Paul Wallbank – Brilliant Communications

Tag: risk

  • Diffusing business risk on the cloud

    Diffusing business risk on the cloud

    Today I was at a media lunch hosted by IP telephony company Nexon to promote their new cloud based unified communications service.

    One aspect of the Nexon Absolute service is the company offers a Service Level Agreement (SLA) for customers, while I’m always suspicious of SLAs they are essential in making business clients comfortable with buying cloud services.

    For Nexon, those SLAs are huge risk as they are reselling other company’s products. If Microsoft and Telstra fail to deliver, then it’s Nexon who carries the can with their customers.

    While Nexon undoubtedly has their own SLAs with their suppliers, a major outage will see the company carrying the bulk of the refunds or rebates to their customers.

    Essentially Microsoft and Telstra have outsourced much of their business, continuity and even reputational risk to Nexon and their other resellers.

    For a reseller, even a substantial one like Nexon, that’s a risk they can’t control — what’s more, the finger pointing between suppliers in the event of a major outage could take years to resolve.

    All of this suits major suppliers fine as it shifts risk and work from their businesses.

    The IT and telco reseller game is not an easy one as margins fall and risks increase, one has to applaud the courage of the investors and entrepreneurs who want to play it.

    Similar posts:

  • Whose priorities do IT departments really care about?

    Whose priorities do IT departments really care about?

    Earlier this week mobile security company Imation showed off their latest range of Ironkey encrypted USB sticks and portable hard drives.

    Accompanying the launch was a presentation from Stollznow Research on how Australian companies are managing data with a comparison against similar surveys carried out in the UK, US, Canada and Germany.

    Of the 207 senior decision makers in Australian medium to large businesses surveyed, there were some interesting results on the attitudes of the nation’s IT departments and CIOs.

    In the field of confidence about the security of their networks, Australian IT managers came out a lot more paranoid than their foreign counterparts with only 38% of Aussies confident their office data is protected from loss or theft against 73% overseas.

    That result is encouraging as the internet and the world of IT security has a habit of severely punishing those with a false sense of security.

    What was particularly notable though with the Imation research was what IT managers considered to be the consequences of a security breach.

    consequences-of-data-breach

    Around the world, IT managers see the headache of cleaning up the mess and bad media coverage as being the biggest consequences of a data breach. Customers come fourth in priority and even then the only concern is losing clients rather than the effects it could have on those people’s lives.

    One of the tragedies of the continued Sony data breaches in 2011 was the leaking of credit card details. Many of those customers on pre-paid cards were young or low-paid workers who quite possibly lost all the money in their compromised accounts – debit cards don’t have the same protections against fraud as credit cards.

    Even more terrible are the effects on those who become victims of identity fraud as consequence of a data breach. Letting that sort of information out is a fundamental betrayal of trust by organisations with sloppy security.

    Interestingly over a third of respondents feared losing their jobs as a result of data being breached, in a perfect world it would be higher although we don’t live in a period where those accountable take responsibility for their actions.

    What’s more likely in many smaller businesses is that a data breach could be the entire organisation to fold, something that should worry anyone running a startup or small business.

    It may be true that many CIOs and IT managers aren’t too worried about the business effects of a data breach or system outage which shows that security – both physical and digital – are the job of everyone in an organisation, not just one department or executive.

    Similar posts:

  • Risk and the Ten Commandments of Cloud Computing

    Risk and the Ten Commandments of Cloud Computing

    Early this week I attended the media launch of Data Sovereignty and the Cloud – a white paper from the University of New South Wales’ Cyberspace Law and Policy centre.

    The event was refreshingly free of a lot of the hype or hysteria that cloud computing events usually lead to. I’ve covered some of the panel session’s discussion for Business Spectator.

    One thing that stood out in the presentation was the Ten Commandments of Cloud Computing which are a good guide to what businesses owners, directors and executives need to consider when looking at online services.

    ten-commandments-of-cloud-security copy

    Another refreshing aspect of the UNSW launch was the mature attitude towards risk – the overwhelming view of the panel, which included insurers, lawyers and academics, was that all technologies have an element of business risk and it’s a matter of identifying and managing those hazards.

    Hopefully, we’ve moved on from the 1980s management view that risk is something to be eliminated at all costs. The result of that philosophy was just to shift risks into other, unforeseen areas.

    The UNSW report on cloud risks is a weighty read, but it’s worthwhile if you want to get a realistic handle on exactly what the hazards are in moving to the cloud.

    After all, if you don’t know what the risks are then you can’t identify, understand or manage them.

    Similar posts:

  • Little shots at the moon

    Little shots at the moon

    Today I wrote a story for Business Spectator on the Google Loon project, a pilot program to see if high altitude balloons can provide affordable internet access for the developing world.

    What really fascinates me about Loon and the projects in the Google X program is the concept of the ‘moonshot’. Google explain it on their solve for [x] website.

    Moonshots live in the gray area between audacious projects and pure science fiction; instead of mere 10% gains, they aim for 10x improvements. The combination of a huge problem, a radical solution, and the breakthrough technology that might just make that solution possible is the essence of a Moonshot.

    Great Moonshot discussions require an innovative mindset–including a healthy disregard for the impossible–while still maintaining a level of practicality.

    Missing in that definition is the concept of risk – it’s easy to propose a radical, audacious solution to a problem when it’s not your money or career on the line.

    On the other hand, most organisations that have the resources to experiment with breakthrough technologies stifle any thought of true innovation or radical solutions.

    The advantage Google has is that parts of the organisation encourage those moonshots, although there are divisions of Google which are just as bureaucratic and staid as a chartered accountant’s or quantity surveyor’s office.

    Interestingly Apple were the reverse with only one guy allowed to do moonshots and everyone below him followed him either to the moon or hell, as this wonderful story tells.

    Which brings me to the little folk – the startups, small businesses and backyard inventors who don’t have the resources of Google, Apple or the US space program.

    For that matter there’s also the writers, painters, musicians and other artists who are risking everything for their vision.

    Everyday these people are risking everything for their little ideas as their homes, livelihoods and sometimes their relationships are on the line for their one big idea or audacious vision.

    These are the real risk takers and every day they are taking little shots at the moon.

    Similar posts:

  • Exploiting the weak points

    Exploiting the weak points

    The Great ATM Heist, where a crime gang subverted the credit card system, could well be the digital equivalent of the Great Train Robbery of the 1960s.

    While the logistics of the operation are impressive with hundreds of accomplices across twenty countries, the real moral from the story comes from how the gang targeted outsourced credit card processing companies to adjust cash limits.

    Again we see the risks of throwing your problems over the fence, a system is only as reliable or secure as the weakest link and, regardless of how tight commercial contracts are, outsourced services can’t be treated as someone else’s concern.

    No doubt banks around the world will be having a close look at their systems and how they can trust other organisations’ outsourced operations.

    Similar posts: