Wednesday, July 16, 2008

Hardwiring Disk Encryption for Extra Protection

Industry analysts believe that security is no longer the number one priority. Security has been displaced by topics like business intelligence and performance management. Bear in mind though that all this means is that security remains a concern but just not number one.

Indeed Gartner’s 2008 survey of CIOs point to security as 6th in importance from a technology perspective and not in the top 10 from a business perspective. And yet we continue to read reports about security.

According to the Privacy Rights Clearinghouse (PRC), a nonprofit consumer organization in the US, there have been a total of 230,454,030 records containing sensitive personal information have been involved in security breaches in the US since January 2007.

“With industry reports estimating 700,000 laptops stolen every year and the associated costs reaching $5.4 billion, organizations face a clear and pressing security threat,” said Christopher So, General Manager, Volume Products Division, Fujitsu Hong Kong Limited.

Where should security start? Should it be at the servers that run business-critical applications? Should it be at the device level that houses the behavior of its owner? Should it be on the Web where a vast major of information flows today? Or should it be down to the individual components that make up the technologies we use today to make life simple and complicated at the same time?

There are those who believe that security must be deployed across as wide a spectrum of data entry points as possible. Some vendors have been working to integrate security measures down to the firmware that makeup part of the embedded intelligence in computing devices.

I recently spoke to a security expert who noted that no matter how many times you delete a file on a hard disk or portable memory media like a USB thumb drive, there is software available that can recover the data. The hour-long debate on what constitutes the protection of information boils down to using data encryption technology to keep confidential information private.

Data encryption falls under three broad categories: data-in-transit; data-in-use; and data-at-rest.

Encryption of ‘data-in-transit’ protects information as it moves from node to node across local networks, wireless networks and the internet. There are a number of widely adopted standards for this type of encryption, including SSL (Secure Sockets Layer), TLS (Transport Layer Security), and IPSec (Secure Internet Protocol). Encryption of data-in-transit prevents thieves from intercepting or ‘sniffing’ sensitive data traffic as it travels the network.

‘Data-in-use’ refers to data being accessed or processed by applications or databases. Efforts to secure data-in-use include digital rights management (DRM), content management and content filtering technologies.

‘Data-at-rest’ (‘DAR’) refers to data in computer storage (and excludes data temporarily residing in computer memory). Examples include data stored on a computer hard drive, a database on a networked server, and files copied to a USB drive. The recent stories in Hong Kong about theft of information via USB drives point to the uncontrolled proliferation of USB drives within enterprises.

There are 2 fundamental means of achieving encryption for data-at-rest. The simplest method is to encrypt individual data files and folders. A more comprehensive approach is to encrypt the entire storage media.

“Disk encryption, has emerged as the ‘best practice’ for protecting data-at-rest on endpoint devices – desktops, laptops, and removable storage media. By encrypting data at the sector level, full-disk encryption provides the most comprehensive safeguards in the event of the loss or theft of an endpoint device,” says Adrian Chua, Sales Director Asia Pacific for WinMagic.

Kelvin Lim, regional manager for South Asia at Check Point, notes that with disk encryption, a user will not need to employ file encryption on a file-by-file basis, and still obtain complete data integrity and security.

“Disk encryption renders the information on an entire disk unreadable to unauthorized third parties without the credentials. Disk encryption removes the security decision from the end user, ensuring compliance without any form user interaction or training,” Lim adds.

As employees become more mobile the incidence of notebook theft (and subsequent data loss) has been on the rise. While few organizations agree on the dollars lost associated with these theft.

David M. Smith, associate professor of economics at Pepperdine University in Michigan, believes there are three cost components associated with data loss: cost due to technical services, lost productivity and the value of the lost data. Together, this amounts to US$3,957 per incident. Click here for additional details on his findings.

Hard disk vendors like Seagate and Fujitsu have added encryption into a number of their products. Seagate partnered with encryption specialist WinMagic to provide additional protection for some of its Momentus hard drives.

Fujitsu introduced the world’s first 256 bit advance encryption standard (AES) technology offering secure, highly automatic hardware encryption at the drive level.

The built-in AES automatically encrypts data when writing to the hard drive and decrypts during read process. The Fujitsu FDE implementation also includes an advanced secure erase feature to help reduce risks associated with re-using hard drives.

Security, simplicity and ease of use are what users and IT managers expect of technology today.

For example the Fujitsu MHZ2 CJ drive series creates a simple-to-use and virtually impenetrable data lock down, with no encryption keys remaining on the machine when it is powered off. “The data on the disk drive remains inaccessible without the password, delivering advanced protection for the organization owning the machine, and the critical data for which they are responsible,” said So.

But in case you think that FDE is the answer to all of your encryption needs, there are those who think otherwise.

Chua cautions that full-disk encryption is not suitable for applications. File, folder and container encryption (collectively ‘FFCE’) extend cryptographic safeguards to shared files and folders on departmental servers and other common storage media.

“FFCE offer protection for data files in transit (e.g. e-mail attachments) as well as additional security against internal threats. Issues surrounding the protection of sensitive data or personal identifiable information (PII) are complex,” explains Chua.

In today’s age of community-based hacking and relentless threats coming from every conceivable route, data encryption should be part and parcel of an organization’s overall security policy.

Tuesday, July 8, 2008

Why ISO 14001 is relevant to a sustainable initiative

No one can be quite certain about the date of the “sustainable” revolution but it can be argued that the turning point came after Al Gore won the Nobel Peace Prize for 2007 for his work on Climate Change. Of course I am referring to the documentary film (docufilm): “An Inconvenient Truth”.

These days it is almost uncharacteristic of any company – big or small – not to have a program that addresses (or claims to) the issue of sustainable best practices or environmental friendly processes.

Within the IT community, I’ve seen my fair share of announcements among IT vendors of their “green” plans. I’ve spoken to a few senior executives who are more than happy to share their view as to what their companies are doing in terms of green. And you know what? I am still a skeptic because I’ve seen enough vaporware-type initiatives that get announced with a lot of publicity but no substance to back it up.

So it’s refreshing to know that there are a few companies that have embodied a green initiative quietly, internally, long before the Al Gore docufilm.

The Fujitsu-Way

Take the case of Fujitsu, a Japanese company specializing in semiconductors, computers, telecommunications and services. Historians claim that the company started its road to green in 1935 at the behest of its founder, Manjiro Yoshimura.

Although its green initiative wasn’t formalized until 1992, the company started deploying environmental control systems across its factories as early as 1972. (click here for a list of environmental activities) The company’s “Green Policy 21” provided the basis for the creation of environmental management system (EMS) framework which today offers a common management structure to deal with environmental regulations.

However, “Green Policy 21” is not restricted to Fujitsu’s internal operations. It has been extended to include business partners and suppliers that form part of the company’s supply chain.

Fujitsu joins the ranks of over 130,000 companies worldwide that have achieved ISO 14001:2004 certification since the standard was first published in 1996. Fujitsu achieved worldwide ISO 14001 certification in March 2006 with an EMS framework encompassing over 126,000 employees.

ISO 14001 – the guidepost of all things green

ISO 14001 is concerned with environmental management. “This refers to what an organization does to minimize harmful effects on the environment caused by its activities, and to achieve continual improvement of its environmental performance,” said Alan Bryden, ISO** Secretary General.

Why ISO 14001? Apart from recognition that the company has a “green” policy, what does a company gain from being certified?

Bryden notes that there is mounting pressure worldwide from both private and public sector to show responsibility towards the environment. “An environmental system based on ISO 14001 provides a structured, systematic approach which is internationally recognized,” adds Bryden.

ISO 14001 is a process-based, not a performance-based, standard. The focus is on establishing internal policies, procedures, objectives and targets. It is not a one-off project but one that calls for continual improvement.

According to Russell V. Thornton, manager of environmental certification for Det Norske Veritas (DNV*), ISO 14001 does not explain how to achieve goals, nor does it quantify a necessary level or type of performance improvement. Compliance with applicable laws is mandatory, but the use of the standard is voluntary. Self-declaration is an option.

Thornton says “certified companies report increased operational efficiency, marketing advantages, more organized or systematic regulatory compliance, greater regulatory flexibility, and community recognition. Certified companies have identified financial benefits, such as improved stock value, and have experienced some reduction of trade barriers”

The pressure to pursue a green initiative is not always voluntary. IT vendors are increasingly under pressure by their enterprise customers to be seen as green or faced being left out of the list of accredited suppliers.

“Over the past few years, environmental regulations on products have become stricter in Europe and other regions of the world,” said Atsuhisa Takahashi, President, Corporate Environmental Affairs Unit at Fujitsu. “Recognizing the importance of having a common management structure to deal with environmental regulations, Fujitsu took the initiative to obtain integrated ISO 14001 certification.”

“Within the next few years it may not be possible to conduct business in most of the world unless you can prove your ‘green’ credentials,” says Bob Hayward, Director of IT Advisory at KPMG.

Hayward notes that being green is seen as a competitive differentiator. “Many organizations are prepared to pay more for green products and services, since in the long run this will save them money,” he adds.

As an industry that has long been accustomed to hyping new capabilities, one would wonder if this ‘green’ initiative among IT vendors is nothing more than a fad.

Hayward believes that vendors like Google, HP, Dell, Microsoft and Fujitsu have embarked on major programs and investment to design, build and deliver more environmentally-friendly products. Pursuing a green initiative is neither trivial nor cheap. It’s a commitment with serious investments involved.

For example, Fujitsu invested 19.43 billion yen in FY2007 on a range of green initiatives including pollution prevention, global environmental conservation, R&D and environmental remediation.

The certification has strengthened corporate governance for the entire Fujitsu Group by enabling the systematic collection and sharing of essential information as our supply chains expand rapidly worldwide. “With a stronger governance system, we are more effective at implementing environmental measures such as fighting global warming, eliminating the use of hazardous substances in our products, and building product recycling systems outside Japan,” adds Takahashi.

Can you sell green without being one yourself?

Phillip Sargeant, Managing Vice President for Gartner reckons it is possible but IT vendors that have themselves deployed a green initiative have a stronger story to tell to enterprise customers looking to understand how to design, build and deploy a sustainable or green initiative.

The right approach to green

You can’t be green unless you are willing to spend some “green” (bucks). Like all other certification exercises ISO 14001 doesn’t come cheap. “If the sole objective is to obtain a certificate to hang on the wall, then the cost may indeed be high and the organization may well find that the certificate is not the passport to business which it imagined,” said Bryden.

Sargeant worries that green equating green solely on energy savings – in other words, saving money. It is much more than that. “Green can be associated with recycling, better supply chain management, better use of technology to reduce overall operating costs – such as using telepresence technology in favor of physically travel to conduct business meetings,” says Sargeant.

Cost savings should not be the be-all and end-all of a green initiative. “Going forward, they need to give thought to sustainability. Organizations need to change their mindset from simply saving dollars to being able to do something for the rest of society – social responsibility. A lot of organizations are not yet there,” adds Sargeant.

Bryden concurs and offers his thoughts.

“If implementation, with or without certification, is seen as an investment on which there should be a return, then the cost can be balanced against savings made in the use of materials, energy and transport, reduced waste. Whether or not an organization implements ISO 14001, it will become more and more difficult for the management of organizations to ignore environmental issues – and such ignorance has a high potential cost,” concludes Bryden.


* DNV is a supplier of accredited management systems certification services worldwide.

** ISO (International Organization for Standardization) is the world's largest developer and publisher of International Standards with a network of the national standards institutes of 157 countries, one member per country, with a Central Secretariat in Geneva, Switzerland, that coordinates the system.

Tuesday, July 1, 2008

Rising PC adoption is translating into higher software piracy rates in Asia

Software piracy remains the scourge of many a software vendor. Through the efforts of lobbyist organizations such as the Business Software Alliance (BSA) governments in Asia are taking positive steps in reducing illegal software use both at the consumer level and in some cases even at the corporate and government levels.

The recently completed “Global Software Piracy Study” conducted by IDC and sponsored by the BSA commends combined government and industry anti-software efforts in slowing down software piracy. Click here to read the report [http://global.bsa.org/idcglobalstudy2007/]

“However, rapid PC growth in higher-piracy emerging markets translates into an overall increase in global piracy,” said John Gantz, chief research officer at IDC. “We expect this trend to continue, meaning industry and government must increasingly focus their efforts on combating piracy in these emerging economies.”

Leading the industry charge is the Business Software Alliance (BSA) – a a trade group established in 1988 and representing the interests of some of the world's largest software manufacturers.

Roland Chan, Director of Marketing for BSA Asia, claims that the joint efforts by BSA and local government bodies is helping change the perception about the value of intellectual property.

“The success of the awareness building process stems from the close cooperation between the relevant government agencies and the BSA in rolling out marketing program,” says Chan.

What sort of success are we looking at?

In Hong Kong, the BSA worked with the Hong Kong Government’s Intellectual Property Department to launch the Genuine Business Software Campaign in October 2006. Chan claims that the GBSC has resulted in “tremendous awareness being created in the corporate sector of the virtues of software asset management.”

Similarly, in Malaysia, the BSA works closely with the Malaysian Government’s Ministry of Domestic Trade and Consumer Affairs, to conduct enforcement related PR and rolling out marketing/educational programs each year. Likewise in Singapore, the BSA works closely with the Intellectual Property of Singapore to conduct educational awareness programs. In Indonesia, the BSA works with closely with the Police as well as the Directorate General of Intellectual Property Rights.

Asked what remains as the biggest stumbling block to a wider acceptance of IP and significant reductions in software piracy, Chan says there is still work needed to increase appreciation for the role and importance of software as an invaluable productivity tool of a business today.

“It may be obvious to some, but for others, they still consider computers as a productivity tool rather than software. The simple answer is that you need software for a computer to function as a productivity tool. Once there is full appreciation of the role and importance of software, that is when an organization would attach full value to the productivity it brings about, and be better prepared to pay for it,” notes Chan.

The mantra of the BSA hasn’t changed significantly from its early days but the scope of the effort has expanded with the widespread and growing adoption of the Internet.

Chan notes that “Today, with the wide penetration of the internet, the threat of virus attacks is prevalent everywhere with hundreds of new threats introduced each week.” Chan encourages everyone to go to the organization’s website to get a glimpse of the BSA’s range of work.

Two things might change the software piracy landscape in the coming years: Software as a Service (SaaS) and Open Source Software.

In the movie, “Sum of All Fears” a scared and angry American President is playing Chicken with his Kremlin counterpart. In the middle of the war of testorone is CIA analyst Jack Ryan. Seeking to thwart the threat of world annihiliation Ryan communicates to the Russian President using the Internet. The American President ordered his aides to cut off Ryan but was bluntly told that it is the nature of the Internet to be indestructible.

While the Internet has had its glitches, it has found a strong following with business users of all size and shapes. This low cost, highly reliable platform for conducting business is finding new found meaning to businesses in the form of business software sold on a pay-as-you-go model.

Not quite farther away is Open Source software. Once the playground of students and the education community, Open Source software that mimicks many of today’s proprietary software is starting to take root. And someday, businesses will find reliable and low cost or almost “free” software that can run their operations just as effectively as they do today with current generation of applications.

What will work best for your business? Chan advises companies thinking of about what software path to take to do their homework. “Do your research, find the best solutions that fill your needs, and evaluate the total cost of ownership when considering investing into IT,” he says.

“Software is a productivity tool, and the right selection, usage and management will result in businesses realizing maximum productivity and security in their use of IT,” concludes Chan.

Tuesday, April 1, 2008

Organizing for Innovation

Cool factor is high on the list when it comes to perception of innovation. Companies like Apple Computer get high marks for cool factor and have come to be perceived as the cradle of innovation within the computing industry.

Creative designers and engineers dream of developing the coolest new device or solving the most challenging problem in a novel way. Executives and shareholders have grand dreams as well but the realities of business require them to keep an eye on growth, profitability and the creation of corporate value.

In a survey of 125 global companies, Aberdeen found that 82 percent emphasize on growing product revenue and 93 percent on reducing cost. Manufacturers are faced with customers who want products that are innovative and rank high on the "cool factor" scale, but also have a shorter product lifecycle; and lower cost to produce. At the same time, globalization has meant competitors can come from anywhere in the world; and global sourcing means increased design and supply chain complexity. To cap it off, manufacturers are being asked to comply with varying regularity requirements at the countries they do business with.

The challenges to product innovation vary greatly by industry and geography (see Figure 1). Multiple factors are at play in the increased complexity and competition in product innovation. Unfortunately, there is no "one size fits all" solution. The innovation mandate is to produce more competitive products that better meet customer needs in a shorter period of time. And companies have to accomplish this while maintaining or even lowering product cost. The ability to adapt to these new market conditions effectively will determine the long-term winners and losers in manufacturing.

Cost pressure has intensified. Industry consolidation has resulted in a smaller number of larger, more powerful companies in many markets. These companies frequently dictate price reduction on their suppliers and supply chain.

Product lifecycles have shrunk. Knowledgeable customers are demanding innovation, and punishing commodity products with lower demand and profit margins. The result is that product profitability windows have shrunk.

Competition is tougher. Lower trade barriers and broader market reach due to advances in communications have opened up competition. Challenging market conditions have forced companies to improve in order to compete.

Markets and supply chains are globalizing. Many companies are competing in new markets and leveraging low-cost manufacturing from other countries. Companies operate in global manufacturing networks. We also see a shift to global design networks. Products must be designed with multiple markets in mind, complicating requirements and burdening designs with additional regulatory and commercial constraints.

Product complexity has increased. Products are becoming more complex to match customer needs more closely.

According to Jim Brown, Vice President and Service Director, Global Product Innovation and Engineering at Aberdeen "companies are succeeding in enhancing top-level business metrics by improving performance in product innovation, product development and engineering." Manufacturers surveyed reported double-digit improvements in product revenue (19 percent), decreased product costs (15 percent), and reduced product development cost (16 percent) by improving product innovation processes.

Today's leading enterprises are finding new ways to generate innovative product ideas, translate these concepts into compelling products quickly and efficiently, get these products to market quickly, and leverage these for optimal results.

Automating for Product Innovation Success

The increased globalization of markets and networked model of design and manufacturing resources demand strong communication and collaboration capabilities. Contributors in engineering and other disciplines will need tools to help them develop and test designs that were previously unachievable in practical terms with manual methods.

To improve product innovation, product development, and engineering processes, companies need enabling technologies such as product lifecycle management (PLM) solutions. PLM is a strategic business approach that applies a consistent set of business solutions in support of the collaborative creation, management, dissemination, and use of product definition information across the extended enterprise from product concept to end of life. It integrates people, processes, business systems, and information to create an environment in which companies can improve the efficiency of their product development programs.

Companies that have adopted PLM have realized savings in areas such as engineering, product development, time to market, and improved product quality.

CASE STUDY - Jinbei Automotive

Shengyang Brilliance Jinbei Automobile has grand ambitions – to become an internationally recognized automaker within five to ten years. Location in Shenyang, China, Jinbei manufactures light passenger vehicles. Originally designed for the domestic market, Jinbei has set its sight on the global market with expansions into new markets.

To achieve its goal, Jinbei management identified several areas for improvement. To bring new vehicles to market faster and reduce cost, Jinbei needed to streamline the research and development (R&D) process. Jinbei executives wanted better access to product knowledge to improve the quality of their strategic decisions for greater product innovation. Early in the process, the company discovered that it did not have a common platform for product information. Each vehicle model had a program that was independent of the others. Information re-use was non-existing. Lack of part sharing extended the development cycle and increased cost. The paper-based design review process and lack of a formal system for capturing knowledge further contributed to what was perceived as areas of inefficiencies.

Jinbei management realized it needed a PLM strategy to support its long-term development plan. "We needed a leading-edge information system that was not only powerful but also flexible enough to integrate with executive-level information, thereby helping us make better decisions in a highly competitive market environment," says He Tao, President of Shenyang Brilliance Jinbei Automobile.

After evaluating different solutions, Jinbei chose Teamcenter from UGS. Teamcenter offered a comprehensive system for product and process management by capturing, sharing and leveraging product knowledge. This allowed Jinbei to reduce repetitive work, enforce standard practices, and enhance efficiency. Teamcenter supports collaboration and teamwork by connecting people with processes. Its visualization capabilities made product information accessible electronically throughout Jinbei. And because digital product models are more easily understood than drawings, visualization helped leverage product information beyond the product development group.

Teamcenter gives Jinbei management immediate access to critical information such as digital product models (originally authored in Catia, then translated to CAD-neutral JT files in Teamcenter), all product-related documents, including bills of material, engineering change orders, cost data, and quality documents, and the status of workflows.

During the three-month pilot project, a centralized management of product information combined with ease of information access reduced basic design time by 20 percent. This led to a reduction in cost for the pilot project by 5 percent. Parts and information re-use increased by 7 percent, contributing to another 2 percent reduction in costs.

Based on the results of the pilot program, Jinbei expects Teamcenter to reduce R&D time by an average of 10 percent. Programs that involve less than the design of an entire vehicle will achieve even greater reduction in R&D process.

Jinbei's successful three-month pilot program convinced management to extend the benefits of Teamcenter companywide. Already the company plans to involve suppliers and partners in the electronic collaboration, capturing knowledge and creating a company-wide knowledge base by implementing additional Teamcenter functionalities.


By reaping the benefits of Teamcenter, Jinbei management believes they are on their way to achieving their goal of international recognition.

Call to Action

There are many options available to achieve innovation and improve product profitability within the enterprise.

Evaluate your product innovation goals in business terms not just operational metrics. Tie the value back to business as a whole.

Identify and implement operational improvements that yield tangible business results. Focus efforts on high-value initiatives that create a foundation for future improvements.

Manage for innovation success. Assign responsibility to a senior executive (with authority) for end-to-end innovation success, standardize processes, and measure performance frequently on a global basis.

Approach product innovation as a "team sport." Look for ways to share knowledge, information and workflow within and outside the enterprise, including with global design networks.

Intelligently implement PLM technologies to reach revenue growth and product cost reduction targets.

Don't try to implement PLM processes and technologies all at once. Pick and choose a path to the right value for your business, and then continue to build on that foundation.

Sunday, March 30, 2008

CPM Gives Enterprises Adaptable it Infrastructure

In a competitive environment, competing businesses try to outclass, outbid, outshine and outperform the each other. Nowhere is this more prevalent than in the financial services sector where competition is fierce and product differentiation is virtually non-existence. Time-to-market advantage is all but useless as copycats can deliver better offerings in a matter of weeks. In such a highly competitive environment, the best strategy is to compete against oneself. For by trying to outdo a known benchmark (your own), realistic goals can be set and performance targets achieve.

Until recent years business managers assessed the performance of their enterprises by seeing if the planned strategies are being met and the targets exceeded. The perennial challenge has been to drive strategy down and across the entire enterprise, transform strategies into actionable metrics and deciphering what the numbers mean in the hope of making profitable decisions.

Business managers are looking for ways to measure the performance of products and services to determine which ones can generate the most profit. They want to measure the performance of business units to determine where they should invest for growth. They want to measure the performance of customers to identify lucrative demographics. They want to measure who are contributing to the company's success, who need retraining, and who need to go.

Within the financial services industry performance measurement is a major challenge. Factors such as risk and cost of capital must be factored into profitable calculations. Selling costs are often difficult to capture.

What is needed is a method that allows a systematic, integrated approach that links enterprise strategy to core processes and activities. "Running by the numbers" now means something as planning, budgeting, analysis and reporting can give the measurements that empower management decisions. Corporate Performance Management or CPM is one such method.

Gartner defines CPM as the processes, methodology, metrics, and technologies that enable an enterprise to manage the performance of its business. Although most companies probably have systems or applications that fit into that definition, many are just starting to look at the broader, corporate-strategy-oriented benefits that most analysts believe CPM can deliver.

CPM is really about tying together the strategic initiatives of a company and being able to dynamically drill down into tactical execution plans and data that are coming from operational systems. "Companies may start with a specific need, such as a balanced scorecard or business planning, but ultimately they should choose a solution that can be part of a larger strategy and a larger vision," says John Van Decker, senior vice president of META Group.

Implementing business performance management is not like simply buying applications and suddenly having business performance management capabilities. It's really part of a business process to be able to more dynamically forecast and make changes to your enterprise plan at the highest level and then have those changes filter down into the organization, getting the results into the hands of the managers who influence business on a daily basis.

But CPM is more than technology. It often requires significant cultural change -- from how people share information to what actions and behaviors employees take, based on performance metrics or business results.

Finally, CPM is more than just about measuring performance. Distinction should be made between performance measurement and performance management. A measurement is a static indicator. However, such measurements are not enough on their own to manage a sales strategy, which requires a combination of controls, discrete and continuous indicators, plans, targets, and tactical decisions. Enterprises should watch for solutions that are no more than measurement tools and do little else.

Because CPM combines the elements of business intelligence with those of planning, budgeting, and appropriate-time monitoring, integration with an organization's existing IT assets is important. CPM solutions are often required to work alongside competing offerings and support other elements of CPM in a best-of-breed approach. The goal is to have a flexible CPM architecture that allows the organization to introduce and adapt to new elements of IT infrastructure easily.

Case Study

On any given month the management at Amalgamated Bank of South Africa (ABSA) Group would sift through more than 1200 reports to make business decisions. What's more, no one was clear how much of the information contained in those reports was actionable. Management needed to make sure their investments in creating information actually help managers make better business decisions.

ABSA completely overhauled its approach to business intelligence and performance analysis. A standardized approach was developed and implemented throughout the organization under one technology platform. Classic Kaplan and Norton balance scorecard principles were applied to all business units. To guarantee everyone had access to the system, a Web-based user interface was chosen. To ensure everyone fully co-operates with the implementation, successes at each business unit was conveyed to everyone.

Savings followed quickly as ABSA terminated fragmented projects. The CPM projected quickly identified systems and processes that were leaking performance and resulting in lost opportunities. More importantly, counter measures were implemented to repair these situations.

At ABSA, we learned to aim for early delivery of tangible results, and use those benefits to drive broader support (making sure to avoid the hard sell approach). Finally, to make sure that the metrics are relevant to managerial decision making.

Another CPM story is Union Bank of California. Clear recognition that summary-level data was insufficient to support tactical and strategic decision making in a competitive environment forced the bank to re-evaluate its reporting mechanism. The two-phase CPM project entailed the building of a detailed data capture-end-report mechanism and placement of consistent metrics across the enterprise. This enabled the bank to precisely measure profitability and ensured same statements were reconciled with the general ledger system. Managers were then able to compare actual budgets against projections. The second phase saw pro rata cost allocation replaced with more granular activity-based costing. This enabled the bank to do precision segmentation.

Not the end of the story

Having successfully implemented a CPM doesn't guarantee success altogether. You need to continually evaluate the CPM against set expectations which are dynamically reset to higher goals at every milestone, taking into account marketplace volatility, product proliferation and competitive pressures.

Companies with best-in-class CPM processes and technologies focus more on improving new product introduction strategies and processes, and relatively less on cost-centric value chain strategy pressures than their competitors.

Aberdeen Group lists the following as essential takeaways

Analyze performance from the profit impact across the value chain and not by functional silo; this requires access to financial and operating data at a customer/product/channel/market level of granularity

Identify the root cause of performance variances through better business data analysis -- the real cause of a shortfall is rarely where the impact is measured

Institute a continuous learning environment with a closed loop decision process to inject findings into the company's future decision making process

Support end user access to decision data and "what if" simulation tools in an 'on demand' environment

Pay particular attention to analyzing early the performance of your own and competitors' new and enhanced products -- remedial action requires compressed time to identify issues and determine best responses.

The adventure continues...

Sunday, March 16, 2008

Build Your Own Call Center: Advise From the Field

The purpose of a call center is to receive and transmit large volumes of requests by telephone. The 'inbound' services it can provide includes administration of incoming product support or information inquiries from customers. Telemarketing and debt collection are the more common forms of 'outbound' services a call center provides.

All call centers share the same basic fundamentals: business need, processes, people, technology and a place to house them all. By now, you will agree that there is market opportunity for outsourced call center services. However, to capture that opportunity, you must first build a call center.

Location

Though seeking a prime location for the business address is not critical, a secure and well-developed infrastructure is. The center should have stable electricity source, broadband connection, and convenient access to public transportation. Because you will be operating at hours when normal shops will be closed, a pantry stocked with basic food and drinks is a must.

Technology

No one should underestimate the impact good technology has on the delivery of service. In fact, technology plays a critical role in ensuring that every call is are efficiently processed, communication is monitored and the entire service-delivery procedure constantly improves.

The typical call center has a number of workstations that include a telephone set/headset connected to a telecom switch, and one or more supervisor stations. Inbound traffic is routed via Private Branch eXchange (PBX) and Automated Call Distribution systems. Predictive dialers automate call outs of potential customers and distribute the calls to available agents. A CRM solution is needed to track each lead (opportunity). As you increase the number of agents, you will require a workforce management solution to manage recruitment and staffing. Agent performance analytics can help keep agents aware of how they are performing and maximize compliance to client expectations.

Organization

The best run call centers maintain a lean organization. Outside of the executive manager, members who will contribute to the success of the call center include the agents, a team leader (1 per 10 agents), and IT manager (1 per 30 PCs). The call center is a people business and communications is the heart of it all. A top priority of management is to ensure that agents undergo regular training since competent and engaged agents are critical to building satisfied customers and successful campaigns. Like most other services, word of mouth will help bring in new business.

Breaking the investment bank

Call center owners have varying opinion on the right proportion of spending on different call center elements. A start-up call center business with five agents will have its investment budget allocated as follows: 20 percent on hardware and software, 10 percent on communications, 55 percent on people, 10 percent facilities, and 5 percent on business development. As the business matures, the people cost (including recruiting, training and compensation) will account for 65 percent of the business.

Revenue mix

Most small call centers start their business with one or two referrals. As expertise grows, the company will begin marketing itself through memberships in industry associations and chambers of commerce. Regular visits to the target market helps to break into new markets.

In Asia, call centers frequently run campaigns travel (special tour packages and time sharing facilities), financial services (insurance, mortgage and investments), consumer product sales (ranging from luxury goods to low-value and high volume products).

About 70 percent of the business comes from US, Europe and Australia. Domestic opportunities account for 20 percent and the remaining 10 percent is from regional clients.

Telemarketing (outbound calls) represents the greatest short-term opportunity for most call centers. Most campaigns are short-term (3-6 months) and payments are usually bi-weekly. Because these are sales transaction driven, the returns are faster compared to inbound contracts (a common type being helpdesk service provisioning) which are contracted at one to three years.

Moving forward

It is relatively easy to set up a call center. Start-up capital can be small provided you do your homework. Selecting the right technology from the start will ensure that you don't waste time and resources identifying the right solution to use. Having good agents who are properly incentivized is important. Because it is a people business, you need to ensure that your agents and team leaders get regular training on best practices in customer engagements. It is a common-sense business.

As a manager and investor, put yourself in the shoes of the potential customer. If you like what you hear from the calling agent, chances are you will not mind continuing the engagement.

The financial rewards are real for those who make the effort on due diligence.

What's next?

In the next issue, we tackle the harsh reality of making your call center a business after the euphoria of the first campaign is over.

Error reading data from tapes

Years ago I worked as a sales rep for Taiwan Computers, a major motherboard manufacturer in Taiwan. My customers were mainly based in Australia, Hong Kong, New Zealand and the Philippines. The more tedious parts of my job included filing import/export documents at the trade department and going to different banks to chase customer payments, mostly sent via letters of credit (LC).

Government documentation was relatively easy since there was only one department and the forms and the filing were standard. These forms are important today; logistics companies like FedEx, BAX Global and DHL will ask for these before they begin processing your order.

Processing an LC is another matter. In an ideal world, a customer places an order with a manufacturer in a foreign country, goods are shipped and payment is made. However, as most traders would attest, the industry doesn't work on trust alone. Suppliers will not manufacture and ship goods to customers halfway around the world without some assurance of payment. Buyers will not pay for a product that he has not seen nor checked against his specifications.

The key to unlocking transactions between exporters and importers is the LC, issued by a financial institution as an irrevocable guarantee of payment. Once the beneficiary has presented to the issuing or negotiating bank documents complying with the LC terms, the bank is obliged to pay irrespective of any instructions of the applicant to the contrary.

Let's say my company banks with Commercial Trust Bank (CTB) in Taiwan, which has a branch in Hong Kong. My customer is Acme Computers in Sydney. They have an account at National Australia Bank (NAB). Acme sends an order for $100,000 worth of computer parts. I agree to sell the goods and give Acme 30 days to pay, provided they send me a 60-day LC for the full amount.

Acme goes to NAB and applies for a $100,000 LC, with Taiwan Computers as the beneficiary. NAB issues the LC against Acme's account at the bank. NAB sends a copy of the LC to CTB, which notifies my company that payment is ready and we can ship the goods Acme ordered with full assurance of payment. Acme sends a letter confirming receipt of the goods. I go to CTB with all the documentations stipulated in the LC, NAB transfers the $100,000 to CTB, which then credits the account of Taiwan Computers by that amount.

"Now imagine if you have 100 customers scattered across 20 countries. Each have their own preferred bank and the payment conditions vary depending on the value of the order and the relationship with the customer," said Claire Buchanan, senior vice president of global operations at Bolero, which runs a global electronic trading platform.

Inefficiencies

There are documented cases of beneficiaries waiting as long as 30 days before getting paid even after the customer has confirmed receipt of the goods. In many cases the delays are the result of back-and-forth processing between the banks. Naturally, the banks are making money from interest, but the customer gains nothing and is meanwhile feeling the pressure on its cashflow. On top of this are the processing fees and bank commissions that will be charged.

The inefficiencies in the existing financial supply chain have been tolerated for many years simply because it was the only one that existed.

Many of the improvements on the supply chain have involve the physical elements, ranging from containerization to fulfillment management, and not the financial side.

According to management consultant Killen Associates, "a typical billion-dollar company spends approximately $27 million annually on unnecessary working capital and inefficient processing functions because they lack visibility into the financial supply chain and receivables." The total value locked up in inefficiencies associated with the global supply chain is estimated at between $500 billion to over $1 trillion.

That is because of 'performance gaps' in the financial supply chain, such as the time taken over documentation and the manual errors that arise from manual input and reconciliation.

Now companies from outside the financial sector are moving to plug those gaps. It's an opportunity keenly eyed by logistics giants such as TNT and pure play financial service providers.

"Traders on both sides of the chain are under constant pressure to identify areas where they could cut cost and improve efficiency," said Ambrose Lin, Managing Director of TNT Express Worldwide Hong Kong, an express logistics provider. "They are passing this pressure on to their logistics providers expecting value-added services that are not their core focus."

Imagine if you have a system where the information about your business is stored electronically and when you need to issue an LC, you simply connect to a service provider, identify the bank you want to deal with and provide the details of the track. The system extracts the appropriate information and electronically fills in the form. This becomes one task that allows your finance controller to see from one dashboard your financial position as it relates to the different transactions you have ongoing, including credit standing and default payment schedules. Such a system would allow you to see receivables as and when they are due via a single console.

These days, traders have options beyond traditional banks. A number of financial services organizations such as JP Morgan and Sumitomo have vastly improved their financial supply chain systems to allow complete end-to-end processing of trade transactions. Because security is of primary importance, these proprietary systems are not accessible to non-partners. What's more, these facilities are only available to large enterprises, leaving small and medium enterprises with an antiquated system that is costing them time and money.

Logistics providers are already extending their value-added services and can potentially offer transaction processing through tie-ups with multiple banks, financial service providers, such as Morgan Stanley.

"As an internationally recognized and trustworthy express service provider, TNT does not currently engage in expediting payment processing requirements of our customers. In the not too distant future, an innovative e-invoicing services will be launched and made available to all customers with account relationship with us", Lin said.

Another option for traders is a neutral, secure platform enabling paperless trading between buyers, sellers, and their logistics service and bank partners.

This is the opportunity Bolero targets, sitting between banks and international traders offering a single dashboard from which to complete a transaction for any country or bank. Bolero is a neutral secure platform enabling paperless trading between buyers, sellers, and their logistics service and bank partners.

"Our solutions integrate the physical and financial supply chains, providing visibility, predictability, accuracy and security. This delivers significant improvements in operational efficiencies and reductions in working capital," notes Buchanan.

Buchanan admits that larger banks offer similar services using proprietary systems. In the open market, she claims only Bolero has a platform built for international trade. "There are several things you have to have in place to make this work, not the least of which is security. When you have transactions that cross international borders you need a system that is not only secure but has a framework that is legally enforceable across the different countries," she adds.

However this plays out, it is clear competition is finally coming to the international financial supply chain.