Acquisition Adds Fresh Content and Expertise in New Technology Trends to AOTMP Research Practice
INDIANAPOLIS—9 January 2018— AOTMP, a global information, research and advisory firm for telecom management best practices and industry standards, today announced the acquisition of Boston-based Blue Hill Research, a technology research firm focused on providing timely guidance for organizational technology investment.
The acquisition will enable AOTMP to build upon its strong position within global enterprise telecom/mobility/IT environments by capitalizing on Blue Hill Research’s strong position with the vendor community and expertise in new technology trends and user adoption. “We are excited to have Blue Hill Research join forces with AOTMP to take our research practice to an entirely new level,” said Tim Lybrook, AOTMP President & CEO. “Bringing together these teams gives us many more points of intelligence around what technology leaders are thinking and planning that will drive more valuable research studies and trending for our clients of all sizes.”
The acquisition includes all assets of Blue Hill Research. The research, analyst, client services and sales teams will join AOTMP and founder and Research Fellow, Ralph A. Rodriguez will take on the role of Strategic Advisor at AOTMP where he will work closely with Stacy Hiquet, Chief Content Officer and Timothy C. Colwell, SVP, Efficiency First® Adoption as the combined company looks to integrate Blue Hill Research into the AOTMP Research Practice.
“We have long admired AOTMP and the complementary offerings make sense at a time when the telecom and IT space is changing and evolving rapidly with the emergence of new technologies driving the consumerization of IT,” says Ralph A. Rodriguez, Blue Hill Research Founder.
Over 1,000 pieces of Blue Hill research content covering key industry reports, analyst insights, podcasts, infographics, webinars and blogs will be added to the AOTMP Research Library, making it one of the largest telecom and IT topic-specific databases in the world.
“Combining enterprise end-user and vendor research insights into one complete research offering is of major importance for the three key technology stakeholders in all organizations - technology, finance, and line-of-business executives,” says Tony Rizzo, Senior Research Director, AOTMP and Chief Research Officer, Blue Hill Research. Rizzo further notes that, “Joining together the deep technology expertise of AOTMP and Blue Hill collectively creates exactly the actionable insights businesses need to make highly informed technology decisions.”
Blue Hill Research will become a division of AOTMP. Terms of the cash and stock deal remain confidential.
AOTMP is a global information, research and advisory firm for telecom management best practices and industry standards. We deliver actionable insight, data, and best practices through our Efficiency First® Framework that equip telecom, IT, and mobility leaders and vendors to achieve telecom management industry excellence. For more information, visit aotmp.com.
My last blog post, “The Successful Enterprise Mobility Deployment – Setting Goals & Measuring Results,” focused on real world issues that any enterprise needs to get a strong handle on in order to know that mobile strategies are well-implemented and – more importantly – delivering productive and valuable results. As the business world of 2017 draws to a close it is the right time to shift gears a bit and take a look ahead to what your business needs to prepare for in 2018. If a company has done its mobile planning and implementations well there isn’t much that will catch that business by surprise – and I certainly believe that following the recommendations provided in my most recent blog post series puts your company squarely in that position.
In this post I will highlight trends that are moving towards real and larger scale enterprise implementation in 2018. What I find interesting is that many of these technology trends not only lend themselves to being managed by a Managed Mobile Services (MMS) partner but in fact will require it for successful implementation and ongoing operations.
Mobile technology continues to move forward at a rapid pace, but it’s “guise” as an actual device users carry will begin to change. Sure, we’ll always have our mobile devices, and the earlier blog posts in this series speak to them directly – nothing here changes in 2018, aside from moving to Apple’s FaceID and whatever Samsung has up its sleeve for the Galaxy S9 that will likely be announced in late February 2018. But there are plenty of new and different devices to think about.
Before getting into details here is my trends list for 2018 that I believe will see large scale implementation:
Some of these trends are co-dependent. For example, cyber-attacks will become far more prevalent as mobile access points into enterprise networks increase exponentially through IoT and wearable technology. Automated service support will grow based on the combined growing market penetration of machine learning, virtual reality and the first real stages of artificial intelligence (AI). The one sure constant in all of this is a fast proliferation of enterprise options for deployment, implementation, ongoing maintenance and upgrade cycles and workforce support.
Wearable Technology in the Enterprise
Wearable technology has, for the most part, been driven by consumer and personal use, typically in the form of Fitbits and Apple Watch kinds of tech. More prevalent in the enterprise has been the use of such devices as eye wear from Epson and Vuzix, which make use of augmented reality to visually enhance the physical, existing workplace, and devices with dedicated functionality for specific work environments, such as retail shop floors and healthcare provider ecosystems. I’ve been covering wearable tech since 2012 and aside from a lot of consumer hype, enterprise use outside of healthcare has been slow to take off. But I am predicting that 2018 is the enterprise inflection point year for the technology. Look for a major explosion of use everywhere in the enterprise, from the retail shop to the manufacturing floor and all points in between.
Internet of Things (for real)
IoT has long risen past the point of buzzword status. From the early days of serving as simple field-based machine to machine (M2M) alerting devices (e.g. sense a predefined temperature range and issue an alert to a human via a low bandwidth network such as 2G) we now have complex tools that are able to communicate directly not only with other IoT devices but with entire systems of devices that in many cases generate their own actions and workflows based on real time and real world conditions.
As with wearable tech hardware – all of which can be considered IoT devices in their own right, IoT device penetration will explode in 2018. Enterprises will create many dynamic operations that will become business-critical on a 24 hour, seven day a week basis. These devices, networks of devices and systems of interactive devices will also generate big data on a massive scale that in turn will feed machine learning systems (more on this shortly).
Augmented and Virtual Reality
It’s important to understand the difference between augmented reality (AR) and virtual reality (VR) – the former literally “augments” existing environments, while the latter creates environments that do not actually exist (even though they may be based on real environments). AR’s first real use in the enterprise dates back to 2013 as a wearable device – that is, the eye wear was more important than the rudimentary underlying apps supporting the devices.
Today we have IoT-enhanced access to the work place that adds substantial information to the apps used with the eye wear and related tech such as sensor-enabled gloves. An example of a particularly useful AR application is its use in guiding medical technicians – utilizing AR eye wear with built-in infrared capabilities – to locate real veins in real arms for intravenous applications. Hospitals have seen tremendous IV productivity improvements here that also deliver enhanced patient satisfaction. This example scratches the surface of what will be created in 2018.
Virtual reality creates virtual spaces and images that do not actually exist, and allow users to interact with those systems. This of course plays enormously well for consumer gaming but the real money in VR will be found in enterprise use – especially in IoT-driven environments, where the combination of IoT sensor information and VR-driven environments will simplify field-based repairs, demonstrate for technicians different exploded parts of a complex system or machine, and allow them to make repairs or other modifications as needed. There have been rudimentary wearable tech-driven systems available for doing such things since 2012 or so (Motorola was a first driver) but VR now benefits from visuals provided through sophisticated head-mounted displays and sensors that provide near-real experiences virtually. 2018 will only see the first of these systems emerge but think of it as the year the VR trend begins.
A misnomer of sorts, “machine” learning is really about extracting valuable and actionable business information from big data stores that in turn helps enterprises to automate a variety of service- and sales-related business processes. In 2018 we will see businesses aggressively develop and ramp up automated advisors and assistants that can both receive calls and proactively initiate calls, delivered with near-human interactive capabilities. For the most part these efforts will center on reducing the enormous amounts of “routine” and common things the human workforce currently handles. The chief productivity goal is to free up the workforce to focus on more important and personalized things that go beyond routine and common towards achieving high levels of customer satisfaction.
From an IoT perspective, machine learning-based automated advisers will take advantage of the data being reported ongoing from the field and be able to determine when service calls are necessary and when parts need to be replaced in complicated machinery (e.g. high speed elevators in skyscrapers) – ahead of actual failure. 2018 will bring major new efforts in creating standards for infrastructure and machinery maintenance and support – with the goal of driving productivity up and significantly reducing the costs of doing business.
In 2017 we spent an entire year following the AI hiring practices and M&A activity of the major tech vendors. To be sure, it was all about hiring engineers and scientists with expertise in artificial intelligence (AI) or buying companies focused on AI. Meanwhile, IBM spent 2017 pushing the term “cognitive” across all of its technology platforms – by which it means delivering capabilities that begin to “think” for themselves. Whereas machine learning is about extracting valuable intelligence based on real world info and facts and reacting to them, AI begins to address understanding the potential interconnections between our ever expanding base of knowledge.
Machine learning uses data extraction and correlations to tell us that a part is due to be replaced. AI will tell us why that part is likely to need replacing, what the likely causes of the wear on a part might be, and offer some “thoughts” on reducing that wear. Machine learning will tell you what your next chess move should be based on data and brute force. AI will tell you the rules of the game based on actually self-divining the rules and behaviors of the game and elegantly determining moves without brute force.
I’ll leave it at that – there isn’t much more I can say here. But in 2018 we will see the first real world AI implementations that from a business perspective will begin to provide recommendations for solving business problems rather than merely eliminating routine and repeated processes from requiring human interactions.
Cyber-attacks and Cybersecurity
Unfortunately and sadly 2018 is going to see a significant uptick in cyber-attacks. We heard a great deal in 2017 about large scale attacks against major companies (think Equifax) – some of them on a global scale. My own concern however lies in the ability of hackers and cyber evil-doers to attack any business, and especially SMBs with limited tech resources – something that can easily destroy those companies. The proliferation of mobile and IoT devices ups the hacking ante and creates myriad opportunities to get inside networks, and in 2018 the counter-trend must be to become super-vigilant about such attacks.
Mobile Security – Unified Endpoint Management (UEM)
A year never goes by where mobile security does not deliver a new acronym, and 2017 was no different. Unified endpoint management – UEM – is the new mobile security buzzword de jour. In 2018 however, UEM will evolve from buzzword to stand operating procedure. The proliferation of user mobile hardware, wearable technology and IoT devices will require any business to extend their MDM or EMM platforms to provide a comprehensive and cohesive strategy for managing this collective set of endpoints. Still hanging on to that old 2010 era MDM solution? 2018 will require any business to finally upgrade to UEM.
eSims and Unlocked Phones
I need to underscore that in 2018 we will see a proliferation of unlocked mobile phones specifically in the US market. This will be driven in good part by subsidies that are now beginning to dry up and that will likely completely disappear. This isn’t a problem but an opportunity and avenue to cost-effective hardware acquisition and related short and long term financial planning around device procurement.
In 2018 we will also see eSIM technology go mainstream. This means that it will become much easier to electronically switch mobile devices from one telco to another, with no physical access necessary. Telco operator automation will become available simply by utilizing their platform APIs. This is another opportunity but one that will only become viable through having a detailed understanding of the efforts that will be required to take advantage of it.
Automated Mobile Workforce Support and Self Service
It will be virtually impossible to operate a business in 2018 – regardless of size – without implementing some form of automated workforce support, whether directly or through a reliable mobile partner. The proliferation of machine learning services as well as automated advisors and assistants will demand that businesses deliver automated support and services. As unlocked mobile phones and eSims become prevalent in 2018 the sheer diversity of hardware will overwhelm any human-driven system in the form of greatly wasted workforce time.
The clear warning message in 2017 as the US economy revs up is that businesses are already finding it difficult to land new workers with the skills and training necessary to operate in today’s business world. In particular businesses need to be very aware of maintaining high levels of workforce satisfaction in 2018 as a competitive advantage. Failure to do so will drive competitive disadvantages and workforce defections to those businesses that provide those high levels of satisfaction.
Bitcoin and Blockchain – A Prediction
In my very humble opinion the cryptocurrency Bitcoin is in the midst of a “massively massive” bubble that can only be compared to the Dutch Tulip Bulb mania of the mid-1600s. A Bitcoin is literally nothing more than an entry in a ledger. To be sure there has to be some “mathematical mining” to uncover a legitimate Bitcoin entry, and future Bitcoins (the total number of which are finite in number) become harder and harder to uncover (that is, to mine) and require tremendous amounts of expensive super computing power. I am very interested to see quantum computing applied to Bitcoin mining – it may reduce the value of Bitcoins to pennies). Yes, something is worth anything a market will bear at any given point, but sooner than later those ascribing a value of $17,000 (or more!) to a Bitcoin (that is, an entry ion a ledger) today will be in for a very rude awakening.
The real importance of Bitcoin, and the reason I mention it is that the underlying blockchain technology that secures the entire Bitcoin ecosystem is the real gold in the Bitcoin mania. Blockchain offers a deep level of both security and transparency that can be used to protect transactions as well as the ownership and provenance of actual things (such as diamonds, or say mobile devices) – essentially anything. I mention it as a bonus trend here because I am anticipating – no, I am predicting – that we will see the introduction in 2018 of blockchain-based mobile security. Major companies with global reach – such as IBM – are already heavily invested in blockchain and are working to drive the technology into every aspect of business. The first mobile security vendor on the blockchain block will show up in 2018 – that is my prediction and I’m sticking with it.
These Trends Require…An MMS Partner
I ran over my allotted space for this blog post five 2018 trends ago, but before I sign off I need to point out that every trend coming our way in 2018 will either encompass huge numbers of devices, huge amounts of data, or numerous ways to deploy the value derived from those devices and data. Keep in mind that developing implementation and deployment plans for wearable tech, the myriad new mobile devices coming our way (especially from an eSim perspective) and the roughly 2 gazillion IoT devices that will be deployed in 2018 will all require the same levels of planning and operational requirements that I have focused on in detail over the course of this blog series.
I highly recommend going back and reading those posts over again, this time with the context of our 2018 trends in hand as you read through them. From an enterprise management perspective, staying ahead of the trends, ahead of the devices – whatever category of device they might be, and ahead of the deployment, provisioning, replacement and decommissioning of hardware and applications, and ahead of whatever wireless networks and telco contracts that will be needed is a bottom line requirement for business success in 2018.
The right MMS partner will help get your business successfully to the end of 2018 and prepare you for our 2019 mobile trends post!
In my last blog post, “The Enterprise Mobility Stakeholders & the Mobile Center of Excellence,” I pushed hard for businesses to establish internal or Managed Mobility Services (MMS)-managed Mobile Centers of Excellence (MCoE). I want to clarify that MCoEs can go by other names such as Mobile Committee, Office of Mobile Operations. There isn’t any reason to actually refer to a MCoE as such, but what is important is to establish the team that delivers on the full functionality I ascribed to it in the earlier blog post.
Also from that blog post – and this goes specifically to what I will cover today – I referred to both short-term mobile projects, or “fixes,” and longer-term enterprise mobile strategies. The term “short-term mobile fixes” is clear enough and I use it as a descriptor for hastily and typically poorly conceived and planned out mobile efforts that are often driven not by original internal ideas but as reactions to what competitors are up to. Mobile efforts as “fixes” are never a good idea.
On the other hand “longer-term mobile strategies” may be a bit misleading. In today’s mobile world, enterprises need to build, update and maintain a mobile-specific plan and infrastructure to support mobile initiatives that scale to meet the needs of the enterprise as well as Lines-of-Business (LOB) goals. That effort begins in the MCoE and involves the C-suite, Finance, LOB and IT – with support from the selected MMS provider. This team will collaborate on needs and requirements to create a mobile plan that spans across the enterprise – a much different deliverable from a mobile project plan that deals with a single deployment. Rather than use a MMS provider to rollout a mobile project, MMS are best tapped to advise and help lead the effort to create the mobile plan for the enterprise, and to deploy, manage and support subsequent mobile initiatives that scale across the enterprise in support of that plan.
The MCoE’s enterprise mobile plan needs to clearly spell out the business drivers shaping each of the mobile initiatives under consideration, along with the specifics on how success will be measured. For example, mobile KPIs can and should expand beyond the typical “on budget, on deadline” mandate to include benchmark targets to address uptime and reliability; issue resolution on the first support call; service, warranty and repair trends; and device-specific cost management – from acquisition to retirement – which rolls up to enterprise mobile’s Total Cost of Ownership (TCO).
Once the enterprise mobile goals and KPIs are established, the next step is to assemble the MCoE and develop the strategic implementation plan which contains all identified mobile projects which support the company’s overall mobile plan. These mobile projects address a single LOB’s need (e.g. new tablets for line workers), or they can be broader projects which span across LOBs (e.g., a new MDM provider). At this stage, both the LOB and finance stakeholders have established their mobile business outcome priorities. The project then generally shifts to IT, and MMS partners to build and deliver the project plan.
Setting Goals and Measurement Points
A general rule to follow, based on a consensus I’ve gathered over the last few years, is that a new mobile project shouldn’t take more than 90 days – from initial configuration and field testing to proof of concept (POC) and enterprise deployment.
The development of mobile applications is a topic for other blog post series. Aside from noting that a DevOps and agile app development methodology should be employed, I’ll leave it at that. The MMS partner will be able to assist IT in determining the most appropriate tools and development platforms to use and the best suited means to ensuring that the workforce itself weighs in on user interfaces and a steady stream of software features can be delivered and tested during POC and deployment phases.
The MMS partner at this point becomes the critical cog in all the moving parts that need to mesh to ensure a company can meet the informal 90 day delivery deadline. To get a better sense of what an enterprise should expect – or in fact demand – from its MMS partner, let’s set up a hypothetical that creates some rather demanding requirements.
Let’s assume mobile needs to be rolled out to 10,000 employees. And let’s further assume there are three different groups of employees who require three different device configurations for the smartphones and tablets they will use in addition to a mixture of rugged devices used in various warehouse locations. To keep the example simple, we’ll ignore the “real world” complexity normally found where BYOD devices are part of the deployment mix, and we’ll assume the enterprise will deploy using the latest versions of iOS and Android, including Android on all rugged devices.
Even with the standardization on Android and iOS, the different device configurations for smartphones and tablets, combined with a mixture of rugged devices, leads to numerous permutations of hardware and software that will require testing, evaluation and internal certification for initial use. In addition, continuous retesting and certification will be needed as operating systems update, applications change and new devices become available. Further, the spare-pool inventory that replaces user-returned devices must reflect the latest versions used in the field – including applications, operating systems and device types. This is a daunting task simply because of its scope and one that many enterprises fail to grasp. Even if our hypothetical deployment focused on a smaller SMB deploying to 500 or 1,000 employees, meeting the challenge internally would prove impossible – it is one of the common and typically insurmountable roadblocks that fast and furious mobile efforts focused on catching up with competitors run into. There’s no need to belabor this, but I am consistently amazed by how often this seemingly simple issue stalls mobile projects and often kills them.
Do it yourself (DIY) mobility often allows a project to move to POC but will lose momentum as the needs of the enterprise quickly outpace the ability for internal teams to deliver. DIY mobility doesn’t work!
My experiences here strongly suggest that only an MMS partner will be able to fully scale quickly and effectively to an enterprise project that needs to deploy to large numbers of employees. Keep in mind as well that the smaller SMB deploying to 500 to 1,000 employees will often have no IT resources on hand to enable scaling to full project deployment.
As I’ve underscored in my earlier blog posts, there are numerous other issues associated with a mobile deployment. Simply getting a mobile project through a POC and then deployed within a 90 day window is critical. But the next step is probably the toughest – maintaining initial momentum, ensuring that end users are delighted and actually use mobile, assuring that mobile devices and their applications happily (yes, happily) operate in concert, and delivering effective support are the keys to real mobile success.
Workforce support includes easy and typically pre-configured onboarding, a straight-forward path to upgrades (including software, operating systems. MDM platforms and mobile devices), and support staffed with mobile experts so that any employee – whether a VP or a truck driver – can have issues or problems resolved quickly – preferably on the first call.
Finally, the finance team that helps to kick off any mobile project will come back prior to deployment at scale and demand a full cost accounting. This includes of course demand for a rock-solid and predictable hardware procurement, software development and ongoing maintenance and support budget. There is nothing simple or easy to accomplish here. In most cases, poorly managed budgets have been based on uninformed assumptions (by which I mean uninformed through a lack of hands-on experience).
The right MMS partner will be able to meet every one of the challenges/goals I’ve skimmed over here. Finance and IT professionals will directly understand the deeper implications at ground level. Meanwhile, the LOB stakeholders and the CxOs will only care about one thing – that mobile works as intended, has full workforce usage, and meets and possibly exceeds their desired business outcomes and KPIs.
An overarching conclusion we can come to in seeking to make the case that all enterprises and larger SMBs need to turn to an MMS partner to ensure the viability and success of their mobile projects, especially those operating under the burden of fast and furious mobility. As we leave 2017 behind and look ahead to the next year the notion of Mobility as a Service – MaaS – needs to become the guiding principle for all large scale mobile projects. MaaS eliminates upfront capital spending on new devices by bundling all device costs and mobile services into a flat monthly fee. MaaS will deliver on all the issues I’ve noted throughout this blog series.
Find an MMS partner that can deliver on MaaS and whether your company is a mobile pioneer or a business finally moving to deploy mobility you will succeed and remain highly competitive – and successful – in today’s fast and furious mobile world.
Mobility is now a table-stakes requirement for any organization to deliver on, and most companies that I speak with these days fully acknowledge this mobile reality. In an earlier blog post, “Managing Today’s Enterprise Mobile Projects – The Right Partners are Critical to Success,” I strongly suggested that, as large SMBs and enterprises embrace mobility for significant strategic business initiatives which typically have very short windows of opportunity for successful deployment (what I sometimes refer to as fast and furious mobile deployment), there will be plenty of opportunity for unsuccessful results.
Companies that either fail to plan properly for their projects or that opt to try and manage their mobile deployments internally will find themselves on the sure road to mobile project failure.
What must businesses do to ensure they avoid that road?
Over the 16 years, I’ve covered enterprise mobility I can identify three distinct eras of enterprise mobile computing. This first, the pre-iPad era running from 2001 to 2009, we can now think of as ancient history. Some might argue that the ancient history ended in 2007 when the original iPhone was introduced, but this isn’t true. It was the combination of the iPad and the generation of iPhones that emerged in 2010 that were the critical mobile game changers.
Next are the middle ages covering 2010 to 2014, a five year period that saw the real foundation of enterprise mobility – mobile devices, wireless communications/bandwidth and mobile software capabilities – fall into place. Finally, we have the era we now live in, the Renaissance…in the truest sense of the word – enterprise mobility rebirth.
Rebirth? Yes. Despite the many exciting business transformation promises of anytime, anywhere capabilities mobility brought to enterprises and regardless of BYOD and how many pioneers sought to gain business advantages through it, mobile technology as a key enterprise enabler went through a slow slog of growth. It left many enterprise mobile researchers wondering if mobility would ever become as transformative as we kept predicting it would be.
In 2015 that all changed – suddenly and quickly. In what I define as a true mobile inflection point a great many businesses across every possible vertical market had the sudden and urgent realization that despite apparently slow enterprise mobile adoption there was substantial – in fact enormous – progress being made at those companies that had chosen to embrace mobile technology early on.
DoubleCheck Software presents GRC Implementation Success, a guest blog series by Blue Hill Research Principal Analyst David Houlihan. This series draws on five years of Blue Hill studies in GRC in order to highlight key lessons for purchasing and implementing GRC software.
Part 2 of this series looks to the common business role and objectives that underlie the various use cases for GRC. Part 1 examined why GRC implementation success is critical to the success of the overall GRC investment.
“Governance, Risk, and Compliance” (or GRC) can refer to a wide variety of business processes and software capabilities. Each letter in GRC itself refers to a broad swath of operations that can occur across several operational contexts within the organization. We might see GRC in the IT department, in finance, in multiple legal mitigation and compliance strategies, or even as larger roll-up of enterprise risk.
Because this particularized need often drives the software purchase, it can be difficult to divorce GRC’s larger business role from the various specialized uses it might place across an enterprise. Unsurprisingly, the GRC market itself is fragmented and diverse, with many vendors offering similar sets of capabilities to serve various, specialized sets of use cases. As a result, we can break GRC into seemingly endless sub-markets based on function (internal audit, compliance, quality, supplier / vendor governance, etc.) or standards framework (FERC, SOX, KYC, HIPAA, anti-bribery, FDA, etc.).
Essential Elements of GRC
Across these various business use cases, we generally see the same core set of software functionality implemented in some form. Blue Hill has previously identified these core capabilities as:
- Centralized risk data management
- Process and controls management
- Workflow management
- Automated monitoring and alerting
- Automated reporting
In most cases, some combination of these capabilities will be found in a GRC implementation, while the real differences tend to emerge in the content libraries and workflows used.
Figure: Core Functionality Supported by GRC
Nonetheless, the host of specializations and use-case-based nuances can obscure the underlying commonalities. Investment decisions relating to GRC thus tend to focus on the instigating point problem (“We need a solution for SOX”). That’s not bad in and of itself, but it often prevents the organization’s understanding of larger business objectives to proceed beyond good intention and assumption. While there are reasons good and bad for this (often the point need is real), it often leaves the organization with a lack of clarity that will hamper its ability to scope and plan the implementation . . . or to accurately assess the total business value.
GRC’s Role in the Business
GRC is used to enhance an organization’s ability to complete one or a combination of the following processes: risk analysis, controls process management, and the generation of reports to serve a variety of business stakeholders. Often, the use of a GRC platform is a replacement for manual processes and spreadsheet-based information management. In these contexts, GRC is correcting for the time-intensive nature of manual activities or the version control and silos that emerge in manual data management environments.
To see how these dynamics reoccur in GRC implementations, we can review several GRC business cases that Blue Hill has examined in its research:
- Regional North American Utilities Provider: With risk management efforts distributed among line of business management in a decentralized model, the organization needed a platform for the consolidation of risk data to support enterprise risk analysis at executive and board of directors levels. The organization needed to be able to normalize multiple types of risk, facilitate information collection from an “effectively endless” array of reporters, and permit two dedicated staff to meet standard reporting intervals as well as provide real-time insight on request.
- United States Pharmaceutical Manufacturer: The organization’s quality assurance management efforts were dominated by spreadsheets, manual processes, and a “disaster of a file share platform.” As a result, quality reporting suffered from significant wasted effort and FDA and customer audit requests that created significant business interruptions. The organization sought a solution that could integrate with existing knowledge repositories, provide centralized control of documents and versions, and support the management of core processes.
- Global Metals Mining and Manufacturing Company: Spreadsheets served as the organization’s primary mechanism for modeling and reporting on financial risk. Distributed business units used managed local financial risks through manual risk registers in spreadsheets or local ERP solutions with no common risk analysis or reporting framework. After identifying the potential for error generated by manual processes and divergent methodologies, the organization implemented a global enterprise risk platform to provide a centralized source of truth and standardized risk methodology.
- Large European Commercial Bank: Regular vulnerability scans performed by the organization resulted in over 60,000 lines of data that could not be effectively analyzed within the organization’s vulnerability scanners. As a result, the organization exported vulnerability data to spreadsheets to conduct manual categorization and risk analysis. This resulted in lags in time to act on information and opportunities for error, while consuming roughly three days of employee time to compile each report. The organization required a platform to consolidate, categorize, and format data for business reporting.
- Large International Financial Holding Company: A regulatory agency identified the need to implement an automated system for tracking, managing, and reporting on risk within 90 days to resolve an issue. The organization possessed a legacy GRC platform on an outdated version. To upgrade the solution and obtain the required automation would result in failure to meet the terms of the resolution. As such, the organization identified a replacement solution from another vendor that provided the needed functionality and could be implemented within the required cycle.
Essential Business Drivers of GRC
In each of the cases identified above, we can see the same organizational needs at work. From these, we can distill two basic business objectives for GRC investment:
In most cases examined by Blue Hill, both of these objectives are present to one degree or another. Often, because the second factor is commonly tied to indirect benefits, organizations often focus the business cases justifying investment on the potential labor impact. The risk impact thus tends to become an added benefit that does not need to be tracked to demonstrate the “success” of the investment.
For organizations planning GRC investments and implementations, these dynamics play a crucial scoping role. Application costs, implementation project scope, and related factors should be tethered to the short-term operational upside the organization believes it can obtain. Without these boundaries, the organization can easily fall in the trap of over-engineering its solution or failing to give enough attention to factors that can cause an implementation to extend indefinitely.
As we’ll see in Part 3, precision in business requirements is the single most important factor in obtaining this balance.
Next, we look at: defining business requirements for GRC.
Before this, we discussed: why implementation success is investment success.
DoubleCheck Software presents GRC Implementation Success, a guest blog series by Blue Hill Research Principal Analyst David Houlihan. This series draws on five years of Blue Hill studies in GRC in order to highlight key lessons for purchasing and implementing GRC software.
Part 1 of this series examines why implementation success is a key factor in the overall success or failure of an organization’s GRC investment.
Any enterprise software purchase is a risk. At the most basic level, it is a bet that the money spent on new tools and capabilities will result in a payoff in the ability to do something better, faster, or cheaper. In most business cases, this bet is articulated in simple terms: “If we start using X, then we will get benefit Y.”
The reality, of course, is less cut and dry. A wide variety of factors contribute to the value an organization realizes (or fails to realize) from a technology investment. The most significant factor is also the most obvious: how much did it cost the organization to put the technology in place. An investment with relatively little impact can be a success if the cost is low enough, just as a huge benefit can be negated if the cost to implement it was high enough. This is why return on investment (ROI) is such a potent indicator of success.
Charting Implementation Success and Failure
This is as true of investments in governance, risk, and compliance platforms (GRC) as it is any other enterprise technology. However, the degree to which GRC investment is based on indirect value propositions means that the cost and difficulty of implementation possess enhanced importance in determining organizational value and satisfaction. To this end: Blue Hill’s Contributors to GRC Implementation Success: Avoiding the Worst-Case Scenario benchmark report showed a clear correlation between shorter, less expensive implementation cycles (“the best case”) with ultimate business and user impact than those benchmarked as the most costly and time-sensitive.
Table: Profiles of Best Case and Worst Case Implementations
As with all enterprise application investments, GRC implementation is complex. It can require significant process change, integration with the existing enterprise ecosystem, and solution tailoring to fit organizational needs. Where these factors are poorly managed, the consequences can be dramatic. In just a few failed implementations examined by Blue Hill, those consequences have included:
Even where the implementation project is completed, poor planning and management can result in user abandonment due to gaps in the solution or inflexibility in the environment that fails to accommodate inevitable changes in standards or business processes.
Planning and preparation make the critical difference to implementation success. To this end, Blue Hill found that factors such as solution architecture, data model, and vendor pricing and service strategies (while factors) were not strongly correlated to the length and cost of an implementation. The failure to assess, consider, or plan for these factors was much more important. By contrast, a recent case study involving KBR, Inc.’s implementation of DoubleCheck GRC for SOX compliance management demonstrates how a well-considered evaluation of business requirements that drives solution evaluation and implementation from the beginning can yield a complex GRC rollout, completed in under eight months from inception to rollout.
The Relationship Between Implementation Success and Investment Success
These differences in implementation experience can result in tremendous differences to the time-to-value, overall lifetime value, and ROI, where the impact of the investment is otherwise the same.
To illustrate this point, assume that a GRC investment contributes $125,000 in savings for every quarter that the organization uses the platform ($500,000 annually). Now, compare the first three years of that investment under Blue Hill’s Worst Case scenario with a Best Case scenario. Using the mid-point values in Blue Hill’s data, the Worst Case scenario costs the organization $637,500 and takes 13.5 months to deploy. The Best Case scenario takes 3.5 months to deploy and costs $127,500. Ignoring maintenance fees and other factors for simplicity, we can map the differences in experiences. At the end of the three year cycle, the Best Case scenario has yielded $1.2 million dollars in value, while the Worst Case scenario has yielded $300,000 (a difference of 308%).
Figure: Impact of GRC Over Three Years in Best Case and Worst Case Scenarios
While a simple illustration, the difference between these two scenarios works to show the range of experiences that can follow a GRC implementation, based on the implementation. As this series continues, we’ll look at the primary factors that Blue Hill’s research has found to influence the time and effort involved in the implementation process itself.
Next, we look at: GRC’s role and value contributions to the business.
From my decades-long perch as an observer of leading edge technology (no kidding – I used to write a column called The Observatory for Internet World back in the day – hmm, in fact I may revive it) I have witnessed many technology-driven business transformations. Some of those transformations were driven by “killer apps” of course, and some emerged over a fairly lengthy period of time.
Over time? Yes – think for example of the “Year of the LAN” mantra many of us witnessed from 1990 – 1992. I believed in it so much I left Microsoft to become part of the startup team for a tech journal dubbed Network Computing (NWC as we fondly knew it) in 1990 to capture the moment. The truth of the matter, however, is that we never had a year of the LAN. Rather it sneaked up on us and one day in 1993 we all woke up to discover that sure enough, we were all LAN-enabled – it had become the “age” of networking. Interestingly, NWC’s own journey echoed that path – we floundered financially (well, we broke even anyway) from 1990-1992 but then became highly charged and immensely relevant once LANs and networking technology became pervasive and business-transforming.
I can say the same for mobile technology. I became a mobile research pioneer (along with a small handful of other brave souls) back in 2002-2003, anticipating a revolution driven by enterprise mobility. Eleven years later, in 2013-2014, enterprises finally woke up to the strategic uses of mobility and are now finally driving the age of mobility.
That bit of personal history now brings me to another technology – Telecom Expense Management (TEM) – that is finally undergoing a unique renewal, at least among some of the more savvy industry players. Now let me be quite honest…some of us – ok, I – have long thought of TEM as the green eye shades end of technology. By this I mean a sleepy cohort of accountant-types reviewing endless wireline, landline and fax expenses, telecom bills, and analysis driven in large part by offloading most of the number-crunching and report generation to TEM vendors.
A somewhat more modern era of TEM began to emerge in parallel with the emergence of the Internet and Web yet the core functionality of “green eye shades TEM” remained essentially unchanged. Yet another age of TEM began to emerge in parallel with the maturing of smartphones, tablets and cellular-equipped laptops but the core functionality of TEM remained entirely unchanged. For me it has long been the case that just as history does green eye shades TEM simply likes to repeat itself. It was safe and reliable to stay the course.
It didn’t help the pace of TEM change that, as I noted earlier, enterprise mobility took over a decade to become relevant at a large enterprise scale. Sure, we had lots of technology change but the changes were not disruptive to businesses but merely evolutionary. Mobile-driven disruption has tended to occur on the consumer side – it did after all give us BYOD. Business technology however generally moved forward incrementally rather than disruptively.
Dig a little deeper into the TEM space and it is utterly clear that TEM has undergone a very long term evolution of incremental improvements since the 1990s but it has never needed to deliver business services that required it to be disruptive in any real sense. Traditional TEM capabilities – green eye shades TEM – have continued to serve businesses well.
But…The TEM Times are A’Changin’ at a Supercharged Pace
Ah, but the safe harbor of incremental TEM technology improvements suddenly disappeared over 2013 and 2014. Actually and more accurately it became disrupted.
Enterprises found their way to becoming fully mobile-aware, cloud-driven infrastructure and services adoption (ITaaS and MaaS) grew at lightning speed, big data became really big, and the Internet of Things (IoT) became not only real but profoundly real. Under the covers processors and memory became many orders of magnitude faster and richer in capabilities, and newer technologies such as software defined networks (SDN, SD-WAN), in-memory databases, business intelligence/analytics and machine learning all became enterprise-ready – and deployed.
“Real time” literally became real time…in the moment, of the moment, at the moment. Even simple decision making became disruptive – and a strategic advantage.
These technologies, among others I haven’t noted, suddenly became highly disruptive in nature and began driving enterprises to rapidly adopt the technologies and adapt to the fast-paced technology changes taking place. Enterprises that are seeking to embrace today’s new technologies – and in particular those companies that recognize that today’s technology disruption cycle makes it vital for them to do so – are now declaring “green eye shades TEM” as inadequate for meeting the needs of today’s transformative business ecosystems.
The TEM market in turn suddenly found itself in need of stepping up and greatly broadening its own capabilities, especially in the wake of realizing that there is now a wealth of new opportunities to extend its services beyond core green eye shades TEM to managed mobility and IT Expense Management (ITEM). The industry’s key association, TEMIA, is itself in the process of defining ITEM and the significant shift it entails for businesses.
History is actually beginning to change for TEM instead of repeating itself. Blue Hill Research has noted these emerging opportunities for TEM vendors – which now includes the need to seamlessly monitor and manage recurring telecom, IT and mobility expenses, including the emergence of IoT expense management.
Our research team has taken a strong stab at looking underneath the covers of what it takes to transform from TEM to ITEM – check out “Applying TEM Best Practices to Optimize Your Cloud Investments” for the inside look on this.It provides a great blueprint to assemble the right enterprise strategy to ensure both your TEM and cloud platforms are fine-tuned for both your present and future needs.
We’ve also been investigating which TEM vendors are best positioned to take advantage of this wave of technology disruption and emerging opportunities for their own business growth. We’ll deliver a research report in the near-future on it.
I’ll wrap this up by also elaborating slightly on the two acronyms I casually dropped earlier – ItaaS and MaaS. “IT as a Service” is a useful term to define the general underlying platforms TEM vendors are now launching to meet the challenges of transforming from TEM to ITEM vendors. In great part this is important as well because a key enterprise consideration for TEM vensor-driven ITaaS is to deploy it to optimize enterprise investments in cloud computing. I recently delivered a webinar on this topic for Calero’s Calero World 2017– check it “Utilizing TEM Best Practices to Optimize Your Cloud Investments (http://connect.calero.com/utilizing-tem-best-practices-optimize-investment).”
“Mobility as a Service” is the emerging means of describing the end to end Managed Mobility Services (MMS) solutions vendors such as Stratix are now deploying. More on this in an upcoming blog post. Stay tuned!
Note: This blog is the eighth in a monthly co-authored series written by Charlotte O’Donnelly, Research Analyst at Blue Hill Research, and Matt Louden, Brand Journalist at MOBI. MOBI is a mobility management platform that enables enterprises to centralize, comprehend, and control their device ecosystems.
As summer winds down, enterprises are preparing themselves for the next round of new device releases. That’s because mobile technology manufacturers like Apple and Google choose to unveil revolutionary gadgets and innovations around this time every year. How can your business be sure it’s choosing the best new IT assets for enabling workforce productivity?
For many companies, evaluating different mobile devices feels a lot like comparing apples and oranges—each vendor’s technology has unique feature sets and capabilities that not everyone finds useful. Without a tried-and-true evaluation plan or strategy in place, it’s easy for enterprise mobility programs to lose focus on what’s most important or be paralyzed by complexity while trying to make a new device decision. If your business needs to pick the perfect new IT asset, pay special attention to these four areas:
New technology has the potential to transform companies and disrupt entire industries, but if it compromises corporate security policies or compliance efforts, nobody will ever adopt it. Remote data wipe capabilities are a must-have in today’s digital business landscape; otherwise, what happens if a mobile device is lost or stolen and ends up in the wrong hands?
In addition to remote wiping, make sure any newly implemented technology securely manages data transfers and enforces adequate encryption controls. Today’s devices consume and communicate more data than ever before, so businesses need to be prepared for never-before-seen security challenges and network traffic levels.
Brand-new technology can also mean big trouble for end-user support efforts, especially when it comes to procurement and device management tasks. Make sure mobile devices align with a mobility program’s strategy and vision before undertaking any implementation process.
Communication is also more essential to enterprise success than ever, so looking for HTML5-compatible technology is a wise use of resources. This platform-agnostic language isn’t just the foundation of the Open Web Platform; it also incorporates standard web technologies to facilitate cross-platform applications that work across almost any device type.
3. Data Syncing
Not all companies are created equal—some limit device online activity while others couldn’t care less about it. Some new mobile devices remedy this issue by offering online/offline sync capabilities, which allow workers to record data offline, sync a device to a network, and update that network’s records once connectivity is re-enabled.
Data capture requirements can also come into play. Do employee mobile devices need to be able to scan barcodes, capture information with a camera, or perform bulk changes? If the answer is yes, try to remember that not all new technologies have the capabilities required to meet these demands.
4. Work Environment
A mobile device’s physical qualities certainly influence the outcome of enterprise technology decisions. If a touchscreen display is too small or isn’t intuitive to use, for example, businesses probably won’t choose to use that particular device. However, the working conditions this technology is regularly exposed to must also be considered. Depending on how harsh a company’s work environment is, employees may need nearly indestructible hardware to successfully perform their jobs.
Is Wi-Fi or cellular network coverage always available? When are employees most likely to use this device? Will users repeatedly expose this device to dust, dirt, water, chemicals, or extreme weather conditions? These are just a few questions you need to think about when reviewing and/or adopting new devices.
You’ve put each potential device through a rigorous evaluation process and finally found your program’s perfect fit. So, now what? How can you use this new technology to drive productivity gains?
Focus on Individual Users
It’s easy to overlook individual users when making tech decisions for an entire organization. However, employees that feel like their personal values, strengths, opinions, and ideas are recognized and appreciated at work are more likely to exert extra effort and consistently achieve at the upper end of their potential.
Modern mobile devices not only help companies identify and optimize workers’ natural talents, but also cultivate the skills, experience, and knowledge necessary to actualize a workforce’s full potential. These devices enable people to work non-traditional schedules from anywhere, maximizing individual productivity by allowing employees to work when they’re most motivated and prepared.
Increase Strategy-Oriented Workloads
Employees who see their work make a meaningful difference are much more likely to be committed and engaged. That means the more strategic the workload, the more productive the employee.
Mobile devices ensure constant employee connectivity and communication, giving workers clarity when it comes to enterprise expectations, vision, and goals. By leveraging a Mobility Management Platform (MMP), an organization improves enterprise visibility and decision-making by streamlining mundane tasks, allowing employees to focus exclusively on big-picture responsibilities instead.
Prioritize Employee Education
If managed properly, new technology can lead to increased enterprise productivity. If it isn’t, expect information overload instead. Fortunately, peer coaching, networking, and mentoring is much more likely with mobile devices involved because these devices provide a constant outlet for communication.
These new devices also aid employee education efforts. In addition to monitoring policy compliance and managing end-user behavior, mobile phones can store and access training resources from anywhere at any time—keeping workers accountable, current, and efficient.
The next generation of smartphones is almost upon us; is your business ready to make a decision?
DoubleCheck Software presents GRC Implementation Success, a guest blog series by Blue Hill Research Principal Analyst David Houlihan. This series draws on five years of Blue Hill studies in GRC in order to highlight key lessons for purchasing and implementing GRC software.
Part 3 of this series examines the process of defining business requirements for the software investment and its relationship to the effectiveness of the implementation.
Five years of research into governance, risk, and compliance (GRC) software investment at Blue Hill clearly underlines the connection between effective planning with high levels of satisfaction with the ultimate implementation. To this end, Blue Hill’s Contributors to GRC Implementation Success: Avoiding the Worst-Case Scenario benchmark report observed that the “crucial determining factor” in the outcome of a GRC investment was the organization’s ability to assess how explicitly the implementation accounted for: the intended process change, information consumption needs, and data management practices.
Start with the Business Process
If that sounds like a lot, it is because it is. Truthfully, it is not one factor, but a confluence of considerations that require close attention. It is often easier for organizations (once they identify the investment need) to proceed on assumptions about how the software investment would impact the business. In the same study identified above, Blue Hill observed that organizations experiencing “Worst Case” implementation experiences were more likely to focus on a critical event (such as a regulatory change, increased agency enforcement, or high-profile exposures suffered by peers) or particular solution features and functionality desired.
By contrast, Blue Hill found that Best-Case implementations devoted substantial time to evaluating existing processes and needed changes, based on identified business needs and operational goals prior to considering software functionality in any way. Put another way: Best Case implementations featured extensive efforts to identify and precisely define the business requirements for GRC. This involves reviewing and understanding the processes to be enhanced, the needs of all stakeholders in the solution, and organizational limitations (such as IT infrastructure constraints, budget, and/or appetite for change). As an example of this approach, the table below summarizes how professional services and technology firm KBR, Inc. used business needs to drive technical requirements prior to implementing a SOX controls management platform. (Read the full case study here.)
Table: Requirements of a Controls Management Platform Sourced by Business Need
When performed with a realistic eye at the start of investment planning, this process provides a blue print that will guide solution and vendor assessments, as well as in implementation planning. When overlooked, organizations leave themselves open to late discovery of needs, solution limitations, or other factors that result in delay and scope change or otherwise warp and impede the implementation process.
Defining Business Requirements
Blue Hill’s KBR case study benchmarked the organization’s implementation of a SOX controls management platform among the most successful Blue Hill has ever studied.
Analysis of KBR’s experiences clearly reinforces the importance of business requirements definition. Before exploring software functionality, KBR dedicated approximately one month to a systematic review of SOX test and review processes and related reporting needs. This resulted in a list of approximately 75 business and technical requirements for its new GRC platform, with fifteen prioritized as “key requirements.”
These requirements became KBR’s primary tool for solution selection as well as implementation planning. In the former, the organization’s requirements document helped to define its RFP questionnaire as well as its demo evaluation framework. In defining the solution itself, the requirements document influenced the shape of KBR’s configuration specifications as well as its UAT test plans. The requirements document even assisted in KBR’s efforts at user role definition, workflow design, and data property models . . . all factors that are often left to deployment stages and can substantially slow the implementation.
Tempered by the business objectives set for the investment, this sort of thoroughness enables organizations to identify not just the functionality it needs as well as the non-functional architectural and delivery methods that would permit it to effectively achieve its goals. This clarity of purpose translates into the ability to quickly identify and prioritize investment needs and to adhere to a clear deployment cycle. The impact of this step on subsequent activities cannot be overemphasized, particularly when organizations take the time to understand how these requirements relate to its ability to execute on implementation plans.
The first, and starkest, example of the difference this makes will appear in the vendor evaluation and selection process.
Next, we look at: the ‘show me’ approach to vendor evaluation
Before, we discussed: Why implementation success is investment success