.
Common to most tools in this space, Tibbr claims to have an open-minded approach to particular workflow styles. This means the software works unilaterally whether an IT
Enable collaboration
by putting data at the heart of
security
Enterprise collaboration
tools hindering collaboration?
The changing course of collaboration software
There has been a major shake-up in the collaboration software market, with revenue up 12% year on year in 2013. Adrian Bridgwater reports
BUYER’S GUIDEEnterprise collaboration part 3 of 3
THIN
KSTO
CK
computerweekly.com 13-19 May 2014 15
HOME
NEWS
RETAILERS STRUGGLE TO EXPLOIT DATA
DATACENTRE LESSONS FROM
HEARTBLEED
BIG DATA ISPAYING OFF
FOR EBAY
HJ HEINZ CIO PLAYS KEY ROLE IN
GROWTH PLAN
EDITOR’S COMMENT
OPINION
BUYER’S GUIDE TO ENTERPRISE
COLLABORATION
CISOs DISCUSS THREATS TO IT SECURITY
HOW DIGITAL TECHNOLOGY WILL AFFECT IT LEADERS
DOWNTIME
BUYER’S GUIDE
department (or indeed any business department) subscribes to Scrum, Kanban, Extreme Programming or Rapid Prototyping systems.
Director of product marketing for social computing at Tibco, Leandro Perez, says the Tibbr philosophy hinges on supporting several key business metrics. These metrics include the seemingly intangible elements of employee engagement, employee productivity, staff “ideation” (idea generation) and innovation, employee onboarding and training. Within this tracking, Tibbr traces employee interactions and information flow across offices and locations and tries to facilitate the discoverability of information across scattered teams.
For connectivity, Tibbr is built to open access to conferencing services and file providers such as Box, Huddle, SharePoint, DropBox and Google Drive. The software can be deployed on premise, in private clouds and through a fully hosted service based on the Amazon Web Services (AWS) platform. One of its customers is Schneider Electric, which has used Tibbr across 150,000 employees and operations in more than 100 countries since 2011. The energy management company needed a tool that could communicate across a dispersed workforce, integrate with existing legacy systems and encourage cross-functional collaboration.
Tibbr provides Schneider Electric with a single point of access for all work activities and information. It also integrates with the staff mobile applications. Questions posted on Tibbr receive 150 to 200 responses within 24 hours in the form of “meaningful answers and replies” that are solicited from people who matter in the discussion and would otherwise have been unreachable. Schneider Electric also uses Tibbr to integrate with Box and WebEx to connect enterprise content and web conferencing with daily collaboration and workflow.
JiveJive Software builds its technology proposition around a promise to put people at the centre of its connectivity offering. Not documents, not tasks, not project plans, but people. This way, the Jive platform monitors how closely people are connected – the groups they work in, the documents they read, the ideas they share and the discussions they start.
“We amplify the signal of things that matter and reduce the noise of things that don’t, for each and every person. Our platform introduces you to the experts you haven’t met yet but should. It recommends groups and discussions you aren’t part of, but need to be in,” says Tim Zonca, senior director of product marketing at Jive Software.
Rather than champion a specific workflow methodology, Jive claims to supports any workstyle from Scrum to the lean working approach and others. Jive’s Zonca explains that if a firm does all its business in cafes rather than office cubicles, the software is cognisant of that behavioural style and capable of shaping to fit. The Jive platform provides a range of metrics, from basic community health to specific goal-based metrics, that might feature in an employee on-boarding progress for example. Plus, the software offers the ability to export metrics to third-party analytics tools such as Tableau, QlikView, Birst and Splunk. The Jive platform is entirely cloud based, with new augmentations added on a quarterly basis.
HuddleThe Huddle cloud collaboration platform is used to store, access, share, sync and work on files by users who can be located inside and outside of a corporate firewall. Indeed, Huddle champions secure external cross-firewall collaboration as key. The firm says social elements and content must come together to create context and focus.
Huddle is described as a “true cloud” service because it is pure software as a service, and the secure public version of Huddle is a multi-tenant-hosted public cloud. With its
jive provides a ranGe of meTrics, from basic communiTy healTh To Goal-based meTrics
computerweekly.com 13-19 May 2014 16
HOME
NEWS
RETAILERS STRUGGLE TO EXPLOIT DATA
DATACENTRE LESSONS FROM
HEARTBLEED
BIG DATA ISPAYING OFF
FOR EBAY
HJ HEINZ CIO PLAYS KEY ROLE IN
GROWTH PLAN
EDITOR’S COMMENT
OPINION
BUYER’S GUIDE TO ENTERPRISE
COLLABORATION
CISOs DISCUSS THREATS TO IT SECURITY
HOW DIGITAL TECHNOLOGY WILL AFFECT IT LEADERS
DOWNTIME
BUYER’S GUIDE
government enterprise-level security, this version of Huddle accounts for most deployments. This form of Huddle is used by 80% of central UK government departments for internal and external collaboration with data up to impact level 2.
A few years ago firms were riding the social enterprise wave, says Huddle CEO, Alastair Mitchell. Standalone social tools promised to connect workers, enabling them to collaborate, unlock silos of knowledge and, by doing so, boost productivity and efficiency.
“The reality was, workers were being bombarded by a firehose of idle chat and irrelevant information because there was simply no context or structure,” he says. “Collaboration in today’s workplace has to be focused on content as it is at the heart of everything we do. By bringing together social interactions and business content, real work gets done faster.
“The focus for collaboration tools today should be making content shareable, discoverable, and social on any devices, with anyone – securely. Only then can you break down silos within and between departments and companies and make the promise of improved productivity and efficiency a reality.”
Science Museum Group (SMG) is one organisation using Huddle. It used the social platform when it merged with the Museum of Science and Industry in Manchester. During the programme, numerous documents had to be shared between the museums, then reviewed, edited and approved. These included project files, designs and video content.
Previously, SMG would have used email, but large attachments and minimal version control proved a challenge. SMG’s human resources team also used Huddle to support a recruitment campaign, sharing confidential documents such as CVs, offer letters and job specifications with third-party recruitment consultancies and candidates.
Zimbra Zimbra Community version 8.0 is an online community and social-networking product that includes a set of social applications designed to enhance customer support and increase employee productivity. With a belief that modern workers’ lives revolve around multiple modes of communication (email, social, mobile, etc), Zimbra allows community participation to happen in ways that honour these different channels (including email as a core experience), but also allowing for social interaction directly inside the community.
“Zimbra provides a track to community engagement through pre-built templates designed to decrease costs and deployment time,” says Rob Howard, chief technology officer at Zimbra. “It extends the community experience to mobile users, giving employees and consumers access to their social communities.”
A key feature of Zimbra Community is its suite of social tools. It includes blogs, microblogs, forums, tags, media galleries, photo and video embedding, event calendaring, WYSIWYG
content editing, web pages and more. Zimbra Community 8.0 is a multi-tenant product, but can also be configured to run on premise as a single-tenant product.
The focus of collaboration softwareCollaboration tools still share a commonality of purpose in
terms of their focus on people, context, preferred working methods, mobile access and a path to the fabled land of discoverability. The ultimate digitisation and computerisation of the simple “to do” list has not quite changed our lives yet, but it may do soon. n
“Zimbra supplies
a Track To communiTy enGaGemenT ThrouGh pre-builT TemplaTes”rob howard, Zimbra
› Why companies are turning to collaboration› Collaboration key to enterprise security
› Top four social collaboration software fails
computerweekly.com 13-19 May 2014 17
HOME
NEWS
RETAILERS STRUGGLE TO EXPLOIT DATA
DATACENTRE LESSONS FROM
HEARTBLEED
BIG DATA ISPAYING OFF
FOR EBAY
HJ HEINZ CIO PLAYS KEY ROLE IN
GROWTH PLAN
EDITOR’S COMMENT
OPINION
BUYER’S GUIDE TO ENTERPRISE
COLLABORATION
CISOs DISCUSS THREATS TO IT SECURITY
HOW DIGITAL TECHNOLOGY WILL AFFECT IT LEADERS
DOWNTIME
IT SECURITY
For the latest CW500 security event, we brought together IT professionals and IT security experts to discuss the challenges facing organisations today. Speakers from information security body (ISC)², the UK’s new national computer emergency response team (CERT-UK) and Heathrow Airport Holdings presented their
observations and challenges to an audience of IT leaders. Talking points included the security risks brought by industry hot topics such as mobility, consumerisation and the internet of things. The chief information security officer’s (CISO) ability to be a business enabler rather than a controller was also a key talking point.
IT security viewed as an obstacle“I don’t want to just talk about threats,” said Adrian Davis, managing director of Europe at (ISC)². “Everyone talks about how the sky is falling in, ‘we won’t be able to have e-commerce, we will be hacked and it will all go wrong’. But we may overcome a lot of these problems and the internet might provide another jump in capability.”
He said many organisations believe everything fits together and works like clockwork, when in fact IT security teams are under pressure from multiple sources in silos to do things differently. As a result, IT security departments in organisations are often just the controllers
THIN
KSTO
CK
UK reaches key milestone
in cyber security
Google refunds bogus
security app buyers
Experts discuss latest security challenges facing IT leadersMobility, consumerisation and the internet of things are creating new security risks, according to chief information security officers. Karl Flinders reports
computerweekly.com 13-19 May 2014 18
HOME
NEWS
RETAILERS STRUGGLE TO EXPLOIT DATA
DATACENTRE LESSONS FROM
HEARTBLEED
BIG DATA ISPAYING OFF
FOR EBAY
HJ HEINZ CIO PLAYS KEY ROLE IN
GROWTH PLAN
EDITOR’S COMMENT
OPINION
BUYER’S GUIDE TO ENTERPRISE
COLLABORATION
CISOs DISCUSS THREATS TO IT SECURITY
HOW DIGITAL TECHNOLOGY WILL AFFECT IT LEADERS
DOWNTIME
IT SECURITY
of what other parts of the business want to do. This means they are viewed as an obstacle rather than an enabler of business.
Davis thinks IT security departments should be closer to the risk teams in organisations. “We have a gap in organisations because people in IT and risk don’t talk,” he said. This is one reason why IT security is not viewed as an enabler when it should be. “At one side you have people looking at risk to the business and at the other side looking at risk to systems,” said Davis. “But most businesses can’t work without IT so IT risk is enterprise risk.”
Mobile threatsThe consumerisation of IT is pressuring CISOs and their teams to change the way people work. But CISOs should prove their worth by allowing secure bring your own device (BYOD policies.
Davis said BYOD is good example of the pressure from consumers to bring their digital world into work, using apps over which IT has no control. He said these consumers live in a world of permanent beta because the apps they are using are not finished. “IT hates that because it wants standards but today’s workforce, including the CEO, expect the consumer level of speed with the apps they are using,” said Davis. They want to be able to click on an app and start using it, so CISOs have to work with this.
“Consumers want an app and think it’s safe because it’s on something like the Apple Appstore. As a result they question what security they need,” said Davis. “Security can add value by being more focused on business. Adopt the same mechanisms as other departments and create governance frameworks. When you have a governance framework you can start expressing what you are doing in business terms.”
Unless CISOs can prove to the business that they add value and not just protect it, they will struggle to get the budget they want, he said. Although the business enablement role of CISOs is vital, Davis warned CISOs to be prepared for an explosion in threats. He said with 500 million more mobile users expected to be created over the next five years, user threats will increase with the monitisation of cyber-generated crime following suit.
Internet of thingsNeil Cassidy, deputy director of operations at CERT-UK, has an inside view of the volume and nature of today’s cyber threats. He is currently involved in setting up the national UK computer emergency response team and said the volume of cyber threats facing businesses today is frightening. He said 100 billion devices could be connected to internet by 2020, which is a huge worry from a network defence point of view.
“The internet of things scares the living daylights out of me because there are more things connected to the internet than people in the world,” said Cassidy. He praised David Cameron’s advocating UK investment in the internet of things, but said it could have serious security repercussions.
Used as a “force for good”, Cassidy said, the internet of things is going to give us great productivity and will change how we live, but criminals are likely to take advantage of it. “We have already seen spam messages sent from fridges,” he said. “It takes only one spam to be opened and they are in.”
The volume of computerised devices changes how systems need to be secured, said Cassidy. “They say everything will be encrypted but encryption is just a mathematical algorithm and, with enough computing power, you will crack it.” He said there could be 100 billion devices trying to crack it.
Cassidy said it is critical for CISOs to understand where key information assets are and how
“There are more ThinGs connecTed To The inTerneT Than people in The world”neil cassidy,
cerT-uk
computerweekly.com 13-19 May 2014 19
HOME
NEWS
RETAILERS STRUGGLE TO EXPLOIT DATA
DATACENTRE LESSONS FROM
HEARTBLEED
BIG DATA ISPAYING OFF
FOR EBAY
HJ HEINZ CIO PLAYS KEY ROLE IN
GROWTH PLAN
EDITOR’S COMMENT
OPINION
BUYER’S GUIDE TO ENTERPRISE
COLLABORATION
CISOs DISCUSS THREATS TO IT SECURITY
HOW DIGITAL TECHNOLOGY WILL AFFECT IT LEADERS
DOWNTIME
IT SECURITY
to protect them. Organisations, even competitors, should share information about attacks to help secure sectors. “It is not a competitive advantage for a competitor to get hacked.” He said, for example, people remember a bank being hacked, not necessarily which bank.
He advised organisations to treat security as a business continuity issue and make sure they can recover quickly.
Working togetherMark Jones, CISO at Heathrow Airport Holdings, said the IT security operation can become a business enabler by tying service protection strategy closely to the end customer’s experience. IT security and business continuity are often kept separate, he said, despite them being intrinsically linked. For example, if a system controlling baggage at an airport goes down as a result of a hack, business would stop. “If something like a baggage system goes down for 30 minutes, it’s national news,” said Jones.
But he said many CISOs do not have responsibility for business continuity, and organisations often overlook the potential for security and business continuity departments to work together. “I have worked with some organisations where there were overlaps between security and business continuity operations – in some cases they were investing in the same things but reporting to different departments,” Jones said.
To address this, he said, organisations have drawn up plans to talk about customer outcomes rather than different departmental goals. “Think about resilience and security in terms of the assets related to a customer outcome,” said Jones.
But aligning security with the business, although important, is not enough for a CISO today. Threats are multiplying at a rate that is frightening to those that have a first-hand view. Jones said there are three important tools vital in helping you to manage the
threats of the future.IT must get a grip on identity and ensure there is no difference between what the business
thinks a worker needs to do their job and what the reality in the IT infrastructure is, he said. “As you start introducing network-based services to the cloud, for example, it is important that you have a concentrated and clear view over identity.”
He also said CISOs must devise methods of educating people within the business about security. But he warned that education must be made simple. “Human beings don’t like impenetrable content – they like content to be intuitive in nature and prefer to get a quick reward for their attention investment”. He suggested they invest in “reinventing the articulation of the behavioural side of security.” He recommended communicating graphically
with iconography as part of security awareness training.Jones said despite money being wasted and projects in
some cases going badly, security information and event management (SIEM) is pivotal protection technology as cyber takes hold. “SIEM provides a core capability in terms of lifting cyber situational awareness across an IT estate and is
an essential tool in the CISO armory in terms of detecting anomalous behaviour.”He closed by looking forward. He said it is not just about securing the cyber world but
about securing information and services in general. He said human behaviour is a major part of the problem and CISOs need to work hard to prevent careless disclosure. He added that protest movements are increasing the burden on CISOs because they are changing their activity, with traditional protest and cyber activity coming together. n
“humans like conTenT To be inTuiTive and prefer Quick
rewards”mark jones,
heaThrow airporT
holdinGs
› Protect access layers from BYOD node creep› Bank mobile apps are being overwhelmed
› Google refunds bogus security app buyers
computerweekly.com 13-19 May 2014 20
HOME
NEWS
RETAILERS STRUGGLE TO EXPLOIT DATA
DATACENTRE LESSONS FROM
HEARTBLEED
BIG DATA ISPAYING OFF
FOR EBAY
HJ HEINZ CIO PLAYS KEY ROLE IN
GROWTH PLAN
EDITOR’S COMMENT
OPINION
BUYER’S GUIDE TO ENTERPRISE
COLLABORATION
CISOs DISCUSS THREATS TO IT SECURITY
HOW DIGITAL TECHNOLOGY WILL AFFECT IT LEADERS
DOWNTIME
DIGITAL TECHNOLOGY
CIOs face both an opportunity and a threat as organisations embrace digital technology and the rise of cloud computing, social media, mobile technology and data analytics disrupts existing business models and patterns of employment. The question inevitably arises about what role, if any, the CIO will play in innovation. Will
they be leading the digital revolution, or will they be relegated to running the infrastructure?The question is becoming urgent as a growing number of companies appoint chief digital
officers (CDOs) from outside the IT department to lead their digital strategies, rather than CIOs. But for CIOs who want to make their mark, the rise of digital technology offers the opportunity to drive the digital strategy of their organisations.
Computer Weekly joined 15 IT leaders from across business and the public sector attending a Digital Academy as they tried to thrash out the implications of digital technology for their organisations. This is the point that corporate IT as we know it will succeed or fail, digital strategist Ade McCormack told the group.
CIOs need credibilityThe problem is that CIOs are too often seen as technologists in their organisations, rather than business leaders, said McCormack. And far too few have a seat in the boardroom. When the CEO asks the CIO for a meeting, it’s more likely to be to discuss a problem with their laptop than to discuss strategy.
THIN
KSTO
CK
Four ways career
healthcare CIOs are
diversifying leadership portfolios
How digital technology will change
the way organisations
operate
How digital technology will change the role of IT leadersCIOs need to adapt and evolve if they are to take advantage of the growth of digital technology to further their careers, writes Bill Goodwin
computerweekly.com 13-19 May 2014 21
HOME
NEWS
RETAILERS STRUGGLE TO EXPLOIT DATA
DATACENTRE LESSONS FROM
HEARTBLEED
BIG DATA ISPAYING OFF
FOR EBAY
HJ HEINZ CIO PLAYS KEY ROLE IN
GROWTH PLAN
EDITOR’S COMMENT
OPINION
BUYER’S GUIDE TO ENTERPRISE
COLLABORATION
CISOs DISCUSS THREATS TO IT SECURITY
HOW DIGITAL TECHNOLOGY WILL AFFECT IT LEADERS
DOWNTIME
DIGITAL TECHNOLOGY
“The word CIO is an HR mistake in many cases – it’s better to call an IT manager an IT manager,” he said. Yet CIOs do have an opportunity to reclaim the initiative on digital technology in the organisation, if they can show their business credibility.
And that is about far more than talking the language of business rather than technology. It means learning to be smarter about senior-level politics.
“CIOs are very clever, very left brain and often very egotistical. They think, ‘I know IT, I am intelligent, I must be right’,” he said. “But sometimes it’s better to be smart than to be right.”
Board meetings are not as daunting as most CIOs think, said Brinley Platts, founder and chairman of coaching and training organisation, CIO Development, which trains and mentors senior IT professionals. “Don’t think that everyone in the C-suite is a genius, because they are not,” he said.
CIOs can and should be on the board, said Platts. “If you are a CIO and you are not on the board and you are not in the conversation, the business is sub-optimal and they don’t realise it.”
Rebranding the CIOA good place to start building C-level credibility is to consider what your brand in the organisation actually is. You may think you get on well with your colleagues, but they may see you as a prickly person they have just somehow learned to manage.
Re-engineering your brand starts with re-engineering your CV. Don’t lie, said McCormack, but edit your history to reflect the person you most want to be seen as.
“You then start to behave consistently with your brand. You start to delegate more of the operational stuff to other people, until you get to the point where the CEO says, ‘My laptop is slow’, and you say, ‘Yes, I have the same problem, I’ll ask the CTO to fix it’,” said McCormack.
Building trust with colleagues is an important part of the journey. That means when you say you are going to do something then you actually do it. “Look for opportunities for quick reliability wins. Deliver the white paper within hours of promising it,” advised McCormack.
NEW BUSINESS MODELS FOR THE CIO
The CIO startupTreat the IT department as a startup and run it as a business, with its own brand and marketing. Free up cash to spend on innovation through ruthless cost-cutting elsewhere. Sell these innovations back to the business.
The CIO CFOBehave like the chief financial officer for technical infrastructure. Sweat your IT assets and use them to open new opportunities for the business. Talk with the CEO about business rather than technology.
The CIO venture capitalistAct like a venture capitalist. That means taking more risk by managing a wider portfolio of innovative projects, knowing that some will fail.
“cios are very clever, very lefT brain and ofTen very eGoTisTical. They Think, ‘i know iT, i am inTelliGenT, i musT be riGhT’”ade mccormack,
diGiTal sTraTeGisT
computerweekly.com 13-19 May 2014 22
HOME
NEWS
RETAILERS STRUGGLE TO EXPLOIT DATA
DATACENTRE LESSONS FROM
HEARTBLEED
BIG DATA ISPAYING OFF
FOR EBAY
HJ HEINZ CIO PLAYS KEY ROLE IN
GROWTH PLAN
EDITOR’S COMMENT
OPINION
BUYER’S GUIDE TO ENTERPRISE
COLLABORATION
CISOs DISCUSS THREATS TO IT SECURITY
HOW DIGITAL TECHNOLOGY WILL AFFECT IT LEADERS
DOWNTIME
DIGITAL TECHNOLOGY
Bedside mannerThe best CIOs respect people. They pay less attention to Gantt charts – a technique used for managing projects – and more attention to the individual. Medics have known for years that, as far as the public is concerned, an average doctor with a good bedside manner is seen as great doctor. The same principle holds true for CIOs. IT specialists who take a “don’t argue with me or I will logic you to death” approach will not get you very far in business.
Developing a customer service ethic in the IT department is becoming essential as businesses adopt digital technology.
Today, IT is all about entitling the users to make decisions about the technology they want, and coaching them to help them get there. “This means developing a service ethic where you care about the customer,” said McCormack.
So investing in the IT service desk, and having really good, helpful people on the end of the phone, is a smart move. “After all, a five-star hotel with a one-star check-in desk is a one-star hotel,” he said.
Emerging models for the digital CIONew models are emerging for IT leadership that will help IT leaders embrace the sweeping changes of digital technology. They include thinking of the CIO as the leader of a startup, as a venture capitalist, and as the chief financial officer of infrastructure (see panel on p21).
The IT department is the biggest user of energy in an organisation, so why not become a chief energy officer as well as the CIO, said McCormack. Or take the IT department’s portfolio of property and become a chief property officer.
As digital technology takes off, CIOs should expect other parts of the business to own IT projects, rather than simply to sponsor them. “If you put in a new finance system, ultimately it’s the CFO’s finance system. If it goes wrong, he should be up in front of the board before you,” he said.
Still a role for technologistsYet the imminent death of the CIO may have been exaggerated. At least for the time being, there will still be a role for people who are traditional technologists.
After all, not every CIO or IT director will want to become a chief digital officer. Recent IT failures at banks, which left customers unable to withdraw cash, have shown just how important it is to maintain the infrastructure.
“The customer service market is very touchy-feely and it’s not a direction that we all want to go,” said CIO Development’s Platts. Even if your business does not buy into digital,
you can still be an innovator by saving costs, suggested Platts
CIOs that want to lead the digital strategy in their organisations will need to take a step back from the day-to-day running of IT. Becoming a chief digital officer will mean having good people
in place to keep the IT systems running. “You can’t do everything – you have to delegate. If you are going to become a CDO, you are
not going to spend your time looking after the infrastructure, the technology and the boring stuff. You need to have strong people you can rely on in that area,” said Platts. There may only be a short window of opportunity for CIOs. The chances are, in a few years there will be no need for a chief digital officer. “In five years’ time, what is corporate IT going to be about, if it’s not about digital?” said Platts. n
cios should expecT oTher parTs of The business To own iT projecTs, raTher Than simply To sponsor Them
› CIOs and the future – missing rung in the career ladder?› CIOs must combine traditional and agile IT projects› Technology investment returns to the CEO agenda
computerweekly.com 13-19 May 2014 23
HOME
NEWS
RETAILERS STRUGGLE TO EXPLOIT DATA
DATACENTRE LESSONS FROM
HEARTBLEED
BIG DATA ISPAYING OFF
FOR EBAY
HJ HEINZ CIO PLAYS KEY ROLE IN
GROWTH PLAN
EDITOR’S COMMENT
OPINION
BUYER’S GUIDE TO ENTERPRISE
COLLABORATION
CISOs DISCUSS THREATS TO IT SECURITY
HOW DIGITAL TECHNOLOGY WILL AFFECT IT LEADERS
DOWNTIME
DOWNTIME
n Stable. A government with a very stable political system, without corruption;n Full diplomatic relations with most EU members and rest of countries;n New market. Many areas of business and exclusive distribution of products (sole-distribution);n Transparant legal work. Legal procedures, intellectual rights, patents and warranties for investors settled.
Underwhelmed, that is, until the realisa-tion that the government is North Korea renders the phrase “workers will not abandon their positions” rather more chilling than it might appear. Downtime wishes the pariah state all the very best in attracting investment, but somehow doubts Satya Nadella will be beating down Kim Jong-un’s door any time soon. n
High-tech manufacturing workers will not abandon their positions – phew!Technology industry watchers are long familiar with the market conditions that launched the relentless rise of tech-sector companies in Asia. So perhaps the follow-ing boasts from an advert – referring to a government in the Far East trying to attract technology manufacturers – might leave Downtime readers underwhelmed:n Lowest labour cost in Asia;n Highly qualified, loyal and motivated personnel. Education, housing and health service is provided free to all citizens. Workers will not abandon their positions for higher salaries once they are trained;n Lowest taxes scheme in Asia. Especially for high-tech factories. Typical tax exemption for the first two years;
CONSOLE GAMES SPARK MORAL PANIC AT CRUFTS
Adult mutts are calling for stricter controls on puppies’ gaming consoles. But games makers claim campaigners are barking up the wrong tree, making doggy console games the, er, scapegoat for their dysfunctional youngsters.
Games manufacturers are marketing modules to keep dogs happy while their owners are away. For example, the CleverPet console (£165, pictured) has three touch-sensitive pads which light up interactively in contact with a dog’s nose or paw.
But gaming companies realised that, just like young humans, pups want more from their consoles and they now connect with friends through multi-player games and terrorise virtual neighbourhoods together. One Staffordshire Bull Terrier said her pup had a glossy coat and cold, wet nose before he started gaming. But now she sees little of Fluffy, who has taken to growling at his parents from the recesses of his kennel and prowling the streets of Croydon with a pet hoodie on the end of a studded leash.
Read more on the
Downtime blog