The IMF Blog

Archive for April, 2012

Solving Password Frustration & Insecurity

April 27th, 2012

●●●●●●●●●●

It’s hard to imagine that those tiny dots can lead to such personal frustration and corporate collapse. Passwords in many cases are the only thing standing guard over your sensitive information. From an organization’s perspective, they may have hundreds or even thousands of individual passwords that protect company data and all of them are ripe for the picking. In today’s world you need passwords for everything, from your social networking sites to your online banking account. People are busy running in a million different directions so nobody has the desire to memorize 10-20 passwords. I’m guilty of it as well, using the same password for multiple accounts. This concept of password reuse is the biggest problem with passwords in general according to John Sawyer, who wrote a piece for DarkReading.com called “How to Hack the Password Problem.”

In theory, people are going to do what is easy and convenient for them and memorizing a bunch of passwords falls into neither of those categories. Organizations will typically conduct some kind of security awareness training to emphasize the power of their employees’ passwords and why it is critical they take it seriously. That only goes so far though and what you might end up with are employees putting all of their passwords into an easily accessible spreadsheet or, worse yet, writing them down on a sticky note. Instead, Sawyer recommends simple desktop based management tools like Password Safe or LastPass and enterprise single sign-on solutions such as those offered by Oracle and CA. He ends with this comment, which I think hit the nail on the head in terms of password issues with users:

“…if a company wants to address an issue like passwords, then it has to make it easy for the

user and not rely solely on the user to be the more secure link in the chain.”

Then again, some feel that passwords are becoming obsolete altogether due to their unfriendly nature. How do you feel about passwords in general and what steps does your organization take to address password security?

No comments »

Posted in IT Security, IT Workforce, Strategy

Tags: Dark Reading enterprise security architecture IT Security John Sawyer Password Security Passwords

Focus Your Social Media Efforts For Better Results

April 26th, 2012

A couple of weeks ago we talked about “Tops-Down Corporate Social Media” and how an organization’s senior executives should be leading the social media charge for their business. Today, we’re going to take a slightly different approach on corporate social media, one built around choosing a strategy. In this age of social media and social networking it seems like new platforms pop up almost on a daily basis. We all know the big names out there, like Facebook, Twitter, LinkedIn, etc. Companies are looking to have more of a social media presence in their marketplace but they must first decide which platform is the best vehicle to drive their business towards targeted consumers. There is no limit to how diverse a company’s social media strategy can be but is diversity really the goal? No it’s not. The real goal is reaching your customers and putting a message in front of as many of them as possible. Organizations need to be wary of stretching themselves too thin across too many platforms. Instead focus your efforts where you’ll get the best results. Debra Donston-Miller has a nice article on InformationWeek.com about choosing the social network that makes the most sense for your business. She brings up several good points, including this quote from Jason Breed, Global Social Media practice lead for Accenture and co-founder of www.Hashtagsocialmedia.com:

“It does not matter if you put up a Facebook page while

your customers are complaining on Twitter.”

In other words, know what platforms your customers are using and, taking it a step further, how they are using them. Once you have solved this equation, then you can dedicate your organization’s resources in the right way instead of taking a “throw it against the wall and see what sticks” approach. Again, a lot of companies have the desire to establish a social media presence but they have no real purpose behind their efforts other than simply wanting to be involved in the phenomenon. Queue Jason Breed again:

“You need to do social on purpose–otherwise, you are

simply moving for the sake of motion.”

I suggest you read Debra’s article on the matter as she talks to a couple of business owners about how they developed their company’s social media strategy. It might make you rethink your strategy or lack thereof altogether. For more discussion on this issue, attend our Innovation Forum, June 7^th and 8^th in Atlanta, to hear PwC’s Carlos Bermudez speak on “Corporate Use of Social Networking to Promote Collaboration.”

No comments »

Posted in Social Media, Strategy

Tags: corporate social media strategy Debra Donston-Miller IMF Forums Information Week Jason Breed Social Media

Develop a Capability Roadmap for Your Company

April 20th, 2012

“Developing Capability Roadmaps” is based on a Web Forum presented by Strategy and Planning Executive Mark Guidi. The roadmapping process identifies critical customer needs and the capabilities, technologies, and skills that will meet those needs. It also helps a planning team set a strategic approach in a future oriented competitive context. This identifies gaps in meeting customers’ needs and helps define plans to fill the gaps. In this report, you will read about how roadmaps connect and balance the drivers of customer needs (“customer pull”) and technology innovation (“technology push”). It looks at different approaches, traps to avoid, lessons learned, and roadmap integration. Also included in the report is a case study taking you through the roadmap process.

Here are a couple of paragraphs from the section talking about lessons learned during the roadmapping process:

“A roadmap is not a roadmap in the sense that it is singular. The key to having a good roadmap is having one source of data. No matter how you look at it, you need to have a single source of truth for the data on which the map is being constructed. It should cover policy, process, and systems as well as have multiple views for multiple audiences (Fig. 5). For example, at Cisco they had an architecture view that showed the key dependencies. Boxes were literally checked off as they progress along the roadmap. You could actually see the progress that was being made as they moved across time on the roadmap. If the CIO wanted to know where things stood on the architectural roadmap, Mark’s team could show him this perspective and get his view on it.

On a related note, have different ways of looking at the metrics. Cisco tracked them by each of the major initiatives. Then, in total, they looked at revenue and productivity. Those were the two value drivers in terms of where they were realizing the benefits. It was either top-line revenue or productivity enhancements. So they looked at each initiative and attempted to track where they were in terms of revenue and what was expected. Then, on the backend, a process was implemented to track that over the two years to ensure they actually hit the targets…”

IMF members can download the full report on Developing Capability Roadmaps here.

No comments »

Posted in IMF Updates, Strategy

Tags: Capability Roadmap Cisco IMF Reports IMF Web Forums Mark Guidi Roadmap Process