Tuesday, March 27, 2012

Infrics.com: a promise and a request

When it comes to the state of online technology news and analysis, it seems to me that the signal-to-noise ratio has been going downhill lately.  There is much that feels like search engine fodder, and more than a little bit of self-aggrandizement.

Today I'm writing to make readers of Infrics.com a promise, to restate a fundamental reason I'm here, and to ask for your help.

  • I don't post as often as some sites, but when I do, I promise to make it worth your time. I won't write fluff.   I won't put up a post unless I believe it's worthwhile information.
  • Infrics.com deals primarily with the three important trends I've identified as shapers of our tech and business future:

    --Hardware, software, and content are becoming stateless -- devices are primarily delivery mechanisms for applications, data, and media delivered from the cloud.

    --Individuals have ever-greater power through technology to know things, participate in communities, and make our own choices.  My term for this idea: "the era of you," and it has profound implications for business and society.

    --The deconstruction of business jobs, tools, and processes into services promises to at last make business more agile and help the IT department succeed by disappearing seamlessly into the business itself.

    These are the "Big Ideas," click the tab on the masthead to read the articles.
  • I am also asking for your help.  Because Infrics.com doesn't shout from the rooftops, or bombard the internet with SEO-friendly useless content, the support of community members who read my posts is vital.  If you like what you see here, will you help me increase my audience by recommending Infrics.com to colleagues?  Our community at this site is now a little over 1400 page views a month; no challenge to TechCrunch, and none intended, but any viral mention from you to build that number would be a huge help in audience-building.
  • This site is free in large part because I'm working to build a reputation as a valued business technology strategist, and I'm trying to turn that into a good job in the greater San Francisco area--Silicon Valley or the bay area--or one that will let me work remotely from there.  If you are with a company that has found value from Infrics.com, or know of a place where I can bring this value, would you consider making an introduction for me?  My resume is here.
  • Finally, I'd really like to engage more with you.  Please share article ideas, criticism, and your own thoughts about these concepts.  Comment here, or write me at donald.ham@gmail.com.
Many thanks to everyone!  


Monday, March 12, 2012

Could social networks revolutionize security? Seven degrees of "I trust you."

In the very first thought piece I wrote for Infrics.com, I discussed the idea that all the talk, all the hype about social networks online really came down to community--how the internet has made possible communities of shared interest.  Later, I compared the idea of online communities to the small village, and how pretty much everything we do in business, commerce, and personal lives includes some attempt to overcome the fact that our worlds are no longer defined by our respective villages.

We’ve also looked a lot at “the era of you,” about the  explosion of connectivity, social interaction, consumer-added value, and the ever-growing network of things.  You can now know more, in more places, and greatly personalize your interactions with each other, with your employer and colleagues, and with businesses.

In other articles, I’ve shared the concept of technology triggers, the idea that developments in two or more unrelated tech areas can trigger the emergence of a new technology or new business model.  For instance, digitization of music plus broadband networks = billion-dollar+ markets for Amazon and iTunes.  

Today, I’d like to extend all  of these concepts, and make a prediction:

Online security could be revolutionized by applying social tools to authentication. In addition to “what you have” and “what you know,” technology will let us reintroduce the most basic small village security concepts of all: “I know you,” and “I know who you know, and because I trust them, I trust you.”

The “seven degrees of separation” meme is well known, and all of us have experienced that small-world moment when we’ve discovered a friend or colleague in common with someone totally unexpected.  “Who do we both know” is something Facebook has used to great advantage; when you receive a friend request or look up someone’s profile, it tells you what friends you have in common.  For me, that’s the first thing I check: “are there a lot of them?  Who do I know in person I could ask about this stranger who wants to know me?”  

Authentication is everything. 

Take that question just a bit farther, and it’s easy to see that there is a taxonomy of relationships.  It started in the village model, “I do business with you and we have a history together.”  What are the determiners of confidence in “I know you?”

  • Proximity--Is the association real (have met in person) or virtual (from online?) In-person does not automatically guarantee trustworthiness, there are people I have met casually once or twice, and I do not trust them nearly as much as some online friends I share many trusted friends with.  
  • Role--what is the nature of the connection?  Friendship? Work? Client or Customer? Vendor? Famiy?
  • Length of association--How long has this association existed?
  • Shared communities--community affinity can predict areas that might match the authentication need.  For instance, if you’re considering going on a date with a new connection, shared friends would be important. If you’re considering voting for them, shared political involvement would be a key.
  • Shared associations--If you and I work for the same employer, but are not connected otherwise, your connection to a mutual colleague could be more significant than your connection to a contractor for my home.
  • Degree of personal contact--how many degrees of separation are there?  Are you a friend of a friend?  Note how LinkedIn uses social proximity in their 1st/2nd/3rd degree connection model.
  • Frequency of association--for instance, if you see me on Facebook through a mutual friend, and send me a note with the friend request, “I’m the guy who rides in the same Metra car with you every day on the commute into Chicago,” that adds social depth to the likelihood of trustworthiness.  If I’ve used this credit card at your business 50 times in the last year with no problem, chances are high that this transaction will have no problem either.

How would it work?

Let’s take the simplest example, one that Facebook should offer today, but doesn’t.  Let’s say I have 100 friends.  John, with 500 friends, sends me a friend request, and we have 20 friends in common.  So, "friends in common" is 20% of my friends list, and 4% of John's friend list.  Shared numbers as an absolute are helpful, but the chance that his 4% will be as important as my 20% is lower.  Derive an index number by dividing 20 by 4 = 5.  If John also had 100 friends--20% shared--the index would be 1.  Now we have useful information; a higher percentage of shared friends tells me the chances are greater I’d want to be friends with the stranger who is saying hello.  

That’s social authentication, and as this example shows, it can be turned into metrics, which in turn can be used to predict the likelihood of trust.

In the Facebook example, it wouldn’t take much history of managing a friends list to get a sense for what index number is the threshold for those you want to add, at least in the absence of other information, such as an introductory letter.  

The result: the social trust index

As we develop indexes for each of the taxonomy areas, we can move to situational comparisons of trust threshold, and we can compare them across many instances of different people and situations to give a very useful complement to online and in-person authentication.  To sign in to online banking, you might need a social trust index no higher than 2.5.  To buy a latte at Starbucks, maybe a 6.  Starbucks would quickly amass average social trust metrics for their huge client base, and dynamically know on the spot whether a transaction were legitimate.

These numbers are purely arbitrary, the point is to demonstrate the value of social authentication.  Remember, the social trust index is not a fixed number like your FICO score, it changes based on your current location, role, purpose, and intent, and as your social connections evolve over time.

So, why could this be revolutionary?

This is the technology triggers model in action: take two or more things that are and extrapolate something that might be.  Social authentication will be a vital part of the future in which the digital personal assistant (DPA) will play such an important role, and it adds to the business opportunity for the company that gets there first.  Take the “what might be” out to a logical--and possible--conclusion, and you have a computer intelligence with you at all times, helping you manage your interactions with the world, using those interactions to constantly prove you are who you say, you have community associations to back that up, and you are recognized wherever you go.  

If I can sit here at Infrics.com and envision this future, can there be any doubt that teams from companies like Apple, Google, and Microsoft have not done the same?

I think the biggest potential benefit to social-based authentication is just how hard it would be to falsify, to game the system.  Think of the current means of security:  something you have can be stolen, or falsified.  Something you know can be guessed, stolen, maybe just looked up by picking up the keyboard in your office and looking underneath it for the passwords on the sticky note.

But the permutations of who you know are so vast, and span so many aspects of your life, the trust index that could be generated from the taxonomy above would be nearly impossible to defeat.  Security is never a game of certainty, it’s a game of odds. You do what’s possible to know you’re giving trust to the right person, and you accept a certain level of risk.  Social authentication represents a very significant way to minimize that risk, and apply the metaphor of village life to security in a tech-enabled world.  Passwords?  Keys?  "Who goes there?" "It's ME!" "Well, come on in!"

Thursday, March 8, 2012

The target dashboard: a new vendor evaluation strategy introduces a new way to think of business metrics

Don's note:  Infrics.com is usually about emerging technologies and strategies around the big trends shaping the future.  Although this article addresses a tactical concern--evaluation of vendor performance--the bigger picture about metrics in the enterprise and the value of subjective input makes this a worthwhile topic.  

In all my years of working with tech research, I don't believe I've ever seen this particular target display anywhere else, and I think it's an idea we can work with across many areas in which you want to know, "how am I doing?"  This article also describes steps to add a social component to vendor evaluation; in the era of you, more and more business work will involve, and benefit from, the same kinds of online social interactions we've come to expect in our lives beyond work. 

This report presents a vendor dashboard, designed to allow executives and vendor managers to create a snapshot view of vendor performance.  Using a simple graphic device--a target--you can read vendor performance and localize vendor performance issues into one or more of 8 KPIs that will be valid across your entire vendor landscape.

This is what it looks like :

This is a sample for a single vendor.  At a glance, you can see this vendor is on-target with their financial performance.  Their positioning report indicates they are both highly strategic and highly critical.  Because of that, the red dot, indicating issues with SLA performance, is an especially serious problem, even though they’ve done well delivering what you initially negotiated.  Although the relationship indicates they are highly flexible and transparent in their dealings with you, caution flags are up for the sales and customer service side.  At a glance, you have a problem alert with this vendor, and a pointer to a likely contributor to the problem.

Four areas touch the evaluation of vendor performance, each is represented by a quadrant in the target display:

  1. Financial: Are they competitive on cost, are they performing to expectations with A/P and A/R? What is your assessment of the vendor’s financial risk?
  2. Contractual: Are they delivering to the contracted specs? Are they in conformance with negotiated Service Level Agreements?
  3. Relationship: How do they measure on interactions with the sales team before the sale, and with their customer service after the sale? Are their processes and deliverables transparent to your organization, and are they responsive to your needs?
  4. Positioning:  Is the vendor’s role strategic or tactical? Is delivery of their products and/or services mission-critical, or is it more ancillary in nature? A strategic vendor, such as a consulting company, is not automatically mission-critical, whereas a cloud-based e-commerce storefront is both strategic and mission-critical.

How do you get there?  To start, think of the way you manage vendors for your own home and life: utilities, contractors, stores where you buy food.  Using a very sophisticated--but intuitive--algorithm in your own head, you measure and weigh such things as value-for-price, reliability, customer service, and delivery-as-promised.  You don’t use a formal tool, but when you choose one grocery over another, for instance, it is a response to the that internal dashboard.  

By introducing that analogy, we can start a process that allows your vendor management office to work through this tool in a morning, resulting in actionable information about your vendor landscape health by that afternoon.  At this highest level, it will largely be subjective, but the framework is designed with two ideas in mind: a) you will be quantifying subjective input in such a way that it can be tracked as a measurable metric, and b) you can also roll up vendor-by-vendor structured data metrics as they become available, include them with the subjective evaluations, and use them to make the tool more specific for each vendor while retaining useful comparisons between all vendors you deal with.  As long as your choice of metrics informs the four broadest evaluations and the eight major KPIs, you can abstract complex evaluations down to very useful insights.  Get started right away, add specificity and confidence with iteration.  The dashboard structure will not change, only the data points feeding it.

This tool is designed for use with existing vendor relationships; it assumes that the vendor has been chosen, and that prices, contractual terms, and SLAs are all in place.  

To begin using the dashboard, you use a simple spreadsheet program and give 0-10 values to a range of questions across the performance measurement areas, which generates an X-Y chart in real time.  

Each vendor target snapshot is a grouping of the 4 charts, with each chart’s axis orientation changed  to place better performance at the center of a grouping of all four.  Alternatively, charts for the same quadrant for a number of vendors can be compared to see benchmarks--for instance, as a report to your finance office.  You can view the spreadsheet with sample data here, or download a blank one as a template here.  

Best practices and resources in vendor performance evaluation

Now that you are equipped with tools to begin seeing useful measurement, let’s also examine the underpinnings of vendor performance within an enterprise, an IT operation, and a Vendor Management office.

What do I measure? Where does the data come from?

Common across experts in vendor performance management is one theme: “don’t get buried in too many metric data points, measure that which informs your knowledge of a vendor’s contribution to business value.”  Restated for the purposes of the dashboard presented here, it says, “add specific metrics that contribute to your confidence of the accuracy of the eight KPIs you’re tracking.”  

Some are intuitive: financial performance data from your A/P & A/R systems. Delivery-as-scheduled information from ERP. Uptime and latency reports from the data center and Operations. Cloud vendors like Salesforce.com expose internal performance dashboards. Others require the trick of stating subjective values from end users as a quantified value, like “on a scale of 0-10, how satisfied are you with Vendor X’s customer service?”  The vendor performance spreadsheet included in this report is easily edited to add values to measure; always keep in mind the operating concern, “how few things can I measure and still believe my KPI answers reflect the actual experience with our vendor?”

Because you must include strategic value and criticality as part of your dashboard process, ownership of vendor evaluation is most effective within the business unit that best understands those interests. Typically for CIOs this would be a vendor management office, a program management office, or within a high level division devoted to operational excellence and strategy.  Procurement and Finance are important contributors to the dashboard, not logical owners of the process.

For more on this topic, see “Supplier Metrics that Matter,” by Jonathan Hughes, from the CPO Agenda site. Hughes also confirms the value of the four broad measurement areas in this report as choices to organize your view of the vendors in your portfolio.

How do I compare my vendor’s performance with other clients, or against similar vendors?

Become social about your vendors.  With the speed of social information sharing, you need to know news about your vendors in real time, and know what others are saying about them.

This is an area where emerging use of social tools in business offers a lot of promise, and several opportunities to share vendor experiences in the same way Facebook friends rely on each other’s opinions about shopping choices.  

Supplierevaluations.com uses the Angie’s List/Yelp model to socially gather and share customer’s supplier opinions.  Because of the prevalence of the term “supplier” in procurement and supply chain, you will frequently find it used instead of vendor in discussions relating to vendor management.  They are not strictly interchangeable, but they are closely-enough related that any discussion of vendor measurement will be richer for the inclusion of “supplier” as well.

Use Twitter.  Search hashtags (the keywords commonly used to filter Twitter topics) such as
#vendor, also try #ensw (enterprise software.) Use conventional search as well; “vendor management” returns a useful list of discussions.  Whereas Twitter is unmoderated, comments on vendor pages on Facebook and/or Google Plus can be edited by the companies, and may not be accurate representations of user feedback.  Follow each of your vendors on Twitter to see user discussions as well as news from the companies themselves.  If you do not already use a social feed management tool like TweetDeck or HootSuite, they can do a lot to help you organize streams of information into feeds that make sense.

Add monitoring tools like socialmention.com, which will track keywords like vendor names across all social media, and can send e-mail alerts.  If you use an internal social tool like salesforce.com’s Chatter, you can get real-time feedback from your own users by following vendors as keywords.

What companies offer vendor performance management software?

These are major vendors. As you see, the field is currently experiencing a lot of acquisitions:

SAP and Oracle, as part of Supplier Lifecycle Management (SRM) modules

Emptoris, offering supplier lifecycle management tools including vendor dashboards and reports. IBM acquired Emptoris on Feb. 1, 2012.

Ariba, who offers a supplier management tool as part of a web-based service called the Ariba
Commerce Cloud

BravoSolution, formerly VerticalNet, offers Supplier Performance Management software, as well as a suite of other products branded Supply Management Excellence

Open Ratings, acquired by Dun & Bradstreet, offers some supplier performance management through their Supplier Risk Manager.

Biznet Solutions, a web-based supplier performance management tool

Other resources:

For members of the CIO Executive Council, there are member-contributed vendor scorecard templates at http://council.cio.com/content.html?content_id=24.910.6eaaaa58.

Sherry R. Gordon’s book, “Supplier Evaluation and Performance Excellence,” cited in this report.


By its nature, a dashboard is a summary, an “at a glance” insight into the health or performance of a system.  The use of Supplier Lifecycle Management tools or vendor supplied dashboard data is still worthwhile, and can contribute to your dashboard.  Neither excludes the other.

As you work with the dashboard and the KPIs, they can inform evaluations and SLA development for future vendor engagements, driving expected (and contracted) vendor performance across the eight measurement areas.  Use the tool and stay focused on answers to fundamental questions represented by Relationship, Financials, Performance, and Positioning.   Share findings with those who use the vendors products, and with the vendors themselves, involve both in the process of knowing and improving vendor performance and value delivery.

Tuesday, March 6, 2012

IBM Debuts Swiss Bank-Tested Secure Remote Desktop Via USB | TPM Idea Lab

Posted to IBM Research's Facebook page today:

IBM Debuts Swiss Bank-Tested Secure Remote Desktop Via USB | TPM Idea Lab:

Remember, stateless computing does not have to involve the use of a thin client concept like a Google Chromebook, it can happen for enterprises very quickly through desktop virtualization.

This IBM development looks as though it addresses one of enterprises' biggest security concerns.

'via Blog this'

Monday, March 5, 2012

"Everything, Everywhere, All the Time" from Tech Crunch, and why TMI from technology is the best argument for the digital personal assistant

This is a good story from Tech Crunch, one that touches on several Infrics.com themes.

Photo from the Tech Crunch article
Everything, Everywhere, All The Time | TechCrunch:

The explosion of smartphones, "connected all the time" expectations, and the associated "community all the time" effect have put us in a strange place. As I've pointed out in my "era of you" coverage, we know more, in more places, at more times, than ever before.

But we still must be our own librarians and curators of all that information; as Sarah Perez points out, there's precious little technology helping us take that last vital step. It's exhausting and frustrating.

Perez doesn't connect the dots to the logical needed technology, but she gets close.  What we need is a technology interface that learns our behaviors and our needs, compares them to the massive information streams, and delivers it to us in a useful form.  We need the equivalent of the executive's personal assistant.

Which is one of the main reasons I believe that the digital personal assistant, (DPA) although still in its infancy, is one of the most promising emerging technologies. As I wrote in this article introducing "Rosie," it will also be a forthcoming business battleground because the DPA is a gateway to recommendations, search, and tech-assisted business transactions. As Perez writes, "I’m ready for a computer you don’t have to input much into at all. A truly useful system will see what you’re doing, learn from your activities, then begin to automate tasks for you. Not just in email, but everywhere. In everything. And all the time."
See this article, published today, about the way Apple is already using their 1st generation DPA, Siri, to bring that power to bear in its battle against Google.

Yelp, Twitter, and Apple's Anti-Google Coalition

'via Blog this'

Thursday, March 1, 2012

Billions of DVDs headed to digital cloud, Warner executive says - latimes.com

This may indicate some hope that the studios are finally waking up to the fact that OWNERSHIP of licensed content is no longer connected to the media that delivers it. I'm cautiously optimistic.

Billions of DVDs headed to digital cloud, Warner executive says - latimes.com:

'via Blog this'

Here is my article on the changing nature of content ownership:

How power shifted in the world of content

Mozilla's 'modest proposal:' Dump the smartphone OS

More on Boot2Gecko, Mozilla's stateless phone platform.

Thanks to Don Tapscott's (@dtapscott) Twitter post for the link to this article.

Mozilla's 'modest proposal:' Dump the smartphone OS:

'via Blog this'