Here’s an excerpt from our recent MarketInsight report – Reshaping Information Security.  This section deals with the organizational dynamics related to designing and implementing an information security program around corporate messaging.  You can download the full report here or send me an email for it.

Organizational Dynamics

Curiously, this came up repeatedly as both an obstacle and variable to consider when working to implement or design an information security program covering messaging.  One interesting point of view was that people want to report good news and that this topic, at least in the beginning, is rarely good news. 

Organizationally the Information Security function came out of the IT organization and in many cases reports to the CIO.  It was described as an “immature business function” that can have a “conflict of interest” with the CIO complicating day to day operations.  Further, security alone does not translate to risk management and, in one case, documenting the exposure for a management team was not well received because now something had to be done about it. 

Proactive companies have committees or councils whose purpose is to address the broader content and security issues facing the company and often become a flashpoint for discussions around messaging and proper governance.  These groups can include Legal, Internal Audit, Business Owners, HR, and various shades of IT.

One thing was made clear during our discussions – the more information you get, the more you must act.  So questions around who owns securing intellectual property or who is going to be the “police officer” for the organization must be sorted at this cross-functional level.  After all, it is very difficult to manage something you don’t own and we heard repeatedly that no one wanted to receive “hate mail” from the employees due to a new policy or technology control.  Ultimately, there must be consequences for those that breach the rules and the urgency and enforcement must come from the top forcing, in many cases, divisions/departments to participate.

We continue to get some good reaction to this report we just released.  Michael is a good guy and covers the messaging space pretty thoroughly through his research, writing, and blog.  This article is in Network World’s Unified Communications newsletter.  Per my previous post on this MarketInsight report, let me know if you’d like a copy and I’ll forward it along if you want to avoid the form on our website.

Good article in the Washington Post yesterday about the popularity of text messaging among teens and the implications on the parents from out of control bills.  The story "For Texting Teens, an OMG Moment When the Phone Bill Arrives" profiles a high school junior named Sofia that racked up an $1100 bill at 15 cents a pop. 

If you ever wanted a clear picture on the evolution of communication, here it is.  I posted earlier on this topic with the Generational View of Electronic Communications.

I took the data in the article and did some quick math with a few assumptions to get to Sofia’s number of a text message every 4 minutes.  She used 6,807 in one month so let’s assume a 30 day month and that she has 16 waking hours to text (maybe she texts in her sleep, but let’s go with 8 hours off for sleep).  I’m also assuming this is both sent and received as the wireless companies charge on both ends (at least Verizon does).

That’s 227 messages per day, 14 messages per hour, or 1 about every 4 minutes.

Welcome to mobile instant messaging by the next generation. 

It’s not about voice minutes, it’s about data.  The wireless companies are loving it with traffic doubling last year to 158 billion text messages in the US (according to the CTIA) leaving the still strong 20% growth in minute usage in the dust.  Other interesting nuggets in the story are about texting being the second most popular use for a cellphone right behind using them to check the time (silly me, I use a watch).  Also, text messages are not given their own line item on a bill complete with time stamp and destination like a call detail record – they are reported in a bulk number with no line item detail leaving parents with little understanding of the who and when.

There has been something a bit disturbing happening on the world stage for the past several weeks.  Estonia has been under attack from, what seems, the Russians.  The only difference is there are no tanks, troops, or missiles.  This is the coming in the form of targeted and direct denial of service attacks on government ministries, news providers, and even financial institutions.  Estonia is, according to the Washington Post, one of the "most wired societies in Europe."  Whether this is state-sponsored cyber-warfare (the Russians deny involvement) or the product of rouge or nationalistic factions in either Estonia or Russia is secondary when you look at the apparent havoc it has created from government email disruptions to financial institutions shutting down on-line banking.

The ramifications of this are pretty huge.  NATO seems to be scrambling with how to react to this kind of "hostile action" because it is not a direct military confrontation.  The reasons for the Estonia/Russia animosity are many including most recently the relocation of a Soviet-era war memorial that has proven to be a bit of a flash point.  Ross Mayfield has covered this episode in detail and here is a story in the NY Times on it.

From the Washington Post article:

"The Estonian government stops short of accusing the Russian government of orchestrating the assaults, but alleges that authorities in Moscow have shown no interest in helping to end them or investigating evidence that Russian state employees have taken part."

Think for a moment how our connected society here in the US would come to a halt if our email streams stopped, our on-line banking and information sources were unavailable, and we generally had difficulty in maintaining the connections we have built both by habit and technology over the last many years.  Requires some serious thinking and preparation as more access points are made available and we become ever more connected as a population.

Came across an interesting read this morning via Barry Briggs about this post by John Hagel.  Take a deep breath and power through the write-up as I think there are some good nuggets in there.  These concepts are also brought to life in Chris Anderson’s book The Long Tail

Here’s my layman’s bullet points preceding the graph below:

• This article is about the difference between standard distributions (Gaussian bell curve) and extreme distributions (Paretian power law)
• You should understand the basics of a Pareto distribution from the "80/20" rule
• Examples of Paretian distributions are frequency of word use, sizes of cities, internet traffic, etc.
• Gaussian distributions can become Paretian distributions when "tension" increases (like competition or businesses evolving faster than capacity) AND the costs of connections are decreasing
• Extreme events become more common and are larger/of greater consequence and the natural reaction is to treat them like "outliers"
• The business challenge is to identify emerging extreme events that could impact the landscape as the costs of connectivity decline

Ok..now I have to go lay down.

(Image courtesy of Albert-Laszlo Barabasi, "Linked: The New Science of Networks")

We released this study today based on a series of discussions and events across the US with senior information security and IT professionals in collaboration with The Roundtable Network. 

Pam is a great person to work with and if you are interested in getting the chance to have face-to-face interactions with your target prospects, her roundtable events can’t be beaten.  They are a great lead source, but the conversations will educate you on the operational realities of the problems you seek to solve – great stuff!

The goal of this study was not to prepare a self-serving piece of "research" designed to reinforce all the ills that our products magically fix.  Rather, it was to put together a snapshot of what people responsible for information security are dealing with and what they see coming down the road for the future.  There are several areas where we are relevant, but some issues don’t have the consensus in place yet to justify a technology investment.

Two things rang loud and clear from these gatherings:

1. There is a content deluge due to growing volumes of electronic documents that must be retained, stored and made accessible for retrieval

2. There is a security deficiency caused by ever worsening end-user habits as it relates to the use and misuse of enterprise messaging tools

The study goes on to dig into the areas of e-discovery, information safeguards, understanding how people currently communicate, messaging technologies, and archiving/retention approaches as well as how to navigate the organizational aspects of implementing a solid program.

We distilled five key trends from the conversations:

1. Information security and IT have to build expertise in records retention, electronic discovery and legal matters to better manage legal requests and compliance.

2. The end-user is essential; how employees use available technology and their awareness of authorized usage is more of a concern than the underlying technology itself.

3. The next generation of employees will enter the workforce with personal laptops, mobile devices and software instead of having them provided by the company, creating a new level of control and security issues that IT departments must be prepared to meet.

4. Email is not going to be displaced by another mechanism of communication, but it will be augmented; enterprise messaging will expand to include instant messaging (IM), text messaging and other forms of Internet-based communication and collaboration.

5. Companies must have the organizational will to embrace governance issues and be proactive in addressing them, versus treating them as bad news to be avoided.

I also did a short podcast intro to the report that you can listen to here.  The link to the report takes you through a registration form, so if you’re interested in a getting a copy without having to register send me an email and I’ll shoot you a copy.

A flag waving moment courtesy of the BBC and IMD’s 2007 World Competitiveness Yearbook.  The US topped the ranking of 55 countries with Venezuela coming in last. 

Funny, I thought that whole "nationalize it" thing was going to work out for Hugo.

According to the project director, the US ranking is a function of:

1.  The strength of our financial market (Bud Fox included)
2.  The "ease" that venture capital can be secured (although I am sure there are a few entrepreneurs that would have chosen a different word)

Warts and all, the US economy stays strong due in large part to the free flow of capital and the optimism to build new businesses.

Lots of posts good and bad about the Pew Internet & American Life Project survey – A Typology of Information and Communication Technology Users here, here, here, here, and here.

As with all market research, the results must be viewed critically and extrapolations based on some 4,000 people can be perilous. 

That said, download it and read it. 

I look at this as a freebie market study that sheds some light into behaviors and segments of our on-line society.  I spend lots of cycles on market segmentation and believe behavioral attributes are extremely important – more than industry, geography, SIC code, etc. in many cases.

Find out which group you fit into by taking their survey.  I took it twice and had two results:  Lackluster Veteran and Connected But Hassled.  Maybe I need a few more cups of coffee to improve my mood.

I dug into the numbers a bit to try in attempt to size the segments further making a few assumptions along the way.  My data is from the US Census.

Total US Population (2005):   299,398,484

Under 18 years old (24.8%):  74,250,824

Over 65 years old (12.4%):    37,125,412

Market size (US pop – Under 18 – Over 65) = 188,022,248

So, let’s assume this is the number from which to size the segments.  Here’s a quick chart laying them out:

My takeaways:

We’re talking about a Web 2.0-centric segment size of about 15MM users – not a huge amount given the sheer numbers and variants of companies out there attacking the same people.  These folks are described as tire kickers (my description) and "likely to test drive" or even "invent" new things.  A tough crowd to lock-in as users unless you are constantly pushing out new features and gadgets.

There is a combined segment size of about 50MM folks (Lackluster Veterans, Productivity Enhancers, & Connected But Hassled) that use technology for productivity and exhibit tendencies to adopt new ones even if they are forced on them through the workplace – a more practical/pragmatic group.

There is a sizable segment that is more interested in mobile of about 32MM (Connectors & Mobile Centrics).  Most interesting there is the roughly 13MM "mostly female group of thirtysomethings…heavily reliant on the cell phone."  Be sure to factor that into your marketing plan.

The Inexperienced Experimenters, coming in around 15MM, have a willingness to try new things and could be converted with some marketing effort.

The remaining 77MM or 41% are either satisfied with what they have and not looking for anything new, indifferent to new things, or not connected at all.

Quick thoughts based on a cursory analysis…

I picked this up from AlarmClock who picked it up from Marketwatch and the now departed Bambi Francisco (of recent vator-gate fame).  It’s an interview with Roger McNamee about managing the mid-life crisis of mature media and content companies. Roger is part of Elevation Partners which is the vc firm formed by Bono of U2.

Anyway, a couple of good excerpts that are posted below.  Red highlights the points that I think are key.

Bambi:  You’re a product-cycle investor. Are there any product cycles of
major significance coming up in the tech world that investors could
ride (i.e. Microsoft 
    Vista, Apple’s iPhone/TV? Nintendo’s Wii for video games?)

Roger:  "It’s more of a thematic-cycle trend rather than a product-cycle trend.  That trend is helping people to make better use of their time. Research In Motion’s Blackberries and [Apple’s] iPods are excellent examples of integrated systems that helped people make better use of their time."

Bambi:  What’s the next disruptive technology?

Roger:  "…I also think mobility is incredibly disruptive. I have no idea how that’s going to look. Everything that matters will come on my person.  That’s the thing that disrupts the PC market. The one-sized-fits-all-PC
model is broken. Eventually, PCs will produce shrinkage of demand for
PCs in the developed world. Apple’s iPhone is part of the mobile
disruption, but a small part. The disruptive stuff isn’t one thrust.
It’ll come in small parts, like getting nibbled to death by ducks."

We conduct a variety of research and roundtable forums every year and, in one of our most recent ones, a senior information security person provided the following perspective on the evolution of electronic communications:

Today’s younger generation uses email, IM, and text messaging as follows:

1.  You email your grandparents
2.  You IM your parents
3.  You text your friends

So unstructured communication will become even more unstructured as the next generation of workers populates the workplace AND company networks will not be the place where all communication occurs, is logged, and can be retained. 

Another participant pointed out that workers joining their companies in the future (and today) will already have a mobile phone and laptop and that they are putting the pieces in place to support personal devices (phones and PCs) vs. incurring the cost of supplying and supporting them.  Puts network security and management in a whole different light to manage non-standard/unknown devices hitting the network, accessing data, and communicating with each other.