Integrity without Complexity


When it comes to having their finger on the pulse of what online consumers want, arguably knows more than any other company. That data-driven and qualitative knowledge carries into the B2B world via Amazon Web Services (AWS). So when CEO Andy Jassy finally introduced the AWS Blockchain portfolio last year based on that highly respected market research, his notable conclusion was that Enterprises primarily wanted a “simple, immutable verifiable ledger” from Blockchain technology. Translated into business speak, that’s “integrity, without the complexity” which justified the related Quantum Ledger Database (QLDB) pre-announcement.

CyberSecurity's killer app


The iconic 5 part NIST Cybersecurity framework is missing a step. In between ‘Detect’ and ‘Respond’ should be ‘Contain’. Damage from cyber attacks is always material to the victim organization (globally totalling a staggering $600 billion or 1% of global GDP in 2018). It’s sadly also career-limiting for upto a third of the teams involved. In a mature cybersecurity ‘assume breached’ strategy, the goal is therefore to minimize and contain this debilitating attack damage, before the inevitable response and incident recovery processes kick in. All of which is triggered by accelerated threat detection time - the killer app for Chains of Custody!

Security Budget Judo


A lot has been written about companies struggling to invest enough in CyberSecurity, given today’s epidemic of data breaches, ransomware, identity theft and other damaging online attacks. However, the discussion needs to be had at the next level of granularity. All budgets across the enterprise are allocated along organizational business unit lines, often divided down through the hierarchy. IT budgets are no different. Conway’s Law basically declares products are a function of their producers’ org charts. That’s a very appropriate strategic framework to apply against escalating security challenges.

VMworld 2019: From Shared Responsibility to Full Accountability


As we enter the 2nd decade of cloud adoption, IT’s primary role has shifted from full stack implementation and delivery of technology solutions, to governance of same by SaaS and Cloud providers. Those providers are responsible for the technology layers, whereas IT assumes responsibility for the security and compliance of data in the cloud. That’s the business view of Shared Responsibility in the cloud.

Can you still Trust your Single Source of Truth?

The torrid pace of Digital Transformation is stretching Enterprise Resource Planning (ERP) financial systems in uncharted directions. Business opportunities to address modern customer requirements also carry new Security, Governance and Compliance risks. The distribution of operational data across many SaaS, PaaS & IaaS Clouds, recently merged/acquired companies, suppliers, distributors, channel partners and end customer Systems of Record, is a new existential threat. Finance teams and other business leaders running their departments with this fragmented operational data, have realized the Single Source of Truth concept born in the Client/Server era is now breaking at the seams.

Facebook Libra - opportunity you didn't read about at launch

(Prologue - I am a public Facebook skeptic due to their numerous privacy and security shortcomings. See my #DataResponsibility blog. However I am encouraged by the steps Facebook’s Calibra Team outlined in the design of their first token offering)

The highly anticipated announcement (not launch) of "Facebook's Blockchain" focused on the many sides of its payment features. Serving the under-banked, removing payment friction for those with credit, tackling global crypto governance, domestic & international regulatory tangents, will all dominate Libra discussion for the foreseeable future. But those topics merely hint at its potential for both good & evil. This key paper of the Libra announcement indicates where the hidden majority of opportunity & risk actually lies.

Data Responsibility: An Open Letter To The Tech Industry

2017 will be remembered as the End of our Data Innocence.

We saw next-level data breaches (Equifax, Yahoo!, SEC, Uber, etc), the #FakeNews epidemic, political weaponization of Social Media, and the recurring threats (both hyperbolic and very real)  on the hazards of unchecked AI.

Data-related events are escalating in public visibility and impact, and pose one of the greatest threats to the advancement of the tech industry that we’ve ever seen. And while it’s easy to sit back and blame criminals, rogue nations or other bad actors, the time for being passive is behind us.