Is Apple's IOS or Google's Android more secure?

Which is better: Android or IOS?

Asking “which mobile operating system is the best” is a great way to start a mini war between friends or coworkers. It seems everyone has taken a side and is willing to go down in a blaze of glory defending their position. 

The fine folks over at Symantec wanted to determine which mobile operating system was more secure (IOS or Android). They then took the analysis a step further by comparing the security postures of these mobile OS’ to their most popular desktop counterparts. 

The risks

Symantec found that from a technology perspective, these mobile OS’ are more securer than their desktop counterparts but they highlighted the main weakness common to all the platforms : the user.   

In a previous article, I wrote about the “Consumerization of the enterprise”. They highlighted the risk of employees using their personal unmanaged devices to access corporate information then connecting them to outside third party uncontrolled and unmanaged services. This reality potentially exposes corporate assets to attackers. 

The Conclusion

Although Symantec did not clearly identify one mobile OS as better than the other, they do have a slight preference for IOS. Of particular interest was Apple’s application vetting process which adds a nice player of protection for users.  They went on to say that IOS’ architecture “makes it better at resisting malware attacks and data integrity attacks”. The cherry on top for IOS supporters is their final statement that IOS offers better encryption and more secure access control for apps. 

I doubt anything above would make an Android supporter jump ship but it does present an interesting perspective you should keep in mind.

 

The Symantec Press Release

MOUNTAIN VIEW, Calif. – June 28, 2011 – Symantec Corp. (Nasdaq: SYMC) today announced the publication of “A Window into Mobile Device Security: Examining the security approaches employed in Apple’s iOS and Google’s Android” (PDF). This whitepaper conducts an in-depth, technical evaluation of the two predominant mobile platforms, Apple’s iOS and Google’s Android, in an effort to help corporations understand the security risks of deploying these devices in the enterprise.

 

Chief among the findings is that while the most popular mobile platforms in use today were designed with security in mind, these provisions are not always sufficient to protect sensitive enterprise assets that regularly find their way onto devices. Complicating matters, today’s mobile devices are increasingly being connected to and synchronized with an entire ecosystem of 3rd-party cloud and desktop-based services outside the enterprise’s control, potentially exposing key enterprise assets to increased risk.

 

Click to Tweet: Symantec analysis finds iOS and Android security better than that of PCs, but major gaps remain: http://bit.ly/jYflt3

 

The paper offers a detailed analysis of the security models employed by Apple’s iOS and Google’s Android platforms, evaluating each platform’s effectiveness against today’s major threats, including:

  • Web-based and network-based attacks
  • Malware
  • Social engineering attacks
  • Resource and service availability abuse
  • Malicious and unintentional data loss
  • Attacks on the integrity of the device’s data

This analysis has led to some important conclusions:

  • While offering improved security over traditional desktop-based operating systems, both iOS and Android are still vulnerable to many existing categories of attacks.
  • iOS’s security model offers strong protection against traditional malware, primarily due to Apple’s rigorous app certification process and their developer certification process, which vets the identity of each software author and weeds out attackers.
  • Google has opted for a less rigorous certification model, permitting any software developer to create and release apps anonymously, without inspection. This lack of certification has arguably led to today’s increasing volume of Android-specific malware.
  • Users of both Android and iOS devices regularly synchronize their devices with 3rd-party cloud services (e.g., web-based calendars) and with their home desktop computers. This can potentially expose sensitive enterprise data stored on these devices to systems outside the governance of the enterprise..
  • So-called “jailbroken” devices, or devices whose security has been disabled, offer attractive targets for attackers since these devices are every bit as vulnerable as traditional PCs.

Quotes:

“Today’s mobile devices are a mixed bag when it comes to security,” said Carey Nachenberg, Symantec Fellow and Chief Architect, Symantec Security Technology and Response. “While more secure than traditional PCs, these platforms are still vulnerable to many traditional attacks. Moreover, enterprise employees are increasingly using unmanaged, personal devices to access sensitive enterprise resources, and then connecting these devices to 3rd-party services outside of the governance of the enterprise, potentially exposing key assets to attackers.”

Will mobile apps kill the internet?

An interesting new report boldly claims that we now spend more time using mobile apps then on the Internet. Flurry, the firm that conducted this research, determined that the average user spends 81 minutes per day using mobile apps as opposed to 74 minutes surfing the internet.

The real shocker is comparing this number with the data from a year ago: 91% jump when users spend 43 minutes on mobile apps and 64 surfing the internet. Other interesting information related to time spent :

  • 47% of user time is spent playing games
  • 32% of user time is spent browsing social networks
  • 7% of user time is spent consuming other entertainment

The question many analysts are asking is “How does this impact the future growth of the world wide web?” At the very least, it might motivate your company to come up with a mobile app strategy as an integral part of your overall branding and marketing program.

Some nice graphs

Mobile apps versus Surfing the Internet

 

 

Division of time spent on the device  

  

How to tag information

There are lots of information management programs out there that ask you to tag your notes, ideas and files (think of Evernote, Springpad, PersonalBrain, etc).

Why tag

Regardless of the program you use, the purpose of adding tags to your data is to make it more descriptive and therefore easier to organize and find later.

Having used 4 or 5 different tools that use tagging, none of them provide any guidance on how to do it efficiently (read best practice). So here is the approach I have adopted.

General Category

My first tag is a General Category tag to help me quickly determine the overarching purpose of the information. If I clipped an article about optimizing a Windows 7 setting in Evernote, then my first tag may be “Windows 7”.

More Specific Category

My next tag is usually a more specific tag. In the example above, it may be “Optimization” or “Tech Tip”

Source

There may be occasions when I may add a third tag to identify the source of the information. In the above example, let’s say the article came from Lifehacker.com, then my third tag may be “Lifehacker.com”. This is an optional layer that I sometimes use.

Define your format

Generally you want to define how you will be writing your tags. Which letters will you capitalize? Will you use the singular or plural form of a word?  Define this ahead of time and stick to it.

How to set personal goals

I will use this entry to talk about setting personal goals. Yes.. Yes… I know it is June and that most people set their personal goals in January but how are those coming along?

Do a cleanup

Before building a new house, the contractor will clear the ground to ensure he is starting with a solid footing.  The same concept applies to your personal life. Before even thinking about your goals, make sure you “clean your house” (both physically and mentally) to ensure you start with as clean of a slate as possible. The cleaner the slate, the more likely you are to achieve your future goals.

List your accomplishments

Before you spend any time thinking about your future goals, it is beneficial to do some introspection and create a list of everything (of importance) that you have completed in the last 12 months. This is an extremely powerful technique to ensure you go into your goal setting with positive energy and  fully recharged psychic energy.

Start with the end in mind

In his bestselling book “The 7 habits of highly effective people”, Stephen Covey shares one of the most powerful nuggets of wisdom I have ever heard: "Start with the end in mind." Would you get in your car and just start driving? Of course not. You want to know where you are heading, so you can plan the best route. Same concept applies to goal setting.

Stephen Covey says “all things are created twice”: once in the mind and once in the real world (in that order). Setting goals with the “end in mind” keeps your brain thinking positively about what can be achieved.

This concept is so powerful other business visionaries have also adopted it in their models of efficiency such as David Allen in Getting Things Done (GTD). Napolean Hill stated it as "What the mind of man can conceive and believe, It can achieve." Professional athletes use visualization as one of their training tools.

Know that it works and spend the time to think about what “done means” for each of your goals? What does the successful completion look like? How will it feel? How will you know when it is successfully completed?

Your goals should be “SMART”

Many believe that the concept of SMART goals was first proposed by the grandfather of modern business theory, Mr. Peter Drucker in 1954. The reason this concept has been around for so long is that it works and is based on sound logic.

  • S – stands for specific. As mentioned above, start with the end in mind and make your goal as specific as possible. Saying you will “lose weight” is not specific. Saying you will “lose 30 pounds in the next 6 months by lowering your calorie intake by 1000 calories and running on the treadmill for 60 minutes 4 times a week” is specific.
  • M – stands for measurable. Your goals has to be specific and measurable. Being measurable is important to ensure you know you have “arrived” when you reach this threshold. S and M go hand in hand.
  • A – stands for attainable. Your goals should be “Big Hairy Audacious Goals” as proposed by James Collins and Jerry Porras in their 1996 article entitled Building Your Company's Vision. This means your goals should not be easily reached but logically attainable with enough hard work and commitment. Too many people set unrealistic goals then get disappointed when they miss the mark.
  • R – stands for results-oriented. This further reinforces the first section above. When setting goals, don’t let your mind get overwhelmed by all of the actions you need to complete to reach your goal. There is a time and place for everything and when setting goals, accept that you think about specific actions later. Right now concentrate on the desired end result. I strongly recommend you read my article about using the “Next Actions” methodology from GTD.
  • T stands for time. This means that each of your goals should have a specific deadline. When engaged in coaching, I work with my customer to get as specific as possible (to the day even).

Don’t beat yourself up

Next December, take the time to ask your friends and colleagues about how many of their goals they achieved. You may be surprised at how negative the conversation get’s and how quickly people make up excuses. Remember that beating yourself up is very self destructive and will not help you achieve your goals. Instead acknowledge that you may have missed some goals, spend some time thinking about why and about how you can approach your goals differently next year to have a better chance of meeting your targets.

How many goals should I have?

This is a question I love asking my employees, friends and family. Ask people how many goals they set for the year. Most of the answers you get will be in the low single digits. People believe that making a small number of goals increases the likelyhood of successfully completing them. WRONG!!!!

I believe you should set as many goals as possible and my rule of thumb is 30-50. Remember that not all of your goals should be to “cure cancer” or “solve world hunger”. A goal is anything you would like to be true by this time next year. It can be as complex as finishing up a master’s degree or about as simple as how you would like to perform when playing golf or what kind of outlook on life you want to have.

Ask yourself “What would life look like in a year, if it was better?”

Remember that out of the goals you set at the beginning of the year, you will likely end up working on a handful (10% or less). Read the following section to find out why.

Remember that you will not achieve most of your goals

You set your goals at the beginning of the year based on the best information available at the time. As you work through your various goals, you will acquire additional data or perspective and may decide that something else is more worthwhile.  This new goal may not even have been visible when you did your initial goal setting. You likely saw this new more worthwhile goal because of the effort you put into achieving your original one. Without that original one, you may never have seen this more valuable one and that is why it is still important to set those goals and drive towards them with everything you’ve got.

 

Consumerization is here and you have to deal with it

What is consumerization

Consumerization is a term used to describe the trend where manufacturers release new innovative technologies in the consumer market before the corporate one.  Interestingly these same technologies then find their way into the corporate world through the employees. 

“Consumer IT will affect every enterprise" said David Mitchell Smith, vice president and Gartner Fellow. "Attempts by enterprises to deny this are doomed to failure, just as previous attempts to deny Wi-Fi, 'smart' mobile phones, the Internet and even the PC itself failed." -  

The above statement seems timely and clearly describes consumerization today. The only gotcha is that Gartner released this in a 2005 press release. So this change has been a long time coming but is finally and definitely here. 

Why

Many years ago, employees did not have reliable high speed internet connectivity at home. More often than not, a work PC was many times more powerful than any device you had at home. 

None of this is true today. Most people have Personal Computers at home and in most cases, they are many times more powerful than their work PC. The lines between traditional work and an employee’s personal life are blurring. Educated knowledge workers want the flexibility to manage their work as best fits their needs. 

This new breed of technical employee wants to bring their own laptop to work. They own a smartphone and tablet, which they believe makes them more productive. They would like to leverage these powerful technologies and bring its productivity to their workplace. Employees are increasingly familiar with cloud computing services and leverage social networking for collaboration.

The business reality

What employees don’t see is the strain these requests place on corporate IT. Talk about personal devices connecting to a corporate network and CIOs start to have nightmares related to  theft, compliance, Intellectual Property protection and risk management. Add to that the cost of supporting dozens of new devices and you have a mess CIOs are being asked to handle without best practices. 

What if one of these devices is stolen (which is very common) and contained company confidential data? Knowing that most of these consumer devices do not have “good” encryption makes the worries that much worse. 

IDC conducted a survey on behalf of Unisys about consumerization. Interestingly, 95% of the respondents acknowledge using technology [at work] that they had personally acquired. Another interesting tidbit was the fact that many employees thought their employers are more permissive [regarding the use of consumer technologies in the office] than the employers actually are. Communication anyone?

Born Digital

Anyone born in the last 15-20 years was “born digital”. By this I mean they grew up in a digital world learning the use of these technologies very early on. Now as adults graduating with the degrees companies need, they demand more. To attract and retain this new breed of qualified and desirable employee, you have to give them an environment they want to work in. A much less restrictive environment where facebook is allowed and a device can go from retail shelf to corporate office very quickly.  It's time to kiss that iphone and hug that iPad.

What is a company to do?

Standing in front of this train won’t do you any good. You will have to find a way to cope and manage this situation. 

  • As an IT executive, your first priority should be security. Instead of protecting the corporate perimeter, you will have to figure out how to protect individual pieces of corporate data. How do you ensure secure deletion of data if the employees leaves the company [with his device]?
  • Who is responsible for backup up the device?
  • How will you manage and support employee devices in your corporate environment. Most companies are ill equipped to support a large range of non corporate (non-standard) devices. It’s time to get creative with your support teams or your outsourcing support provider.
  • The employee needs to understand how much and what type of support you will provide for their device. Are their situations when they should contact the manufacturer instead of corporate support.
  • Unisys expects companies will experience a four-fold increase  in transaction load with the introduction of these consumer devices and applications. What would that do to your cost model?
  • Modernize your IT portfolio to more closely match the computing experience your employees are accustomed to. Is it time to start evaluating a corporate tablet? What about WIFI everywhere so employees can connect their devices to the internet and “get work done”? How do you feel about allowing Facebook and Twitter in?
  • Setup an employee advisory committee to learn what they want, how they want it and also what they don’t want. Use this group to test different scenarios.
  • Pilot…pilot…pilot…. Whatever you come up with should be testing with a pilot group. Start will a small group of power users and then slowly grow the group to less technical users. Iron out all of the kinks.

You need clear and concise policies employees can easily find and understand. Your policies should clearly explain:

  • Which devices your support
  • The process to add new devices to the supported list (and associated lead time)
  • Which consumer applications are authorized for use
  • Which consumer applications are forbidden for use (and it is good practice to explain why)
  • The process to have new apps added to the authorized list.

 And last but not least, GOOD LUCK CHUCK! It will not be easy but the effort will be worthwhile. Use your network of contacts to "get a feel" for what other companies are doing and how you can leverage this information.

"What is the next action" may be the most powerful question you can ask

In a previous article, I wrote about the wondrous power of implementing “Getting Things Done” as explained by David Allen. One of the most powerful tips it teaches is the power of asking “What is the next action” for each and every project on your to do list. 

It is a powerfully simple question that can be transformative if systematically implemented. For those that do not know GTD, here is some background information you need to understand the power. 

Anything that requires more than one action to complete is defined as a project in GTDland. So the first thing to understand is that you cannot do a project. You cannot “replace muffler”. “Replace muffler” is a project and has multiple action steps to complete. The breakdown can be something like this: 

  • Call 3 garages to get estimate
  • Determine cheapest option
  • Call to book appointment

Most people have dozens of these types of projects on their to do list that often seem to be stuck because they are not broken down into actionable steps. Most smart people get overwhelmed when you ask them to break down a project into individual actionable steps. They worry that they may forget a step or get one in the wrong order so often they avoid doing the breakdown and simply leave it in their to do pile. 

GTD simplifies the process by asking you to only define the very next action item to move the project along. Ask yourself “What is the very next action I have to take to move this project along.” All you have to do is the very next action item. Don’t try to create an exhaustive 25 point breakdown or you will overwhelm yourself. 

During your next team meeting, 20 minutes before the planned end, force your team to answer the question “What is the very next action item we need to take to move this along” (ensure someone owns the action of course). You will see a flurry of discussion much deeper than previous discussions. This question will force the team to think in a more action oriented way and will lay accountability in a clear and unambiguous way. 

Even if you have not implemented GTD in your life, I recommend you implement the above process immediately. Many people have called it transformative. It seems too simple to be effective but I guarantee you will  be surprised.

5S is an easy Japanese philosophy to improve your work environment

My current employer is committed to achieving excellence and empowers its employees with simple yet powerful work strategies. One of the tools we use is called the 5S. It comes from the management practice of the Japanese giant Toyota and each of the 5 guiding principles start with the letter S: 

Seiri – Means to sort. It mandates that you get rid of anything that is underused or not used. It allows your employees to work in a clean environment with less distraction.

Seiton – Means to straighten. This is the mandate to streamline. The old adage of “A place for everything and everything in its place” is a great description for this step.  

Seiso – Means to sweep or shine. This is the concept of maintenance.  It is the principle of keeping the work area (and equipment) clean and tidy. Would you rather work in a pig pen or a clean office? The 5S process does provide some guidance and recommendations but feel free to extend it beyond these simple examples: 

  • Ensure adequate lighting in all work areas
  • Repair all work equipment
  • Clean work areas including floors, walls. ceilings, windows
  • Implement processes to minimize dirt (i.e. taking boots off at the entrance)
  • Conduct maintenance for work area and equipment 

Seiketsu – Means to standardize. This allows more people to do the same process thus creating redundancy. It also allows people to undertake more tasks since things are documented and easier to explain.  In this case, standards may apply to all aspects of your business including: 

  • Procedures
  • Processes
  • Work methods
  • and more 

Shitsuke – Means discipline. It is the step that 

  • Ensures people practice the rules
  • Form good habits
  • Look for opportunities to improve 

Getting Things Done may be the most important business skill

From a very young age, I realized that if I really wanted to succeed, I had to be smarter, faster and better than everyone else in my field. I have spent thousands upon thousands of dollars on training products and seminars.

When working with younger professionals, the question I get asked most often is this : “What do I consider the one most critical skill required for success in business”. This is a great question and the answer is simple, learning a technique that allows you to GET CONTROL of your to dos. Notice I did not say time management because the minute something unexpected happens, most time management strategies go down the drain. I am talking about a system that allows you to always stay in control of all of your commitments. 

I have bought dozens of time management training products and attended even more training seminars. Nothing has proven more effective than “Getting Things Done” as taught by the master himself, Mr David Allen. 

The Stuff factor

In his first book, David defines stuff as “anything you have allowed into your psychological or physical world that doesn’t belong where it is, but for which you haven’t yet determined the desired outcome and the next action step.”

Stuff can be anything from buying groceries to preparing the big merger plan. If your system forces you to keep this “stuff” in your head (which most people do) then it is likely causing you undue stress and keeps popping into your conscious mind at the worst possible time. Have you ever been lying in bed at 2am and all of a sudden get a “to do” pop-up in your mind?

Because most people keep this stuff in their heads, they really don’t have a good way of conducting a full inventory of their “open loops” (aka all of the stuff you promised to do) and usually work on the latest and loudest item.

GTD

GTD is not a product. It is not a computer software that manages your time. It is a strategy that helps get stuff out of your head and into a trusted system where it can be captured, evaluated and prioritized.

In GTD a project is anything that takes more than one action to complete.

To really appreciate GTD, buy one of the books, CDs or DVDs. I guarantee it is worth the money and your time.

To introduce you to it however, here is a Coles Notes version:

  1. Collect all of your action items
  2. Process what they mean and what to do about them
  3. Organize the results in a trusted system
  4. Review
  5. Do

 Ok… here is a little more detail:

  • Identify all of your open loops (action items you have agreed to). This takes anywhere from  1 hour to several days, depending on how badly you have been managing your tasks.
  • Track each project on a project list. For each project as yourself 2 questions: What would be the successful outcome to this project and what is the very next action you need to take to move this project along.
  • The 2 minute rule. Any action that takes less than 2 minutes to accomplish should be done immediately. Filling it for later evaluation would take more time and “Getting Things Done” is empowering.
  • Cleanup Determine if there are things on your list that no longer need to be done and cross those off. Maybe you missed some deadlines, it’s ok. Just cross those off. Are there any actions that should be done by other people, make sure you transfer those (determine if you need to keep track of these or can just transfer and forget).
  • Contextualize your stuff. For each action, determine what you need to get it done. As an example, you need a phone to return phone calls for the context would be @Phone. To send emails, you need to be in front of a computer so the context would be @Computer. By contextualizing your actions, you can determine what to do regardless of where you are.
  • Create a “waiting for” list. Everything that has been delegate but must be tracked should be on this list.
  • Weekly review. Once everything is categorized and in your system, conduct a weekly review to make sure everything is in tip top shape. It is the time to gather and review all of your stuff. Update your lists.

The Power

GTD means everything is written down. I mean everything. The minute I take ownership of an action or project, it get’s written down on a piece of paper and put into my inbox. Once a day (usually in the morning), I process my inbox and ask myself the key questions:

  • What is the item ?
  • Is it actionable

If not actionable then:

  • Is it trash
  • Put in the Someday/Maybe file (i.e. something without a fixed timeline like getting a degree)
  • Stored in my reference system

If it is actionable then

  • What is the very next action item
  • Who should do it?
  • Does it take less than 2 minutes? If so do it now. Otherwise add it to one of my task management lists and track until complete.

By having everything in a trusted system that I know I will keep coming back to, my mind is in a state of clear. I am always confident that I am working on the right item at the right time.

GTD is not software

 This is worth repeating. Dozens of products claim to be GTD compliant but David Allen doesn’t really endorse any of them. He believes that there is no perfect GTD system yet and that the important is to implement the system. He actually recommends starting with paper for most people.

Call to action

I hope you can feel the enthusiasm I have for this system. It is so empowering to know that you are in control and not a victim. I recommend getting the book and going through it. It is well written and easy to understand.

Like any other learned skill, GTD will take time to properly understand. You will likely re-read the book (or sections of it) a couple of times. You will periodically fall of the bandwagon and David provides guidance on how to get back on the horse.

 

 

How to handle a "crappy job"

One of my first articles was entitled “the YOU brand” and is still one of my favorite articles.

I strongly recommend you read it as it has helped many people change their approach to career management. I will assume you read it and accept the premise that you are selling your services to your company in exchange for salary, benefits and working conditions.

What happens if you are in a “crappy job”? Crappy can mean different things to different people. For some it means no work-life balance. For others it means sub-par pay. For others it may mean lack of career progression. Regardless of what it means to you, what do you do?

You are not responsible for being in a “crappy job”, you are responsible for staying in it.

As a consultant selling your services to your company, you are responsible for your career and all its qualities/deficiencies. Ultimately the decision to stay in the “crappy job” is yours and yours alone. Remember that there are always options and that you should manage your career like a business. If the conditions are no longer favorable, switch positions, departments or companies. If you don’t have the skills or experience to switch right away, make a plan and follow-it. 

Remember that the best investment you can make is in yourself.

 

 

 

So you hate change?

 Change makes people uncomfortable. They feel anxious, overwhelmed and just plain scared. Change means you have to deal with the big unknown instead of the warm and comfy day-to-day routine you have gotten used to. 

The only constant in business IS change”. Re-read that sentence and repeat it at least 10 times a day.

The days where you joined a company out of school, worked for 40 years and retire are long gone. As the rules of business change, so do the qualities demanded by employers. Instead of hard work and dedication, they want passion, creativity and self-management. 

It’s time for an honest self-assessment. Are you ready for the new world of business?

 

Negotiating with a "bad" counterpart

Most of our negotiations with vendors should be amicable and balanced. Once in a while though, you come across a vendor that simply does not want to partner and only sees you as an additional revenue stream. For these rare cases, you sometimes may need to resort to extra-ordinary measures to regain control of the situation.


Take a Step Back

In most situations, if a vendor “feels” that they have won the business even before the official terms are negotiated, they may decide to take a hardline stance. Often times, this is a direct result of a business unit deciding on a product before final terms [with the vendor or reseller] are negotiated.

  1. The first step is to take a step back and re-assess the decision. Can another product or products meet this requirement? If the vendor realizes that you are considering other options, their position may soften.
  2. Another option related to the above point is to work with your internal teams and determine if the requirement can be pushed back or changed. If the vendor sees that the opportunity may be indefinitely delayed or lost, their position may soften.
  3. You may want to go back to the RFI/RFP step. This will give potential vendors a chance to propose alternatives you may not have considered. It also shows the problematic vendor that you are willing to “play ball”. It is important to clearly communicate your requirements. If none of the vendors met the minimum requirements, it is important to let them know this and what they must meet to be considered. Vendors can be very creative.


Use standards to your advantage


Most products or services can be procured from various sources. In an effort to drive up revenues and create differentiation, some manufacturers/resellers try to convince customers to start using the customs features of their products. Commoditization is a customer’s biggest ally. Any time a customer accepts to use and implement vendor specific features, they strengthen the vendors stronghold and may allow it to charge higher prices or force less than optimal terms.


Customers should always try to use standard commoditized products as much as possible. If something has already been implemented and is preventing a commoditized comparison leading to fair competition, the customer should ask themselves whether they can move to the standard feature sets (accepting a slight drop in performance or features).


Another part of this exercise is to work with the operational staff to determine the switching cost of various alternatives. This exercise sometimes shows that the additional cost of switching to another product is better than locking the company into a less than favorable agreement. Other times the company may accept a slight reduction in performance in exchange for removing a product from the IT portfolio.
 
When working on RFI/RFPs, it is important to always provide your exact requirements (functional, operational, etc) and then ask the vendors to find the least-expensive (TCO not only ICA) way to meet these. Often times this will allow the vendor to propose a better solution that also is mutually beneficial.  In line with this approach, it is good practice to force vendors to provide TCO estimates and challenge them to find ways of reducing it. You can make them financially accountable for reducing TCO by offering them more business as a reward.


Cancel the contract


Unfortunately you will encounter situations where the previous recommendations simply do not work. Although these situations should be rare, you may be forced to take more drastic measures.
If the vendor continually negotiates in bad faith and every other avenue has failed, you may be forced to simply terminate all contracts with that vendor. [It is important to ensure that all contracts allow for termination for vendor underperformance].

This sends a very strong signal to the other party.
In addition to the above, you may want to terminate all maintenance contracts. These are extremely lucrative for most manufacturers and losing this sends a very strong message. You may want to move from a maintenance contract to a T&M agreement. You may also switch from maintenance from one provider to another until the original vendor comes back to the table or you find an alternative solution.

Use competition
Fierce vendor competition always benefits the customer. Often times, vendors will come up with creative ways to meet your requirements. Remember that competition can be re-introduced at any step in the negotiation process. But do not bluff. Make sure you are prepared to follow though on your thread if the vendor calls your bluff.
 
Sometimes it may be worthwhile to investigate Software as a service if your issues are with a traditional software provider. SaaS is often a very price competitive approach since:

  • There is little to no upfront CAPex investment
  • SaaS providers are competing with the traditional server based vendors and are otten prepared to go the extra mile to win business.
  • Moving to a highly standardized SaaS offering may force you to re-evaluate you  true absolute requirements and may lead you to save tones of money by dropping custom modules.

 
Use their weakness

Our only goal is to secure the best possible outcome for your company and as such, you may want to use this approach with existing vendors. Go through a vendors complete performance record and determine if there is “unsatisfactory performance” which could lead to termination of contract, activation of penalties or loss of goodwill.  Often times this may serve as a good wake-up call to the vendor.

Do some homework and determine the vendors weak points and or pain factors. This may be the loss of a key logo ( account), bad press, loss of important revenue at the end of a month/quarter/year, etc. It is important to constantly check-up on your vendors market position and financial status. All of these can be strong negotiation points.

Conclusion
All negotiations should be performed in good faith. The techniques described above are measures of last resort and they may harm the long term feeling of partnership.

Are you generating value for your company or you?

In past articles, I have written about the new reality of work where, regardless of your title or work agreement, you are a service provider selling YOUR services to your firm. You company is NOT buying 40 hours a week but rather your specific skill-set.

The next reality I need you to accept is that job security no longer exists. Whether you are a contract employee or an old timer, your job is only as secure as the value of your skills.

When you accept the above two statements, you will be much happier and you will have a different perspective of your job and the value you create.

Personal value creation comes in 2 flavors, portable and non-portable.

Portable value includes everything you can take with you when you leave your current job. Examples include:
  • Contacts you have made
  • Specialized but transferable knowledge you have gained
  • Industry reputation you have built

Non-portable value includes company-specific values that would be worthless anywhere else. Examples include:
  • Using a proprietary in-house application
  • Learning skills that are only applicable in your current company
 
Take 10 minutes and take a personal inventory of everything you have picked up in your current job. If you were to leave today, what portable value would you take with you to make yourself more valuable in the market?

When I perform this activity with my teammates, most are surprised at how little portable value they have created. By understanding this distinction, you will be able to spend your valuable time more wisely generating a bigger bang for your buck.

The PC is dead. Long live the iPad.

Top tech analyst firms, Gartner and IDC, are both reporting that the sale of personal computers dropped for the first 3 months of 2011. It seems this is another trend was able to break. It was able to grow its sales and market share (compared to a year ago). Although the increase is different depending on the firm you choose, it is somewhere between 8.5-9.5% (compared to 7% last year).

Could this be the slow and painful death of the traditional PC lead by the tablets? It is too soon to tell but things could definitely get very interesting.

Peter’s Principle – Promoted to your level of incompetence

Dr Laurence Peter and Raymond Hull wrote an interesting book entitled The Peter Principle (in 1969). The basic premise is that employees are promoted as long as they work competently. This cycle eventually leads to a promotion above their “level of competence”.

Interestingly, we have seen Peter’s corollary “in time, every post tends to be occupied by an employee who is incompetent to carry out their duties”. The concept of managing upward is the science of managing your incompetent boss to limit possible damage.

Business Life

If you have spent any amount of time in the business world, you have undoubtedly met a manager whose promotion can only be explained by this theory. As a manager, you have to take a step back and try to find a way to minimize the impact of these “useless people” in your organization.

The most humane approach I have seen is to ensure a person has the required skills and habits before promoting them to the higher position.

In the most extreme case, a company may implement an “up or out” policy in which each employee has a given amount of time to move up the chain of command, otherwise they are fired to allow subordinates (potentially more qualified) to move up.

Real world logic would dictate that your position should be somewhere in the middle. Document the requirements for any senior position and identify the required, nice to have and not required skills. Ensure that all of your potential candidates have or are close to obtaining the required skills. As for the nice to have, you will have to work at educating and coaching the candidate until they achieve mastery of these.

The other potential scenario is that the person is already in a senior position. First you should have a periodic 360 degree performance review which anonymously takes into account feedback from subordinates, peers, superiors and customers. This is a great way to ensure you are being provided an accurate picture of the person. If weaknesses are identified, determine if they can be remedied through education or coaching. Does the person have the propensity to improve and meet the requirements? If not, either demote the person or lay them off. Ultimately it is management’s fault for promoting the employee to their level of incompetence and measures should be implemented to prevent it from occurring again.

Are coupons an efficient marketing tool

From newspapers and magazines to flyers and pamphlets, coupons are everywhere. They have become so popular that “coupon clipping” is now a hobby. Putting aside the thrill of saving money (sarcasm intended), is the cost worth it for the retailer or manufacturer?

Risk Sharing

Using your friends and neighbors as your own personal test subjects is always a lot of fun. Recently a new Greek restaurant opened in my area. The decor looked simple but elegant and their menu appealing. I have gone to too many “bad” restaurants and I simply wasn’t in the mood to risk going to another one. But I started thinking about what would make me try this new place? After all, if I liked it, I surely wouldn’t mind paying their moderate prices. It is when it dawned on me, a coupon would have made the decision to try them easier. In my particular case, not out of a desire to save money, but as a risk sharing mechanism. If I go and dislike the experience, at least the cost of the experiment would have been acceptable. If I liked it, they would have made a new customer who, in the future, would be willing to pay full price.

Determine if leveraging coupons as a risk sharing model makes sense. If it does, then this may be an excellent and cost effective marketing vehicle.

Hello World

Some companies use coupon distribution as a way to generate awareness of their business or offering. This one is a maybe. Any marketer will tell you that a standard coupon redemption rate is between 2-4%. There are many reasons why the response is so low, but getting visibility in the pile of other coupons may be one of them.

It is true (and I will write about this in the future) that you must constantly be in your customer’s line of sight but you will likely realize this was a waste of time. Spend your money on other marketing channels.

The Zero-Sum game
A zero-sum game is any market where your gain is someone else’s loss. This applies to markets where the number of new potential customers is slim or non-existent. Customers buying a prepackaged loaf of bread in the supermarket may be zero-sum in certain markets. Most customers will walk in and buy whatever is cheaper or appealing that day.

Are coupons for these types of products effective? No. Although manufacturers will continue to offer them hoping to build enough familiarity to create long-term customers, in the short-term, it’s not worth the investment. If you are in this type of a market, try differentiating yourself instead of cutting your prices. In the sliced bread example, companies know that kids prefer white bread but that parents want the wholesome goodness of whole grain bread (brown). So some companies have decided to create white bread with the added goodness of whole grains. This is a much better strategy than simply trying to buy a one time customer with a coupon.

Think differently
If you decide to implement a coupon marketing strategy, be different and measure. Whatever you do, find a way to differentiate your coupon and make it stand out. It doesn’t matter if it is oversized, colored in pink or jumps out at you when you open the paper, be different to get attention.

Once you determine the best vehicle, measure it as granularly as possible. Run statistics to ensure you are targeting the right people, at the right place, at the right time with the right promotion.

Honest Tea: The Most Honest City In America

 

Honest Tea is a competitor to the Snapple brand in the United States of America. They conducted a brilliant marketing campaign and social experiement. It was so original I wanted to share it with you.

They wanted to see which of the major US cities was the most honest. They installed un-manned racks of their product and asked people to voluntarily donate a dollar per drink. The experiment was filmed and the results were tabulated.

Watch this fantastic experiment and campaign unfold.

 

When group decision making goes wrong

Every time I am asked about decision making, I remember a mantra one of my earlier bosses use to chant all the time A company is not a democracy . Many modern managers have taken the completely opposing position of managing by consensus.

Personally, I believe that there must a be balance in all things and this is no different. For those times when a group decision is required, when is the group too big? Marcia W Blenko, Michael C Mankins and Paul Rogers wrote an interesting piece called Decide & Deliver: 5 steps to Breakthrough Performance in Your organization . An interesting statistic that they present is that once a group exceeds 7 people, each additional person reduces decision effectiveness by 10%.

The math is powerfully simple. The next time a group decision needs to be made, I guarantee you will see it in an entirely new light.

How to build a real business partnership

Spend enough time in the business world and you will soon be overwhelmed by the number of useless and meaningless catch phrases. Most of the time, they are best described as verbal diarrhea.

Many consider the term partnership (sometimes called strategic alliance) as one such term. Let me respectfully disagree. A well thought out partnership can yield huge synergies for both parties but it is a fickle and fragile creation.

If you too are a believer in the value of partnerships then the next logical question is how do you make it work?

Equal value: In order for a partnership to work, both parties have to bring equally significant value to the table. If one party is hoping to syphon value from the other, then this is no longer a partnership but rather a parasitic relationship where one gets the value and the other walks away empty handed.

Dependence: If the above condition holds true, then both parties see a clear need to uphold the partnership. The value must be great enough for both parties to feel interdependent. The parties succeed together or fail together.

Investment: Companies are driven by activities that increase their value. The only time a partnership makes sense is when each party has a gain in the other’s success. The success of one must translate into value creation for the other.

Transparency: The cornerstone of partnership is trust. Trust in the good will of the other party and trust that the agreement is just. A sure way to break that trust is to hide information. It is critical for both parties to operate transparently (when it relates to the partnership). In the most successful setups I have seen, each company has placed its own employees in the other’s company. These “foreign” employees are embraced and quickly accepted as part of the team.

Integrity: In line with transparency is integrity. Integrity is a must. It must be the driver behind every decision. Those who have worked with me know that this is one of the points I am absolutely committed to. Always lead with integrity.

I have seen countless situations where partnerships have yielded huge benefits for both parties. In one instance, a customer worked with a parts manufacturing supplier to optimize the supplier’s processes (improve yield, reduce waste and improve their overall profitability). In return, the supplier granted the customer a percentage discount for every additional dollar saved or earned. Both parties walked away with more value.

Take the time to think about possible partnerships in your business. Who can you add value to and who can add value to you?

Cloud computing may be better for the environment

Open any business magazine and you will be bombarded with the words “Cloud Computing”. It is the buzzword of 2011 and something your company will likely consider for point solutions. In simple terms, cloud computing is computing on demand. Like electricity, you pay for what you use without having to worry about any of the back-end magic (hydro-electric dams, generators, transmission lines, etc). When you flip the switch, the service just works.

Popular Cloud providers are Google (with their Google Apps), Microsoft (with their office 365), SalesForce.com (with their online CRM solution), etc.

Microsoft, Accenture and WSP recently released a report that compared the environmental impact of running your business solutions in-house versus using a cloud-based provider. They found that by outsourcing a company’s applications to a cloud provider, the environmental impact can be reduced by as much as 90% (energy usage and carbon footprint).

Knowing that IT accounts for 2% of worldwide energy use, this may be a welcome revelation to environmentally concerned executives. They identified energy usage savings as follows:

  • Reducing excess capacity (unused capacity)
  • Flattening peak loads
  • Employing large scale virtualization
  • Improving data center design.

Microsoft’s Chief Environmental Strategist (Rob Bernard) has a great analogy.  He compares cloud computing to mass transit. One bus equals 50 cars on the street. Same concept with cloud computing.

An interesting conclusion I want to point out is that the largest customers had the smallest benefits. Companies with 10,000 + users had benefits in the range of 30% while companies with around 100 users saw a 90% environmental impact reduction.

There are other concepts companies can use to reduce their environmental impact while improving productivity such as teleworking. I recently wrote an article about implementing a successful telework program and I strongly recommend you read it.

The conclusion is to investigate where Cloud Computing may fit in with your business plan. Shedding non core responsibilities means you have more resources (time, money and expertise) to concentrate on your core business while outsourcing the non-value generation part. Imagine if each company had to figure out how to generate the electricity it needed? How much value would that sap out of your business?

Your project teams may be hiding problems and negative information

An interesting article was published in the Journal of Applied Social Psychology Volume 41, Issue 2, pages 401 428, February 2011.

It is clearly demonstrated that as a project get's closer to completion, decision makers are more likely to conceale problems that may jeapordize it.

This interesting work was undertaken at George Washington University using undergraduate students.

The crux of the analysis is that a 90% complete project meant that 81% of decision makers were likely to hide nagative information or problems. In contrast, a 10% completed project only showed a 37.5% "information hiding" rate.

We all know that information is key to succeddfully delivering projects (on time, on budget and to specifications). How does knowing the above information change your view about project management? How can you mitigate this risk in your environment?