Keith Smith - My Blog

Journal of thoughts

Keith Smith - My Blog > Journal of thoughts

FTX is a great business case study

Tuesday, April 11, 2023 - Posted by Keith A. Smith, in Journal of thoughts

FTX is a "great" business case study and a "great" information security case study.

FTX was valued at $32B. It once managed $719B in crypto and had over 1 million users. Yet, they ignored the basics on virtually every security front.

Here are 6 takeaways from the 39-page control report FTX debtors released earlier this week:

1. Governance - FTX did not have any dedicated cyber personnel and no process for assessing cyber risk, implementing security controls, or responding to potential cyber incidents.

2.  Identity and Access Management - No use of least privilege, no enforcement of MFA on critical systems including Google Workspace and 1Password (even when SBF stressed the importance of MFA on Twitter), and no use of Single-Sign On.

3. Cloud Security - cloud infrastructure and accounts were shared across various corporate entities and no cloud security monitoring or threat detection was in place.

4. Device Security - Employees were able to use personal devices with no corporate security controls.

5. Application Security - There was no focus on continuous security testing. Certain passwords, API keys, and private keys were stored unencrypted.

6. Technical Security - Crypto assets were stored in wallets far more susceptible to takeover.

The culture of control failure extended beyond information security to management and finance and accounting.


View Comments 0 Comments
Share Post   

Goodbye to 2022

Saturday, December 31, 2022 - Posted by Keith A. Smith, in Journal of thoughts

It's the final day of 2022, and we're at the end of this marathon of a year.
It's been a challenging year emotionally, physically, creatively, and spiritually on all fronts. After reflecting out my window multiple times this month, I've learned that I want to achieve positivity, consistency, and autonomy in how I live my life.

Despite all the challenges this year and during the pandemic, I made it to this point, and I'm ready to make significant changes to make 2023 monumental. I'm looking forward to the upcoming changes and exciting opportunities ahead.

We only have one life to live, and our time here is finite, while death is forever. We must make the most out of the time we have here.

So, here's to a new set of goals, change for the better, opportunities, and life.

HAPPY NEW YEAR, EVERYONE!! Wishing you all the best for 2023!

View Comments 0 Comments
Share Post   

Digital Transformation

Tuesday, June 9, 2020 - Posted by Keith A. Smith, in Journal of thoughts

Digital Transformation is not easy, however, being able to leverage technology to make your organization more efficient provides such a competitive advantage that it cannot be overlooked. In this post I share our best practice which we believe will make your digital transformation journey a lot smoother and provide guidance on how to approach your digital transformation.


What is Digital Transformation?

Put simply, Digital Transformation is applying digital technology to change and improve your organization's processes, tools and culture to better deliver against your strategy, or to react to external market factors.

So... what does this mean in reality? This means adopting and applying technology to improve the way that your company or organization works and operates. Some examples would be leveraging automation technologies to become more efficient, using technology to improve the experience of your customers or driving a much healthier culture by embedding collaboration technologies.


Where to start?

The most important thing is to understand what you are trying to achieve. Don't assume that you need to have the latest and greatest tech to stay current, as technology is a tool to help you achieve your goals.

Many people don't know but Apple doesn't tend to use social media, as Apple already has significant brand awareness. Given it would not solve a problem or help Apple be more effective, they don't invest in it as other organizations do. This principal applies to Digital Transformation, apply technology to deliver against strategy or solve a problem, don't apply technology for the sake of it!

If you take only one thing from this post please make it this... Always start with the goal, never the technology!


What are some examples of Digital Transformation?

Some of the most effective examples of Digital Transformation that we have seen and/or delivered have been across the following four areas:

Improving Business Process (leveraging Automation)

Improving Employee Satisfaction

Building a Collaborative Culture

Improving Customer Experience

We will be exploring these examples to provide some guidance for each in a series of future articles on our website and if this post is useful we may share them here too.

For this post we will explore the first example on the list as well as how to approach your transformation.


Improving Business Process (leveraging Automation)

One of the biggest benefits of Digital Transformation done well, is that it can dramatically improve the efficiency of your organizations. Many of the administrative tasks can be automated with the right technology, working to speed up your business processes.

As a simple example of process efficiency using Digital Transformation, organizations can leverage technology to full automate their quoting, sales and invoicing process. Think about Amazon, you see the pricing for the service or product that you wish to order on their website, you buy from their site and you are automatically invoiced. With many organizations, there are whole teams of people who manually develop quotes, engage customers and register sales by phone, type them up and then create invoices.

What if you are not like Amazon and your service is more complex? Let's take the example of an IT Service which manages the laptops for its users (within its end user computing service).

Please note, for brevity we have entirely removed any manager approval from this scenario. The reality is that the benefits and efficiencies are much greater than this.


Scenario 1: No Digital Transformation / Manual Processes

In an organization which had not yet started its Digital Transformation journey, the steps could be as follows:

1 - A user would email the Service Desk to request a new laptop.

2 - Service Desk Agent manually logs a ticket in the company ticketing system

3 - There is a good chance that they would not provide all of the information that the support team needed to get them a new laptop. Do they need a small form factor as they travel a lot? Do they already have a laptop bag and a mouse? These questions mean the Service Desk would need to email them back and then await a response before their request could be actioned properly.

4 - User responds and provides further details and clarity about the requirement

5 - Service Desk agent manually updates the request in the ticketing system and assigns this request to the team that builds and issues laptops. Please note: This can take hours, often days, from initial email before the users' request is with the person who will fulfill it for them.

6 - Laptop team build device to the base build standard but have to contact the user to ask which apps were on their old device and then install them.

7 - Laptop team send the laptop to the user - user request complete at this stage

8 - Laptop team do a manual stock check to make sure that there are enough laptops in stock to fulfill future requests

9 - If stock runs low, Laptop team manually raise a request with the asset management or procurement team to purchase more laptops for the company


Scenario 2: Partial Digital Transformation

However, imagine if the user instead was prompted to visit a Portal (like Amazon's) where they could fill in a form to request a new laptop. This form asked all the right questions about their requirement, such as where should it be delivered and the form factor needed (lightweight 13", 15", 17" etc.) and what apps are needed. This form could raise a request which was assigned instantly to the right support team member to fulfill the users' request.

The steps would be:

1 - User raises request on portal, completing 10 or so questions and providing all required information at point of request

2 - Request assigned to laptop team who build device base build standard

3 - Laptop team know which apps were on their old device from the initial request form and so install them.

4 - Laptop team send the laptop to the user - user request complete at this stage - this took until step 7 in our previous scenario

5 - Laptop team do a manual stock check to make sure that there are enough laptops in stock to fulfill future requests

6 - If stock runs low, Laptop team manually raise a request with the asset management or procurement team to purchase more laptops for the company


Scenario 3: Mature Digital Transformation

For our final example, we have an organization which has been through a full digital transformation. The organization has integrated a number of its systems and technologies so that it can automate cross functional processes. User has the same requirement however this time the user can requests 'a new laptop' using a voice command on their phone, but doesn't need to complete any information.

1 - User raises request using phone saying 'order a new laptop'. The system knows that it should send the device to the user's home address as they are a remote worker. The system automatically recommends a lightweight laptop because the user has an occupational health required registered in the company HR system.

2 - The system also knows that they ordered a bag 3 months ago and it would fit their new laptop so they don't need another and so is able to order the right equipment without asking the user.

3 - The request is assigned to the asset team (note not a laptop team) who simply ship a device which is already built directly to the user - it was pre-built and so never needs to leave the box. The team don't need to install any apps as the software will automatically deploy once the user logs into the device. - user request complete at this stage - this took 4 steps previously

4 - The system also knows that there are now less than 15 of that laptop model in stock and so it automatically triggers an order with the laptop manufacturer for 100 more devices which the IT team can get ready. The system would usually order 50 however it knows the company needs more for the upcoming cohort of graduates which starts every September. All of this was triggered automatically.

These scenarios are example of where Digital Transformation can add a lot of value. The same business processes are being applied, it is just many of the steps are able to be automated or expedited in the later scenarios, as technology has been leveraged effectively.


Lets explore the benefits...

The benefits become clear when we compare them side by side:

If we assume that each step takes half an hour, there is almost 0.5 day of effort saved between Scenario 1 and Scenario 3. Ignoring break fix, every user in your business will likely need a computer which will be refreshed every 3-4 years, which means that you could save an hour of IT effort per user per year, just by automating processes like these.

In a company with 10,000 staff, assuming an average cost of an IT person of $400 per day (so $50 per hour), that means almost $500,000 per year saved from this one process. There are often huge numbers of other processes like this which are great candidates for automation and could deliver significant benefit.

On top of this your customers will be much happier as you will deliver a much faster and much more consistent service to them.


So, how do you approach this?

There a few high level steps we recommend before touching technology. We continue with our example above to help bring it to life:

1 - The key thing to do first is to define what the goal is: We always recommend customers identify some key objectives and measurable success criteria against them. Example Objective: Reduce the cost of IT in the business, without reducing the quality of service. Measured by: £3m reduction in IT operating cost with no reduction in SLA performance against the baseline of May 2020.

2 - Identify and rank Opportunities: In this example we would recommend spending some time analyzing current performance and demand into the service. If 50% of all requests are for a password reset, you would get much more value automating that process than you would from automating the install of an application used by only 5 people in the company. Define a list of automation opportunities and do a very high level benefit analysis against them. e.g. 6,000 password resets per year, which take 20 minutes each = 2,000 hours of effort. At $50 per hour, this could save $100,000 per year. Finally, rank your list by benefit.

3 - Feasibility assessment: Before standing up a project or a team to automate the top items on the list, do a feasibility assessment. If there are processes which rely on legacy technology which could not be automated, then mark them as 'high complexity', whereas if you have some processes which rely on modern systems and could be automated then tag them as 'low complexity'.

4 - Prioritize Low Complexity / High Benefit Opportunities: As with any transformation, Digital Transformation requires changes to the ways that people work. once of the most important things to do early is to build credibility with the people impacted by the changes so that they support them rather than block them. The best way to do this is to gain credibility by delivering value quickly. This is best achieved by targeting the Low Complexity / High Benefit opportunities and so these should be prioritized to the top of your list.

5 - Build a plan and deliver the changes: We are clearly simplifying this step, however from this point, you can deliver these changes as you would any other IT change within your company. You can choose to treat them as standalone projects or manage them as a Digital Transformation Program. We would always advise managing them as a program and we have done this for our customers as it allows the benefit to be tracked and the ways of working to be embedded in a consistent way. They key thing though is achieving the goal from step 1 and gaining the associated benefits. As the CIO/IT Director/Manager within your business, you will have the best idea as to how to deliver effective change within your organization


Any tips for process automation as part of Digital Transformation?

As a matter of fact, we do. We have done this for a range of customers and so can share some lessons which will help when you drive automation as part of your Digital Transformation....

The first is around Automation, you can't automate a process that you don't understand, though many people try to. The first step in your plan for each opportunity should always be to document the process that is to be automated. This should include the inputs and outputs of each step as this forms the data which will be collected and processed by the systems which will be implemented.

The second is to automate in steps. For example, in our scenarios, step 2 would be a good interim step with partial automation, such as auto-assignment of requests to the right groups (which eliminates waste and speeds up the process). This is a much better approach than aiming for full automation right away as it both lets you deliver value quickly but also allows you to test and iterate to make sure that the process still works effectively. Rome wasn't built in a day and there is real value in building momentum behind a successful program.

The final and most important is a repeat of Step 2 above - spend some time identifying the opportunities for processes that you want to automate before you start implementing the technology. Firstly, this lets you do the business case assessment against the opportunities and target the most valuable first. Secondly though, as you then have a good idea of the processes that you want to automate, you can make some sensible architectural decisions which are holistic, rather than making decisions on a process by process basis. This can avoid significant technical debt later on.

View Comments 0 Comments
Share Post   

Though for my day: Things we can do to protect staff working remotely

Wednesday, April 22, 2020 - Posted by Keith A. Smith, in Journal of thoughts, Security

Things we can do as IT pro's to protect staff working remotely
  • Identifying Weaknesses in Remote Connectivity
    • Security Review: Ensuring workers using personal devices to connect to organization resources are properly protected to ensure the organizations network is not exposed to outside threats.
    • Home Network Review: Reviewing remote worker home internet speed or hardware to get the best experience possible, especially over wireless. 

  • Reviewing Workstation & Server Security
    • On Premise Security Review:  If your staff is working remotely, is your office protected from outside threats?  It's important to have multi-factor authentication into all systems when working remotely.
    • Regular Network Maintenance: Continued patching and maintenance of network hardware ensures your systems aren’t exposed to threats. 
    • Regular Device Maintenance: Workers on organization owned devices should have data encryption enabled, anti-virus installed and be fully patched with windows and third party updates.

  • Maximizing Work from Home Efficiency
    • External Hardware Review: Identifying opportunities for remote workers to use additional hardware like printers and multiple monitors.
    • Communications Review: Ensuring phone, messaging and remote meeting access is available to allow for efficient communications.

  • Controlling Costs
    • Licensing Review: Checking for unused licensing and software usage on monthly subscription costs can yield instant results to the bottom line with the IT budget.

  • Reminding Employees of Security Awareness
    • Remote Patching Reminders: Reminding remote workers of the importance of following the normal method for ensuring updates are installed on their organization owned device and personal devices.
    • Email Security Review: Running phishing campaigns to expose training needs for staff in relation to handling malicious emails that harvest personal and organization data.

  • IT Business Process
    • Business Continuity Planning: Create or refresh plans to continue access to key IT business resources and consider how that impacts keeping your business running if key staff are out sick or otherwise unavailable.
    • Password Management Review: Determine the current processes in place for sharing and storing passwords to ensure that other individuals have credentials in the case someone is out sick or unavailable.
    • Communications Review: Identify additional methods and tools you can use beyond email to communicate with workers


View Comments 0 Comments
Share Post   

An old grind with a new journey on the horizon

Wednesday, March 4, 2020 - Posted by Keith A. Smith, in Journal of thoughts

Two years ago, an opportunity came about to return to K12, where I started my career many years ago. I took that opportunity because it would give me a unique chance to see how much things had changed since I left, and I could undoubtedly make contributions that couldn't have earlier in my career. At the time of my departure from K12 circa the early 2000s technology didn't have much of a place in the learning and teaching areas of the classroom. Projectors and Smart interactive devices were being introduced to replace chalkboards; no mobile devices existed for teachers or students. There wasn't any cloud-based anything or many applications either. Any computing was done in a lab under the supervision of an instructor. Most computers were Windows PCs or Macs loaded with applications that were best suited for curriculum and instruction.

Interactive displays such as promethean's and clevertouch panels are now replacing most Projectors and Smartboard type interactive devices. Interactive displays, referred to as "interactive whiteboards" or "smartboards," became an educational trend in the early 21st century as school districts began clamoring to get them. As time went on and more money was spent on whiteboard technology. Sadly, many of those traditional mounted interactive whiteboards became nothing more than very expensive dry erase boards.

At present most districts are either in a 100% Microsoft O365 camp or 100% google for education camp with some that lye in a hybrid of both. Most on-prem server infrastructures are on the decline, just like in other sectors where organizations have adopted various types of cloud services. Wireless infrastructure along with Mobile devices are rampant now and have supplanted most dedicated computer labs with the google Chromebooks being massively distributed due to them being a very cost-effective learning tool for students.

Some things had definitely changed in K12, but some things are still the same ole same and may continue to be that way as time goes on. A new and exciting career opportunity has presented itself to me, and I will be embarking on another adventure in a few weeks.  I plan to start blogging more once again now that I reclaimed sometime that was previously spent on my commuting, I also plan to start contributing to a few of my favorite open source projects in the near future.

Stay tuned!


View Comments 0 Comments
Share Post   

Page  123...4>