Journey-to-Becoming-Cyber-Ready
Ecosystm Analyses: Journey to Becoming Cyber Ready

5/5 (1)

5/5 (1)

One of the questions that organisations are asked in the global Ecosystm Cybersecurity Study, is how they rate their cybersecurity measures and controls (on a scale of 1-10, where 10 is extremely mature). Organisations that rate themselves at an 8-10, are considered ‘mature’ in their cybersecurity measures while those that rate themselves at 1-7 are evolving their cybersecurity practices. Clear differences in priorities and investments can be seen between the mature and evolving adopters of cybersecurity measures.

Here are the key differences that emerge and should allow organisations to benchmark their cybersecurity practices against those of the mature adopters of cybersecurity solutions.

#1 Do you have the Right Motives?

There is no denying that organisations have to continue to evolve their cybersecurity measures with the evolving threat landscape. There is a need to have a continued focus on cybersecurity. However, are they doing it to address the right issues and threats? Mature organisations have their cybersecurity measures entrenched within the organisation’s risk management programs which help them align their investments to their risk position (Figure 1). Very often these programs have their technology landscape – special projects for digital transformation (DX) – and industry compliance laws built into them. Mature organisations also have a proactive approach to incidents and breaches, continuing to evolve their cybersecurity practices.

While cybersecurity practices can help with an organisation’s go-to-market messaging, the reasons for investing in robust cybersecurity practices should be more aligned to the organisation’s risk strategies. Also, it should not be restricted to compliance alone and should be much more proactive than merely ticking the right boxes.

 #2 Are you focusing on the Right Challenges?

As solution complexity increases, organisations are challenged by their cybersecurity deployments (Figure 2). Cybersecurity measures must be applied across the entire organisation and systems, including applications, database, and storage whether on-prem or on cloud (public, private or hybrid). This adds to the complexity of the solutions and the associated integration challenges.

While it is not possible to have an unlimited budget for cybersecurity measures, once it is treated like a business issue, and the risks associated (including financial and reputational) are conveyed to the key stakeholders cybersecurity budgets become part of the organisational strategy consideration. If your security team is still struggling to procure what they think is the right budget, there is a mismatch in expectations and miscommunication between the security team and executive management. “A risk focussed approach enables organisations to understand the ROI on security measures and therefore invest in the most impactful areas of cyber risk for their business”, says Alex Woerndle, Principal Advisor Ecosystm.

A real challenge that all organisations face is skills shortage. However, it is time to align business and security strategies and look beyond IT for security analysts – professionals who can translate what the Board’s priorities are into defining the security strategy.

#3 Do you have a dedicated Cybersecurity Role?

While the Board will often be involved in evaluating the risk exposure of an organisation, there is need for a dedicated role that can traverse both the business and the technological needs in deciding the right cybersecurity framework.

Organisations should have a dedicated responsibility for their cybersecurity practice – the CISO/CSO is the key data protection lead in mature organisations (Figure 3). CISOs should be reporting into the CFO, Chief Risk Officer or the CEO and not the CIO to avoid a conflict of interest. Alex says, “While the most common reporting line for CISOs is still to the CIO, there is a fundamental conflict of interest with this model – being part of the risk function, or reporting directly to the CEO, provides the level of independence required for good governance of cyber risk.”

The reality is that many organisations – especially small and medium enterprises that have small dedicated security teams – will find it difficult to appoint a dedicated CSO/CISO. The study also finds that 80% of evolving organisations have less than 10 employees in their security teams as compared to only a third of mature organisations. Carl Woerndle, Principal Advisor Ecosystm, suggests these organisations look at the option of hiring a vCISO (virtual CISO). “A vCISO can help your organisation deliver a full security program within a fixed budget. Hiring someone external also has the added benefits of bringing objectivity to your security strategies and providing guidance on newer skills and technologies to your security teams.”

#4 Are you aware of Cloud Risk?

Cloud adoption has become mainstream, especially as organisations ramp up their digitalisation initiatives. It adds scale and agility to the organisation’s transformation investments. While security remains a key concern when it comes to cloud adoption, cloud is often regarded as a more secure option than on-premise. Cloud providers have dedicated security focus, constantly upgrade their security capabilities in response to newer threats and evolve their partner ecosystem. There is also better traceability with cloud as every virtual activity can be tracked, monitored, and is loggable.

However, mature organisations not only use on-prem options more for their sensitive data storage (Figure 4), they are also more skeptical about relying only on public cloud security features. Only 34% of mature organisations feel that public cloud security features do not need to be complemented while 52% of evolving organisations share that perception.

The cloud is as secure as an organisation makes it. The perception that there is no need to supplement public cloud security features can have disastrous outcomes. It is important to supplement the cloud provider’s security with event-driven security measures within an organisation’s applications and cloud interface. Alex says, “Assuming the big cloud providers have security covered for you is a huge mistake. Understanding the shared responsibility model is crucial in your public cloud adoption journey. The tools are available – but typically at an extra cost, and you need to employ, configure and continually manage them for effective security.”

The big differentiator between mature and evolving organisations in securing cloud environments is in the use of multi-factor authentication (Figure 5). With 3/4th of mature organisations employing this as a control, it highlights that passwords – even strong passwords – alone, are not sufficient in 2020.  Mature organisations are increasingly investing in encryption. But the perception of  the complexity in deploying and managing encryption (and the keys) has been a challenge especially for organisations with smaller teams and less in-house technical capabilities.

 

#5 Are you Breach Ready?

Global organisations generally consider a data breach as inevitable – largely believing that “it is not about if, but when”(Figure 6). All organisations will face some incident, attempted breach or a breach, at some point. It is necessary to have the right cybersecurity measures to avoid breaches – but it is equally important to be prepared for when a breach actually happens. A majority of organisations, regardless of maturity, are worried about (and expect) a breach.  For evolving organisations this is a troubling statistic given their use of public cloud with limited security understanding or controls – better education is needed from the public cloud providers but also the security industry.

Breach notification processes need to keep evolving – and they must also include employees. Organisations should be aware of the need for people management during an incident. Policies might be clear and adhered to, but it is substantially harder to train the stakeholders involved, on how they will handle the breach emotionally. It extends to how an organisation manages their welfare both during an incident, and long after the incident response has been closed off.

“Cyber insurance has rapidly become a must-have as part of an organisation’s layered defence. While it provides a layer of support in the event of a breach, you should not rely on it as your only safety net,” Carl adds. “It is also important to ensure that your cyber cover is appropriate to your risks and organisational needs and policies should be evaluated carefully.”


For more insights from Ecosystm’s Cybersecurity and Data Protection research, create your account here.
Get Started

0
0
Ecosystm-Snapshot-Malaysia-Involving-the-Public-in-PDPA-Update
Malaysia Involving the Public in PDPA Update

5/5 (1)

5/5 (1)

The Malaysia Digital Economy Corporation (MDEC) has estimated that the country’s Digital Economy is worth USD3 trillion. Several initiatives have been introduced to promote the vision of a Digital Economy including: creating the Malaysia Tech Entrepreneur Programme (MTEP) aimed at tech founders who want to make Malaysia their base; the Malaysia Innovation Policy Council for industry collaboration on digital technology initiatives and streamlining policy/regulatory issues to support innovation; and the National eCommerce Roadmap aimed at small and medium enterprises (SMEs) to promote cross-border eCommerce.

Data Protection Laws for a Digital Economy

However, any country that aspires to be a Digital Economy, must have robust data protection laws that safeguards its citizens’ data. Malaysia’s Personal Data Protection Act 2010 (PDPA), was passed by the Malaysian Parliament in 2010 and came into force in late 2013. While the PDPA does provide guidelines for personal data protection to some extent, in light of technological advances, newer laws such as GDPR that are shaping the industry, and to keep up with the aspirations of creating a Digital Economy, there is a need for more comprehensive privacy laws.

“Growing the Digital Economy is a key agenda for Malaysia and a revised PDPA is a key component in ensuring trust and transparency,” says Shamir Amanullah, Principal Advisor Ecosystm. “The increasing and complex use of data and the proliferation of devices pose serious challenges which the data protection laws have to address. The recent US Federal Trade Commission’s hefty fines on Facebook and Equifax highlight the need to protect data of consumers and businesses alike.”

The PDPA is clearly a work in progress where while fast-growing areas such as electronic marketing and online privacy are mentioned in the act, there are no specific provisions to deal with breaches in these areas.

Updating the PDPA

In the last few years, Malaysia has realised that the PDPA fails to cover some areas. As an example, it does not take into consideration the proliferation of biometric data. The national ID card (MyKad) stores data using biometrics (thumbprints) and there is a clear rise in use of facial recognition technology in the country. Grab partnered with the Ministry of Transport last year, to use facial recognition technology to protect their drivers.

Malaysia is committed to their Digital Economy vision and is looking to update the PDPA, to make it more appropriate for contemporary needs and technology. The Government is consulting its citizens on possible ways to improve the PDPA. Between 14-28 February, the public can provide feedback on their thoughts and requirements on data privacy, through the Ministry of Communications and Multimedia’s web portal.

Some of the areas that have been found lacking and where feedback is being sought are expanding applications of  the PDPA to data processors, making it compulsory to notify data breaches and simplifying cross-border personal data transfer.

Speaking about the areas that are likely to be addressed, Amanullah notes, “The review of the PDPA and the ongoing public consultation will deliberate extending the PDPA to non-commercial transactions. The existing PDPA does not cover non-commercial transactions involving charities, religious activities and even social media. The EU, Japan and – closer home – the Philippines have data protection acts which regulate both commercial and non-commercial transactions.”

Malaysia’s Communications & Multimedia Minister, Gobind Singh Deo, has from the start spoken about the need to update and bring the PDPA up to speed. “The goal of the Digital Economy is to take Malaysian enterprises beyond the country to Southeast Asian and global markets,” says Amanullah. “The EU GDPR is recognised as a leading global framework for data protection and is set to play a big role in the revised PDPA, to ensure that Malaysian companies adhere to the same data protection standards as global organisations.”

“The appointment of Data Protection Officers will be a major move to ensure that companies that hold sensitive private data have the necessary skills, processes and technology in place to comply with data protection laws.”


For more insights on global Compliance and Data Protection trends, please create your account on the Ecosystm platform.
Sign Up
 

0
0
Where-Should-Cybersecurity-be-Managed-and-Communicated
Where Should Cybersecurity be Managed and Communicated?

4/5 (2)

4/5 (2)

A report published by PWC last year states that “While CIOs and CISOs can take care of the technological aspects and in some cases compliance, the business risk, which is now apparent after the emergence of endless breaches in large conglomerates, can best be understood and managed in the boardroom.”

While I agree that cybersecurity is both an operational and business risk, the question of understanding the threat landscape and the risk exposure/risk position of the company falls on both parts of the business.  The Board is responsible for the exposure and financial remediation of cyber risk, whereas the IT management is more operationally responsible for prioritisation of actions and remedies. But they need to be able to communicate on this topic together from both sides of the equation. Ecosystm research finds that 98% of global organisations involve the Board to drive their cybersecurity vision, while 88% of organisations look to their IT teams for operational management.

So, where do these two parties meet? How does the risk position of the company get communicated to both parties in such a way that they can both take the necessary actions and prioritise the resource allocation?

Dashboards for Discussion

This is where the discussion on cyber risk dashboards comes up. It is not a new topic, but some of the more recent solutions introduced in the market move beyond penetration testing to really highlighting the risk posture of the business and where resources should be allocated, as well as where the business compares to others in their industry. I will give a specific example of one such approach a bit later in this blog post.

I find the gamification aspect (e.g. industry comparison) a real driver for the Boardroom, as it allows them to position their risk profile against others to the relevant stakeholders and regulators of the business.  Actionable metrics that can also be compared to others gives a feeling of control over a situation that frequently lacks control boundaries.

Maturity models vs. risk profiles

In the PwC article I mentioned earlier [written last year by Sivarama Krishnan], the focus was on actions the Board can take, which include the usual discussions of cyber insurance, data handling policies, reporting structures and a tie into the strategy of the business overall.  But at a top-level, setting these kinds of priorities can only work when you have some form of metric checking to assess how operationally these kinds of strategic decisions are working for the business.

Figure 1: Barometric Reporting Scale

Source: PwC, March 2019

Having a reporting scale that is not only relevant and measurable but also actionable is key to tying the strategic decisions to the operational activities and overall resource and time allocations.  You could use a cyber risk strategy framework, such as this one shown in Figure 1, but it needs to be fed with real-time information on the risk position of the business.

 

Creating actionable metrics

I mentioned previously that there is a need for solutions that create a communication point between the Board and the operational IT teams as to what risk position exists for the business, and how they compare to others in their industry.

Dashboards that create an overview of the risk portfolio exist, but they do not always tie to specific financial impacts to the business. Integrated risk management platforms, such as the one from CyberSaint Security, prioritise cybersecurity as a business risk and give access to the Board to have the ability to drill down into their compliance and risk posture across business units, asset types, projects and regions.

But one of the more concerning aspects of cybersecurity recently is ransomware, which locks up operations until a ransom is paid.  One such solution that focuses specifically on the financial impact on the bottom line of ransomware comes from RiskSense and was launched last month.  As a background, the RiskSense Platform utilises machine learning, risk-based scoring and analytics combined with technology-accelerated penetration testing, and then identifies and prioritises remediation of critical vulnerabilities that place organisations at risk.

Given the concern at the Board level on Ransomware, RiskSense decided to focus on the very vulnerabilities that make ransomware attacks possible.  They recently announced their RiskSense Ransomware Dashboard which reveals all assets within the IT structure that are at risk to active exploits used by ransomware in the wild. This Dashboard examines the vulnerabilities used by ransomware based on risk factors including the presence of dangerous remote code execution (RCE) and privilege escalation (PE) capabilities, as well as vulnerabilities that are “trending” to narrow and identify which should be prioritised for immediate remediation.

Figure 2: RiskSense Executive Dashboard

Source: RiskSense, January 2020

In my opinion, this specific example highlights the two unique features of the RiskSense Ransomware Dashboard. For IT management, it is its ability to contextualise the threat landscape to highlight priorities and position the current security posture of the company. And for the Board, it is to compare the situation of the company to others in their industry to benchmark within the industry domain how effectively their cybersecurity efforts have been deployed.  It puts the security team in more of an offensive (vs. defensive) mode towards its cybersecurity efforts and outcomes.  And it allows the IT team to be able to communicate the risk position of the business to the Board with a series of actionable steps to address the vulnerability.

So from a communications aspect, and that of a shared resource to view vulnerabilities and actions, the introduction of the RiskSense Ransomware Dashboard makes financial risk sense, if you will pardon the pun.

 

Risk transparency

For both regulatory and financial reasons, Board-level executives need to have cyber risk information for business decisions.  This means having access to drill-down capabilities that show gap analyses from the category to the control level for various frameworks or standards.  This might include either the NIST Cybersecurity Framework, CIS Critical Security Controls, ISO27002 or various privacy standards such as the NIST Privacy Framework and emerging California Consumer Privacy Act (CCPA).

Dashboards that tie to these frameworks do exist, but they need to be able to be used for communication of actionable activities and resource allocation, not just as a reporting mechanism for regulatory bodies and shareholders. The RiskSense Ransomware Dashboard discussed above is one good example of making transparency actionable and comparable.  We need more of those in the industry to keep the communication flowing.

0
0
Technology-Enabling-Transformation-in-the-Oil-and-Gas-Industry
Technology Enabling Transformation in the Oil and Gas Industry

5/5 (2)

5/5 (2)

The Oil and Gas industry has seen volatile times and is affected by its own set of unique challenges ranging from commodity price fluctuations, a potential supply crunch, geo-political events, and energy policies including energy transition. Moreover, the challenges and requirements are distinct at different stages of operations – upstream, midstream and downstream. The industry has been an early adopter of a few emerging technologies and is looking to leverage them to remain competitive and better employee management.

 

Drivers of Transformation in the Oil and Gas Industry

Remaining competitive in an evolving market

Oil and Gas companies are having to clean up old processes, as the market gets increasingly competitive. Ecosystm research finds that the top business priorities for Oil and Gas companies do not stop at cost reduction and revenue growth. The industry also has to focus on employee experience and safety, compliance, and increasingly even customer experience. And they must remain competitive through potential disruption in supply, demand and production; the rising costs of processes; and ongoing exploration costs. Oil and Gas companies are also focusing more on their downstream operations including retail in order to remain competitive.

Shortage of skilled workforce

The industry also faces the challenge of skills shortage. A survey conducted by the Global Energy Talent Index (GETI) found that nearly 70% of Oil and Gas professionals think the industry is already facing skills shortage or will be hit by it within the next 5 years. This is due to a number of reasons, including a reluctance of younger professionals to commit to a profession that has harsher conditions than many. Moreover, as energy transition becomes a topic of global discussion, many have a perception that the industry is not sustainable in the future. The industry also goes through cycles where they cut back on exploration and production, which results in the loss of skills and inadequate knowledge transfer. It has a long-term challenge around knowledge management.

Safety and environmental regulations

The industry  has to contend with green energy movements and environmental regulations.  There are several country-level regulations around air and water quality. Most Oil and Gas companies have cross-border operations and have to comply with a number of regulations on harmful emissions, greenhouse gases and offshore activities, in several countries. Increasingly, all leading Oil and Gas companies have to work in alignment with the Paris Agreement when developing solutions across functions – exploration, extraction and supply chain. There are also worker safety regulations and standards that they have to comply with.

The global Ecosystm AI study reveals the top priorities for Oil and Gas companies that are focused on adopting emerging technologies (Figure 1). It is very clear that the key areas of focus are process automation, asset and supply chain management and compliance.

 

Technology as an Enabler of Oil and Gas Transformation

Several emerging technologies are being used by the Oil and Gas industry as they continue their struggle to remain competitive across the different stages of operations – upstream, midstream and downstream.

IIoT

As the costs of sensors go down, connectivity widens and computing power increases, the industry is seeing greater uptake of Industrial IoT (IIoT) solutions. From wearables (to monitor employee safety) to drones with smart cameras (for remote inspections, environmental monitoring), IoT solutions have an immense role to play in the Oil and Gas industry. The industry has had to be cautious about the choice of devices, however, due to pervasive inflammable hydrocarbons and the related regulations.

Not only are they implementing sensors, Ecosystm research finds that 30% of Oil and Gas companies are also leveraging the IoT sensor data for analytics and intelligence. A common application is in predictive maintenance. Two years ago, Chevron launched predictive maintenance solutions in its oil fields and refineries. While the pilot ran on heat exchangers,  the company aims to connect all assets by 2024 and expects to save millions on asset management.

AI

AI and machine learning have applications across Oil and Gas operations, leveraging  IoT sensor data. “Smart fields” where production is monitored centrally, has a high level of automated controls. AI/Analytics is allowing companies to run simulations, use predictive data models and identify patterns to gauge risks associated with new projects. This has an impact on production, exploration and making efficient use of existing infrastructure. Oilfield services company Baker Hughes has worked on an AI-based application that allows well operators to view real-time production data and predict future production with more accuracy.

AI is also helping organisations monitor environmental risk and has the potential to help Oil and Gas companies with their compliance requirements. Gazprom Neft, one of the largest suppliers of natural gas to Europe and Seismotech are exploring using AI for seismic data processing, for solutions that are specific to the needs of the industry.

While the applications of AI in the industry are often focused on upstream activities, AI has applications across all operations. In the midstream, transporting crude oil to refineries has always had its unique challenges.  Since transport lead times are long and prices fluctuate based on the availability of products, organisations benefit from demand forecasting and price risk modelling. While the common perception of the industry does not include customer interactions, the truth is that the industry is increasingly focusing on the retail space. The need is enough for Shell to begin experimenting with virtual assistants as far back as in 2015, to interact with their retail customers. In fact, the company anticipates a higher adoption of AI in the industry and is collaborating with Udacity to bridge the skills gap.

Technologies empowering employees

As discussed earlier, one of the key challenges of the industry is the inability to manage a reliable knowledge management system that can help consistent knowledge and skills transfer. A single source of truth that can be accessed by all employees on processes, including safety requirements has an immense role to play to help with the skills shortage in the industry.

Enterprise mobility is another tech area that holds immense potential for the industry, with its huge proportion of mobile workers, many in remote locations. Mobility solutions can help in productivity, process optimisation and monitoring of health and safety of the employees and are increasingly incorporating wearables and location-based services.  GIS and GPS systems are helping employees with accurate directions, easier access to drilling locations and more. Given the number of devices, platforms and OSs, the industry is seeing an increased interest in unified enterprise mobility (UEM) solutions. Ecosystm finds that more than a third of Oil and Gas companies have implemented or are evaluating UEM, while another 20% are expressing early interests.

Blockchain

The sheer quantity of documents, transaction records and contracts that a typical Oil and Gas company has to manage – including cross-border transactions – poses some difficulty for the industry. The companies have to reconcile and handle issues involving multiple contractors, sub-contractors, and suppliers. Supply chain and inventory management is also a challenge. With the adoption of Blockchain, the industry can automate the management of purchase orders, change orders, receipts, and other trade-related documentation, as well as inventory data with more efficiency and transparency. Blockchain is enabling a seamless supply chain, improved project management and simplifying contractual obligations at each point along the way. Gazprom Neft’s aviation refuelling business is an early adopter of Blockchain-based smart contracts. All refuelling operations are undertaken exclusively on the basis of digital contracts approved by both parties near real-time and eliminates the possibility of any breach of contract and makes the accounting process more transparent.

 

As the market continues to be volatile for Oil and Gas companies and uncertainties loom in the future, the industry will increasingly depend on technology to remain competitive.

 


For more insights on industry adoption of emerging technologies such as AI and IoT, please create your account on the Ecosystm platform.

Create an Account


0
0
Artificial Intelligence(AI)-Hype-vs-Reality
Artificial Intelligence – Hype vs Reality

4.5/5 (2)

4.5/5 (2)

Artificial Intelligence (AI), machine learning and deep learning are buzz words that have organisations – especially the C-Suite – excited about future possibilities of what technology can do for their business. However, these are not merely buzz words and are actually being leveraged by early adopters. At the same time, there are organisations that are keen to adopt the technologies but are unsure of the benefits and the associated challenges act as a barrier to adoption. So, is AI over-hyped or is it a reality for enterprises today? Ecosystm research provides some answers.

The Buzz Around Artificial Intelligence

There are several factors that contribute to the curiosity around AI and why several organisations are evaluating the adoption of AI:

Promotion by large tech vendors

The world’s leading technology providers are in a race to incorporate innovations (mostly driven by AI) within their product and service offerings. Heavy investments in R&D and new patents are aimed at increased market share, as the top tech vendors continue to compete to consolidate and grow their global presence. The perception is that AI-related patents are directly proportional to future market potential. It is not uncommon for the providers to promote these future capabilities – long before they hit the market – as part of their go-to-market messaging. There has been a surge in the number of AI patent filings in recent years with Microsoft leading with more than 18,300 patents followed by IBM (more than 15,000) and Samsung (more than 11,000). As these tech giants keep investing in R&D, apply for newer patents and publicise them, it creates a positive buzz in the market.

Consumerisation of AI

Just like any emerging technology, AI is still, to some extent, an enigma. However, the consumer market gets constant glimpses of how AI can have a positive impact on people’s lifestyle. Amazon, Samsung, Microsoft, Apple – to name a few – have all introduced smart AI solutions to their consumer products. From smart voice assistants that help us with our voice searches to controlling homes with digital assistants, users have been impressed with their early interactions with AI. Many think that the same way as AI has percolated into their personal lives, it will one day be pervasive in enterprises as well. The requirements of an enterprise AI solution is completely different and complex. For example, wearables and wellness mobile apps can help you take control of your health, but for them to become part of the healthcare system, they require FDA approval, a well-documented workflow and policy implementations. But, wearables get people curious and create a buzz about the role of AI in healthcare.

Government initiatives

Several governments are engaging and getting serious about AI and are investing in AI R&D. Many have created an AI roadmap including governance, to promote the adoption of AI. AI.gov was launched by the US Government to centralise AI efforts, share knowledge on AI and drive adoption across government agencies and departments. Some departments have already adopted AI. The US National Oceanic and Atmospheric Administration (NOAA) has been using AI to improve their forecasts. This helps in better prediction of high-impact weather events. Smart city applications are also seeing increased adoption of AI, including in citizen engagement. Cities and government departments are investing in AI-based call centres to answer repeated or routine queries. For example, the United States Army uses an interactive virtual assistant to check qualifications and answer questions with more accuracy. When governments back a technology area, it creates an interest in the citizens.

Success stories

Every day we read about some AI implementation that has positively impacted an organisation or its customers. Twitter’s use of AI-driven text and image analytics to detect hate speeches and terrorist activities has been well-publicised. Gaming companies are actively using AI to improve user experience through Mixed Reality and AI technologies. The recent coronavirus outbreak was first detected by BlueDot, a Canadian company using AI technologies. Such success stories encourage other enterprises to evaluate the technology.

Beyond the Buzz

While we are adopting AI/automation as part of our consumer goods (such as phones, smart home systems) and services (such as search engines, online maps) the enterprise adoption of AI does not really match up to the hype around it.

Ecosystm research shows us what the popular AI solutions are and what their current adoption is globally, as well as what it is likely to be at the end of the year (Figure 1). While some solutions have become popular, especially in industries such as Manufacturing, Mining & Resources and Construction, the reality is that we have not yet reached mass adoption. Of the organisations that are planning to implement some AI solutions, 44% consider the investment as strategic to their organisational goal. The rest are mostly looking at ad-hoc implementations to test the waters.

What is hampering more widespread adoption of AI? For both organisations that have embarked on their AI journeys and those who plan to in 2020, the challenges are the same (Figure 2).

AI integration is a complex process. The more organisations want to integrate AI investments into their transformation journey, the more complicated the integration becomes. There needs to be an identification of the expected outcomes, mapping of the data that will be required to help the algorithms, real-time or near real-time data sources and consistency in data infrastructure and sources. Organisations have legacy systems that run in siloes. Integration requires a clear roadmap and dedicated resources, often a third party.

Even in industries that have access to huge organisational data repositories, data access can be a challenge, for technological or compliance reasons. AI requires a huge amount of data to train and run algorithms. Data scientists are often challenged with access to quality training data at the scale required to train the AI systems.

Cybersecurity concerns are natural for any emerging technology area. AI systems have access to enormous organisational data. With threats ranging from ransomware, data breaches to hackers tampering with physical and industrial systems, it is dangerous if AI system falls in the hands of cybercriminals. Instances such as when criminals used an AI-based software to impersonate the voice of a company CEO to commit a €220,000 fraud, also add to the concerns around cybersecurity and AI.

Another reason why organisations find deploying AI solutions difficult is that they do not involve the right organisational stakeholders in the AI decision-making process (Figure 3). While IT is likely to know where the data resides and have a better understanding of the systems implemented, the true success of AI deployments will be measured in user acceptance. An AI solution will obviously impact the existent workflows in an organisation, and if the stakeholders are not convinced, or are unsure of the benefits, it will be difficult for AI to have an organisation-wide impact.

Moreover, internal IT may not have the right skills to implement and maintain an AI solution. It will become important for organisations to involve strategic partners who can guide the implementations, at least in the initial stages. While 51% of organisations that have an AI solution engage an external strategic partner, only 33% of organisations that are planning to adopt AI have planned for a strategic partner to guide them. A strategic partner – with the right technical expertise and business experience – can help combat some of the challenges around integration issues and provide guidance on cybersecurity best practices.

 

AI clearly has immense possibilities and indeed is a revolutionary technology that will bring value to almost all industries. What is required for a successful AI implementation however is a roadmap – including a cross-departmental Centre of Excellence (CoE), a clear timeframe and KPIs to measure both business and technological success of the AI models. Unless organisations can plan their AI investments, the technology will not translate from hype to reality.


For more insights from our ongoing AI research, please create your account on the Ecosystm platform.

Create an Account


1
1
Customer-Priorities-Mature-vs-Emerging-Economies
Customer Priorities – Mature vs Emerging Economies

5/5 (3)

5/5 (3)

In the Top 5 Customer Experience Trends for 2020 Ecosystm Principal Advisors, Tim Sheedy and Audrey William say that emerging Asia will catch up with the mature economies of the world in their customer obsession. Have emerging economies really embraced Customer Experience (CX) fully or are they just responding to the hype? Do consumers really care about how they connect with brands or do organisations think product offerings is the main differentiator? The business priorities of global organisations reveal that there is a universal focus on improving CX (Figure 1). It is the top business priority across emerging and mature economies, though mature economies are still ahead in their customer focus. Organisations in emerging economies prioritise revenue growth and improving Employee Experience (EX) more than those in mature economies.

 

Delivering Better CX – The Challenges

Whether these organisations can actually fulfill their CX goals, depends on what their key challenges are. In the end, what consumers want is a consistent CX – across multiple channels and touchpoints. Organisations in emerging economies seem to find it more challenging to drive a more consistent CX (Figure 2). Information siloes are a challenge across all organisations. But organisations in mature economies cite training of their agents as their biggest challenge.

A desire to improve CX must be backed with both vision and budget. The vision should be for the entire organisation to have a single source of truth – not just for the employees – but also a common source of truth that is accessible easily and consistently by customers, across multiple channels. Without this, customer self-service measures will be inadequate. Increasingly customers will want to engage with brands when they want to (very often beyond working hours), how they want to (avoid lengthy voice calls) and where they want to (web and mobile apps). Interoperability of enterprise systems and a robust knowledge base are important factors.

 

How do Organisations Improve Service Delivery?

If we compare the top CX measures by organisations in mature and emerging economies, we notice a clear difference in priority. In mature economies, organisations appear to have a clear roadmap. They focus on the customers first; followed by empowering the staff to perform their jobs better; invest in technology that will enable both; work on process optimisation; and finally set KPIs and metrics to evaluate the efficacy of the CX measures in place.  Also, what they are increasingly doing is setting CX KPIs across the entire organisation – involving all stakeholders. A customer-focused business is one where everything is second to the customers and that should be built firmly into the organisational culture.

In emerging economies, organisations do not appear to follow a clear roadmap in their CX measures. While self-service is an important aspect of their CX programs, they are more tied down by improving their customer service staff capabilities. They are more challenged by high staff turnover (Figure 2) and appear to be focused on their employees in multiple ways – hiring experts, improving EX and investing in staff training. What they do far less than their counterparts from mature economies is setting organisation-wide CX KPIs.

Web apps are still the most important self-service CX touchpoint, followed by mobile apps. However, emerging economies are ahead when it comes to the importance they place on mobile apps for CX. This is reflective of the high mobile penetration in emerging economies, and the propensity to use mobile devices for all transactions – social and business.

We have seen that organisations in mature economies set CX KPIs more consistently. What are the top CX metrics and are there any differences based on the maturity of the economy (Figure 4)?

Organisations in emerging economies, continue to be more concerned about attracting and retaining employees. In fact, when asked about their security concerns, these organisations cite agents leaving with data as the key challenge. In mature economies, the key security challenge is improper use of confidential customer data, which can be handled best by continued staff training. In emerging economies, while organisations measure individual areas such as average call duration and first contact resolution, they do not measure customer satisfaction, in its entirety, using CSat scores, for instance. Organisations in mature economies are better at setting KPIs for their CX initiatives and tying them down to outcomes beyond the customer service teams – such as sales and adherence to compliance requirements.

 

Organisations in mature economies are focused on CX, but to become truly customer-obsessed they need to:

  • Evaluate what will enable them to deliver better customer self-service – it is not only about apps, but also about the knowledge base
  • Create a clear CX roadmap, focused on the multiple stakeholders and the technology – the steps have to be focused and not ad-hoc
  • Inculcate customer obsession across the entire organisation – not just the customer-facing teams
2
2
Oracle-Cloud-Continues-to-Expand-Global-Cloud-Footprint
Ecosystm Snapshot: Oracle Continues to Expand Global Cloud Footprint

4.5/5 (2)

4.5/5 (2)

In the Top 5 Cloud Trends for 2020, Principal Analyst Claus Mortensen observed that 2020 is a do-or-die year for Oracle if they wanted to remain as a key contender in the Cloud market. Mortensen said, “Oracle has not been able to break into Cloud in the same way as their competitors and has so far not made the same “leap of faith” into this area as similar companies have. Unless the company makes a clear decision about their Cloud strategy and succeeds in communicating it to the market in 2020, Oracle may quickly find itself more of a niche Cloud player going forward.”

Oracle’s intentions to remain one of the leading global Cloud providers becomes clear as they actively expand their global coverage. Last week Oracle announced that, as part of their ongoing regional expansion plan, they have added local regions in Jeddah (Saudi Arabia), Melbourne (Australia), Osaka (Japan), Montreal (Canada) and Amsterdam (The Netherlands). This expands the reach of Oracle’s Generation 2 Cloud to 21 independent locations, and Oracle intends to further add 15 locations by the end of 2020. At OpenWorld last year, Oracle had announced their plans to have Cloud sites dedicated to the enterprise market as well as government customers.

Dr Alea Fairchild, Principal Advisor Ecosystm, thinks that Oracle appreciates the needs of their enterprise customers. “Oracle understands the sensitivity of the enterprise to the location and availability of their data, which remains an issue with Cloud implementations involving large data sets. They have broken some ground as the first public Cloud vendor with data centres in Saudi Arabia, and are putting efforts in to offer a minimum of two regions in almost every country in which they operate,” says Dr Fairchild. “From a corporate user’s perspective, regional data management and appropriate licensing models are still sensitive spots when it comes to database management.”

Getting Ready for the Hybrid Cloud Market

Oracle also appears to be ramping up for the growing hybrid Cloud market. Ecosystm research shows that more than a third of global organisations have adopted the hybrid Cloud and this will only increase. Given the increased uptake of hybrid and multi-cloud environments, Oracle offers preconfigured links between Oracle and Microsoft Azure cloud regions in the eastern states of the US, London, and Toronto, as part of the Cloud interoperability partnership announced in June 2019. Last year, saw another mutually beneficial partnership between VMWare and Oracle, that supports their customers’ hybrid cloud strategies, allowing the VMware Cloud Foundation to run on Oracle Cloud Infrastructure. Organisations can also avail technical support for Oracle software running in VMware environments both in on-premise data centres and Oracle-certified cloud environments.

“Oracle’s Generation 2 Cloud is now available in 21 locations and is on track to have a total of 36 Cloud regions up and running by the end of the year,” adds Dr Fairchild.  “But when compared to AWS, Microsoft and IBM, Oracle still holds a fraction of the market share.  They can be seen as a niche infrastructure provider, but indeed the partnerships with Microsoft and VMware are set to help Oracle’s Cloud business make traction with companies that are adopting multi-cloud strategies.”

1
1
Maxis-Microsoft-Announce-Digital-Alliance-2
Ecosystm Snapshot: Maxis & Microsoft Announce Digital Alliance

4.5/5 (2)

4.5/5 (2)

At the end of last year, Ecosystm published The Top 5 IoT Trends for 2020. Principal advisors, Kaushik Ghatak and Francisco Maroto predicted that in 2020 5G providers will be forced to operate outside their comfort zone. While the impact on network and communications equipment providers will be immense, 5G will also force telecom providers to re-think their existing business models. They may not be the best equipped to take 5G technology to market, they way the operate now.

Traditionally telecom providers have been focused on horizontal technologies and on connecting people. They have not had to have conversations around connecting machines – where every industry has their own unique use cases. This verticalisation, will force telecom providers to deal with newer stakeholders in their client organisations – not just IT infrastructure and Facilities. Several telecom providers have in the past become public cloud providers, as their markets becomes smaller and they face competition from global cloud storage providers. Now, telecom providers will increasingly look to partner with cloud providers and systems integrators with relevant industry experience, to translate the value proposition of what they are offering. “Strategic partnerships between leading technology and telecom operators are taking place especially in building various 5G use cases and applications centred on the cloud computing platform,” says Shamir Amanullah, Principal Advisor Ecosystm.

Maxis Strengthening their Market Position in Malaysia

The recently announced partnership between Maxis and Microsoft is an example of how these partnerships will pan out. Maxis does not want to be viewed only as a telecom provider and wants to be the leading Malaysia-based solutions provider. As telecom providers also start to tap the enterprise market, cloud and IoT will be key technology areas, that they should focus on.

“Maxis is leading the way as a converged solutions provider in Malaysia and following the appointment of Gökhan Ogut as the CEO in 2019, there has been a focus to grow the enterprise business which promises a lucrative opportunity,” says Amanullah.

“While the mobile connectivity market is effectively about customer retention in a saturated market, new opportunities lie in enterprise needs for fixed connectivity, managed services, cloud and IoT which is largely untapped. The expected deployment of the 5G network will spur new applications, business models and partnerships.”

Maxis’ move appears to be well-thought. Amanullah thinks that the strategic partnership with Microsoft will help Maxis accelerate its enterprise solutions offering combined IoT and 5G capabilities with Microsoft’s Azure IoT technology. It will also allow for hybrid environments, which is important given the rise of hybrid and multi-cloud adoption. Ecosystm research shows that hybrid cloud adoption in Malaysia is at a nascent 7%. But if they take a lesson from their neighbour, the rise in adoption will be steep. Our research finds that hybrid cloud adoption in Singapore is around 42%.

Telecom providers are also focusing on Digital Transformation (DX). In the Top 5 Telecommunications & Mobility Trends for 2020, Liam Gunson, Director Ecosystm says, “In 2020, operators will focus on transforming the core – remove unnecessary costs, improve customer experience, capture new opportunities  – and on building telecom networks with scalability, flexibility, efficiency and agility.” Microsoft’s enterprise Modern Workplace solutions including Microsoft Teams will aid Maxis’ own DX efforts. Maxis will offer fixed line voice calls with the unified communications service.

Mutually Beneficial Partnership

Amanullah also sees this as a positive move for Microsoft. “Microsoft is poised to lead efforts in 5G network deployment which promises to enhance capabilities and drive new economic growth, especially with the focus on Industry 4.0. Maxis’ position as a leading enterprise communications provider and Microsoft’s enterprise technology experience and offerings promises a mutually beneficial partnership.”

Ecosystm research finds that Microsoft is the leading cloud provider in Malaysia when it comes to brand perception, and about a third of enterprise cloud deployments use Microsoft. Amanullah thinks that, “Microsoft’s leading position in cloud platforms is an attractive proposition for enterprises that are looking at speed, performance, reliability, global scale, security and lower costs.”

Talking about the 5G applications that the Malaysia market will see, Amanullah sees tremendous business opportunities in areas such as smart city, autonomous driving, smart traffic management, virtual reality (VR), augmented reality (AR), cloud gaming, and healthcare, to name a few.

 

2
2
How Technology is Helping to Combat the Coronavirus
How Technology is Helping to Combat the Coronavirus

4/5 (4)

4/5 (4)

In December 2019, the World Health Organisation (WHO) commemorated the 40th  anniversary of smallpox eradication. Ironically, later that month the world was introduced to a new epidemic caused by the Novel Coronavirus. At the same time, the WHO’s fight against other epidemics such as the Ebola virus outbreaks in Congo is far from over. As the world becomes smaller in terms of access, the risks associated with a disease outbreak becomes greater.

Every disease outbreak puts our healthcare system in disarray. Not only does it affect the country where it originated, but it also has a far-reaching impact on healthcare systems in other countries. As of today, the coronavirus has reportedly spread beyond China to 16 countries. A visit to a public healthcare facility in Singapore in the last few days shows how the healthcare system is tracking everyone who visits a hospital or a polyclinic – not just patients. Clinicians are also conducting extra screenings. This has ramifications for healthcare systems, that are already strapped with staff shortage.

There are obvious economic ramifications – at least in the short term. Several companies are banning travel to China for their employees, while many manufacturing units in China have had to temporarily shut down. The impact is not restricted to China alone and has the potential to impact global trade and economy.

Every new disease that comes into the limelight also impacts the life sciences industry that has to divert their R&D resources into finding a cure and/or a vaccine for the disease. While winning the race for the first breakthrough can be a huge opportunity for the pharmaceutical company, it also impacts the regular research being conducted to protect us from other deadly diseases.

Unfortunately, we are always one step behind diseases, and we have to first think of cure and containment before we can consider prevention and eradication. As we wait and watch to see how fast the coronavirus epidemic is contained, we must acknowledge the role technology plays in managing epidemics and other disasters. Here are some initiatives:

Detection

One of the success stories to emerge from this disaster is the speed at which the risk of the outbreak was detected. 10 days before the WHO announcement, BlueDot, a healthcare monitoring platform had already detected the epidemic, from intelligence gathered from news reports, disease networks and official sources. The same platform – and a few others – are also predicting the global spread of the virus by mining global airlines ticketing data. This is a reassuring outcome of how technology and human analysis can effectively come together to improve health outcomes.

Research

While the current global concern is the speed of containment of the disease, eventually there will have to be more proactive measures to prevent another outbreak and to even eradicate the disease. To be able to understand the full nature of the pathogen and to come up with a vaccine, it is important that the virus is isolated. Scientists from the Peter Doherty Institute for Infection and Immunity in Melbourne successfully grew the Wuhan coronavirus from a patient sample. While the Chinese authorities had released the genome sequence to help with the diagnosis, this ‘game-changer’ can be potentially used to detect the virus in patients who do not yet display the symptoms and eventually to develop a vaccine. Cutting-edge research in healthcare has always been conducted by such research and pharmaceutical organisations.  They have consistently pushed the adoption of new technology in healthcare, especially in their R&D practices.

Management

As mentioned earlier, any outbreak taxes the front-line healthcare providers the most. They have very little time to change their triage and protocols to combat a disease that they have possibly never encountered. This is where clinical decision support systems that can incorporate these new protocols into the workflow comes in handy. Epic, the EHR provider has pushed a software update that does just that. According to Epic, this update was developed in collaboration with biocontainment experts, infectious disease physicians and the US Centers for Disease Control and Prevention (CDCs). Collaborations such as this will be required if we have to devise a global protocol for epidemic management and containment.

 

There have been several other initiatives during this outbreak that show how different technologies can come together to benefit healthcare, especially to handle a crisis. Technology has always played a huge role in spreading the message in times of disaster, especially in emerging economies – with technologies such as AI, the potential of technology benefitting healthcare increases exponentially.

2
2