5 Drivers for Securing The Internet of Things

If you have any doubt at all about the impact of the IoT, consider these facts: 75 percent of the world’s population has access to a mobile device. When you compare the number of connected devices in 2009 (0.9 billion) to the number today, it represents a 30-fold increase. It is estimated that over 26 billion devices will be connected to the internet by 2020.

Along with the massive growth of IoT is the growth of corresponding security issues. As connected devices increase, so does the amount of data generated and transferred by these devices. As more data is transferred, the number of pathways and parameters for the cyber criminal to exploit also increases. It all adds up to the need for more protection than ever before.

Vital role of the CISO

As the world of IT security transforms to meet this exponential growth, the role of the CISO becomes vital in terms of defining the IT security strategy.

Before IoT, the IT and Operational Technology (OT) layer were controlled and secured differently; IT security focused on the confidentiality of data and network infiltration, while OT security emphasized physical security, safety and business continuity. Now that more devices are connected to the internet, the OT layer has become increasingly IP enabled, making it more vulnerable. Traditional security models must adapt, and the CISO must create a unified IT security strategy.

Attention to the following key drivers will assist the smart CISO with devising a strategy that truly works in securing the IoT:

1. Layer visibility. The OT layer, the IT layer and any other layers of the network should have visibility and be encompassed by an overall, unified security plan of action. No layer or device should be exempt.

2. Threat visibility. New devices mean new loopholes and threat vectors. A sound strategy should take into account not only existing vulnerability, but potential vulnerability, as soon as a device is connected to the network. A real-time threat assessment and definition that works around the clock is key to preventing new attacks.

3. Platform visibility. The creation of a monitoring apparatus that is agnostic is vital in today’s software platform environment of continuous updates, open source and self-imposed redundancy.

4. Network encryption. Point-to-point and point-to-multipoint encryption should be based on network segments, network protocols and network flows. In other words, internal networks in their entirety must be encrypted to ensure security long term.

5. Automated remediation. The end-goal of IoT security should be an approach that requires no human intervention. Automated, immediate security control utilizing machine-to-machine intelligence is a key to not only a successful, but also cost-effective unified security strategy.

IoT growth poses challenges for the forward-thinking CISO as scale increases, scope broadens and the need for cohesive cooperation increases. Those who consider the above drivers can develop a security strategy that will address these challenges and pave the way for the organization to take advantage of the opportunities the IoT also brings.

Read More

Key Security Tactics to Help Protect Your Business from a TalkTalk hack

Isaac George, SVP & regional head of digital transformation company Happiest Minds UK, discusses the increased number of security threats UK organisations are exposed to following the TalkTalk hack.

Cyber crimes are not only occurring with mounting frequency in today’s wireless world, but they are also becoming increasingly sophisticated and widespread.

Just this month, major UK telecommunications, internet access and mobile network services company TalkTalk was the latest in a long line of brands to face media scrutiny after its website was breached by a significant and sustained cyber-attack.

The company said it was “too early to say” how many of its customers had been affected by the attack but credit card, bank account details, names, addresses, dates of birth, email addresses and telephone numbers could all have been accessed.

With a criminal investigation now underway, it is not yet known what the nature of the attack was, although early insight suggests that it may have been a distributed denial of service (DDoS) attack, where a website is hit by waves of traffic so intense that it cannot cope.

However, a second school of thought believes that the DDoS attack may have been a smokescreen to distract the organisation’s defence team whilst the cyber criminals set in practice their real objective of stealing data.

Should the second school of thought be accurate, this may even have been an Advanced Persistent Threat (APT).

What sets Advanced Persistent Threats (APTs) apart is the nature and scope of the attack as they stealthily exploit vulnerabilities over a period of time.

Gartner puts it simply:
‘Advanced’ means it gets through your existing defences.
‘Persistent’ means it succeeds in hiding from your existing level of detection.
‘Threat’ means it causes you harm.

Once inside the network, APTs move around surreptitiously, seeking out sensitive data rather than disrupting systems and raising red flags.

These attacks are well coordinated and have very specific objectives that target key users within the organisation to gain access to high-value information – be it top-secret military or government documents, trade secrets, blueprints, intellectual properties, source codes and other confidential information.

The worst part is that no organisation, irrespective of size or type, is immune to these attacks.

What is clear, whether it turns out to be DDoS, APT or another means of cyber-attack, the bottom line is that many of today’s businesses are relying on basic security defences like firewalls, anti-viruses and spyware that are dealing with APTs, and other means of attack, conceived years ago.

Which means it is only a matter of time before our traditional cyber security systems will be faced with the next generation of attacks and it is unlikely that they will succeed.

It is now imperative to develop a layered security approach that will amp up the security arsenal with a 360 degree visibility into all corners of the network.

Forewarned is forearmed – Key elements to APT defence

Unfortunately, there is no magic wand to combat APTs. The stealthy and random nature of APTs makes it a daunting task to predict attacks. Daunting, but not impossible.

The time has come for organisations to move beyond a perimeter-based ideology to a more comprehensive and multi-layer security approach that ensures continual protection even in the case of a breach. The critical elements to a successful APT defence lies in an intelligent combination of defence, analytics and a proactive incident response plan.

1. Know what to protect

The first step in any APT defence strategy is knowing what assets to protect. Once this data is sorted and classified, it provides a bird’s eye-view of pieces of your infrastructure across storage, security and accessibility across devices and endpoints.

2. Assess your security loopholes

The next step is to identify and categorise the most-at-risk information systems and high liability assets that link back to critical data. Assessing these systems enable us to prioritise protection and remedial plans against potential vulnerabilities. It is especially important that risk assessment is an on-going process to keep abreast with the ever-evolving threat landscape.

3. Shore up monitoring and detecting capabilities

Comprehensive monitoring off all inbound, outbound and internal traffic network is imperative to contain the scope and impact of a potential attack. Additionally, advance detection and real-time analytic tools in conjunction with traditional security solutions enable organisations to identify malicious activities as and when they occur.

A truly effective solution lies in the ability to differentiate normal and anomalous traffic patterns or activities generated by any IP-based device that connects to the network. By applying threat intelligence through analytics, these real-time insights allow for immediate isolation and remediation to stop the attack in the early stages.

4. An informed user is a safe user

The fact that APTs are often employed in the form of phishing emails, employees are the most susceptible targets. It does not take much to trigger a malicious code through an enticing link or attached file.

Security education and training makes employees aware of the potential security pitfalls of BYOD and cloud services. It also places some level of responsibility on the employees themselves to ensure that sensitive data remains secure.

5. Put an APT incident response plan in place

It is absolutely vital for an organisation to have a carefully crafted and up-to-date incident response plan in place.

It helps guides the organisation in quick identification and response in controlling a potential breach. This is what ultimately determines the effectiveness of the organisation’s response to an attack.

Staying ahead of the APT curve

The complex nature of APTs pose huge challenges to our standard security defence systems. On the flip side, they provide a much-needed impetus to reassessing frameworks and utilising solutions that are scalable to protect the entire organisation.

This latest attack against TalkTalk’s website is a huge wakeup call to the business community at large around the perils of delaying taking positive action against cybercrime. Is it not easy to secure your business against every type of attack, but the fact remains that a multi-pronged and layered approach to security is no longer an option but a must-have.

If you need convincing, you only have to look at the huge financial and reputational losses that will ensue for TalkTalk.

Isaac George is the SVP and regional head at infrastructure, security and product engineering services company Happiest Minds UK

Read More

Our Primary Focus is Disruptive Technologies

Happiest Minds is a next-generation digital transformation, infrastructure, security and product engineering services company, with 100+ customers and 1600+ people, spread across 16 locations. Happiest Minds’ philosophy is simple - 'Happiest People make Happiest Customers'.

In this interview for the Design in India series, Babu K C, General Manager and Head, Hardware Practice, Kiran Veigas, Associate Director, Corporate Strategy and Marketing, and Divya Sasidharan, Engineering Manager, from Happiest Minds, talk to Dilin Anand and Priya Ravindran of EFY.

Q: Could you introduce us to Happiest Minds?
A: Happiest Minds is the youngest information technology (IT) services company in India. Having started about four years ago, today we have 1600+ people catering to more than a 100 clients. Our geographical focus areas are the United States (US), Europe and India, in that order. Like the company name suggests, our vision is to keep the employees and customers the happiest.

Q: What is your unique selling proposition (USP)?
A: Hardware practice at Happiest Minds works on all the phases of a product design from concept to production. Given the high-level requirements of the product, we work with the customer to understand their needs and arrive at the specification document, after weighing the viable alternatives. Once the specifications are approved, we go about the product drill, from design to testing and certification, till the product is ready for manufacturing.  Having the capability to offer a turn-key product solution, involving hardware, field-programmable gate array (FPGA), firmware, mechanical design and application software is our unique selling proposition.

Q: What are the niche technologies you work on?
A: Our main focus has always been disruptive technologies. About 85 to 95 per cent of our work revolves around this and that is how we bring about a paradigm shift in the way we think and the way we execute. Next-gen technologies like big data and analytics, cloud, mobility, middlewareare all part of this package.

Q: Your speciality is disruptive technologies. Do you have a separate team for this?
A: Our three business units are Digital Transformation & Enterprise Solutions, Infrastructure Management & Security Services and Product Engineering Services.

Digital Transformation group enables organisations to make a tangible impact in areas like customer experience, business efficiency and business innovation, by taking a disruptive approach in building platforms, integration, processes and insights.

Infrastructure Management and Security Services group helps organisations to improve agility, flexibility, security and interoperability of the enterprise infrastructure for next generation digital transformation.

Product Engineering Services is focused on four specific domains. They are the Enterprise Domain that caters to enterprise independent software vendor (ISV) customers, Customer Platforms focusing on e-commerce, media and entertainment, Internet of Things (IoT) focusing on industrial, automotive and building automation, and Data Center Technologies (DCT) focusing on software-defined networking and data centres.

Q: Could you take us through the post-production support you offer?
A: Post-production support becomes very important as there could be changes coming in at the component level or even from the customisation front, after design closure. Over the last few years, post-production support has become a lot easier with the fabrication house also experiencing a variety of designs. Today, it is not always required that the engineer has to personally go and interact with the fabrication house; a lot of it can be done remotely.

Q: How would you go about telling your clients what you do?
A: We go by experience. Having worked in this field for about four years now, we have loyal customers who come back to us for their next product. They also spread the word, and the references increase our customer pool. Also, with the slowly increasing trend of research and development teams facing the media, thought leadership at events and technical publications, the 'getting-to-know' part is becoming a lot easier.

Q: Tell us about a few of your projects.
A: We have done several processor board designs in the past, mostly based on Intel/ARM processors. Recently, we designed an ARM-based storage server that was quite interesting and challenging too. The interesting part was that it was powered using a 64-bit octa-core ARM processor, a new entrant to the server family. This is a multi-processor system that uses peripheral component interconnect express (PCIe) Gen 3 technology for interconnections to numerous boards.  Currently, we are designing a similar system based on Intel Xeon and Atom processors for micro-server applications, which uses high-speed technologies such as PCIe Gen3 and double data rate fourth generation (DDR4) memory modules.

Q: Could you tell us about your work in the industrial domain?
A: Another interesting area is industrial automation and control. We are presently working on one such system for controlling heavy machinery. The system will have precision sensors that sense target parameters like position, velocity, direction and temperature, which are then compared with pre-set values. In the case of a deviation from the desired outcome, the system has to take corrective actions like varying the speed or updating the position of the tool.  The precision and timing required to realise such a system is utmost challenging as everything has to happen in real-time, not forgetting the fact that it has analogue, digital and high-voltage signals, all running on the same board. So, the choice of the processor becomes extremely critical. To guarantee real-time performance, we are using field-programmable gate array (FPGA) for some of the critical paths such as proportional integral derivative (PID) loops, high-speed counter interface and analog-to-digital converter/digital-to-analog converter (ADC/DAC)  interfaces.

We have also worked on other single board computers (SBCs) targeting industrial applications based on high-end Intel processors.  We are looking forward to working on more such challenging projects from the industrial domain.

Q: What about your interests in the test and measurement (T&M) sector?
A: We have been working on an array of T&M boards dealing with high-speed interfaces like serial-attached small computer system interface (serial-attached SCSI), PCIe Gen4, serial advanced technology attachment express (SATAe), universal serial bus (USB) 3.0, DDR4 and a variety of form factors ranging from small form factor(SFF)-based storage devices to small-outline dual-in-line memory module (SODIMM), unregistered dual-in-line memories (UDIMMs) and a few custom form factors targeting specific end-customers. These boards tap high-speed signals from live systems-under-test and are expected to induce minimal noise into those systems. The main challenge here is the speeds at which these interfaces work and the kind of signal integrity (SI) that has to be achieved. During design, these boards are run through multiple levels of SI simulations to ensure that the highest level of signal quality is achieved. In many cases, the high-speed traces are exposed, so as to have minimal propagation delay through the printed circuit board (PCB). Sharp bends are not allowed on these traces, and instead, arcs or curves are used. Back-drilling technique is used to make sure that the stub length on these traces is a bare minimum. In short, the layout of these boards demands the most stringent constraints.

Q: From a PCB perspective, what are the factors that determine signal integrity?
A: The choice of materials used to fabricate the PCB and even the type and quantity of solder used to assemble the components can create an impact on the signal quality and these are very carefully selected.

Q: Talking about boards for T&M equipment, how do you go about testing those boards?
A: Simulation rules the roost here to arrive at the best design. First, a golden board is arrived at, which behaves exactly the way we want it to. All other boards are then tested against this board.

Q: Tell us what you do in the IoT arena.
A: We have a separate practice for IoT projects.  We are already developing new IoT products and also adding connectivity to existing products for our customers. We do all the building blocks for IoT including the hardware, firmware, mechanical enclosure, cloud interface and complete product compliance certifications, and deliver ready-to-manufacture designs.

Q: What is the most exciting IoT project you have worked on?
A: We worked on a lighting control solution project recently. Instead of walking to the switchboard and manually turning on/off lights, you operate it via a mobile phone. You can also access your lights remotely from anywhere in the world, as long as the devices are connected.

Q: How do you see the growth of independent design houses (IDHs) in India?
A: India-based product design houses have a good future. There is a lot of untapped potential for services companies offering hardware/firmware design services. There are several players in this field already, but there is space available for more.  India is traditionally known for software outsourcing, but our hardware or complete product design capabilities are not well-known as it is not marketed well like the software. I think people should come forward and start new ventures to offer product design services for India, as well as for global clients. There are challenges like lack of component industry in India, complicated customs rules and related delays in importing parts, but these can be solved with appropriate help from the government.

Read More

CeBIT INDIA 2015

CeBIT INDIA 2015

Date: 29- 31 October 2015

Venue: BIEC, Bengaluru

CeBIT INDIA 2015: New Perspectives in IT Business. Discover Digital Business Solutions Marketplace.

Happiest Minds is an Exhibitor at the World’s leading Business IT and ICT show – CeBIT!

Business is going digital, with traditional processes and business models now undergoing massive digital transformation. At the event, experience the ‘Digital Marketplace’ and understand what new technology can do for your business, discover early, talk to technology innovators & solution providers at CeBIT INDIA 2015!

Visit us at Hall-1, Booth A-23 to experience Digital.

Puneet Jetli– CEO, Digital Transformation and Enterprise Solutions(DT&ES) Business will be in a panel discussion on "Diconomy - The shared economy - making it all work together" on 30th Oct from 11:15 AM to 15:15 AM.

For more details click here http://www.cebit-india.com/

Read More

Disruptive Technology Roundup - Product Engineering Services

Cloud computing is the foremost among the disruptive technologies that rule the IT industry.  Organizations are leveraging public cloud for reducing the infrastructure costs and also for a faster delivery of technology projects. Since the data moved into the cloud is often dependent on the application that creates and maintains it, it is vital to integrate the SaaS apps in the cloud with the existing on- premise software. Configuring these multiple SaaS applications to share data in the cloud is crucial in determining the success or failure of cloud projects. Instead of choosing the richest SaaS application, organizations should consider the performance of the app and its ability to integrate into an overall portfolio. It is crucial that the app purchasing decisions need to consider operational performance metrics beyond features and functionality, and how new SaaS apps will contribute to the way the business runs in the future. In this age of Big Data, where large chunks of data are analyzed for churning out Business intelligence and insights, organizations should consider the SaaS vendors that provide access to their own data with better performing and efficiently integrated SaaS applications. 

Businesses are moving into an age of innovation and disruption with the influence of new age disruptive technologies including IoT and Big Data. When everything and everyone gets connected into an integrated global network, the safety of data from unauthorized access, dissemination, and usage is a matter of greater concern. Organizations are now searching for new ways and means to protect their assets from cyber security breaches. At a time when traditional security measures become inefficient, a major rethink of the existing cyber security systems and strategies is the need of the hour. The global cyber security industry is going through a fundamental change and is growing to address the cyber security challenges in the age of IoT. With IoT creating innovations and disruptions in the business world, parallel innovations are happening in the cyber security space also to address the IoT security threats.

Technology space is witnessing a major upheaval with the new disruptive technologies changing the way businesses are carried out. Cloud, Social, and Mobile are converging and accelerating one another to give rise to a constant access paradigm consisting of:

Continuous Services – solutions will increasingly need to be cloud-based to ensure they are always available on-demand and can be consumed on demand.

Connected Devices – proliferation of the number and types of devices that allow users to be continuously or intermittently connected to the internet and with one another.  

With a combination of agile methodology, experienced architects and pre-built components, Happiest Minds deliver Product Engineering Services on 4 specific domains: Enterprise Domain catering to Enterprise ISV customer, Customer Platforms focussing on E-Commerce and Media & Entertainment, IoT focussing on Industrial and Automotive & Building Automation and Data Center Technologies (DCT) focussing on Software Defined Networking and Data Centres. A strong team of technical experts to offer Architecture and Engineering services, well-defined methodologies, frameworks and product engineering processes and standards make Happiest Minds a preferred partner for Product Engineering Services.

Read More

Choosing the best IAM Suite for your Organization: Criteria Checklist

Choosing the best IAM Suite for your Organization: Criteria Checklist

An Identity and Access Management solution (IAM) can make or break your organization’s security posture. There is no one ‘right’ solution since the solution that you choose will depend on any number of factors: the size of your organization (will decide the scope of the solution); the level of granularity you need (will decide how feature-rich you want it to be); your budget, etc.

Some criteria to consider when evaluating IAM solutions:

On-premise or cloud-based?

This choice depends on your business objectives. On-premise solutions are perceived as more secure, and allowing the enterprise greater control over the location of data. However, a cloud solution can be implemented faster, is flexible and scalable, and cheaper to deploy. Many solutions in the market today are a hybrid of the two, and may best suit your needs.  

How interoperable is the solution?

Look for a solution that can be easily integrated with various types of directories, any third-party authentication systems that you use, as well all the applications that your employees, customers and vendors need access to.

A point solution or full IAM suite?

The initial payout on point solutions may be lower, but deploying a full IAM suite confers long-term benefits that outweigh the higher upfront investment. A full-features suite covers all aspects of identity and access management, doing away with the need to invest in multiple point solutions; thus reducing complexity as well as resulting cost of integration.

Does the solution offer a high level of automation?

An automated IAM solution reduces effort around provisioning and de-provisioning. For instance, the identity and access components will be integrated such that a change in job role (hence, user identity) will automatically change associated access rights. The automation of provisioning, re-provisioning, and de-provisioning reduces time and effort spent, as well as human error.

Does the solution cover reporting and auditing requirements?

The complex nature of compliance necessitates a tool that goes beyond identity and access management to aggregate and track audit logs. Such tools monitor events and alert users to possible compliance violations.

Does the solution offer self-service features?

Self-service features enable productivity. Features such as password resets and unlocking accounts, when available through a secure and self-service portal, take away the necessity for a fully functioning help desk, driving down costs and increasing the efficiency of employees.

Does the solution have a friendly, customizable user interface?

A solution with sophisticated dashboards offers a high-level overview that is of great value to business users.

Finally, look for a solution that is scalable and highly available, especially when it comes to key functions such as provisioning, authentication, and access management. Additionally, it should not just answer your current needs but also have the potential to evolve and scale up to meet planned future needs.

Last Word

As important as the solution is the implementation team that you choose to deploy it. A good implementation partner can ensure quick deployment with a rapid return and minimum business disruption. To determine the right implementation partner for your needs, consider:

·         Location (single point or multiple) and geographical reach of the company

·         Skill base and service offerings

·         Managed Services capability (if that is what you are eventually heading towards)

·         Agility and flexible pricing models

·         Expertise in the chosen solution

·         Ability to offer round-the-clock support

·         Service Level Agreement

Look for an implementation partner with the necessary expertise, resources, and capabilities to help you with a complex implementation and post-implementation support. Do not forget to ask around and listen to what the market has to say about the company.

Read More

The Critical Success Factors for Digital Transformation Programmes

Right now it feels like the whole world is moving to digital at breakneck speed. Banks, insurance companies, retailers and large manufacturers are all looking at how they can digitally transform the organisation to keep up with customer demand, business expectations and compete globally.

However, while digital transformation is becoming all-pervasive agreement on what digital transformation actually means, how to leverage its potential, and most importantly how to make a digital transformation project a success still remains elusive for many.

Digital transformation can be viewed holistically as the confluence of SMAC (social, mobile, analytics and cloud) technologies, cutting through business processes, enabling agile & secure infrastructure, leveraging IoT & connected devises, driven by seamless integration into (and upgrading) of current IT systems and underpinned by actionable insights for sustainable differentiation across customer experience and business efficiency.

See also: Cloud strategies for digital transformation

In fact, you could argue that customer experience is a big driver for digital transformation projects and will continue to be for a long time to come. What this means is:

The personalisation of content, experience, pricing, recommendation, service and so on; the provision of real-time and aware applications that leverage preferences, insights, context and location awareness; systems or processes that enable on-going customer engagement for deeper insights that drive higher loyalty and advocacy; an omni-channel approach that provides the flexibility and choice for customers to leverage any channel they want;

The business efficiency theme driving digital transformation projects is all around creating differentiation for organisations through one or more of the following: helping an organisation to become more agile and responsive in its ability to identify either opportunities or to protect against threats; taking cost optimisation to the next level by further automating mundane and routine tasks that can be more efficiently handled by intelligent systems; creating better decision making powered by real-time data and insights, rather than by gut-feel and intuition; and unleashing the ability to innovate through the provision of new offerings or different business models.

That said, the key driver for most organisations around digital transformation primarily stems from the fact that it offers tremendous opportunity to enable business differentiation and impact in the market.

It will give many organisations the competitive edge they are looking for - and in some instances change the game in their respective sectors.

However, embarking on a digital transformation programme comes with its own set of challenges and requires an enormous amount of change to the organisation in order to bring in this new approach.

This is a complicated programme of work that involves people, process and technology, which are all equally important.

Here are four critical success factors that will help organisations tap into the tremendous potential that digital can offer:

Transformation

Like any transformation exercise, digital transformation needs to align to business vision, strategy, with the clarity of an implementation roadmap and a series of connected initiatives to achieve the goals.

A digital transformation project with no executive management commitment and support is the most common pitfall for organisations. Point solution implementation without the definition of a roadmap of connected initiatives. It requires leadership buy-in and working collaboratively with a range of key stakeholders.

Complement your capabilities

Assessing your digital capabilities is just the first stage. You then need a plan to get your project from where you are to where you need to be. As this is likely to be a large transformation programme, it is critically important that the project team keeps referring back to their original assessment and plan.

This will keep the team grounded throughout as to why they are going through the pain to get the organisation where it needs to be to advance the business in a world that has become increasingly mobile and progressively digital.

Front & back end

Any digital transformation should look to leverage your current IT investments and systems. If you only focus on digitising the front-end technologies without adequate consideration for the enablement and modernisation of your existing systems, you won’t leverage the full potential and benefits of the digital project.

Multi-functional buy-in

A fundamental review of all your business processes and capabilities is required with a view tooptimise them by leveraging digital technologies. Digital is all pervasive and not something led by IT or Marketing or independent business departments - more than ever it needs a multi-function team.

A multi-disciplinary approach is a prerequisite for a digital transformation initiative to be successful. Companies need to be careful that it does not creates silos & internal competition.

See also: 3 steps to futureproofing a business with digital transformation

Most companies tend to start small with pilots and proof of concepts. That is a good way of getting buy-in, however it needs to be aligned to an overall vison and roadmap.

In my experience if a digital transformation project lacks management or stakeholder buy-in and/or fails to adequately take into consideration its current IT landscape, then alarm bells should start ringing as these two factors are the most common cause of stress, delays and failed digital projects. And remember, timeframes for these types of projects also tend to shrink due to demands from the business.

Try to set a realistic timeframe rather than the timeframe that the business dictates and work with a digital partner that has the ability and agility to deliver what you need. Otherwise you are certain to set yourself up for failure.

Sourced from Isaac George, Senior VP and Regional Head, Happiest Minds UK

Read More

Is An OmniChannel Officer Inevitable?

The rapid advances in the technology landscape and proliferation of digital have taken customers beyond multi-channel to an Omnichannel retail experience. Global retailers that include the likes of Macy’s, Saks and Lowe’s have already moved in this direction enabling customers to shop anytime, anywhere and enjoy consistent and delightful experience.

Omnichannel retail aims at enabling sales initiatives through multiple channels – online, brick and mortar stores, social media, events, mobile, and the usual traditional sales efforts; at the same time creating consistent and uniform customer experience at each sales touch point. The channel operations are connected at the back end to provide the integrated, customer specific information whenever required. The availability of customer information across all channels through regular information sharing enables store representatives and online customers view the same data anytime, anywhere.

However, building an Omnichannel capability is easier said than done. It needs a totally integrated operation across all customer touch points - store operations, marketing, call center, and digital (which includes all forms of non-store-based commerce). This is made all the more difficult because the traditional organizational structure creates siloes.

To take an example, let’s look at product and customer data. Data is generated in-store through point-of-sale systems, e-commerce and m-commerce platforms, the contact center, and other systems.  This information is collected and stored across different systems because retailers have traditionally kept sales channels independent of one another. These systems generally don’t get the necessary attention to turn that data into real information assets. Rather than having a central repository that can syndicate product information out to the various channels, retailers create product assortments based on sales channels.

On the customer side, CRM systems are often struggling to get a single view of the customer. Customer information is among the most valuable assets in retail but it is rarely utilized properly. An order fulfillment system may be the lifeline of an Omnichannel experience but its deployment is usually deferred citing high investment costs, lack of integration with existing systems and lack of time and resources dedicated to deployment.

Technical problems apart, siloed skills create their own issues. Disconnects exist between retailer’s business and technical staff. Open conversations are rare between the Chief Marketing Officer (CMO) and the Chief Information Officer (CIO) around people, processes and technology. There are separate heads for all the functions - marketing, finance, merchandising, HR, stores, who report into the CEO or the President. Very few people who have the holistic understanding of the business requirements are available and all of them are among the topmost C-level executives. Unfortunately their hands are always too tied up to take up and drive an operation like the creation of Omnichannel retail capabilities.

Organization level ownership, commitment and accountability is needed to break these silos and to drive synchronization and alignment. Since such a capability cannot be built without active involvement, monitoring, facilitation and support from the leadership, the creation of a dedicated senior level position responsible for Omnichannel becomes an imperative for the success of this initiative. This will be the omni-channel   officer or Chief Omni Channel Officer, who has a good understanding of all the customer touch points, a holistic understanding of business needs and a direct reporting to the top leadership.

The Chief Omni Channel Officer will manage the development of strategies that will integrate the company’s stores, online and mobile activities; take on responsibility for systems and technology, logistics and related operating functions. It could also be a position different from the traditional Chief Marketing Officer (CMO) in the sense that it is becomes a P&L role where he/ she will also be looking after revenue generation activities along with a reasonable share of the profitability. Chief Omni Channel Officer will look after the store level/ digital level execution and will also be responsible for the ROI on marketing investment. Undoubtedly, the Chief Omni Channel Officer will have to play the prime role in accelerating digital growth while inseminating an organic acceptance of Omni-channel best practices across all departments of a company in such a way that it doesn’t affect the current high performing channels.

The ideal Chief Omni Channel Officer should be a candidate with an experience in store operations, call center operations, digital and marketing which is very hard to get. Someone with a strong digital/ marketing experience and exposure to the other business functions should be a good enough to handle the role properly.

Essentially, the operationalization of Omnichannel is an exercise in managing change and it should start at the very top with the leadership making it clear in no uncertain terms that this is one initiative that has been sponsored by them. All the stakeholders, right from the customer support executives in the stores to the senior C-level executives should brace up to whole heartedly support the initiative. Ultimately how effective an initiative has been depends as much on how it has been accepted as on how it has been implemented. This is critical to convert the Omni-channel investment into tangible long term returns and strategic advantage.

Read More