1. No category

The Mistakes Firms Make With Big Data

JOURNAL REPORT
THE WALL STREET JOURNAL.
© 2016 Dow Jones & Company. All Rights Reserved.
Wednesday, February 10, 2016 | R1
At the Helm of the Digital
Transformation
Hilary Mason
Andreas Weigend
The Mistakes Firms
Make With Big Data
Hilary Mason and Andreas Weigend on how
companies can better use all that information
Big data has launched a
boom industry in data analytics and science. To find out
where this revolution is
headed and how companies
can get a competitive advantage, The Wall Street Journal’s
Rebecca Blumenstein spoke
with Hilary Mason, chief executive and founder of Fast Forward Labs and former chief
scientist at Bitly, and Andreas
Weigend, director of the Social
Data Lab and former chief scientist at Amazon.com Inc.
Here are edited excerpts.
The big missteps
MS. BLUMENSTEIN: What are
some of the biggest misunderstandings about data?
MS. MASON: Often people think
that individual data is the
most valuable thing they can
collect. But it’s not useful to
know what I am doing or
where I am, unless you’re particularly interested in me,
which is weird. But it is very
useful to know what a population of people are doing.
On the implementation
side, one of the common mistakes is to think of their data
as a liability, as something
that can only go wrong. It
leads to a defensive attitude.
MS. BLUMENSTEIN: There’s a
lot of talk of transparency,
that the CIO role has shifted
from protecting data to sharing it. Andreas, you had a
good example, a top executive.
MR. WEIGEND: He opened up
all of his inbox and outbox for
anybody within the [company]
domain. Two things happened.
From one day to the next, all
the bickering stopped. And
those people he was thinking,
“How do I get rid of them?”
They left. And people were
more interested in his outbox
than his inbox.
MS. BLUMENSTEIN: What com-
panies are making data trans-
parent internally?
MS. MASON: The big tech com-
panies do this well. They have
the infrastructure in place to
collect and count whatever
they like in that data, and
that’s generally available
widely. But I’m more interested in the companies you
would not think about.
We work with an insurance
company that has put a ton of
time and energy into taking
information about customers.
It used to be that if you
wanted to do something with
the data and you were not on
the data team, you had to fill
out a paper form and send it
to somebody. A week later,
they might send you a report
that would also be on paper.
Now you have a tool that
anyone can use where they
can see these metrics and
these dashboards, and they
can configure them a little bit
themselves. If they need a
more complex analysis, then it
goes to that team.
This democratization of
data access has allowed that
organization to become much
more data oriented in decision
making.
MS. BLUMENSTEIN: Andreas,
you were saying that companies need to radically change
their mind-set about the customer relationship.
MR. WEIGEND: The other day I
called up [an airline]. It was
Ms. Mary I talked to. She told
me if I buy a full-price economy ticket, which was quite
expensive, I get upgraded to
business class. So I bought
that ticket, and I show up at
the check-in counter, and they
seat me in economy.
I said, “They said I would
get upgraded.” And they said,
“Who?” “Ms. Mary.” “Well, do
you want to be on this flight
or not?” Ms. Mary, with my
frequent-flier number, she has
visibility in who I am. Me, all I
know is I talked to Ms. Mary.
That is a lack of symmetry. I
want the history of my conversations available as part of the
ticket and not selectively
when the airline feels it’s in
their advantage to use it.
The role of intuition
MS. BLUMENSTEIN: What are
some of the mistakes that you
see companies making?
MS. MASON: One of the common fallacies is that data is
opposed to intuition.
The Wall Street Journal CIO Network convened its annual
meeting in an environment of increasing uncertainty. IT
spending for last year posted its sharpest decrease since the
financial crisis, as difficult conditions in the currency markets hit tech budgets. Cybersecurity and uncertainty over the
global regulation of data pressured companies, too.
In this environment, the CIO plays a key role, leading digital transformation at 40% of corporations surveyed, according to Gartner Inc. “We’re in this fascinating cycle that we
seem all to have dubbed digital business,” Gartner research
chief Peter Sondergaard said. “The issue is how do we orchestrate, from a business perspective, that transition?”
Here’s how CIOs assess the challenges, ever mindful that
their companies must continue to innovate and keep up with
the digitization of their markets, which is only accelerating.
—Steven Rosenbush
What's It Worth?
Uncertainty among IT and business leaders about how to value big
data is reflected in their expectations for return on investment in
big-data technology.
Among those
already invested
Positive ROI
Negative ROI
38%
Don't know
The right balance
MS. WALLER: Dawn, you went
from CIO to CEO in about five
years. How did you do it?
MS. LEPORE: I think it was a
little longer than that! You
know, I was lucky enough to
work for Schwab, which is a
company where technology is
very strategic. And I think
that’s one of the most important things as you’re thinking
about your career as a CIO:
Make sure you are with a com-
a report card every quarter.
“This is what I said I would
do.” And “Did you do it or
not?” So, in some ways it’s a
good structure and good discipline.
But it’s also difficult. You’ve
got all sorts of things going on
in the company. Some of them
are going better. Some are going worse. How do you communicate that? You can’t be
overly optimistic. But if you’re
too pessimistic, then your
stock goes down. That piece of
it was difficult, especially the
first year.
Also, I don’t have a finance
background, but I was lucky
enough to have an outstanding
[chief financial officer]. So
that’s also important, knowing
what you’re good at and what
you aren’t good at, and making sure that you’ve got the
right people around you.
MS. WALLER: What is the most
underestimated part of the
shift from CIO to CEO?
MS. LEPORE: I think it depends
on whether it’s a public or private company.
I happened to go to Drugstore, which was public, so
[that meant] dealing with investors, the earnings calls, the
quarterly cadence, which is
both good and bad.
On the one hand, you’ve got
MS. WALLER: Is it easier for
CIOs to go on to be CEOs of
their own company, or do they
need to leap to another kind of
business?
MS. LEPORE: I think it’s easier
to go to another company, especially if you’ve grown up in
a company. I also think it’s
easier to get a CEO job at a
company that is very technology based. Drugstore, for example, was a retail company,
54%
2%
Source: Gartner Inc. global survey of 437 information-technology
THE WALL STREET JOURNAL.
and business leaders, conducted online in June 2015
Data is a tool for enhancing
intuition. When I worked at
the social-media company, one
day the CMO of a frozenbreakfast-sausage brand came
into our office. The guy said,
“I want to know what my customers do on the social web.”
And I said, “Great. So first
we’ll figure out who your customers are.”
He said, “I know who my
customers are. They’re moms
in the Midwest.” I said, “How
do you know?” He looked at
me like I was crazy. He said,
“They’re my customers. I’ve
been doing this for years.”
He was not wrong. He had
many customers. We didn’t
know if they were moms, but
they were looking at momtype things. They were in the
Midwest. But he missed a cluster of customers in Texas, and
they were into motorcycles
and man things. He missed a
cluster in the Northwest who
were anti food additives [who
liked his product because it]
did not have these additives.
We were able to show that
his intuition was in no way
wrong. But he was missing
things that were too small to
come up on his human radar.
’If all you talk about
is technology, that’s
going to limit you.’
Dawn Lepore has done it.
Here’s what she learned along the way.
pany where technology is the
product, or technology is critical to the business.
I also was CIO at a time
when the Internet came along.
Schwab came out with Internet trading very early, which
allowed us to get some visibility and allowed technology to
be viewed even more strategically.
And then I was able to take
on other responsibilities. So
by the time I left Schwab—and
I was at Schwab 21 years—I
had operations and human resources and compliance and
communications. I also had
our active trader business,
which was our business for
very, very active traders.
So I really had both a revenue unit and a broad array of
responsibilities before I left to
become the CEO of Drugstore.com.
43%
58%
3%
The Path From CIO to CEO
As technology’s role in business continues to grow, the
chief information officer arguably has become one of the
most important people in the
C-suite.
But what does it take for a
CIO to become chief executive?
Dawn Lepore knows. Before
becoming CEO of Drugstore.com Inc., the online retailer she led from 2004 until
its sale in 2011, Ms. Lepore
was CIO at Charles Schwab
Co., where she helped build the
brokerage firm’s successful ecommerce business.
Ms. Lepore sat down with
Nikki Waller, who heads up
management coverage at The
Wall Street Journal, to discuss
what it takes to migrate from
a technology role to the corner
office. Here are edited excerpts.
Among those
planning to invest
but it was completely technology-enabled.
Emotional blackmail
MS. WALLER: What can CIOs
do to be seen as business leaders and not just tech leaders
within their companies?
MS. LEPORE: I was never a particularly technical CIO. I had
some technical training, but I
didn’t have a computer science
degree. I was actually a music
major. So the business aspect
of it was always more interesting to me. I was always drawn
to that. So if that’s the case,
it’s probably a little bit easier
to be viewed as a businessperson.
One of the things that one
of my bosses said along the
way when I was CIO was, “You
never emotionally blackmail
me, and I really appreciate
that.” And I thought, “What
does that mean?”
And he said, “You know,
I’ve seen so many tech people
who come and say, ‘Well, I can
cut my budget, but I can’t
guarantee the system’s going
to stay up, you know.’ ”
So some of it is how you
deal with senior management
of the company. That’s going
to be part of how you’re
judged as a business leader.
JOHN BUSSEY: What common
behaviors must a CIO stop doing to become CEO?
MS. LEPORE: One is that emotional blackmail that I was
talking about before. The
other is too much tech speak.
I have seen, or been in situations, where the head of technology almost uses the complexity of technology as, “Well,
if nobody else can understand
it, then they must need me,
right? And so I try to make it
sound as complex as I possibly
can, and I use lots of acronyms.” That doesn’t go over
well.
The third thing is making
sure that you understand the
business of your company, and
that you can engage in very
strategic discussions about the
direction of your business and
your competition. If all you
talk about is technology, that’s
going to limit you.
INSIDE
Gen. Michael Hayden warns companies
not to depend on the government for
cybersecurity, R4
Aaron Levie sees changes coming in what
he calls a very young market for cloud
services, R4
Andy Bryant on how CIOs need to hone
their communications skills to get their
points across to executives and boards, R5
Andy Ozment discusses the potential
mpact of the Cybersecurity Information
Sharing Act, R4
Jeremy Bailenson says virtual reality has
the potential to change the way users
feel—and behave, R5
PLUS: The CIO Network task forces’ top
management and policy recommendations in
five key areas, R2
CIO NETWORK VIDEOS
WSJ
.COM
To watch videos of interviews
with top technology executives
and industry experts about the
challenges of today’s tech world,
go to wsj.com/LeadershipReport
THE WALL STREET JOURNAL.
R2 | Wednesday, February 10, 2016
JOURNAL REPORT | CIO NETWORK
The Task Forces’ Priorities
The technology executives at last week’s CIO Network
conference divided into five task forces to debate their
management and policy agendas in the following areas.
Here are their top recommendations.
DATA, DATA AND MORE DATA
1
Create a data culture
CIOs should create a culture of data within their
business. Firms should treat
data as a product, whether
consumed internally or externally. Its management needs
to be as disciplined and rigorous as engineering. This
applies to both data collection and analysis. They
should create a mechanism
to engage the entire organization, either through a data
council or individual businesses.
2
Confront data politics
Today’s CIO should recognize data as a corporate
asset. Algorithms are often
more objective than a single
opinion. CIOs should try to
make sure data isn’t being
used simply to advance political means.
3
Deliver analytics in
everyday decisions
CIOs need to find ways to
deliver analytics to the business in a timely manner and
within the firm’s everyday
decisions. Businesses are
overwhelmed with dashboards and reports that don’t
yield actionable results. How
can we use data to determine if paying someone 10%
more will impact their retention?
4
Understand
data quality
Companies face a torrent of
data from devices and sensors whose quality is unproven. They need to understand the source of data,
including the technology or
devices that generate and
deliver it. CIOs should help
business partners understand
the importance of data qual-
ity and how it impacts decision making. Constantly
question the rigor of the
analysis.
CO-CHAIRS
Kathy McElligott,
Executive Vice President and
CIO/CTO, McKesson Corp.
Kumar Mishra, Vice
President, Architecture and
Information Technology
Operations, Nielsen Co.
Stuart Sackman,
Corporate Vice President,
Global Product and
Technology, Automatic
Data Processing Inc.
SUBJECT EXPERT
Gam Dias, Chief Executive
Officer and Co-Founder,
Mo-Data Inc.
Understand the
business situation,
strategy
Measure the company’s
progress along different dimensions to choose the best
course of action. Understand
the demographics, revenue,
margin and risk. Strategies
vary according to a unit’s
place in its digital evolutionary life cycle.
mance metrics for the business and its leaders.
allows the organization to
evolve in an agile manner.
3
CO-CHAIRS
Gerhard Karba, CIO,
Related Cos.
Ross Meyercord, Executive
Vice President and CIO,
Salesforce.com Inc.
Brad Strock, CIO, PayPal
2
4
Get the leadership right
Put the company’s digital future in the hands of
people who are digitally
minded and collaborative.
Develop appropriate perfor-
Choose your
starting point
Decide whether you are going to create dedicated digital
units, drive digital innovation
to the core of the business,
create one or more separate
digital business units, or a
mix.
Treat organization
as a product
Approach the organization as
a product or service, and assess the skill sets, tools and
processes of each unit. This
1
Lead, not just enable,
strategic change
IT needs to shift from an enabler of business strategy to
an input to business strategy. In some cases, IT and
business are one and the
same.
2
Understand business
outcomes
Too often, IT can deliver capabilities that don’t support
a larger business goal. Help
business digitize new processes.
SUBJECT EXPERT
Peter Sondergaard,
Senior Vice President,
Research, Gartner Inc.
3
Create operational
excellence
IT dial tone—services that
work, projects on budget,
planning makes sense—must
be consistent before you can
play at a higher level. If you
can’t get the basics right,
you don’t have credibility.
4
Become a
trusted adviser
Senior alignment is critical,
but also important is alignment in the second and third
layers of the organization.
Build relationships at all levels between IT and business.
Practice radical transparency.
CO-CHAIRS
Michael Brown, Vice
President, Global Information
Technology, ExxonMobil
Global Services Co.
Guillermo Diaz Jr., Senior
Vice President and CIO,
Cisco Systems Inc.
Celso Yoshiyuki
Guiotoko, CIO and
Corporate Vice President,
Nissan Motor Co.
SUBJECT EXPERT
Garth Saloner, Philip H.
Knight Professor and Dean,
Graduate School of Business,
Stanford University
IN SEARCH OF CYBERSECURITY
1
Share and share fast
All entities, from private
sector to government, should
share threat indicators as
quickly and as widely as possible in an automated way.
And it should be free of cost
and consequences.
2
Beef up deterrence
Increase consequences
for people trying to attack
systems. Make them
pay…somehow.
3
GETTING DIGITAL RIGHT
1
INTEGRATING IT AND THE BUSINESS
language and independently
validated standards for all
constituencies to assess
security.
4
Develop an NTSB
for cybersecurity
Create an entity that investigates and analyzes incidents
for the purpose of sharing
lessons learned and developing new best practices for
security.
A standard of care
Create a common
CO-CHAIRS
Karen Chamberlain,
Senior Vice President and
CIO, Western & Southern
Financial Group
Eric Friedman, CTO and
Co-Founder, Fitbit Inc.
David Kleidermacher, Chief
Security Officer,
BlackBerry
SUBJECT EXPERT
Andy Ozment, Assistant
Secretary, Office of Cybersecurity and Communications,
Department of Homeland
Security
LEADING INNOVATION
1
Establish innovation
culture
Enable or establish a culture
of innovation, led by the Csuite and a workforce of diverse perspectives and skills,
both inside and outside the
company, and by reducing
barriers and friction.
2
Look beyond today
Look beyond today’s
business model and ask instead where are we going to
be 10 years from now. Ask
what that means from a
technology perspective and
how to enable that transformation.
3
Look outside for
inspiration
Avoid getting stuck in a
specific paradigm by looking
outside the company or
industry for ideas.
CO-CHAIRS
Diane K. Schwarz, CIO and
Vice President, Textron Inc.
Creighton Warren, CIO, USG
SUBJECT EXPERT
Vish Krishnan, Professor,
Rady School of Management,
University of California,
San Diego
4
Focus on the client
Design thinking about
the products, the process
and technology to produce
value for the client.
CIO NETWORK MEMBERS
(Chief information officers/
chief technology officers, except as noted)
The Wall Street Journal would like to thank
the 2016 sponsors for their generous support of
the CIO Network annual meeting.
For more information, please visit
CIONetwork.wsj.com
© 2016 Dow Jones & Company, Inc. All rights reserved. 3C8313
Steven B. Ambrose, DTE
Carlos Amesquita, Hershey
Brad Arkin, VP, Chief Security Officer, Adobe
Tom Baltis, VP, Chief Information Security Officer,
Blue Cross Blue Shield of
Michigan
Simon Benney, Rio Tinto
Steve Betts, Health Care
Service Corp.
Michael S. Brown, VP, Global
IT, ExxonMobil Global
Services Co.
Tony Buttrick, Flagstar Bank
Robert J. Casale, Massachusetts Mutual Life
Karen A. Chamberlain, Western & Southern Financial
Paul Cheesbrough,
News Corp
Anil T. Cheriyan, SunTrust
Stephen Crowley, WEX Inc.
Richard Daniels, Kaiser
Permanente
Julia K. Davis, Aflac Inc.
Guillermo Diaz Jr., Cisco
Mandy Edwards, CBRE
Tarek El-Sadany, Unisys
Philip Fasano, AIG
Victor Fetter, LPL Financial
James Fowler, GE
Eric Friedman, Fitbit
Marc Frons, Deputy Head of
Technology and Senior
Vice President, Global
Head of Mobile Platforms,
News Corp
Randall Gaboriault, Christiana Care Health System
Sven Gerjets, Time Warner
Cable Inc.
Michael E. Gioja, Paychex
Bruce Greer, VP, Strategic
Planning and IT, Olin
Matt Griffiths, Biogen
Celso Guiotoko, Nissan
Suren Gupta, EVP, Technology and Strategic Ventures, Allstate Insurance
Gil Hoffman, Mercy Health
Donald G. Imholz, Centene
Chris Isaacson, BATS
Guilda Javaheri, Golden
State Foods
Carol Juel, Synchrony
Manish Kapoor, NuStar
Gerhard Karba, Related Cos.
Deborah Kerr, Sabre Corp.
Justin Kershaw, Cargill Inc.
Dan Kieny, Black & Veatch
Stuart Kippelman, Platform
Specialty Products
David Kleidermacher, Chief
Security Officer,
BlackBerry
Sue Kozik, Group Health
Cooperative
Suresh Kumar, Bank of New
York Mellon Corp.
Madelyn Lankton, Travelers
Brian LeClaire, Humana Inc.
Brian Lillie, Equinix Inc.
Chad Lindbloom, C.H.
Robinson Worldwide Inc.
Brian Maloney, Chairman,
Americas, Tech Mahindra
Krish Mani, Jeld-Wen Inc.
Meg McCarthy, Executive
Vice President, Operations
and Technology, Aetna
Kathy McElligott, McKesson
James M. McGlennon,
Liberty Mutual Insurance
Kelvin McGrath, Asciano Ltd.
Paul Meller, Dow Jones & Co.
Vincent Melvin, Arrow
Electronics Inc.
Rich Mendola, Emory
University
Ross Meyercord, Salesforce
Todd Miner, VP, Corporate
Infrastructure, Yelp
Kumar Mishra, VP, Architecture and IT Operations,
Nielsen Co.
Berni Mobley, Senior Vice
President, IT, SAS
Sheldon Monteiro,
SapientNitro
Luke Moranda, Options
Clearing Corp.
Anne Mullins, Lockheed
Martin Corp.
Pushpendu Pal, SVP, Pharmacy Benefit Management
IT, CVS Health
Mike Parisi, Illinois Tool
Works Inc.
Edwina Payne, Zimmer
Biomet Holdings Inc.
Ravi Pendse, Brown
University
Steve Phillips, Avnet Inc.
Scott Pittman, Dell Inc.
Larry Quinlan, Deloitte
Matthew V.T. Ray, President,
HM Health Solutions
Craig Richardville, Carolinas
HealthCare System
Stuart Sackman, Corporate
Vice President, Global
Product and Technology,
Automatic Data
Processing Inc.
Trevor Schulze, Micron
Technology Inc.
Diane K. Schwarz, Textron
Wayne Shurts, Sysco Corp.
Mark Sims, Scotts MiracleGro Co.
Sukhvinder Singh, Senior
Vice President, IT, Host
Hotels & Resorts Inc.
Joseph C. Spagnoletti,
Campbell Soup Co.
Scott Spradley, HewlettPackard Enterprise
Adam Stanley, Cushman &
Wakefield
Tony Stoupas, Moody’s
Brad Strock, PayPal
Luis Taveras, Barnabas
Health
Denise Taylor, Westfield
Atticus Tysen, Intuit Inc.
Sankara Viswanathan, Day &
Zimmermann Group Inc.
Edward Wagoner, Jones
Lang LaSalle Inc.
Charles Wardrip, Kindred
Healthcare
Creighton Warren, USG Corp.
Yvonne Wassenaar,
New Relic
Mary Beth Westmoreland,
Blackbaud Inc.
Andrew Wilson, Accenture
Kevin Winter, Booz Allen
Hamilton Inc.
Philip R. Wiser, Hearst Corp.
Robert Worrall, Juniper
Networks Inc.
PARTICIPATING GUESTS
Jeremy Bailenson, CoFounder, Strivr Labs;
Director, Virtual Human
Interaction Lab, Stanford
University
Andy D. Bryant, Chairman,
Intel Corp.
Stewart Butterfield, CoFounder and CEO, Slack
Gam Dias, CEO and CoFounder, Mo-Data Inc.
Ben Golub, CEO, Docker
Gen. Michael Hayden,
Principal, Chertoff Group;
former Director, Central
Intelligence Agency;
former Director, National
Security Agency
Vish Krishnan, Professor,
Rady School of
Management, University
of California, San Diego
Dawn Lepore, former CEO,
Drugstore.com Inc.;
former CIO, Charles
Schwab
Aaron Levie, CEO, CoFounder, Chairman, Box
Hilary Mason, CEO and
Founder, Fast Forward
Labs
Andy Ozment, Assistant
Secretary, Office of Cybersecurity and Communications, Department of
Homeland Security
Tom Reilly, CEO, Cloudera
Garth Saloner, Philip H.
Knight Professor and
Dean, Stanford Graduate
School of Business
Peter Sondergaard, Senior
Vice President, Research,
Gartner Inc.
Andreas Weigend, Director,
Social Data Lab; former
Chief Scientist, Amazon
THE WALL STREET JOURNAL.
Wednesday, February 10, 2016 | R3
EXPL RE
What matters most to CIOs?
Recent Deloitte research reveals four key areas in which CIOs
should operate to lead their organizations effectively and create
successful careers. Read the 2015 Global CIO Survey to learn how
CIOs are creating impact and value today – and where their value
proposition is headed in the future. The survey of over 1,200 CIOs
and senior IT executives around the globe was conducted by
Deloitte’s CIO Program, representing our commitment to helping
advance the careers, contributions, and impact of CIOs worldwide.
www.deloitte.com/us/ciosurvey
Audit | Tax | Consulting | Advisory
Copyright © 2016 Deloitte Development LLC. All rights reserved.
THE WALL STREET JOURNAL.
R4 | Wednesday, February 10, 2016
JOURNAL REPORT | CIO NETWORK
GENESIS PHOTOS/DOW JONES (3)
‘The government,
our government will
be permanently
late for your
cybersecurity.’
A Cyberwar Update
Gen. Michael Hayden says recent government
moves to protect cyberspace are too little, too late
We’re in a global cyberwar
in which our corporate secrets
are our chief prize. Are we up
for the fight?
To get a clearer answer,
The Wall Street Journal’s John
Bussey spoke with Gen. Michael Hayden, principal of
Chertoff Group and former director of the Central Intelligence Agency and National Security Agency. Here are edited
excerpts of the discussion.
It’s up to you
MR. BUSSEY: We got some
news last month. There’s some
legislation meant to increase
cooperation between the government and business. Tell us
about the bill and whether or
not it helps CIOs protect corporate secrets.
GEN. HAYDEN: We’re talking
about CISA, the Cybersecurity
Information Sharing Act. Good
news, a step in the right direction. But it’s too long in coming, it’s too small a step. And it
reveals that within any realistic planning horizon, you are
largely responsible for your
own defense in the cyber domain.
The government, our government will be permanently
late for your cybersecurity.
Look, your armed forces view
cyber as a domain. Land, sea,
air, space, cyber. It’s a new domain. You and I have decided
that this domain is so wonderful, empowering, we’re going
to take things we used to keep
down here in a safe, in a
drawer, in a wallet, and put it
up here where it’s largely undefended. This is the largest
ungoverned space in recorded
human history. There is no
rule of law up here.
As taxpayers, you and I are
going to want our government
to defend us up here the way
we have become accustomed
to relying on the government
for defending us down here.
But there’s the general sclero-
’This is a risk and
you can manage it.
Can you eliminate it?
Of course not.’
Information Sharing
And Cybersecurity
Andy Ozment on the potential
impact of new legislation
Among other goals, the Cybersecurity Information Sharing Act aims to foster closer
cooperation between government and the corporate sector.
Under the act, passed in December and due to take effect
soon, Washington will share
information with businesses
about cyberthreats and give
companies protection from liability when sharing information with the government.
To get a picture of the
changing landscape, The Wall
Street Journal’s Rebecca Blumenstein spoke with Andy Ozment, assistant secretary, Office of Cybersecurity and
Communications, in the Department of Homeland Security. Here are edited excerpts
of the conversation.
The legislative front
MS. BLUMENSTEIN: Can you explain what the Cybersecurity
Act is and why it’s significant?
MR. OZMENT: It took a while
for policy makers to wrap
their heads around information sharing. What do we even
mean by that? The first thing
to emphasize about this legislation is it’s about indicators,
not incidents.
What’s an indicator? It’s a
“be on the lookout.” Be on the
lookout for this IP address,
this phishing email, you name
it. That’s what we’re talking
about.
MS. BLUMENSTEIN: There’s also
shared liability, right?
MR. OZMENT: The idea is liability protection for you. Why
did you have liability in the
first place? Most of the laws
that would have given you liability here were intended as
privacy laws for consumers.
This bill says if you’re sharing
this information for cybersecurity purposes, you’re protected against liability.
MS. BLUMENSTEIN: The private
sector has been reluctant to
work closely with the federal
government. Do you think that
this is going to be a tough
sale?
MR. OZMENT: We’re making
progress. I have to somewhat
limit my selling of this because we have done this extremely rapidly.
We don’t want to start on
day one with a million companies. We want to start on day
one with a small number of
companies, get them happy,
scale from there. We have a
lot of companies who are eagerly talking.
And so part of what we’re
doing here is not just building
sis of government, and the
technology is going to move
much faster than any government can move. Then we have
not yet decided what it is we
want or what it is we will allow the government to keep us
safe. You’re going to have to
be responsible for your safety
[in the cyber domain] in a way
in which you have not been required to be responsible for
your safety [in the physical domain] since the closing of the
American frontier in 1890.
Who follows whom?
MR. BUSSEY: It does seem that
before the war on cybersecurity can be fought as a nation,
we have to resolve the civil
war internally over privacy.
GEN. HAYDEN: Yeah. And that’s
a multigenerational thing. We
haven’t arrived at a national
consensus. In the American
system, when the government
doesn’t show up, we generally
pick up the burden ourselves.
the system to share this information. We’re also building
the governance mechanisms,
the trust groups where if you
don’t want to talk directly to
us, you want to talk in a trust
group, your trust group can
then share the information to
the government. So, you’re already anonymized. And, obviously, if you do share with us,
we’ll anonymize it before we
push it back out.
MS. BLUMENSTEIN: We’ve
heard a lot of defeatism today
about all the different actors
in cybersecurity who are getting increasingly more sophisticated. Is there a reason to be
hopeful that companies can
protect themselves?
MR. OZMENT: Absolutely. This
is a risk and you can manage
it. Can you eliminate it? Of
course not. But you manage
them all day, every day. It’s
like we got a credit card from
the Internet revolution 20
years ago, and we’ve been
buying stuff. We haven’t paid
our monthly bill for security.
So we have debt racked up.
But we already see sectors
that have been putting time
and attention and resources
into this for six, eight years
are doing pretty darn well. Do
they still get breached? Absolutely. But they catch it
quickly and they contain it.
We can all get to that space.
The malicious players
MS. BLUMENSTEIN: Can we
take a step back and look at
the whole cyberthreat landscape? What is the biggest
threat right now?
MR. OZMENT: I bucket the
threats into vandals, burglars,
thugs, spies and saboteurs.
Vandals are groups like Anonymous who are trying to have
a reputation impact on you.
Burglars, they’re after money.
Thugs are a little more complicated. They just want to
punch you. The North Korean
attack on Sony Pictures is
that. Spies want either national secrets or your intellectual property. And they want
to use it obviously to the advantage of their nation. Saboteurs are an area we’re concerned about. This is where a
nation-state or other adversary gets into our critical infrastructure and waits for a
time of conflict.
So, the good news is there’s a
lot of private-sector activity
designed to keep us safe.
Let me explain this another
way. When I think about a national-security problem, generally my instincts are the government is the prime mover. If
you’re into Civil War history,
Gen. Grant or Gen. Lee says,
“You, sir, your corps is the
main body. And you, gentlemen, you will conform your
movements to the movements
of the main body.” In government, I assumed that in cyberdefense, the main body was
the government, and you shall
conform your movements with
the movements of the main
body. In the cyber domain, you
are the main body. What our
government has to teach itself
is that the government needs,
in all but a few exceptional
cases, to conform its movements to the movements of the
main body, you.
it’s getting worse. Beyond that,
[people are trying] not just to
steal data, but to create effects. So you’ve got Stuxnet,
which is the destruction of a
thousand centrifuges at Natanz in Iran. I view it as an unalloyed good, but it was done
using a weapon comprised of
ones and zeros to create physical destruction.
Leon Panetta spent a lot of
time in his last year or two in
government talking about cyber Pearl Harbor, digital 9/11,
catastrophic attack. I don’t
Concerns and Constraints
Where companies are focusing their information-security efforts and
what's holding them back, according to an Ernst & Young survey
Percentage of
Criminal syndicates 59%
respondents who
Employee 56%
considered the following
to be among the most likely
Hactivists 54%
sources of an attack
Lone-wolf hacker 43%
External contractor working on our site 36%
MR. BUSSEY: One of the things
that the private sector is doing
is to look again at encryption.
GEN. HAYDEN: The issue here is
end-to-end unbreakable encryption, should American
firms be allowed to create
such a thing. You’ve got Jim
Comey, the director of the FBI,
saying, “I am really going to
suffer if I can’t read Tony Soprano’s email or if I’ve got to
ask Tony for the PIN number
before I get to read Tony’s
emails.” I get it. There is an
unarguable downside to unbreakable encryption. On the
other side is the question: On
balance, is America more or
less secure with unbreakable
end-to-end encryption, regardless of whether Jim can read
Tony’s emails?
I think Jim Comey’s wrong.
Jim’s logic is based on the belief that he remains the main
body and you should accommodate your movements to the
movements of him, which is
the main body. And I’m telling
you, with regard to the cyber
domain, he’s not. You are.
MR. BUSSEY: Tell us how the
landscape of threat is evolving
or changing.
GEN. HAYDEN: The stealingyour-data stuff is there, and
think that’s what we have to
worry about. I’m not frightened about the Chinese turning out all the lights east of
the Mississippi. I’m not worried about that superpower,
catastrophic attack.
I’m worried about the isolated, nothing to lose, “Ah,
what the hell? Let’s go see
what happens,” nation state
who goes after a North American enterprise to create physical destruction to show that
they can. The Sony attack is
the poster child for that.
State-sponsored attacker 35%
Percentage who ranked each of
the following a high, medium or
low priority for their organization
over the coming 12 months
Low
Medium
High
Percentage who said each of
the following was among the
main obstacles or challenges
for their information-security
operations
62%
33%
56%
11%
Budget constraints
55%
57%
12%
Data leakage/
data loss
prevention
41%
33%
47%
12%
Lack of skilled resources
Business continuity/
disaster recovery
resilience
45%
32%
Lack of executive
awareness or support
44%
28%
11%
Identity and
access
management
Lack of quality tools for
managing information security
Security
awareness
and training
28%
44%
44%
12%
Incident
response
capabilities
44%
Management and
governance issues
41%
15%
Security operations
(e.g., antivirus, patching,
encryption)
23%
Fragmentation of
compliance/regulation
Source: Ernst & Young's Global Information Security Survey 2015, a survey of 1,755 CIOs and
other executives involved in information security in 67 countries, conducted in person and
online between June and September 2015.
THE WALL STREET JOURNAL.
The Direction of the Cloud
Aaron Levie says the market is still very young
Cloud computing, where
companies sell shared access
to software or computing
power that can be used over
the Internet, is changing the
way businesses work.
Aaron Levie, co-founder
and CEO of Box Inc., a provider of online storage and
collaboration tools that allow
employees to access and
share files from any device,
sat down with The Wall Street
Journal’s global technology
editor, Jonathan Krim, to discuss what this shift means.
Here are edited excerpts.
‘We live in a world
that is going to
be incredibly
heterogeneous.’
The layer between
MR. KRIM: You have said the
market for cloud services is
still young. But it seems already to be hyper-coalescing
around two or three players.
Is that where you see it going?
MR. LEVIE: Amazon got into
the space first, and they have
this amazing sort of competitive advantage because they
see all of the new developer
problems before anybody else
does. But when you actually
look at the public cloud market relative to the entire computing space, it’s still a very,
very small portion of total
spending. So yes, we are seeing who some of the names
might be, but when you’re
looking out five or 10 years
from now, the space is going
to look very different in terms
of who’s taking the lead.
MR. KRIM: Let’s imagine that
Microsoft, Google and maybe
Amazon are your cloud options. Why can’t they provide
the services that you provide?
MR. LEVIE: There was a really
good article in TechCrunch a
few weeks ago called “The
Stack Fallacy,” and it was
about why it’s so hard for
companies to move up the
stack, [into a different layer
of the market,] in terms of
their technology products.
When you move up the
stack, you tend to be dealing
with a very different set of
customers, and people, and
individuals using your products. And so, if you’re building
infrastructure,
large-scale
data centers and large-scale
computing
environments,
that’s a very, very different
problem than building business applications.
MR. KRIM: But isn’t that what
Google has done with Docs
and Sheets, and those things?
MR. LEVIE: In terms of enduser productivity tools, absolutely. But in terms of actual
systems that are going to
work across an entire enterprise to help you manage,
share, store, collaborate
around, add workflow to all of
your data—we think that’s
just a very different problem.
We live in a world that is
going to be incredibly heterogeneous. There are going to
be a lot of different kinds of
systems. And as the world
gets more heterogeneous, you
actually need different platforms in different parts of the
stack to be agnostic to the
other kinds of applications
that you’re using.
That is largely what our
role is at Box. One day you
might be using Office, the
next day you might be using
Google Docs, the next day you
might be using Adobe, the
next day you might want to
access files from Salesforce.
You need something that’s going to be able to broker how
you do all of that sharing, and
all of that organization of
your information. We sort of
live in between the infrastructure world and the SaaS [soft-
ware as a service] world.
Opening up
MR. KRIM: We asked the CIOs
here if, as they migrate applications to the cloud, they see
themselves using multiple
vendors for various applications or going with a more integrated solution. Overwhelmingly they said multiple
vendors. What do you say?
MR. LEVIE: In the cloud model,
you no longer have the technological reason to require
products to come from the
same vendor. Assuming you
have at least a federated security model, a federated analytics and identity-management model, the cost of
working with multiple vendors has gone down precipitously. And being able to get
best-of-breed applications at
each layer of the stack is going to drive far more innovation within the IT sector.
Even the biggest tech vendors are recognizing that the
world is going to be heterogeneous, and they have to open
up to companies that otherwise would be competitors.
Last
week,
Microsoft
opened up Office, so now you
can get access to all of your
Box files from Office on your
iPhone. You can do real-time,
collaborative editing with Office online. It’s shocking to
say this, but Microsoft has become dramatically more open
than Google, just in the past
couple of years.
THE WALL STREET JOURNAL.
Wednesday, February 10, 2016 | R5
JOURNAL REPORT | CIO NETWORK
Where Virtual
Reality Is Heading
Virtual reality is getting a
lot better at simulating the
real world. Just how good is it
going to get, and how fast?
And what’s the best way to deploy the technology for consumers and businesses alike?
The Wall Street Journal’s
Geoffrey A. Fowler spoke to
Jeremy Bailenson, co-founder
of Strivr Labs and director of
the Virtual Human Interaction
Lab at Stanford University.
Here are edited excerpts of
their discussion.
A new experience
MR. FOWLER: So what can VR
do that you can’t just do with
a computer screen?
MR. BAILENSON: My Ph.D. is in
cognitive psychology. And
what I study is how the brain
responds to virtual reality. It’s
all about your movement.
There’s a theory called embodied cognition, which is people
learn by moving and doing
stuff. When VR is done well,
there are no gadgets. The interface goes away. It’s as if
you’re in a space. You could
make somebody fly to the
moon. You could put them underwater. We can do that in
VR, and the brain treats it as
real.
MR. FOWLER: How are some
businesses using this right
now?
MR. BAILENSON: This is going
to sound a little bit narcissistic. But right now, probably
the only true B2B success of
VR where VR has migrated
from the living room to businesses at scale is in the
sports-training world. This
company, Strivr, that I cofounded. There are over 75
systems being used across the
country in teams. They’re using it day to day where athletes get to learn decision
making. They get to practice
plays. And fans get to experience these.
MR. FOWLER: In your lab,
you’ve been also working on a
number of other experiments
and programs for businesses.
What are some of them?
MR. BAILENSON: In 2003, a
woman approached me and
said, “Can you build better diversity-training software?”
When I do diversity training, I
either sit in a room and I
watch actors do banter or I do
an online driver’s-ed type
[thing]. It doesn’t make me
think about women, issues of
race, in a way that’s compelling. In VR in 2003, what we
did is you stood up, and you
put on this helmet, and you
walked up to a virtual mirror,
and you saw yourself in the
mirror.
As a white male, I would be
transformed into a woman of
color. I would then experience
prejudice firsthand, meaning
another avatar would walk in
the room and would say horrible things to me about my
race and about my gender. For
about 12 years now, we’ve
been running study after study
showing that feeling discrimination firsthand while walking
a mile in someone else’s shoes
is a better way to change attitudes and behavior.
MR. FOWLER: The equipment
that allows consumers at
The Language of the CIO
Andy Bryant on how chief information officers
need to hone their communications skills
Chief information officers
can sometimes feel as if they
are talking to a brick wall
when they make pleas for
more funding and new projects. Sometimes, it’s because
they need to improve their corporate communications skills.
Wall Street Journal News
Editor Ted Greenwald talked
to Intel Corp. Chairman Andy
Bryant about how CIOs can
get their points across to
boards and fellow executives.
Edited excerpts follow.
MR. GREENWALD: As a former
chief financial officer, how
would you advise CIOs go
about building productive relationships with their CFOs?
MR. BRYANT: Actually, you
could ask my CIO, and he may
say, “He’s not so good at that.”
In my time, I learned that CIOs
and CFOs almost don’t speak
the same language, until they
learn to work with each other.
One time, I had a CFO and a
CIO working for me, and I saw
them talking past each other.
Because the CIO would say, “If
we approve this project, I can
save, on our run rate spending, $10 million.” And the CFO
said, “I don’t believe it.”
They fought for a while.
And I looked at the CIO. I said:
“Simple question. Explain the
detail. How do you explain $10
million?”
[The CIO said:] “Well, instead of having people take orders, we can now have the machines take orders. And we
can save that cost.”
And I said, “So his [the
CFO’s] problem is, what happens to those people?”
[And the CIO says:] “Well,
what happens to those people
is they go to this other project
I want to work on.”
So the CFO looks at it and
says, “You didn’t save me anything. All you did was fund a
project that I didn’t care
about. So now let’s talk about
how the savings comes, how
it’s going to be applied.”
You have to go beyond the
first-level analysis. But once
you realize you both are trying
‘Help me understand
again what the
problem is.
But you started
by trying to
blackmail me.’
to do the right thing, you both
are very passionate about
what you do and you speak
just a little bit different language, you get those two on
the same page, it’s amazing
what can be accomplished.
MR. GREENWALD: How can
CIOs demonstrate return on
investment?
MR. BRYANT: There are interesting ways. For example, in
the example I just gave, they
could have said, “No, we’re going to actually save that money
by letting these folks leave to
different jobs, or we may do a
layoff, but we will have a real
savings.” You can actually find
real ways to save money and
document it. And then you can
come back to the CEO and say,
“These 100 people I saved, I’d
like to reinvest them.” Now,
that’s a new decision.
The CFO will say, “I got my
savings. And now the CEO’s
making a decision about a new
investment. I can live with
that one.”
The place it really gets hard
is what we used to call faith investments. I do believe you
have to have some faith investments. A CIO should, every now
and then, say, “You’re going to
have to trust me on this one.”
MR. GREENWALD: Let’s talk
about the CIO’s relationship
with the board. As a chairman,
and also as a member of sev-
MORE AT WSJ.COM/LEADERSHIPREPORT
n Stewart Butterfield, Slack CEO, says eventually all organizations
will use communications apps like Slack
n Peter Sondergaard, head of research at Gartner, on how
companies can make the most of their IT spending
n Ben Golub, Docker CEO, explains what digital containers are—
and who uses them
n Tom Reilly, CEO of Cloudera, talks about his company’s
challenges helping customers make the most of big data
eral other boards, what advice
would you give to CIOs looking
to strengthen that relationship?
MR. BRYANT: I’m going to start
with a negative. What I typically see from the boards I’m
on is the CIO comes in and
says, “If you don’t give me this,
we will die. It’s over.” And you
just kind of say, “Wow, that’s a
big statement. Let’s go through
this in some detail.”
And they say, “Look, I need
X dollars. And if you don’t
give me the X dollars, we’re
going to be breached. When
we’re breached, the penalties
will be enormous.” And you
say, “OK, if I give you X dollars, then we won’t be
breached?” No sensible CIO is
ever going to say, “Well, yeah,
we still will be.”
Help me understand again
what the problem is. But you
started by trying to blackmail
me. Don’t do that. You’ve made
it a budget pitch. Don’t do that.
Come in to me and say, “Look.
First, I’m going to educate you.
Here is what we do. Here are
the problems we’re solving.
Here are some things we’re
worried about. Here’s the magnitude of those. And by the
way, yeah, we’re going to eventually be breached. However,
there are some inexpensive
things we can do to help and
some expensive things. Let’s
talk about those.”
MR.
GREENWALD:
Should
boards include the CIO?
MR. BRYANT: Yes. If I’m designing a board in today’s world,
to have CIO knowledge is important. And by the way, we
don’t have one. We have people who are in enterprise-type
solutions. So we have people,
I’ll say, on the periphery. But
based on today’s world, I
would say yes. I would also
say I want that CIO on my
board to be a business strategist as well as a CIO. You have
to be both. I want somebody
who can take that capability,
understand the business strategy that goes with it, and help
me figure out how to get
through some of these waters.
GENESIS PHOTOS/DOW JONES (2)
Jeremy Bailenson says VR has the potential to
change the way users feel—and behave
‘In five years, being
fairly conservative,
it’s going to feel
like you’re here’
home and businesses to use VR
is becoming available. Help us
imagine. What are some other
uses that folks might be trying
here? Are we talking about
teleconferencing?
MR. BAILENSON: My dream has
been to build a system that
[lets you] feel present. I mean,
we’re here. We have eye contact. We shook hands. If I can
perfect a virtual handshake, all
these women and men who
flew here, they wouldn’t need
to fly here.
In five years, being fairly
conservative, it’s going to feel
like you’re here. My one-liner
is, “You should travel when
you want to, not when you
have to.” We can build avatar
systems that replicate what I
call the virtual handshake.
There’s all sorts of wonderful
things that’ll happen.
Lasting effect?
MR. FOWLER: The premise of a
lot of what you’ve been telling
us is that a VR experience is
going to do something that
you couldn’t do in the real
world and have a lasting impact on your brain. The way
you think, the way you make
decisions. How long can that
impact really last?
MR. BAILENSON: The longitudinal study, seeing how long
these effects last, it’s hard to
do. There have only been three
longitudinal studies on the
planet in VR, and I’ve done
two of them. Whenever we
look, VR lasts longer, say, than
watching a video. We’ve done
studies where we force you in
virtual reality to cut down
trees with the goal of teaching
you how to recycle paper.
What we’ve demonstrated, if
you look at somebody a month
out, they are still going be
more conservation minded.
They’ll actually use less paper
later on.
MR. FOWLER: So cutting down
a virtual tree makes you buy
less toilet paper?
MR. BAILENSON: It makes you
use less paper in your daily
life when we track it unobtrusively.
MR. FOWLER: The technology
has gotten a lot better even in
the last year. But it still
doesn’t feel like I’m in this
room. It feels like I am looking
through a screen.
MR. BAILENSON: I don’t think
you’ve done great VR. When
VR’s done well, you have this
experience called presence.
And let me just push a little
bit about that.
In 2001, I presented to the
Federal Judicial Center, a
bunch of federal lawyers and
judges, about how to use VR in
the courtroom.
The home-run demo we
have is called The Pit. It’s a
demo that we have developed
to treat fear of heights. [It’s
designed to seem like] a big
pit and we put a rickety plank
over it.
We had a gentleman. He
was a federal judge. He was
probably in his late 60s. He
probably weighed north of
280. And when he went up to
The Pit, he virtually took a
wrong step, fell off the plank.
And the gentleman literally,
because he was terrified, dove
at a 45-degree angle to try to
catch the lip of the plank. In
front of a room of 300 judges
and lawyers.
But it gets worse. His face
was going right toward a
sharp corner. He completely
forgot he was in the physical
room. So in one move, I had to
dive and knock him down to
redirect his trajectory. It was a
really big deal. No one got
hurt. No one got sued.
MR. FOWLER: Doesn’t VR have
equally large or even maybe
greater potential for evil? Because you are totally controlling someone’s experience.
MR. BAILENSON: VR is no different than the written word
or video. It can be used for
wonderful purposes. Or it can
be used for evil. And it’s up to
us to do the right thing.
THE WALL STREET JOURNAL.
R6 | Wednesday, February 10, 2016
Cognitive security is here.
In a world where everything is connected, everything is
vulnerable. IBM uses cognitive technology to help
protect the critical assets of your business. It senses
and helps detect millions of hidden threats from millions
of sources and continuously learns how to defeat them.
When your business thinks, you can outthink attacks.
outthink
threats
ibm.com/outthink
IBM and its logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. See current list at ibm.com/trademark. Other product and service names might be trademarks of IBM or other companies. ©International Business Machines Corp. 2015.

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz