GRC Implementation Success, Part 1: Implementation Success is GRC Success

DoubleCheck Software presents GRC Implementation Success, a guest blog series by Blue Hill Research Principal Analyst David Houlihan. This series draws on five years of Blue Hill studies in GRC in order to highlight key lessons for purchasing and implementing GRC software.

Part 1 of this series examines why implementation success is a key factor in the overall success or failure of an organization’s GRC investment.

Any enterprise software purchase is a risk. At the most basic level, it is a bet that the money spent on new tools and capabilities will result in a payoff in the ability to do something better, faster, or cheaper. In most business cases, this bet is articulated in simple terms: “If we start using X, then we will get benefit Y.”

The reality, of course, is less cut and dry. A wide variety of factors contribute to the value an organization realizes (or fails to realize) from a technology investment. The most significant factor is also the most obvious: how much did it cost the organization to put the technology in place.  An investment with relatively little impact can be a success if the cost is low enough, just as a huge benefit can be negated if the cost to implement it was high enough. This is why return on investment (ROI) is such a potent indicator of success.

Charting Implementation Success and Failure

This is as true of investments in governance, risk, and compliance platforms (GRC) as it is any other enterprise technology. However, the degree to which GRC investment is based on indirect value propositions means that the cost and difficulty of implementation possess enhanced importance in determining organizational value and satisfaction. To this end: Blue Hill’s Contributors to GRC Implementation Success: Avoiding the Worst-Case Scenario benchmark report showed a clear correlation between shorter, less expensive implementation cycles (“the best case”) with ultimate business and user impact than those benchmarked as the most costly and time-sensitive.

Table: Profiles of Best Case and Worst Case Implementations

Screen Shot 2017-08-14 at 1.23.23 PM

As with all enterprise application investments, GRC implementation is complex. It can require significant process change, integration with the existing enterprise ecosystem, and solution tailoring to fit organizational needs. Where these factors are poorly managed, the consequences can be dramatic. In just a few failed implementations examined by Blue Hill, those consequences have included:

  • Implementation cycles that run a year or more over schedule
  • Budgets that ballooned multiple times over the initial estimate (often due to unforeseen consulting labor)
  • Abandonment of the investment mid-implementation

Even where the implementation project is completed, poor planning and management can result in user abandonment due to gaps in the solution or inflexibility in the environment that fails to accommodate inevitable changes in standards or business processes.

Planning and preparation make the critical difference to implementation success. To this end, Blue Hill found that factors such as solution architecture, data model, and vendor pricing and service strategies (while factors) were not strongly correlated to the length and cost of an implementation. The failure to assess, consider, or plan for these factors was much more important. By contrast, a recent case study involving KBR, Inc.’s implementation of DoubleCheck GRC for SOX compliance management demonstrates how a well-considered evaluation of business requirements that drives solution evaluation and implementation from the beginning can yield a complex GRC rollout, completed in under eight months from inception to rollout.

The Relationship Between Implementation Success and Investment Success

These differences in implementation experience can result in tremendous differences to the time-to-value, overall lifetime value, and ROI, where the impact of the investment is otherwise the same.

To illustrate this point, assume that a GRC investment contributes $125,000 in savings for every quarter that the organization uses the platform ($500,000 annually). Now, compare the first three years of that investment under Blue Hill’s Worst Case scenario with a Best Case scenario. Using the mid-point values in Blue Hill’s data, the Worst Case scenario costs the organization $637,500 and takes 13.5 months to deploy. The Best Case scenario takes 3.5 months to deploy and costs $127,500. Ignoring maintenance fees and other factors for simplicity, we can map the differences in experiences. At the end of the three year cycle, the Best Case scenario has yielded $1.2 million dollars in value, while the Worst Case scenario has yielded $300,000 (a difference of 308%).

Figure: Impact of GRC Over Three Years in Best Case and Worst Case Scenarios 

Screen Shot 2017-08-14 at 1.24.40 PM

While a simple illustration, the difference between these two scenarios works to show the range of experiences that can follow a GRC implementation, based on the implementation. As this series continues, we’ll look at the primary factors that Blue Hill’s research has found to influence the time and effort involved in the implementation process itself.

Next, we look at: GRC’s role and value contributions to the business.

Do Not Let Tech Disruption Kill Your TEM Investments!

tr1From my decades-long perch as an observer of leading edge technology (no kidding – I used to write a column called The Observatory for Internet World back in the day – hmm, in fact I may revive it) I have witnessed many technology-driven business transformations. Some of those transformations were driven by “killer apps” of course, and some emerged over a fairly lengthy period of time.

Over time? Yes – think for example of the “Year of the LAN” mantra many of us witnessed from 1990 – 1992. I believed in it so much I left Microsoft to become part of the startup team for a tech journal dubbed Network Computing (NWC as we fondly knew it) in 1990 to capture the moment. The truth of the matter, however, is that we never had a year of the LAN. Rather it sneaked up on us and one day in 1993 we all woke up to discover that sure enough, we were all LAN-enabled – it had become the “age” of networking. Interestingly, NWC’s own journey echoed that path – we floundered financially (well, we broke even anyway) from 1990-1992 but then became highly charged and immensely relevant once LANs and networking technology became pervasive and business-transforming.

I can say the same for mobile technology. I became a mobile research pioneer (along with a small handful of other brave souls) back in 2002-2003, anticipating a revolution driven by enterprise mobility. Eleven years later, in 2013-2014, enterprises finally woke up to the strategic uses of mobility and are now finally driving the age of mobility.

That bit of personal history now brings me to another technology – Telecom Expense Management (TEM) – that is finally undergoing a unique renewal, at least among some of the more savvy industry players. Now let me be quite honest…some of us – ok, I – have long thought of TEM as the green eye shades end of technology. By this I mean a sleepy cohort of accountant-types reviewing endless wireline, landline and fax expenses, telecom bills, and analysis driven in large part by offloading most of the number-crunching and report generation to TEM vendors.

A somewhat more modern era of TEM began to emerge in parallel with the emergence of the Internet and Web yet the core functionality of “green eye shades TEM” remained essentially unchanged. Yet another age of TEM began to emerge in parallel with the maturing of smartphones, tablets and cellular-equipped laptops but the core functionality of TEM remained entirely unchanged. For me it has long been the case that just as history does green eye shades TEM simply likes to repeat itself. It was safe and reliable to stay the course.

It didn’t help the pace of TEM change that, as I noted earlier, enterprise mobility took over a decade to become relevant at a large enterprise scale. Sure, we had lots of technology change but the changes were not disruptive to businesses but merely evolutionary. Mobile-driven disruption has tended to occur on the consumer side – it did after all give us BYOD. Business technology however generally moved forward incrementally rather than disruptively.

Dig a little deeper into the TEM space and it is utterly clear that TEM has undergone a very long term evolution of incremental improvements since the 1990s but it has never needed to deliver business services that required it to be disruptive in any real sense. Traditional TEM capabilities – green eye shades TEM – have continued to serve businesses well.


But…The TEM Times are A’Changin’ at a Supercharged Pace

Ah, but the safe harbor of incremental TEM technology improvements suddenly disappeared over 2013 and 2014. Actually and more accurately it became disrupted.

Enterprises found their way to becoming fully mobile-aware, cloud-driven infrastructure and services adoption (ITaaS and MaaS) grew at lightning speed, big data became really big, and the Internet of Things (IoT) became not only real but profoundly real. Under the covers processors and memory became many orders of magnitude faster and richer in capabilities, and newer technologies such as software defined networks (SDN, SD-WAN), in-memory databases, business intelligence/analytics and machine learning all became enterprise-ready – and deployed.

“Real time” literally became real time…in the moment, of the moment, at the moment. Even simple decision making became disruptive – and a strategic advantage.

These technologies, among others I haven’t noted, suddenly became highly disruptive in nature and began driving enterprises to rapidly adopt the technologies and adapt to the fast-paced technology changes taking place. Enterprises that are seeking to embrace today’s new technologies – and in particular those companies that recognize that today’s technology disruption cycle makes it vital for them to do so – are now declaring “green eye shades TEM” as inadequate for meeting the needs of today’s transformative business ecosystems.

The TEM market in turn suddenly found itself in need of stepping up and greatly broadening its own capabilities, especially in the wake of realizing that there is now  a wealth of new opportunities to extend its services beyond core green eye shades TEM to managed mobility and IT Expense Management (ITEM). The industry’s key association, TEMIA, is itself in the process of defining ITEM and the significant shift it entails for businesses.

History is actually beginning to change for TEM instead of repeating itself. Blue Hill Research has noted these emerging opportunities for TEM vendors – which now includes the need to seamlessly monitor and manage recurring telecom, IT and mobility expenses, including the emergence of IoT expense management.

Our research team has taken a strong stab at looking underneath the covers of what it takes to transform from TEM to ITEM – check out “Applying TEM Best Practices to Optimize Your Cloud Investments” for the inside look on this.It provides a great blueprint to assemble the right enterprise strategy to ensure both your TEM and cloud platforms are fine-tuned for both your present and future needs.

We’ve also been investigating which TEM vendors are best positioned to take advantage of this wave of technology disruption and emerging opportunities for their own business growth. We’ll deliver a research report in the near-future on it.

I’ll wrap this up by also elaborating slightly on the two acronyms I casually dropped earlier – ItaaS and MaaS. “IT as a Service” is a useful term to define the general underlying platforms TEM vendors are now launching to meet the challenges of transforming from TEM to ITEM vendors. In great part this is important as well because a key enterprise consideration for TEM vensor-driven ITaaS is to deploy it to optimize enterprise investments in cloud computing. I recently delivered a webinar on this topic for Calero’s Calero World 2017– check it “Utilizing TEM Best Practices to Optimize Your Cloud Investments (”

“Mobility as a Service” is the emerging means of describing the end to end Managed Mobility Services (MMS) solutions vendors such as Stratix are now deploying. More on this in an upcoming blog post. Stay tuned!

Making Mobile Device Decisions…

question-1889416_960_720Note: This blog is the eighth in a monthly co-authored series written by Charlotte O’Donnelly, Research Analyst at Blue Hill Research, and Matt Louden, Brand Journalist at MOBI. MOBI is a mobility management platform that enables enterprises to centralize, comprehend, and control their device ecosystems.

As summer winds down, enterprises are preparing themselves for the next round of new device releases. That’s because mobile technology manufacturers like Apple and Google choose to unveil revolutionary gadgets and innovations around this time every year. How can your business be sure it’s choosing the best new IT assets for enabling workforce productivity?

For many companies, evaluating different mobile devices feels a lot like comparing apples and oranges—each vendor’s technology has unique feature sets and capabilities that not everyone finds useful. Without a tried-and-true evaluation plan or strategy in place, it’s easy for enterprise mobility programs to lose focus on what’s most important or be paralyzed by complexity while trying to make a new device decision. If your business needs to pick the perfect new IT asset, pay special attention to these four areas:

1.     Security

New technology has the potential to transform companies and disrupt entire industries, but if it compromises corporate security policies or compliance efforts, nobody will ever adopt it. Remote data wipe capabilities are a must-have in today’s digital business landscape; otherwise, what happens if a mobile device is lost or stolen and ends up in the wrong hands?

In addition to remote wiping, make sure any newly implemented technology securely manages data transfers and enforces adequate encryption controls. Today’s devices consume and communicate more data than ever before, so businesses need to be prepared for never-before-seen security challenges and network traffic levels.

2.     Support

Brand-new technology can also mean big trouble for end-user support efforts, especially when it comes to procurement and device management tasks. Make sure mobile devices align with a mobility program’s strategy and vision before undertaking any implementation process.

Communication is also more essential to enterprise success than ever, so looking for HTML5-compatible technology is a wise use of resources. This platform-agnostic language isn’t just the foundation of the Open Web Platform; it also incorporates standard web technologies to facilitate cross-platform applications that work across almost any device type.

3.     Data Syncing

Not all companies are created equal—some limit device online activity while others couldn’t care less about it. Some new mobile devices remedy this issue by offering online/offline sync capabilities, which allow workers to record data offline, sync a device to a network, and update that network’s records once connectivity is re-enabled.

Data capture requirements can also come into play. Do employee mobile devices need to be able to scan barcodes, capture information with a camera, or perform bulk changes? If the answer is yes, try to remember that not all new technologies have the capabilities required to meet these demands.

4.     Work Environment

A mobile device’s physical qualities certainly influence the outcome of enterprise technology decisions. If a touchscreen display is too small or isn’t intuitive to use, for example, businesses probably won’t choose to use that particular device. However, the working conditions this technology is regularly exposed to must also be considered. Depending on how harsh a company’s work environment is, employees may need nearly indestructible hardware to successfully perform their jobs.

Is Wi-Fi or cellular network coverage always available? When are employees most likely to use this device? Will users repeatedly expose this device to dust, dirt, water, chemicals, or extreme weather conditions? These are just a few questions you need to think about when reviewing and/or adopting new devices.

You’ve put each potential device through a rigorous evaluation process and finally found your program’s perfect fit. So, now what? How can you use this new technology to drive productivity gains?

Focus on Individual Users

It’s easy to overlook individual users when making tech decisions for an entire organization. However, employees that feel like their personal values, strengths, opinions, and ideas are recognized and appreciated at work are more likely to exert extra effort and consistently achieve at the upper end of their potential.

Modern mobile devices not only help companies identify and optimize workers’ natural talents, but also cultivate the skills, experience, and knowledge necessary to actualize a workforce’s full potential. These devices enable people to work non-traditional schedules from anywhere, maximizing individual productivity by allowing employees to work when they’re most motivated and prepared.

Increase Strategy-Oriented Workloads

Employees who see their work make a meaningful difference are much more likely to be committed and engaged. That means the more strategic the workload, the more productive the employee.

Mobile devices ensure constant employee connectivity and communication, giving workers clarity when it comes to enterprise expectations, vision, and goals. By leveraging a Mobility Management Platform (MMP), an organization improves enterprise visibility and decision-making by streamlining mundane tasks, allowing employees to focus exclusively on big-picture responsibilities instead.

Prioritize Employee Education

If managed properly, new technology can lead to increased enterprise productivity. If it isn’t, expect information overload instead. Fortunately, peer coaching, networking, and mentoring is much more likely with mobile devices involved because these devices provide a constant outlet for communication.

These new devices also aid employee education efforts. In addition to monitoring policy compliance and managing end-user behavior, mobile phones can store and access training resources from anywhere at any time—keeping workers accountable, current, and efficient.

The next generation of smartphones is almost upon us; is your business ready to make a decision?

GRC Implementation Success, Part 3: Business Requirement Definition

DoubleCheck Software presents GRC Implementation Success, a guest blog series by Blue Hill Research Principal Analyst David Houlihan. This series draws on five years of Blue Hill studies in GRC in order to highlight key lessons for purchasing and implementing GRC software.

Part 3 of this series examines the process of defining business requirements for the software investment and its relationship to the effectiveness of the implementation.

Five years of research into governance, risk, and compliance (GRC) software investment at Blue Hill clearly underlines the connection between effective planning with high levels of satisfaction with the ultimate implementation. To this end, Blue Hill’s Contributors to GRC Implementation Success: Avoiding the Worst-Case Scenario benchmark report observed that the “crucial determining factor” in the outcome of a GRC investment was the organization’s ability to assess how explicitly the implementation accounted for: the intended process change, information consumption needs, and data management practices.

Start with the Business Process

If that sounds like a lot, it is because it is. Truthfully, it is not one factor, but a confluence of considerations that require close attention. It is often easier for organizations (once they identify the investment need) to proceed on assumptions about how the software investment would impact the business. In the same study identified above, Blue Hill observed that organizations experiencing “Worst Case” implementation experiences were more likely to focus on a critical event (such as a regulatory change, increased agency enforcement, or high-profile exposures suffered by peers) or particular solution features and functionality desired.

By contrast, Blue Hill found that Best-Case implementations devoted substantial time to evaluating existing processes and needed changes, based on identified business needs and operational goals prior to considering software functionality in any way. Put another way: Best Case implementations featured extensive efforts to identify and precisely define the business requirements for GRC. This involves reviewing and understanding the processes to be enhanced, the needs of all stakeholders in the solution, and organizational limitations (such as IT infrastructure constraints, budget, and/or appetite for change). As an example of this approach, the table below summarizes how professional services and technology firm KBR, Inc. used business needs to drive technical requirements prior to implementing a SOX controls management platform. (Read the full case study here.)

Table: Requirements of a Controls Management Platform Sourced by Business Need 

Screen Shot 2017-08-14 at 2.55.47 PM

When performed with a realistic eye at the start of investment planning, this process provides a blue print that will guide solution and vendor assessments, as well as in implementation planning. When overlooked, organizations leave themselves open to late discovery of needs, solution limitations, or other factors that result in delay and scope change or otherwise warp and impede the implementation process.

Defining Business Requirements

Blue Hill’s KBR case study benchmarked the organization’s implementation of a SOX controls management platform among the most successful Blue Hill has ever studied.

Analysis of KBR’s experiences clearly reinforces the importance of business requirements definition. Before exploring software functionality, KBR dedicated approximately one month to a systematic review of SOX test and review processes and related reporting needs. This resulted in a list of approximately 75 business and technical requirements for its new GRC platform, with fifteen prioritized as “key requirements.”

These requirements became KBR’s primary tool for solution selection as well as implementation planning. In the former, the organization’s requirements document helped to define its RFP questionnaire as well as its demo evaluation framework. In defining the solution itself, the requirements document influenced the shape of KBR’s configuration specifications as well as its UAT test plans. The requirements document even assisted in KBR’s efforts at user role definition, workflow design, and data property models . . . all factors that are often left to deployment stages and can substantially slow the implementation.

Tempered by the business objectives set for the investment, this sort of thoroughness enables organizations to identify not just the functionality it needs as well as the non-functional architectural and delivery methods that would permit it to effectively achieve its goals. This clarity of purpose translates into the ability to quickly identify and prioritize investment needs and to adhere to a clear deployment cycle. The impact of this step on subsequent activities cannot be overemphasized, particularly when organizations take the time to understand how these requirements relate to its ability to execute on implementation plans.

The first, and starkest, example of the difference this makes will appear in the vendor evaluation and selection process.

Next, we look at: the ‘show me’ approach to vendor evaluation

Before, we discussed:    Why implementation success is investment success

GRC’s role and value contributions to the business

Rapid7 Acquires Komand to Automate IT Security


On July 18, Rapid7 announced its acquisition of Boston-based security and automation startup, Komand, including the company’s twelve Boston employees. Komand provides IT security tools to automate and accelerate incident detection, response, and resolution by leveraging over 150 platform plugins to integrate with a company’s existing IT solutions and security tools. With the acquisition, Rapid7 furthers its goal of making IT teams more productive through faster issue response and resolution, and strengthens its ability to support customers with more complex IT workflows by enabling these customers to deploy fewer internal resources. Komand provides an additional proof point in demonstrating Rapid7’s ability to address and manage the IT lifecycle by providing enhanced automation – a capability that is especially important in next generation enterprise IT environments such as those that support the Internet of Things (IoT).

Fast incident response is crucial in Internet of Things (IoT) environments, where attacks can quickly escalate and compromise business security and operations. The platform capabilities gained through the acquisition of Komand will allow Rapid7 to further automate and orchestrate within its data collection and analytics solutions, especially for processes that traditionally require human support, such as monitoring operations and managing risks. As part of Rapid7’s broader strategy of building IT security and functionality throughout the IT lifecycle, automated incident detection and response will free up IT resources to pursue long-term strategic and security planning rather than allocating resources to repetitive processes associated with the day-to-day maintenance of IT security and operations.

The Komand acquisition will expand Rapid7’s Insight platform to automatically identify risks, respond to incidents, and resolve issues faster and without human intervention through automated risk mediation and patching, malware investigation and containment, and routine IT response. These capabilities are particularly important for lean IT teams that are resource- and time-strained (read: most modern enterprise IT departments).

Much of enterprise IT is moving to be automated, or even outsourced. IT time is scarce, enterprises need to support more complex environments (such as those driven by IoT and networked assets), and the need for security has become more pronounced with recent attacks at both consumer and enterprise scale. I have previously written extensively about the move to IT-as-a-Service and the need to reallocate IT time to strategic and profit generating activities through a greater focus on simplicity, security, and automation within enterprise technology environments.

Rapid7’s Insight platform is currently processing 56 billion events and monitoring millions of assets daily. Back in November, I wrote about Rapid7’s expansion of its consulting and assessment services to include securing the Internet of Things (IoT). At the time, I observed that Rapid7’s approach of incorporating security within the design phase of IoT products offers the potential to entwine security with product architecture, creating a security solution that targets greater touchpoints throughout the entire IoT stack. Once the product design and security stage is complete, Rapid7 works with the enterprise to perform security testing across the entire IoT ecosystem: from mobile app, to cloud APIs, communication protocols, and hardware and firmware.

With its acquisition of Komand, Rapid7 will be able to automate more of its security testing and monitoring on the backend to free up customers’ IT resources to pursue more strategic uses of technology and long-term security planning. With the complexity and multiple entry points associated with IoT, attacks can be launched across the IoT technology stack and throughout the IT lifecycle. Enterprises must pursue a broader IT strategy that takes a view of the entire IoT ecosystem and focuses on long-term evolution and strategic uses of IT as not only a driver of operations but also a center of profit. Rapid7 continues to be an interesting firm to observe from an end-to-end IT security and management standpoint, and its investments in automation demonstrate that the company clearly understands the dynamics of its customers and the direction in which the IT and security markets are moving.

The Unified Endpoint Management Mindset: How to Prepare for the Future of IT


Note: This blog is the seventh in a monthly co-authored series written by Charlotte O’Donnelly, Research Analyst at Blue Hill Research, and Matt Louden, Brand Journalist at MOBI. MOBI is a mobility management platform that enables enterprises to centralize, comprehend, and control their device ecosystems.

Unified Endpoint Management (UEM) has the potential to revolutionize the way enterprises approach the complex problem of managing not only traditional wireless assets such as tablets and mobile devices, but also laptops, desktops, and next-generation IT categories such as wearables, sensors, and Internet of Things (IoT)-networked devices. As such, UEM has earned its place as a noteworthy enterprise mobility buzzword.

What does UEM encompass, and how can your organization seek out a solution that uses automation and a technology-first, software approach to support the future of enterprise IT? In this blog, we break down the buzzwords to explain the core value that is delivered when organizations manage their IT assets with a unified, comprehensive strategy rather than taking a siloed or departmental approach.

What is UEM?

Simply put, UEM unites all IT assets and endpoints within a common, centralized, and software-driven management platform that uses technology and automation to track, manage, and optimize an enterprise’s entire IT portfolio. UEM platforms help unify and support an enterprise’s program resources, policies, and technologies, and address the need for a single source of truth by bringing a wide range of IT assets into a centralized platform. Through Application Programming Interfaces (APIs) and Software Development Kits (SDKs), UEM platforms integrate with a wide range of management tools, existing enterprise software systems, and third-party technical platforms to better control and drive value from IT assets. At its core, UEM is about viewing all IT assets as part of a broader business strategy, rather than a separate technology category.

The UEM Benefit

Adopting a Unified Endpoint Management (UEM) platform provides numerous key benefits, including:

  • Single-solution architecture: A single, software-based platform creates a high degree of corporate visibility and enables employees to access corporate IT usage, expense, and optimization data.
  • Ease of onboarding: A UEM platform allows organizations to push out device requirements, policies, applications, and environments, meaning devices go from out of the box to in use faster and with greater standardization.
  • Security: Similar to onboarding, UEM platforms enable organizations to provision corporate security policies such as encryption, multifactor authentication, applications, and security credentials remotely and before the device is in the hands of the employee.
  • Visibility and improved management: Through a centralized platform for all IT endpoints, enterprises have a single source of truth for monitoring inventory, usage, expenses, security, and potential points of failure. This visibility provides not only opportunities for cost savings, but also the ability to troubleshoot, diagnose, and resolve issues remotely.
  • Prepare for the future of mobility: As IT evolves and organizations increase both the volume and scope of devices under their management portfolios, UEM platforms offer the benefit of complete IT lifecycle automation by addressing the ongoing break/fix, replacement, and upgrade needs of IT technologies.
  • Unified corporate IT environment: All prior UEM benefits mentioned deliver the single greatest advantage of this approach when combined: the creation of a unified corporate environment in which experiences are standardized, managed, and optimized across the organization both on corporate networks and remote devices.

Transitioning to a UEM Mindset

Framing UEM as a new way to think about IT strategy can benefit all organizations, regardless of whether they decide to adopt a UEM technology solution or not. For those organizations that prefer a higher degree of human support and service rather than technology automation, a UEM “mindset” can still provide value – even if there is no UEM platform being leveraged. The UEM approach is simply a move toward creating a more standardized and comprehensive IT environment that is managed and optimized across the organization. It better prepares enterprises for next-generation devices and technology-enabled processes.

In the early days of enterprise mobility, organizations generally took a siloed and departmental approach to procuring, managing, and replacing devices and services within the enterprise. Companies quickly realized, however, that there are cost savings and efficiency gains to be had from approaching mobility at an organization-wide level. The same is now being seen across all of IT.

Time has become an increasingly scarce IT resource, and thus increasingly more valuable. Organizations seek to assign IT time to higher value tasks than sorting through bills or providing generic helpdesk services. Just as organizations have done with mobility, viewing IT as a strategic differentiator or a means of generating value (and even profit) for the organization can enable an enterprise to achieve synergies, efficiencies, and long-term evolution in its technology strategy.

Organizations that approach IT asset management through the lens of UEM are better able to plan for long-term, strategic uses of technology and transition to new business models driven by Machine-to-Machine (M2M) or the Internet of Things (IoT) technologies.

From expense management to managed mobility services to UEM, enterprise mobility now includes a much broader range of devices and services than past definitions. Regardless of whether your enterprise utilizes a single software platform to manage all IT devices and endpoints or a combination of in-house and third-party solutions, a UEM mindset can prepare your business for the next generation of technology enablement and create a culture in which technology strategy is synonymous with business strategy.

In Praise of (Data) Transparency - Part #2

InPraiseOfDataTransparency2bIn my previous blog on data transparency, I posited my admittedly idealistic vision that—within reason—the more that an enterprise fosters the free flow of data through an enterprise, the better. In this follow-up, I’ll look at some of the organizational blockers to data workflows, and how to get around them.

I’ll start with the basic underlying ideal: More data is better. If I work in marketing, I need to be able to see marketing data. And sales data. And financial data. And product management data. And…I could go on, but you get the point.

The problem, the challenge, really, is that in far too many organizations, that glorious cross-functional data just doesn’t flow across the enterprise, or I should say, over or through its silos, be they functional, architectural, or process-based. Perhaps it’s naive of me to ask, but why on earth does this obstinate hindrance to progress still persist?

Data blockages—institutional or human-created—lead to data-hoarding. (Know any data hoarders in your enterprise? Am I the only one who thinks “Data Hoarders” would make for a great reality show?)Let’s look at some of the organizational contributors to data blockage. Any of these data-hoarding characteristics hit close to home?

  • Provincialism: “It’s my data. I own it. Only I get to derive value from it. Plus, I may be able to use it against those who anger me.”
  • Trust (or more specifically, the lack thereof): “This data is proprietary, and must remain confidential. I don’t know who you hire over there in [other department that’s not mine], therefore, I cannot trust you with this information.”
  • Change is a threat: “We’ve always done it this way. We’ve never shared before, and we’re not about to change for your benefit.”
  • Incompatibility: “You’re the one who chose that marketing automation solution. It’s not my fault it doesn’t easily integrate with my CRM.”
  • Misplaced or missing incentives: “What benefit will I see if I share data with you? It will cost me time/money to share, and could even be a risk…one I’m not willing to take.”

The inefficient flow of information in an enterprise so often boils down to organizational dysfunction. How willing are you and your colleagues to work together to share data? Would you share your team’s data with someone in your enterprise you don’t like? Does sharing your team’s data with another group deliver tangible benefits to your team?

Defeating the data-hoarders requires a corporate commitment to the free flow of data over, under, and through the enterprise. That’s an organizational behavior and leadership challenge that should be addressed at the C-suite level.

Moving towards data transparency requires more than just progressive leadership. Effective data integration is a prerequisite. Technology helps, on both the data management and data consumption sides of the equation. For example, Informatica frames its data-management capabilities around its Enterprise Information Catalog, or EIC for short. The EIC is Informatica’s data catalog solution, a technology that leverages machine learning to catalog, classify, and map relationships between enterprise data assets. The end user (typically a data scientist or even a business user) can get at her or his data assets via a search interface. That new process delivers benefits: Discovery is convenient, access is accelerated, and perhaps most importantly, the data is trustworthy.

The data-workflow approach championed by Informatica and other data-integration and data-cataloging vendors works, and delivers all the tangible benefits the vendors’ respective marketing materials trumpet. But no technology by itself can overcome myopic, office-politics-driven data-hoarding. To reap the benefits of true enterprise data transparency, you’re going to have to come to agreement with your peers—even the ones who drive you crazy—on five simple words: “We’re all in this together.”

Virtual Assistants at Work

VirtualAssistantNote: This blog is the sixth in a monthly co-authored series written by Charlotte O’Donnelly, Research Analyst at Blue Hill Research, and Matt Louden, Brand Journalist at MOBI. MOBI is a mobility management platform that enables enterprises to centralize, comprehend, and control their device ecosystems.

For business owners, good help used to be hard to come by—today it can be found in employees’ pockets. Virtual assistants and Artificial Intelligence (AI) are revolutionizing the way work gets done. By 2021, almost two billion employees will depend on virtual assistants every day.

This trend’s humble beginnings can be traced back to 2011 when Apple debuted the iPhone 4S and its integrated Siri technology. While the original version did little more than set calendar appointments and surf the web, its context-based knowledge repository sparked the interest of other innovators and dawned the current digital age.

Age of the Virtual Assistant

While Siri retains its title as one of the most ubiquitous virtual assistants, there has never been more competition in this increasingly crowded marketplace. Google, Amazon, Microsoft, and a handful of other tech titans now fight for control over the future of virtual enterprise assistance.

Like any other product, increased competition has created more efficient and effective technology. By combining AI with cloud and cutting-edge software, virtual assistants are rapidly becoming better equipped for business capabilities. Digital helpers are not only processing information and making decisions faster than ever before—they’re doing so with a greater similarity to human language and behaviors, and are increasingly becoming more indistinguishable from humans as the technology improves.

Coupled with an ever-growing mobile workforce, the global adoption of smart mobile devices and applications is only accelerating the need for virtual assistants. In the next few years, Blue Hill estimates that increasingly more of the touchpoints through which consumers and employees interact with their devices will be replaced or supplemented by AI technology. Currently, almost 63% of Americans have already used virtual assistants.

Business Benefits

  • Increased Productivity – Employees are frequently overwhelmed by mundane tasks that bog down daily schedules and that have the potential to derail big-picture project deadlines. Virtual assistants use natural language to take responsibilities like scheduling meetings and managing analytics off workers’ plates, letting them focus instead on core capabilities and satisfying customers. Virtual assistants work whenever their users need them, not just from 9am to 5pm.
  • Optimized Growth – Virtual assistants don’t just help employees; they also benefit a company’s bottom line. Rather than paying salary, insurance premiums, and other miscellaneous expenses required for human employees, a digital aid comes free with most modern mobile devices. That means labor savings can instead be invested back into the business.
  • Simplified Processes – It can be difficult for workers to keep track of multiple meetings and employees’ contact information. Coordinating this information through an administrative assistant or office administrator adds an extra layer of complexity and can make tasks even more time-consuming. A virtual assistant streamlines these processes with an easy-to-navigate interface and instant requests made in natural speech.

A Few Considerations

While virtual assistants don’t change the physical device inventory accessing internal corporate networks, they do add new technology into a mobility program’s mix nonetheless. Like any other product, unknown security exploits and vulnerabilities will inevitably follow this innovation’s enterprise implementation—it is important that corporate IT policies are updated to include and account for any relevant fixes.

If successfully adopted, virtual assistants have the potential to transform an enterprise and guide future workplace automation efforts. With AI and machine learning technology, employee preferences and behaviors are learned by the virtual assistant to provide more personalized, contextual experiences. Your most productive workplace relationship may just be virtual.

In Praise of (Data) Transparency - Part #1



In speaking with colleagues, enterprises, and data technology vendors, I often tell this cautionary tale: At a prior company, I led a marketing operations revamp. The effort included a comprehensive, redesign, re-architect, and rebuild of the corporate website, with particular focus on scaling to support the online sale of thousands of SKUs. Coupled with that ambitious agenda, my team and I worked to develop data-driven operations, using integrated marketing automation software to collect and analyze opportunities along a sales-funnel-mapped customer journey.

We succeeded in building our idealized technology solution (a month early and under budget, I might add rather egotistically), along with associated delineated business processes. But the value delivery—in insight, process automation, and strengthened customer relationships—stopped at the door to the marketing department. The sales team had little interest in and even less commitment to improving its own data discipline, so integration with an archaic CRM was out of the question. Worse, the finance team protected financial information to such an extent that seeing live revenue data—even when generated by the website we’d developed—required written (on paper, no less) permission.

I look back on this experience with some nostalgia but more than a little frustration. The result of our herculean development efforts? Effective data-driven marketing. Hampered by duplicated processes across divisions. And ultimately, the realization that corporate myopia limited us to no more than a functional silo of data-driven success. (Read what I really think of silo isolationism here.)

What would have made it more successful? Several things. C-suite-level buy-in in other departments. A shared commitment to creating a data-driven enterprise that extended beyond just the realm of marketing. And perhaps most essentially, a willingness to share data across the enterprise.

I shared this anecdote with a fellow analyst at a recent tradeshow. The analyst (one whom I respect and acknowledge is oh-so-much smarter than me) posited the argument that my call for open data transparency across the organization is unrealistic. The analyst’s practical view was that individual departments in an enterpirse will remain protective of their data, and that it’s not reasonable to expect the finance lead to share data with the marketing lead, or customer service lead, or R&D lead, etc. My not-so-implicit take: Silos aren’t going away, and given that fact, we should build/deploy data technology solutions in and around them.

Neither of us is right or wrong here. I know I suffer from pie-in-the-sky idealism when it comes to eradicating enterprise silo culture. (“Never gonna happen,” said a F1000 high-tech consulting-client VP to me once when I proposed collaborating with another VP in another functional silo to achieve shared efficiencies.) And the other analyst’s point is a good one—You can aim for the sky, but if you’re going to get anything done, you’d better start work down here on earth.

I still cling to that free-movement-of-data-is-a-good-thing idealism, something that I actually encounter every now and then in the real world (though, admittedly, typically in smaller, newer, often-SaaS-based companies). In an upcoming blog post I’ll discuss the types of enterprise blockers to data transparency. But in the meantime, here’s my ask of those of you who have read this far: Is my idealism out of touch? Or is the free flow of data in an enterprise something still for which we should strive? Email me your data transparency/opacity success/horror stories at, or DM me at @TophW47.

Blue Hill Research Communications Lifecycle Management Highlights: June 2017


Note: To support questions from enterprise buyers and private investors that are looking at Telecom Expense Management and the greater Communications Lifecycle Management world, Blue Hill is starting a monthly review of the key announcements made in this space from companies including, but not limited to: 2-markets, 4telecomhelp, ACCOUNTabill, Advantix, AMI Strategies, Asentinel, Avotus, Calero, Cass Information Systems (NASDAQ: CASS), Cimpl (formerly Etelesolv), Comview, EZwim, GSGTelco, IBM Global Services (NYSE: IBM), ICOMM, MDSL, mindWireless, MOBI, Mobichord, Mobile Solutions Services, MobilSense, MTS (NASDAQ: MTSL), Nebula, NetPlus, Network Control, One Source Communications, Softeligent, Tangoe (NASDAQ: TNGO), Telesoft, TNX, Valicom, vCom, and Visage.

Communications Lifecycle Management news items that have gotten Blue Hill’s attention in June 2017 include announcements from Calero, Ezwim, Nebula, Tangoe, Telesoft, and vCom.


Calero Brings A Fresh New User Experience and Enhanced Analytics Tools to the Telecom Expense Management Market With Calero VeraSMART v12

On June 22, Calero announced the release of Calero VeraSMART v12 with updated features and functionality to improve usability and productivity within the platform. VeraSMART v12 includes not only an updated user interface but also Calero’s guided analytics solution, InSight Analytics, for dispute management, inventory management, and invoice management within a visualization and scenario planning environment.

Calero’s platform updates are aimed at enabling greater visibility and control over IT, cloud, and communications usage and costs for the “increasingly complex communications environment.”

Blue Hill has previously observed that the Telecom Expense Management (TEM) industry is expanding to include additional IT categories, and this trend is only continuing as the scope of IT assets and services under management is broadening. Calero’s continued platform updates more effectively prepare the company to offer solutions and services geared toward the future needs of IT rather than simply the TEM demands of the past.


Ezwim Aced The ISO27001 Surveillance Audit Successfully Again

On June 22, Ezwim announced that the company has again passed its annual external audit to achieve ISO27001 certification. Ezwim commented that the company will continue to prioritize and develop its security frameworks to provide multiple lines of defense against security threats.

Blue Hill believes that ISO27001 certification provides a key differentiator through Ezwim’s global support of enterprise mobility data. Ezwim’s long-held history with this certification speaks to its qualifications in understanding the data residency and governance issues that are important to consider in managing both personally-identifiable information and sensitive corporate data.


Nebula boosts business efficiency with OneView cloud-based TEM Integration Hub

On June 12, Nebula announced the launch of its Telecom Expense and Lifecycle Management Integration Hub, which allows clients to integrate third party IT and business applications within a single cloud platform.

Nebula’s cloud-based OneView platform is powered by always-on Microsoft Azure cloud services and offers a single portal for IT lifecycle management. The Integration Hub creates a single source of truth that can be accessed throughout the enterprise and brings together telecom, IT, and application data.

As TEM evolves to include additional management categories such as cloud and software licenses and next generation devices, a centralized platform that can serve as a single source of truth for the enterprise becomes necessary. Blue Hill notes that Nebula is preparing its platform to support the future of TEM by offering integration with third party IT applications and business services.


Marlin Equity Partners Completes Take-Private Acquisition of Tangoe, Inc. and Combination with Asentinel, LLC

On June 16, Tangoe announced that Marlin Equity Partners has completed its take-private acquisition of Tangoe. Marlin Equity Partners currently owns Asentinel and will merge the two TEM companies to create a global superpower for technology lifecycle management.

Blue Hill covered this acquisition in greater detail in a recent report, in which we commented that Tangoe and Asentinel are immediately positioned as a leading global power in TEM. The combined company’s assets position Marlin Equity Partners to address the next generation of TEM, which Blue Hill calls IT Enterprise Management.


Daman Wood Joins Telesoft as Chief Operating Officer

On June 27, Telesoft announced the appointment of Daman Wood to the company as Chief Operating Officer. Wood joins the firm with more than 20 years experience in technology services and telecommunications, most recently operating as Vice President of Service Delivery at Vonage. Telesoft commented that Wood’s appointment will enable the company to improve its managed services offerings.

Blue Hill notes that Telesoft’s investments in managed services and support speak to the larger trend for TEM vendors to offer high-touch service within a unified mobility platform. Blue Hill will be curious to see how Wood’s vision plays out over the latter half of this year as Telesoft continues to scale its business and invest in its customer relationships.


vCom Releases Software Enhancements  

On June 8, vCom announced the release of vManager 7.1, an update to the company’s cloud-based software platform. The release provides additional functionality for planning and procurement, operations, and financial management. vCom has also created a Software Adoption Team to provide dedicated support and training for vManager.

Version 7.1 includes a rebuilt Document Center to help IT and finance better manage contracts, documents, and project planning. Blue Hill notes that this capability will be important as IT is increasingly seeking to manage cloud and software licenses and contracts within an existing TEM platform.

Additionally, version 7.1 includes an updated Dashboard to provide a comprehensive analysis of IT spend for wireline, mobile collaboration, and cloud expenses. Blue Hill notes that a focus on bringing cloud into vCom’s existing software platform demonstrates that the company is evolving to support the next generation of TEM.

Latest Blog

Blue Cedar Puts Mobile Application Security Far Ahead of MDM Apple iPhone X Highlights Enterprise Corporate-Liable vs. BYOD Conundrum Blue Hill - AOTMP 2018 Q1 Agenda

Topics of Interest

Advanced Analytics




Artifical Intelligence


Augmented Reality



Big Data


Business Intelligence



Cognitive Computing

Corporate Payments

Data Management

Data Preparation

Data Wrangling





design thinking


Emerging Tech

enterprise applications

Enterprise Mobility

Enterprise Performance Management

enterprise video

fog computing

General Industry



Hadoop World

Human Resources


IBM Interconnect




Information Builders


Internet of Things





legacy IT


Legal Tech

Log Data

Machine Learning

Managed Mobility Services


Mixed Reality


Mobile App Security

Mobile devices

Mobile Managed Services







Predictive Analytics

Private Equity



Questioning Authority

Recurring Revenue

Risk Management


Sales Enablement



service desk

Social Media



Supply Chain Finance

Switchboard Software




Telecom Expense Management




Unified Communications


USER Applications

User Experience

User Interface

video platform

Virtual Reality



Wearable Tech