business value & ICT - Telecommunications - Green IT - Orange Business Live blog

My previous article dealt with 'Green IT' and 'IT for Green'. I received a very thoughtful comment on the fact that 'Green IT' was about what we can do in the IT department to improve our own environmental footprint, while 'IT for Green' was about what ICT can do to reduce the environmental footprint outside its normal scope. These include reducing the need for travel, reducing energy consumption through telemetering, optimizing the fuel consumption of fleet vehicles, telemedicine for patients and optimizing supply chain processes with RFID technologies.

Today I want to focus on 'Green IT'. One part of this is 'paper-free workflow', including EDI, printing on both sides of the page for handouts and plenty of other initiatives. The other part is related to the IT infrastructure, and it's this I want to look at now.

The first step is to virtualize servers by replacing physical servers dedicated to one application by virtual machines. At Orange we have created more than 10,000 virtual machines. By doing so, we reduced the number of physical servers by a factor of 10, and increased usage of each remaining server from 15% to 60%. This gave us a saving of 30 GWh, which is enough electricity to supply a city of 30,000 people. The second step is to deploy virtual desktops, which helps postpone desktop or laptop renewal and reduce waste. At Orange we have enthusiastically deployed desktop virtualization for nearly 100,000 users.

The latest report from the Anti-Phishing Working Group (APWG) warns that online criminals are exploiting an increasing range of companies, with the number of hijacked brands reaching a record 356 in October, up 4.4% August 2009. The sectors most target are financial services (39% of attacks), payment services (33%) and auction companies (13%).

"No brand is safe from the threat of spoofing for the purposes of online fraud. Once, only the largest banks were targeted," commented APWG Secretary General Peter Cassidy. "Now, every kind of enterprise from banks and credit unions of all sizes to charities to, in a recent case, a hardware manufacturer, are now seeing their brands exploited in all manner of fraud scheme."

Although the overall number of phishing reports fell by almost 20%, the reports reveal a significant increase in phishing focused on high-value targets such as personnel with treasury authority. This shows that criminals are increasingly sending customised emails to targeted individuals in an attempt to access secure areas, such as corporate banking systems or VPN networks.

In a separate but related story this week, figures from the UK Card Association showed that online banking fraud was on the increase, rising by 14% to £59.7 million in the UK. It said that this increase was the result of criminals using more sophisticated methods to target online banking customers through malware. The survey also recorded over 51,000 phishing incidents during 2009, a 16% increase on the amount seen in 2008.

"Although online banking fraud losses have shown a year-on-year increase, card fraud remains a main focus of criminal activity," says David Cooper, Chairman of the Fraud Control Steering Group, the payment industry's leading fraud prevention group. "However, the industry remains committed to containing and reducing all areas of fraud. To this end, we will continue our partnership approach - working with law enforcement, retailers, consumers and the Home Office - to tackle fraud head-on."

Despite the increase in online fraud, overall card fraud in the UK declined by nearly a quarter in the year to £440 million, which the Association credits to industry initiatives such as: chip and PIN, fraud detection tools by banks and retailers; and the banking-sponsored special police unit.

A couple of reports have come out recently that have looked at the prospects of unified communications (UC). The studies seem to indicate that enterprises are moving towards UC adoption on the whole to cut operating costs, and that this drive is also encouraging the uptake of cloud-based UC solutions.

First is the second annual Unified Communications Tracking Poll from technology vendor CDW, published in March 2010. It surveyed 915 IT professionals in the US with the responsibility for UC in business, government, healthcare and education. The full report can be found here. CDW found that of organizations it surveyed:

·         8% had fully implemented UC - steady from previous 2009;

·         67% had a business case or strategic plan for UC adoption - up from 55%;

·         58% have deployed unified messaging - up from 46%

·         45% have deployed presence technology - up from to 37%

Crucially, of the organizations that have fully implemented UC, 71% say that return on investment (ROI) has met or exceeded their expectations. Reducing operating costs was seen as the top benefit of UC (54%), followed by increased productivity (50%) and more reliable communication (44%).

"IT executives report that economic pressures were a greater concern in 2009 than in 2008, but for many, the return on investment from UC deployments is so compelling that they ask, 'Why wouldn't we do this?'" said Pat Scheckel, vice president of converged infrastructure solutions at CDW. "The result is reduced costs, increased productivity and improved decision making - benefits that resonate across every industry, especially in a recessionary economy."

Also in March, a new report from Frost and Sullivan looked at the adoption of cloud-based UC services in Europe. It says that the recessionary impact is convincing enterprises to look at new ways of deploying UC, and that cloud is emerging as a real contender. It finds that the cloud-based US market earned revenues of €46.9 million in 2009 and estimates this to reach €1.6 billion in 2014 - a growth rate of 79%.

Frost points out that the concept of hosted enterprise communications services has gained mainstream acceptance in recent years as modern communications have become increasingly more sophisticated. Additionally, during the economic downturn, rising costs and a fall in the availability of capital are favouring OPEX-based solutions.

"Down economy favouring OPEX-based solutions coupled with market's need for flexibility and focus on core competencies, all boost cloud-based UC services adoption," says Frost & Sullivan Research Analyst Dorota Oviedo. "Both small businesses and large enterprises are interested in communications delivered as a service."

Currently, most of the software we use is installed on our computers, and our files (photos, videos, documents, etc.) are stored on hard drives. This is the case both at home and at work.
Some companies have already consolidated certain software programmes and data on centralised servers in an effort to increase efficiency and reduce costs. Going one step further, cloud computing centralises all software programmes and data using digital hosts for multiple customers through the Internet. This technology has several repercussions:

• All software that we currently purchase, install, and update will be accessible online, from any device connected to the Internet (PC, laptop, telephone, PDA, etc.) at any time.
• Our personal data will be remotely stored and accessible at any time, with no risk of loss or pirating.
• Companies can reduce the number of servers they need, while remotely accessing some applications that previously had to be stored on site.

Last week, I was invited by Andrew Ellis and Scott Gould to attend the Likeminds 2010 conference in Exeter, Devon. Not only was it my first time at the Likeminds, but it was also my first time in Devon and in Exeter in particular. Scott and Andrew were kind enough to invite me to keynote at Likeminds so as to present what we have done in terms of using social media to backup our Internet strategy and Orange Business Services.

The Likeminds conference was a great success in terms of attendance with more than 350 attendees and that's without taking into account the fact that some tickets were sold for the morning and afternoon sessions so that we had different kinds of people at both periods of the day; notwithstanding, the room was packed at all times. One of the most amazing things about Likeminds 2010 is that it was organised in less than six months and that's extraordinary considering the fact that most Britons seem to be unaware of Exeter and its surroundings, which is a shame given the quality of life in this town and the beauty of its surroundings (OK, I'm a Kelt so I am a little biased, it's true that we in Brittany originate from these areas).

Ideas are immaterial and often vague but the "raison d'être" of the project does not suffer approximation. We must, in a few sentences, communicate very clearly the objectives and the benefits expected of the project. This clarity of vision and positioning of the main elements of the project is critical: what will we deliverwith this projecy: products and services? Who are the customers? In what competitive environment? With what means and within what timeframe?

Here are some tracks to follow to avoid confusing a good idea with a sound project..

I spoke this week with Romain Chataigner, an IT security consultant at Orange, who leads the IT security practice at the IT&L@bs in Montreal, Canada about PCI DSS and what it means for enterprises.

What is PCI DSS?

It stands for the Payment Card Industry Data Security Standard and was created by the PCI industry body that represents the five major payment brands: American Express, MasterCard, Visa, JCB and Discover. Essentially PCI DSS is a security standard that focuses on the information security of credit card data: the cardholder's name, credit card number and the expiry date. The PCI created the standard in 2005 to have a unified security standard for the whole industry. Previously each payment brand had its own security standard, making it difficult for merchants to implement. Because the PCI DSS draws from these multiple security standards, it isn't really a new standard as such, rather a consolidation of best practice in information security for cardholder data.

Why is PCI DSS important for enterprises?

Quite simply, it is mandatory to be PCI DSS compliant if you handle credit card data and there are penalties if you don't comply with the standard. For example in the U.S., American Express directly imposes penalties on merchants: $50,000 if non-compliant, $150,000 after 30 days, $200,000 after 60 days and after 90 days, the merchant actually loses its right to handle credit card data. The deadlines for compliance are set by the payment brands and depend on the transactions annually processed by an organization. In the U.S. the level 1 firms, which handle more than 6 million transactions, already need to be compliant and other countries and company sizes are following suit.

Does it just apply to companies that take credit card data?

No it applies to any company that handles credit card data at any point. For example, network service provider and hosting companies will need to be compliant if credit card data travels over their network or is stored in their data center, respectively.  Because of this, it affects many different companies, not just the merchant who takes the credit card.

What steps do I need to take to become compliant to the standard?

The first step is to carry out a scoping exercise to allow you to identify where cardholder data is held, transmitted or processed. The standard only applies to these areas, so it is important that you focus your attention on where it matters. The second step is to carry out an assessment of how close you are to being compliant, such as what security you already have in place and how much work is required to fill in the gaps. This will allow you to draw up an action plan and carry out the necessary work. The final step is the assessment: some companies need to fill in a self-assessment questionnaire (SAQ) and this can be reviewed by an external Qualified Security Assessor (QSA) that will be able to certify the company to PCI DSS (Visa Canada, for example, imposes SAQ to be reviewed by a QSA). Others need to be assessed onsite by a QSA.

Watch this space for more interviews with the IT&L@bs organization.

At the end of February, I had the pleasure of attending one of the more vibrant and collaborative social media events that I have been to. The Likeminds conference, held in Exeter in the UK, is an interesting mix of enterprises using social media, leading practitioners such as Chris Brogan, Trey Pennington and Olivier Blanchard, and a number of local businesses and public sector organizations. Orange Business Services' own Yann Gourvennec was a keynote speaker: a video of his presentation can be found here. You can find an array of videos, blog posts and musings from the event here. 

There was a great deal of discussion on how companies are adopting social media, and the challenges of bedding the technologies into working practices. Other talking points centers on brand reputation, motivating internal contributors, whether a brand can be sincere and whether tools are coming before process.

The beginning of the year is always flush with industry predictions, so we thought we'd summarize some predictions on customer relationship management (CRM) for 2010 for your interest.

First up is the Gartner Group, which published its predictions for CRM in 2010 'and beyond' last week. Its predictions include:

• Facebook will probably have 600 million user accounts by the end of 2010 making it the world's largest social network. As such marketers and customer service management will be able to focus on the three of four key social network that dominate specific languages.
• Marketing budgets will remain flat in 90% of companies in 2010 and there is increasing pressure to link programs to sales results and tools such as Marketing resource management (MRM) will become more important: "MRM will become a top priority for marketing organizations, and enterprise marketing management (EMM) will take on new meaning as a vehicle for strategic planning, collaboration and measurement," said Kimberly Collins, managing vice president at Gartner.
• By the end of this year, the focus on social applications will be on improving customer relationships instead of improving internal collaboration. As such enterprises will be looking for social media platforms that support business with use cases and key performance indicators.
• More than 90% of all marketing campaigns will include an element of online marketing compared to 50% in 2009. One of the main reasons is that the online element offers much better metrics, and Gartner predicts that "marketers will see a 10 to 20 per cent savings in marketing communications as a result of precise attribution metrics for campaigns."

Other predictions can be found SearchCRM.com in this article. Amongst them is William Band, vice president and principal analyst, Forrester Research, who says:

• Social CRM hype will reach a crescendo, but it's important for enterprises to have sound customer management process fundamentals in place in order for social CRM tools to work. They shouldn't expect social media to compensate for this deficiency.
• CRM will become the customer management ecosystem. In other words, traditional CRM tools will be integrated with other customer-facing tools such as billing, order management and contract management.
• Customer service will be back in the spotlight. Forrester says that it is receiving increasing numbers of enquires on how to improve their customer service capabilities. Enterprises understand that the better the service, the more customer loyalty and the more sales they can make.
• Integrating customer data will continue to be a struggle. Enterprises say that the biggest barrier to successful CRM is poor data management. Business intelligence tools can help by providing a focal point for customer intelligence across multiple sources.

 

It's been said over and over again that there's no difference between the administration of a physical server and a virtual machine - and this is true in an absolute sense. However, this might give us the idea that a virtualised datacentre is administered in the same way as a physical environment; thinking like this leads us to the first pitfall of virtualisation. Especially when dealing with large-scale virtualisation projects, we need to rethink network uses (workflows, operating procedures) and reposition IT professionals so that they can provide the best technical expertise in these new technologies.

Network uses
It's true that virtualisation facilitates the repeated use of the infrastructure. The most striking example is the ability to set up several virtual machines with only one template. In just a few minutes and only 5 mouse clicks, a new (virtual) server that's fully operational and in line with company standards can be set up.