How digital transformation is making the CIO job role change ‘significantly’

More than half of respondents polled by the Cloud Industry Forum say their role has changed ‘significantly’ as a direct result of digital transformation.

The study, conducted alongside hybrid IT services provider Ensono, polled 200 UK IT and business decision makers. 56% said their role had significantly changed, with 51% saying their responsibilities has increased and 47% adding they were under greater pressure to deliver. This is more likely with the IT side of the house, the research adds, with business decision makers generally having more freedom to innovate.

The research also delved into the various requirements needed to improve as seen by the IT team. Not surprisingly, technical skills were seen as the most important skill needed for success in digital transformation, cited by 75% of those polled. Problem solving (54%) came a relatively distant second, but still ahead of management (51%), negotiation (46%) and communication skills (45%).

Even though job roles are undergoing significant change, it is not enough to cope with the demands of digital transformation. An overwhelming 92% of respondents said their organisation did not have all of the skills they needed to meet demands. Just under half (48%) said they required more technical expertise, while a similar number (44%) said there was a need for greater improvement in team working skills. 35% identified deficits in communication and creative skills respectively.

The research also delved into the various requirements needed to improve as seen by the IT team. Not surprisingly, technical skills were seen as the most important skill needed for success in digital transformation, cited by 75% of those polled. Problem solving (54%) came a relatively distant second, but still ahead of management (51%), negotiation (46%) and communication skills (45%).

This point is particularly interesting, the research argues – as the CIO needs to bridge the gap between business and IT, it shows an already-existing gap.

“To be successful in their roles and ensure their continued relevance, CIOs must act as ambassadors between the IT department and the business to smooth over these differing perspectives and ensure that all parties are fully aligned in their expectations and visions,” said Simon Ratcliffe, principal consultant at Ensono.

“At a time when IT is still often a reporting line to finance and few CIOs have a seat on the board, it is critical that they can influence the business in general by displaying a clear and coherent vision for their organisation’s digital transformation,” Ratcliffe added. “Without this executive sponsorship, they will struggle to secure the budget, support and interdepartmental collaboration they need for successful transformation.”

These are by no means the first figures to come out of this study. Previous research, issued last month, argued that KPIs were not aligning with objectives on digital transformation projects.

Originally published on Enterprise CIO.

(c) agsandrew | oporkka

The post How digital transformation is making the CIO job role change ‘significantly’ appeared first on IoT Tech Expo.

IoT Tech Expo

Analysys Mason: The role of China in boosting NB-IoT

Analysys Mason: The role of China in boosting NB-IoT

Analysys Mason: The role of China in boosting NB-IoT

An article by Tom Rebbeck, Research Director Enterprise and IoT at Analysys Mason

Few operators have launched commercial NB-IoT networks since the technology was standardised in 2016, despite the strong push from Deutsche Telekom and Vodafone. However, China’s operators are the exception. Backed by strong government support, all three operators claim to have rolled out the technology to tens of thousands of base stations. Developments in China will benefit the entire NB-IoT ecosystem, not least Chinese hardware and software firms looking to export to other countries.

This article explores the progress that China is making with NB-IoT, the implications for the technology, and what it means to other operators.1

Chinese operators are making important progress in developing NB-IoT, which will benefit all NB-IoT ecosystem players

The Chinese government has been actively driving the development of NB-IoT. The Chinese telecoms regulator, the Ministry of Industry & Information Technology (MIIT), announced aggressive targets as well as guidance to promote the NB-IoT standard in June 2017 (see Figure 1).

Figure 1: MIIT’s targets for NB-IoT development in China [Source: MIIT and Analysys Mason, 2018]
Timelines Geographical coverage Number of base stations Number of connections
End of 2017 All major cities in China 400 000 More than 20 million
2020 Nationwide coverage 1.5 million More than 600 million

In accordance with the MIIT, all three Chinese mobile operators are investing heavily in NB-IoT networks and device/module manufacturer subsidies. They are also developing capabilities beyond connectivity to cover more of the value chain (Figure 2).

Figure 2: NB-IoT initiatives by operator, China, 3Q 2017 [Source: Analysys Mason, 2018]
China Mobile China Telecom China Unicom
Position in China’s mobile market (3Q 2017) Number 1
(both connections and service revenue)
Number 2 (connections)
Number 3 (service revenue)
Number 2 (service revenue)
Number 3 (connections)
Position in China’s fixed broadband market (connections and service revenue, 3Q 2017) Number 2 Number 1 Number 3
Network roll-out NB-IoT across 346 cities. Commercial launch in selected cities planned for end of 2017. The first in China to achieve nationwide NB-IoT coverage in May 2017, with 310 000 base stations upgraded. Pre-commercial NB-IoT networks in selected key cities by November 2017. More than 300 cities are ready to be quickly activated for NB-IoT.
Ecosystem support Formed the China Mobile IoT Alliance and announced in November 2017 that it would invest CNY2 billion (USD300 million) in 2018.2 Announced that it would invest CNY300 million (USD45 million) to help subsidise modules/devices.3 Announced its CNY1 billion (USD150 million) subsidy plan as well as CNY10 billion (USD4.5 billion) industry funding.4
Backed up by a consortium of investors including Internet players.
Platform Launched OneNET open platform in July 2015. Released an IoT open platform in June 2017. Launched an IoT connectivity management platform in 2015.5
Key verticals Automotive, smart cities, transport and logistics, consumer electronics. Smart manufacturing, smart cities, smart home, automotive. Smart manufacturing, smart cities, transport and logistics, retail.

The steps taken by the Chinese operators should help the NB-IoT ecosystem globally. The Chinese networks are on a massive scale, which should help reduce prices and resolve initial problems. This should also benefit Chinese companies, such as Huawei, that are heavily involved with the technology, as they look to markets outside of China, as well as Chinese manufacturers and app developers.

Chinese operators are looking beyond connectivity for a return

The network connectivity business depends heavily on scale to generate returns, and even Chinese operators, especially China Mobile, will see negative RoI from NB-IoT for years. The upgrade plans of the three operators are as follows.

  • Most of the 310 000 base stations of China Telecom that have been upgraded for NB-IoT are new-built FDD-LTE stations refarming its 800MHz CDMA spectrum, which just require software upgrade. China Telecom’s list price is CNY20 (USD3) per year per NB-IoT connection.6
  • China Unicom also has an FDD-LTE network but most of its base stations operate at 1800MHz, which many existing modules do not support. Therefore, it chose to upgrade its 900MHz FDD-LTE stations first to support NB-IoT, such as its 900MHz network in Shanghai.
  • China Mobile is building new base stations to support NB-IoT, as its existing TD-LTE network does not support the FDD-based NB-IoT standard and most of its GSM base stations would require extensive hardware and software upgrades. It has announced aggressive goals for its NB-IoT network roll-out with the initial phase including a reported 146 416 base stations.7 In total, it plans to build more than 400 000 NB-IoT base stations in 2017 and 2018.

The operators are looking to diversify beyond connectivity, because all three are likely to offer similar pricing and coverage. Extra services may include vertical solutions, application development, system integration as well as enabling services such as platforms, hosting and security.

China Mobile has a “terminal-pipe-cloud” strategy: beyond the pipe (connectivity), it also develops its own devices (such as AndMu8) and modules as well as cloud and big data services built on its connectivity management platform and OneNET platform.9

China Unicom has developed smart sewage-well-cover solutions to offer real-time information on the location, status and the tilt angle of the well covers based on NB-IoT. It also offers end-to-end solutions in areas including smart streetlighting, smart metering and smart grid.10

China Telecom is developing one-stop solutions integrating smart appliances and smart home services with its partners.11 All three Chinese operators have built platforms and portfolios of enabling services, and can offer end-to-end solutions with the help from partners in key verticals.

China may also have a significant impact on LoRa. Dr. Peng, the fourth-largest fixed broadband ISP with over 100 million households, is building a LoRa network. As with NB-IoT, the scale that China offers, both in terms of demand, but also in terms of hardware and software supply, could help to accelerate the development of LoRa.12

1 For more information, see Analysys Mason’s China IoT market report 2018. Available at
2 Source: Caixing Global:
3 Source: Digit Times:
4 Source: CWW:
5 Source: CNII:
6 Source: Sina:
7 Source: Sohu:
8 AndMu is a smart camera developed by China Mobile. More details available at
9 Source: CWW:
10 Source: CNII:
11 Source: China Telecom:
12 Source: IoT Business News:

The post Analysys Mason: The role of China in boosting NB-IoT appeared first on IoT Business News.

IoT Business News

Siemens Redefining its Role in Industrial Digitalization

Siemens is leaving no stone un-turned while redefining the industrial digitisation. Today, around 900 software developers, data specialists and engineers are already working together with Siemens customers at these centres to develop digital innovations for data analysis and machine learning.

New solutions are being developed on MindSphere, Siemens’ open, cloud-based operating system for the Internet of Things (IoT). To be close to its customers, the company has distributed its 20 centres across around 50 locations in 17 countries worldwide. “We’re continuously expanding our leadership role in industrial digitisation,” said Joe Kaeser, Siemens President and CEO. “With our global experience in electrification and automation and our industrial software expertise, we’re generating optimal benefits for our customers – benefits that no other companies can replicate at such high levels of performance.”

Siemens has launched its MindSphere IoT operating system across the company about a year ago. Around one million devices and systems are now connected together via MindSphere, and this figure is to reach 1.25 million by the end of fiscal 2018. Beginning in January 2018, it will also be available on Amazon Web Services. This partnership brings Siemens and leading cloud solutions provider. As a result, users enjoy the benefits of a more powerful development environment, additional analysis functions and expanded connectivity. Industrial applications and digital services can be developed and run on MindSphere.

To further accelerate the innovation process, Siemens will again increase its research and development (R&D) expenditures in fiscal 2018 and invest an additional sum of around €450 million.   Read more…

The post Siemens Redefining its Role in Industrial Digitalization appeared first on Internet Of Things | IoT India.

Internet Of Things | IoT India

The Board’s Role in Managing Cybersecurity Risks

Today, more than ever, the demands posed by issues of cybersecurity clash with both the need for innovation and the clamor for productivity. Increasingly, cybersecurity risk includes not only the risk of a network data breach but also the risk of the entire enterprise being undermined via business activities that rely on open digital connectivity and accessibility. As a result, learning how to deal with cybersecurity risk is of critical importance to an enterprise, and it must therefore be addressed strategically from the very top. Cybersecurity management can no longer be a concern delegated to the information technology (IT) department. It needs to be everyone’s business — including the board’s.

Cybersecurity Enters the Boardroom

Network breaches have become so routine that only the most spectacular events, such as the recent breach at the credit reporting agency Equifax Inc. that affected some 143 million U.S. consumers, make headlines. Corporate boards of directors are expected to ensure cybersecurity, despite the fact that most boards are unprepared for this role. A 2017-2018 survey by the National Association of Corporate Directors (NACD) found that 58% of corporate board member respondents at public companies believe that cyber-related risk is the most challenging risk they are expected to oversee. The ability of companies to manage this risk has far-reaching implications for stock prices, company reputations, and the professional reputations of directors themselves. For example, following a 2013 data breach of Target Corp., in which the personal information of more than 60 million customers was stolen, a shareholder lawsuit charged directors and officers with having fallen short in their fiduciary duties by failing to maintain adequate controls to ensure the security of data. Although the board members were ultimately not found to be at fault, both the company’s CEO and CIO resigned.

U.S. case law is based on and generally adheres to the “business judgment rule,” which sets a high bar for plaintiffs pursuing legal action against board members. Similar protections for directors are in place in most “common law” countries, including Canada, England, and Australia. The Equifax cyberattack and future corporate breaches may prompt more challenges to the business judgment rule.

The view that directors are not sufficiently prepared to deal with cybersecurity risk has raised alarm bells in boardrooms nationwide and globally. Even as companies increase their investments in security, we are seeing more — and more serious — cyberattacks. If corporate boards are not sufficiently prepared to deal with cybersecurity, how will they be able to determine the effectiveness of current and proposed cybersecurity strategies? How can they know what operationally effective cybersecurity should look like and how it should evolve? And how can directors know what to ask so that they can make the right cybersecurity investment decisions?

Asking the Right Questions

In our work with dozens of companies and in surveys of executives, we have found that many directors currently cannot ask the right questions because they lack meaningful metrics to assess the cybersecurity of their business. In a 2016 poll of 200 CEOs conducted by RedSeal Inc., a cybersecurity analytics company in Sunnyvale, California, 87% of respondents reported needing a better way to measure the effectiveness of their cybersecurity investments, with 72% calling the absence of meaningful metrics a “major challenge.” Often, executives as well as directors spend too much time studying technical reports on such things as the numbers of intrusion detection system alerts, antivirus signatures identified, and software patches implemented.

To improve the situation, companies need to address two issues. First, directors need to have basic training in cybersecurity that addresses the strategic nature, scope, and implications of cybersecurity risk. Within companies, managers involved in operations, security specialists, and directors alike need to adopt a common language for talking about cybersecurity risk. Second, top management needs to provide meaningful data about not just the state of data security as defined narrowly by viruses quarantined or the number of intrusions detected, but also about the resilience of the organization’s digital networks. This means having strategies to sustain business during a cybersecurity breach, to recover quickly in its aftermath, and to investigate needed improvements to the digital infrastructure. Networks constantly change, so tracking cyber risks and vulnerabilities over time and adapting accordingly is essential.

A few decades ago, when business computers were networked into systems of record, it made sense for organizations to focus exclusively on preventing outside attacks and protecting the network perimeter. However, now that computers have become systems of engagement, strategies geared toward perimeter defense are inadequate. Today’s organizations have vast numbers of network connections and human-machine interactions taking place at all hours of the day and night. In this context, security strategies must extend far beyond the walls of a single organization to reflect interactions with suppliers, customers, and vendors. Networks are permeable, and the relevant question is no longer “Will the organization’s cyberstructure be compromised?” but “What do we do when it is breached?” For organizations, the old challenge of detecting and neutralizing threats has expanded to include learning how to continue doing business during a breach and how to recover after one. In other words, it has expanded from security alone to security and resilience.

Increasing Resilience

Resilience is essential in any effective cyberdefense strategy. Our cyberadversaries are competent, determined attackers and only have to succeed once. Resilience assumes that attacks are immutable features of the digital business environment and that some fraction of these attacks will inevitably result in breaches. Therefore, creating sufficient resilience both to continue doing business while dealing with a breach and to recover in the aftermath of a breach is the most critical element of a contemporary cyberdefense strategy.

Adequate organizational resilience is about operating the business while fighting back and recovering. Maintaining this level of performance requires the ability to measure an organization’s digital resilience much the way a board oversees its financial health. For board members, no fiduciary obligation is more urgent than overseeing and, where necessary, challenging how executive leadership manages the risks to the company. Managing cybersecurity risk today requires protecting the digital networks essential to conducting business by ensuring effective security and a high level of resilience in response to those inevitable cyberattacks. This can be accomplished through policy, selection of leadership, and allocation of resources. It is a whole-enterprise issue, requiring both full board engagement and superior execution by management.

The 2017-2018 survey by NACD reveals that public company board members are significantly more skeptical about their company’s cybersecurity efforts than are C-suite executives. Just 37% of respondents reported feeling “confident” or “very confident” that their company was “properly secured against a cyberattack”; 60% said they were “slightly” or “moderately” confident. Other surveys, including the 2016 poll of CEOs by RedSeal, pointed to similar weaknesses. Given the disconnect between the risk levels and degree of preparedness, we believe that most companies need to become more realistic about their vulnerability.

The problem isn’t a lack of investment. In 2017, worldwide spending on information security was expected to reach $ 86.4 billion and to further increase to $ 93 billion in 2018, according to Gartner Inc. However, cybercrime losses are rising at more than twice the rate of expenditure increases. Many CEOs continue to focus their attention on keeping hackers out of their networks rather than building resilience for dealing with hackers once they have broken in. Although most CEOs believe that cybersecurity is a strategic function that starts with executives, RedSeal found that 89% of CEOs surveyed treat it less as a whole-business issue than as an IT function, in that the IT team makes all budget decisions on cybersecurity.

Best Practices

Building on insights from the surveys cited above, we have developed a four-part approach to help organizations manage cybersecurity more effectively and formulate digital resilience strategies. It involves educating company leadership; developing a common language for management and corporate directors to discuss cybersecurity issues; understanding the difference between security and resilience; and making both security and resilience strategic corporate imperatives.

1. Educate company leadership. Cybersecurity risk shouldn’t be treated strictly as an IT issue. In terms of risk management, both security and resilience need to be managed as issues of importance to the entire enterprise. Increasingly, directors and senior management are being held accountable for the security and resilience of networks and data. Board members must therefore understand the issues at stake and accept their fiduciary responsibility for their organization’s cyberdefense posture. Company leadership must have an unambiguous understanding of the key elements of security and resilience. Both management and directors need to be aware of (1) the limitations of security (no practical cybersecurity strategy can prevent all attacks) and (2) the need for resilience (strategies to sustain business during a cyberattack and to recover quickly in the aftermath of a breach).

In order to be effective, directors need sufficient knowledge to understand and approach cybersecurity broadly as an enterprise-wide risk management issue. Directors need to understand the legal implications of cybersecurity risks as they relate to their company’s specific circumstances.

2. Develop a common language. Boards must have adequate access to cybersecurity expertise, and their discussions about cybersecurity risk management should be a regular part of each board meeting agenda, with sufficient time allotted. Moreover, board engagement regarding cybersecurity issues should not be restricted to yearly or semiannual reports. A proprietary 2017 McKinsey survey on chief information security officer (CISO) and board reporting found that CISOs who had less-than-productive board interactions felt they needed more time with the board to explain and examine critical issues. One CISO who responded to the survey observed that “board members have to be able to ask questions that may be perceived by others to be ignorant.” No question can be considered bad or inappropriate.

Digital security specialists, like all subject-area experts, must be able to communicate effectively with board members and other leaders. Meetings with CISOs and other security professionals mean nothing if technical experts and directors are unable to understand one another. Information security executives must be capable of presenting information at a level and in a format that is accessible to nontechnical corporate directors. Ideally, assessments of cybersecurity, digital resilience, and cybersecurity budgeting should be expressed using metrics that objectively and unambiguously score issues of risk, reward, cost, and benefit. That said, directors should make themselves conversant in basic principles relevant to digital networking and security. The goal is for CISOs and other IT executives to engage in frank, mutually intelligible dialogue with the board and appropriate subcommittees. Wherever possible, IT and CISO reports should be focused on prioritized items on which the board can take action, especially those that can be addressed by the whole company.

3. Distinguish between security and resilience. Companies should create a clear distinction between digital security and digital resilience. Digital security focuses on essential security measures, including providing such traditional defenses as effective antivirus and anti-malware software, adequate firewalls, and employee education in safe computing practices. Digital security is, therefore, a security issue.

In contrast, digital resilience is a business issue, which relates to how the whole organization conducts business in a digital environment. For example, balancing data accessibility with the necessity of protecting customer data and intellectual property involves a trade-off between security and interactivity that affects the customer experience, customer service, customer retention, acquisition of new customers, and so on. It is therefore a business issue. To the degree that an element of an organization’s security implementation impedes business (for example, by arbitrarily restricting access to data), it may provide adequate security. But it is a poor business practice, which makes the company more liable to fail and therefore less resilient.

In assessing the organization’s strategic cybersecurity policy, the board must balance resilience against security, with priority given to resilience. Over time, your network will be penetrated. Therefore, resilience (the ability to respond to incidents and breaches) should be prioritized over the forlorn hope of security alone as a silver bullet. Security will not enable you to continue to conduct business during a breach. Resilience will. The board must provide necessary leadership in advocating for whole-enterprise resilience policies and practices.

4. Make security and resilience strategic business issues. Directors must set the expectation that management will establish an enterprise-wide cyber-risk management framework with adequate staffing and budget. The board’s discussions with management concerning cybersecurity risk should include identifying which risks to avoid, which to accept, and which to mitigate or transfer through insurance — as well as specific plans associated with each approach.

In concert with top management, the board should create a clear statement of its role in overseeing, evaluating, and challenging the company’s digital security and resilience strategies. The statement should clearly define and assign responsibilities and must delineate the differing roles of the board and senior management. Within the board itself, cybersecurity and digital resilience must be the responsibility of all directors and not be relegated to a committee or subcommittee. Nevertheless, boards should consider assigning one cyber-savvy director to take the lead on issues of security and resilience, and, when recruiting new directors, companies should seek out people with appropriate cybersecurity expertise.

The board should continually reassess the overall budget for security and resilience and redirect investments as necessary. Given the reality that the number and seriousness of breaches are growing, it is clear that most organizations need to evaluate their cybersecurity investments more clearly and effectively. Improving the ability to measure and quantify cyber-related risks is vital to this step, because it allows cybersecurity and resilience to be evaluated for their impact on the entire business.

MIT Sloan Management Review

Give Technical Experts a Role in Defining Project Success

Below the waters of Stockholm Harbor lie the ghostly ruins of the 17th century battleship Vasa. Commissioned by Swedish King Gustavus Adolphus, the ship was a technological and military marvel in its day, boasting two gun decks with a total of 48 24-pound shot cannons — a major improvement over ships that typically had a single gun deck with 12-pound shot cannons. Its arrival threatened to upset the balance of power in the Baltic Sea and deliver control of the lucrative trade routes of northern Europe.

The vessel’s actual military service was embarrassingly short-lived, however. On its maiden voyage on Aug. 10, 1628, a gentle harbor breeze capsized the vaunted ship just a few hundred meters from its Stockholm dock, in full view of the crowds of cheering Swedes who had come to see its grand debut.

The loss of the ship was both a financial catastrophe and a political embarrassment. When the king’s privy council convened a full inquest, the shipbuilders pleaded innocence — they had built the ship to specifications approved by the king himself. How could they possibly be at fault?

Based on my experience working with hundreds of companies, the same problems that plagued Vasa’s construction — suboptimal communication between technical and business teams and the lack of joint ownership of outcomes — are common when companies try to build their Big Data capability. To overcome these issues, leaders need to absorb three key lessons about how to manage the inherent tensions between defining technical requirements and achieving valuable business outcomes.

Let technical experts help define success. Business leaders need to understand how to communicate with technical managers in a way that clearly conveys business needs but doesn’t impose technical judgments that they are not qualified to make. This can be tricky, because apparent business requirements can have hidden technical requirements that are difficult to identify. The Swedish king thought of the second deck on his battleship as being a military feature and did not consider the structural instability that the higher gun deck created. To avoid issuing impossible orders, business leaders need to get buy-in from their technical experts while establishing business goals in the first place.

Align compensation with outcomes. Many subject-matter experts have non-variable pay. When there are performance bonuses, those are more likely to be tied to peer-reviewed technical achievements than business ones. This perpetuates a technical culture focused more on technical virtuosity than on delivering business value. The onus is on business managers, as “principals,” to create compensation packages that incentivize technical experts, their “agents,” to prioritize the business interests of the company over the desire to achieve technological breakthroughs solely in the name of advancing technology.

Balance free speech and power dynamics. These challenges become more complicated when a technical manager is subordinate to a business manager. It is the responsibility of business managers to create an environment and culture where their employees feel safe communicating their concerns, especially complex technical ones that aren’t necessarily intuitive for nontechnical experts and that often defy pithy explanations.

For example, managers often directly suggest what kinds of features to use in a machine-learning model, rather than allowing the data to speak for itself. While suggestions are extremely useful, using features that have no signal can significantly degrade model performance through the introduction of spurious correlations. Experienced data scientists know that proper, data-driven (not boss-driven) feature selection is one of the most important aspects of model prediction.

Unfortunately, navigating power dynamics is one of the hardest areas for managers. A recent study found that over half of all employees wished their bosses either listened or communicated better. It can be difficult to raise an issue with a busy boss, even harder still when you need his or her undivided time and attention to really explain the problem. In the case of the Vasa, it certainly did not help that “the boss” was a formidable monarch with the intimidating nickname of “The Lion of the North” because of his battlefield exploits and tactical genius. Managers need to listen to the concerns of their employees and remember back to when they needed to raise an issue with a leader and felt the (perceived, if not actual) threat to their own nascent careers.

We live in an era that’s much more technologically advanced than the 17th century, and yet many of the lessons from that time are just as relevant today. Both subject-matter experts and general managers have a role to play as agents and principals in ensuring the success of complex technical projects. Subject-matter experts need to take ownership of business success in addition to technical success, perhaps accompanied by a shift in compensation structure. General managers need to bring technical stakeholders into the decision-making process, leveraging their expertise and giving them genuine ownership of critical business decisions.

MIT Sloan Management Review