Sunday, December 31, 2017

The Haiku of Finance for 12/31/17

Ending one more year
Measuring progress so far
Still some way to go

Alfidi Capital at Dreamforce 2017

Salesforce held its annual Dreamforce convention for 2017. I missed attending in 2016 so I definitely had to catch up. This is by far the most complex, high-profile, and costly corporate event I have ever experienced. The spectacle is always impressive. There's a ton of stuff going on all over the city, including affiliated events for people who want the Dreamforce experience but don't need to attend certification sessions. Here come several badge selfies, with summaries of some very rewarding events.

Alfidi Capital at Trailhead, Dreamforce 2017.

The Dreamforce designers had wood carvings and other outdoors decorations all over the ground floor of Moscone West, where the Trailhead exhibits dominated the event space. The chainsaw-made wood sculpture at the front door was such a nice touch. I was a Boy Scout once and I never was very skilled at woodcarving. People who complete Salesforce training modules earn badges that look like Scouting merit badges. It's all so positive and benign, you'd almost think no one is making a buck off people. Dreamforce is an amusement park for techies.

Alfidi Capital at Customer Success Expo, Dreamforce 2017.

The Customer Success Expo was festooned with the latest tech tricks, and a whole floor of exhibitors giving away free coffee and T-shirts. I scored enough coffee and candy to fuel my entire week. It takes a lot to get me excited sometimes, but free goodies never hurt. I got some hands-on time with several AR/VR displays, which are becoming very common at major tech shows.

Fake rock cliff on Howard Street, Dreamforce 2017.

The Trailhead logos and mascots were front and center in many ways. I don't know whether the real Albert Einstein ever went to the woods, but Salesforce has him climbing fake rock cliffs with fake animals. Pop music tribute bands played on the outdoor stage. I wonder which Dreamforce attendees came just to goof off on Howard Street and not tell their head office back home. I only had time for the free coffee and snacks at various places on Howard Street, because that's how I totally score in between events at Dreamforce.

Radius B2B Champions Club, Dreamforce 2017.

I attended the Radius B2B Champions Club affiliated event to get a fresh perspective on, what else, B2B sales. The new B2B buzzwords are revenue operations (RevOps), Chief Revenue Officer, Chief Product Officer, and Account-Based Marketing (ABM). The CEO's span of control is expanding as executive suites decide they need more complex teams enabling their work. Marketing ops people can join MOCCA for the full flavor of sales tech buzzwords. Remember ABM because vendors are building services around the concept.

I believe DevOps teams have become a mechanism for discovering new revenue sources via ABM, using IT systems to establish links between sales (account managers) and marketing (product development). They find data to demonstrate new sales opportunities. DevOps generally means integration of different functional silos' contributions to the enterprise's strategic plan. It matters because goals are now aligned and validated by data rather than assumptions.

Here's new math: sales + marketing = revenue ops. Hmmm . . . DevOps + RevOps = Bonanza! I cannot claim to have coined the term "RevOps" because revenue operations is already in action at firms doing ABM.

Listening to sports marketers talk about how they use tech made me smack my head. I can't believe that old-school pro sports talent scouts still refuse to use Moneyball metrics. Sometimes adoption of new techniques unequivocal management support to either use the new method or be fired. Jeff Bezos did this at Amazon to make development products compatible with public interfaces, thus paving the way for Amazon Web Services and the cloud.

Executive Briefing Center, Dreamforce 2017.

The Dreamforce Keynote with CEO Marc Benioff was more low-key than I recall from years past. It's always cool to hear Mr. Benioff talk about love, family, and magical mahalo stuff. People love the guy when he does that. Giving props to Salesforce's big corporate clients enhances his persona as the noble bringer of light and wisdom. My goodness, no wonder Dreamforce is such a costly spectacle, because it costs a fortune to buy such an image of generosity. I trust the guy, and I understand the need for a spectacle to convince everyone else that doing the right thing is worthwhile. Using relatable people as expert examples of Salesforce power users in the keynote's vignettes is a very effective way to make emotional connections in marketing. I have to hand it to Mr. Benioff and his image consultants for pulling off this masterstroke of sincerity.

The keynote rolled out the Trailhead learning platform as some white label solution, much like their Einstein AI predictive analytics solution. Co-Founder Parker Harris did not wear a costume this year. I was disappointed that he had no skit to play. The good news is that Salesforce is now attached to some Google platforms. I'm sure I'll know more about that once I complete some of Google's free training modules. I tried not to LOL that their vignette touting a mobile sales platform used the same scenario (shopping for customized athletic shoes tied to a celebrity's brand) that Oracle OpenWorld 2017 used in a major product keynote. I can't make this stuff up.

Ops-Stars, Dreamforce 2017.

I spent some time at the Ops-Stars affiliated event. I really wanted to hear what a VC had to say about his investment criteria, and he surprised me by emphasizing a "go-to-market architecture." The cloud sector's declining costs and increasing quality must make it easier than ever for startups to immediately have world-class IT architecture. The VC guy clearly used the term "RevOps," so my chance to claim ownership of the term vanished into thin air. Oh well, my genius is sufficiently expansive to pioneer other concepts. Any ops team is the CEO's direct strategic presence within a functional silo, so the innovation of RevOps removes the thinking and planning function from sales and aligns marketing with sales in a fusion cell. If you can follow my paraphrasing of that VC's wisdom, then congratulations, you may be qualified to work in RevOps.

It sounds like integrating DevOps and RevOps into an enterprise's strategic plan requires a knowledge management officer (KMO) to synch them. An integrated approach to participating in different functions' working groups is definitely under a KMO's purview. RevOps still uses recognizable KPIs like LTV and CAC, so we don't need a completely new vocabulary.

Alfidi Capital at Sales Enablement Soiree, Dreamforce 2017.

The Sales Enablement Soiree was another affiliated event that I found intriguing. I had never heard of the "sales enablement" discipline. I worked in sales once and we had "sales support" people who programmed product training. The sales systems have obviously evolved. The Salesforce people were on hand talking up Trailhead for employee on-boarding. It is hard to believe that business leaders still need to "buy in" to enablement, or maybe that imaginary obstacle is just more rationale for an upsell into Trailhead. I cannot find an industry standard definition of sales enablement, so I'll offer my own. Sales enablement is an internal function ensuring sales teams are trained on product knowledge, certifying them on the corporate message, and collaborating on content production.

Other Salesforce keynotes back at the main Dreamforce event clarified a few things. A "Trailblazer" is someone who uses the Trailhead platform. Customer service systems can now instantly perform multifactor ID authentication (i.e., facial and voice recognition) on mobile. The Einstein AI auto-generates graphs produced from the user's data priorities. It's all so pretty to watch from the audience. It must be even more fun up close for users.

Mascots dance at Equality Keynote, Dreamforce 2017.

The Dreamforce Equality Keynote had something to do with art and activism. Expect professionally unqualified cultural icons to assume leadership roles when political leaders' inaction leaves a vacuum. Americans follow celebrity leadership anyway, so most people won't notice the change. One of the celebrity panelists argued that setting political speech to music gives it mass appeal, moving the media and politics. We saw in 2016 and 2017 how extremists can use the same techniques to promote bigotry and hatred. Look no further than the foreign bots pushing derogatory memes on social media to divide Americans. If artists are fighting back in the name of freedom and equality, then they're doing the right thing for America.

Einstein AI solution, Dreamforce 2017.

The Compassion in Action Keynote was difficult for me to witness. I have experienced that building compassion into organizations denies human nature; productive people are grasping, vicious, and cutthroat because our species evolved to favor those qualities. Even advocates for compassion recognize how humans respond to transactional initiatives, because generosity must have some self-interest payoff to be sustainable. Allow me to set aside my skepticism for once and recognize some truly good things in this keynote. It's good that we now have evidence that people want to work for companies that offer compassion, meaningful work, and support during adversity. It's classic Stoicism to identify one's own emotional triggers and rehearse a controlled response that is productive and maintains emotional equilibrium. These Dreamforce keynotes do offer good life advice. Marc Benioff brought out a surprise guest at the keynote's end: Metallica drummer Lars Ulrich. Mr. Benioff convinced Metallica on short notice to headline a relief concert for the Santa Rosa wildfire victims. I totally agree with Mr. Ulrich's stated formula for enduring success: look forward, be open to inspiration, and have empathy when working with others.

Dreamforce 2017 was a winner. It is the place to be for ginormous amounts of free wisdom. The outside world gets to see San Francisco and Silicon Valley at their best when sales and marketing types converge at Dreamforce. Sometimes getting people to do good is as simple as cajoling them into a decent mindset.

Alfidi Capital at Cloud and IoT Expo 2017

There is an endless parade of cloud computing action in Silicon Valley. I attended Sys-Con's Cloud Expo and IoT Expo 2017 down in Santa Clara to check out the latest action. They also had some Big Data and DevOps stuff going on at this show. It's easy to get all of these cloud conferences mixed up if we don't identify the primary organizers. It's even easier to understand cloud action once you read my Alfidi Capital blog articles. I do in fact have a badge selfie, as you can see below.

Alfidi Capital at Cloud and IoT Expo 2017.

The major cloud providers all publish global maps of their service availability zones. Their data center locations may be proprietary information, so I will let interested readers peruse those maps on their own. Cloud users should know how a cloud provider will support their data classification and workload types. AI processing of enormous data volumes will drive cloud growth, and so will blockchain adoption. "Serverless" is a new cloud buzzword often appearing with "containerization" in a buzzword combo.

One speaker took the stage in an inflatable dinosaur costume to tell us about microservices. It was a cute stunt. Microservices decompose a tech's scope into single-function modules, reducing a system's complexity by minimizing communications between people. Expect to see this "microservices" buzzword to join "containers" because it sounds so cool. Kubernetes fans can use the Istio open source framework along with whatever toolchain they need; someone will likely be impressed.

All of this talk about microservices made me ponder how I would use them in a real project. API governance is a new challenge for microservices frameworks. A bigger challenge is to model workflows that cross different microservice architectures. I searched the Web for examples of these models; there are quite a few. Code Project may have something useful. The Gartner Hype Cycle for Emerging Technologies 2017 identifies machine learning (ML) very close to the peak of the current cycle. I need an open source ML process or AI engine I can use to improve an app or bot, provided I could control the input of proprietary data. The process needs to handle classification, clustering, and regression without problems. Alternatively, I could use open source training data sets, similar to the business data I need to process. Perhaps Uncle Sam's Data.gov has both training and real data that would suit my analytical goals.

Ask yourselves what "serverless" truly means, given the chronic underutilization of on-premise data centers. Serverless is not just another cloud function. It should remove developers from routine things and given them true DevOps freedom. Seek the cloud's wisdom if you speak the correct language. I will not take a serverless expert seriously if they think ICO "digital credit" as a virtual asset is something the cloud can leverage.

Cloud operators are talking more about the EU's GDPR and the need to do a gap analysis to become compliant. It's a healthy development for anyone who respects data privacy. Outsourcing GDPR compliance services is now a growing cottage industry in the cloud sector. Operators also need cool metrics like "idea to cash" and mean time to repair (MTTR) to impress their financial auditors.

The cloud cannot exist separately from the real-world IoT systems it will manage. Manufacturing plants are info-synched to adjust operations in real time, so the physical plant must be designed to incorporate software and sensors for data capture. I foresee massive security vulnerabilities if manufacturers allow their supply chain vendors to have real time visibility into their live factory operations. Such easy access allows hackers and viruses easy penetration to an entire vertical. The cloud can make ordinary ICS/SCADA vulnerabilities even worse.

Cloud success increasingly means using AI. Imagine AI governing BRMS with the ability to adjust principal rules. A human designer must be in the loop to ensure the AI does not get out of control. If the Singularity happens, the most likely origin will be some AI governing a major cloud provider that has access to the AIs of enterprise clients running their own BRMS through public clouds. The self-aware computer apocalypse is the worst-case scenario of AIs leveraging other AIs. The Standard Performance Evaluation Corporation (SPEC) should codify standards that will prevent this AI nightmare.

Choosing a cloud provider has strategic implications for a business. All configurations (data center, container, serverless) lead to "vendor lock" where a customer is permanently tied to one cloud provider. This is the exact definition of a switching cost in a sector where the biggest players have a durable competitive advantage. It's why data centers are becoming just like railroads and pipelines. Cloud vendor lock is a switching cost for the customer and a competitive advantage for the provider. Spell my name correctly when you quote me on that point.

DevOps people belong in the cloud. Read the Puppet and DORA State of DevOps Report 2017 for assessments of where DevOps is going. There are also plenty of DevOps handbooks and white papers on the Web for additional guidance. I know how to solve the tech culture problem of which developer cult is best for the cloud sector. Design a "Project X" and have different teams (DevOps, agile/lean, waterfall) work to solve it on a fixed budget. Ready, set, go. May the best team win. There will always be some expert who thinks forcing teams to compete is bad, and who can cite research on development teams to support that conclusion. My point is that they don't need to compete internally, so the competition should be confined to conferences and hackathons where teams can demonstrate their skills.

Containerization is the future of the cloud. Composable infrastructures should theoretically lead to the elimination of data junkyards. We will see how fast this elimination occurs if the cloud continues to trend away from virtualization and towards containerization. Latency is the single most important business criteria determining resources directed to containerization. Power management is the single most important limiting factor in data center optimization.

The app development ecosystem has massively diversified and has become dependent upon object assembly from multiple open source code bases. Optimizing apps with AIs will be a big thing. Open source APIs must be flexible enough to accommodate microservices designed for either containers or virtual machines. Each microservice must perform one function only, and must only communicate with other functions via well-developed APIs; otherwise the microservice will not work well with containers.

Plan out cloud use thoroughly. Assess the opportunity cost of not using cloud for some project. The cost avoidance is justification for cloud adoption. Any business decision in a large enterprise that's not justified with data will come down to politics. Design thinking is useful in enterprise architecture, with every potential choice having its own cost estimate.

Scrum is one variation of the Agile Manifesto. Making agile work in verticals with declining economics means firing a lot of senior people who stand in the way of a pivot that will keep the organization alive. The dinosaurs won't take risks. The old 80/20 rule applies, so the worst 20% of employees just won't grok agile. Once they find less demanding jobs at less pay, they may have an epiphany that they need to acquire new skills and attitudes. The cloud will disintermediate servers from their users.

I am very impressed with emerging attempts to determine the economic value of data (EVD). The accounting approach to EVD is wrong because accounting uses historical cost only. Economics uses a future value for EVD because data value persists into the future as its multiplier effect cascades throughout a network. I like a quote I heard at the conference from a data science practitioner working on EVD: "Data is the new sun, not the new oil." Petroleum is a deleting asset. The sun never wears out, just like data persists. That one metaphor made my entire conference attendance worthwhile. Upon reflection, I will add that EVD models must account for incorrect or obsolete data that must eliminated and no longer adds value. Data's persistence does not make it immune from depreciation.

Edge computing makes IoT smarter. The MQTT protocol is multi-cloud connective tissue where more than one cloud overlaps with remote devices. Edge analytics turns BI into behavioral understanding; expect it to use data lake dumping (heads up, Hadoop fans). Common cloud architecture uses MQTT to push data from analytics engines (assigned to collect from IoT device categories) into the cloud. The whole point of edge computing is to reduce the volume of data going to the cloud. It economizes on traffic by sending only analytics (a compression of data) or patterns (even further compression).

I covered a lot of intellectual ground at this Cloud / IoT Expo. The tech expertise routinely concentrated into the Santa Clara Convention Center is one of the wonders of Silicon Valley. The conference gave me even more inspiration for some tech ideas that I really need to execute. I may even showcase my concepts at next year's Cloud / IoT Expo. The sky is truly the limit in the cloud.

Alfidi Capital at LicensingLive! 2017

I attended Gemalto's LicensingLive! 2017 conference in Silicon Valley. I have never explored the software licensing ecosystem before, so this conference opened my eyes to a different monetization approach. Please note that Alfidi Capital does not have any software available for licensing. Here's another badge selfie for all of you to admire.

Alfidi Capital at LicensingLive! 2017.

A guru dude gave the first morning's introductory talk on software monetization. One key takeaway is that software licenses are now issued by dongle, enabling a cloud connection. Take heed of the cloud, folks, because Cloudonomics now applies to software licensing. The whole point of standardizing software licensing is to simplify pricing, speed go-to-market actions, decrease customer service touch points that cause errors, and increase revenue recognition. That's a lengthy menu of advantages for smart licensing. Check out Simon-Kucher and Partners' Global Pricing and Sales Survey for more details on how licensing impacts revenue; I can't link it here but you can seek it on the Web if you think it's important.

The conference got me wondering about who in a software vendor's organization should own the licensing decisions. It should probably not be the CFO. There's a case to make for either the CMO (it's part of the sales and customer service process) or COO (some service functions are a back-office process) to own licensing. I would argue that the predominance of customer contact should place it in the CMO's office, with input from whoever in the COO or CIO touches product R+D. Whoever owns product development must have a voice in its delivery decision. If business lines influence a preponderance of IT spending, it is difficult to argue against licensing being a sales and marketing function. Alternatively, the recent trend towards creating "Chief Revenue Officer (CRO)" positions acknowledges that revenue enhancement takes place in functions outside the marketing funnel. Let's see how organizations where CROs own licensing stack up against those where CMOs or COOs own the process. Yeah, I know, it's complicated. That's business.

The subscription sign-up process has friction points that a CRM app can streamline to ease prospect conversion. Subscriptions and licensing are an obvious source of business intelligence (BI), and I suspect that many enterprises do not fully utilize this source. Managing licenses in the cloud means moving the process into CRM but keeping contact with the rest of ERP, another point in the argument for the CMO to own the process. Generic license manager descriptions sure make it sound like a CRM function. One tip I picked up from a LicensingLive! participant is for the license management team (LMT) to "ship through ERP, renew through CRM." I think that says it all. People who live that quote's wisdom moved their licensing function from the COO's ERP into the CMO's CRM. Remember that the customer's CIO is the primary IT buyer in any organization, and they own the software asset management (SAM) practice to keep cost and risk under control. The buyer's CIO should be perfectly okay with vendors who treat licensing as a marketing-owned function, because it's part of a customer service experience they can understand.

I collected some other random LicensingLive! tidbits right here, in no particular order. Subscriptions and licensing can monetize SDKs and APIs. IDC's FutureScapes reports cover software business model monetization, so licensing practitioners may find that relevant. License management systems allow metered usage, time-based licensing, expiration alerts, and upgrade/upsell opportunities. Anyone who uses an antivirus subscription service is certainly familiar with the automated account alerts that such a system generates for each of those functions. I bet blockchain will be the next evolution of license verification. Licensing BI should pull from renewal rates and usage (by device, seat count, software module function, etc.) to discover unmet opportunities.

I had never even heard of Gemalto before attending this conference. Imagine my surprise to learn that they are a big player in cybersecurity solutions and SIM cards. The company's global market leadership position is reason enough for me to keep attending LicensingLive! I am now much smarter about how licensing adds value. Pay attention to what I've said here about BI in bold text if you really care about making money from licensing. I make it so easy for everyone, thanks to LicensingLive!

Saturday, December 30, 2017

Alfidi Capital at Project HeHa Super Happiness Challenge 2017

The world needs to get happy. Project HeHa has a plan to make that happen. The project held a Super Happiness Challenge in late 2017, so I had to trek down to Silicon Valley and see what it was all about. Tech types are certainly competitive, and the whole point of the challenge was to compete to get happy. There may have been some really happy people in the room by the time this was all over.

I see huge liability issues with so-called "increase your happiness" sites and apps that are not part of wellness programs vetted by board-certified psychologists. These apps are prescribing behavioral changes in the absence of clinical diagnoses. Tech should only go so far in adjusting someone's psyche without expert human intervention.

Project HeHa brought its happy sign.

The Director of the MIT Media Lab gave the keynote. I had a lot of respect for that lab during the 1990s when its then-director had a regular column in Wired magazine. Alas, the lab and Wired bear their fair share of blame for hyping the dot-com craze. Anyway, I grokked the speaker's point about how true happiness thrives in a healthy ecosystem that one person's material success will not destroy. It's easy to say that in Silicon Valley, where thousands of multimillionaires have built an ecosystem completely devoted to solving their unique problems. These are serious problems, like how to get around town without touching poor people on mass transit (Uber), how to get high-quality meals delivered to the office so managers don't have to wait in line with workers (meal kit services), and how to meet like-minded high-powered singles for fun times (dating apps). Yes indeed, the ecosystem must enable everyone's happiness, especially if it prices out unhappy lower-class people.

We must have hard metrics that tell us how happy we are becoming. The World Happiness Report asks people how happy they are for the UN's International Happiness Day. It may or may not have something to do with the UN's sustainable development framework. The Happy Planet Index is a UK-based effort to redirect the global economy from making money to getting happy. Its sponsors want a "new economy" driven by a hodgepodge of philosophies other than capitalism. Gross National Happiness (GNH) is a nascent thought trend originating in Bhutan, with support from the Happiness Alliance. It sounds to me like a slogan for Bhutan's tourism sector, or perhaps a distraction from Bhutan's ethnic cleansing of its minorities. The idealistic, sensitive, progressive people behind all of these concepts should ask Bhutan's displaced Lhotshampa if they are happy to be refugees.

Project HeHa brought lots of happy books.

The startups in the Super Happiness Challenge pitched their tech ideas to the assembled expert panel. They all looked happy to be there. This event was the first time I have ever witnessed a panel of judges emphasize a startup's culture as a key to success. Uber's well-publicized problems must be waking up every VC in the Valley about culture. Someone remarked, "Culture is what's left when the CEO leaves the room," and left unsaid is that the CEO's personal example sets that culture. The praise on hand for diversity was another effect of wake-up calls, or it may have just been more lip service and slogans. Folks, I have been under bad supervisors of both genders and several ethnic origins. No one demographic has ever cornered the market on behavior that destroys happiness.

I am not sure what to make of this HeHa thing and its sponsors. I am quite familiar with the format of US-based startups pitching to renowned investors. I am not so familiar with this particular project's creators and backers. I think the people behind Project HeHa have their hearts in the right place, but I have no further curiosity about their mission. Tech gurus all think they can change the world. The hubris of Silicon Valley is that tech has a cure for everything, even what ails human emotions. I am part of Silicon Valley's culture to find fellow Americans who want to grow the US economy. That makes me happy.

Alfidi Capital at Data Connectors San Francisco 2017

I fondly remember my first Data Connectors conference a few years back, so of course I had to make a repeat appearance when the show returned to the San Francisco Bay Area in 2017. Tech sector trackers like yours truly get to hear straight from small firms that would otherwise fly under the radar at larger conferences. The concepts I discovered probably work best in a listicle, but I need to relate these things to my own experience in business. Prepare yourselves for some definitions.

Malvertising is a recent weaponization of the ad networks and pop-ups that the business world has grown to trust. Malware isn't just for spam email links anymore, and now it penetrates our networks through buffer overflows, code injections, and stack pivots. Root cause analysis (RCA) of malware  vulnerabilities means looking at gaps where firewalls should exist. Rectifying said gaps requires strong mobile threat defense within enterprise mobility management (EMM), because I suspect that mobile apps and platforms still do not receive the security attention they deserve. Mobile consumption of Web data now exceeds desktop consumption, but security spending in the mobile sector has not caught up.

One vendor at the conference had a very compelling demo on countering malicious profiles. Such demos are effective sales techniques for endpoint detection and response (EDR) solutions. The proliferation of mobile within enterprises means these solutions must now incorporate entity modeling for real-time simulation of all devices on the network. A complete network map gives network defenders information asymmetry over attackers. An end-to-end encryption (E2EE) system prevents a malicious profile attacker from breaking open a packet in the event they penetrate the network, and such an attempt is the kind of abnormal activity the security information and event management (SIEM) would catch.

Strong data security enables business continuity and disaster recovery (BCDR) plans. Regular BCDR auditing will establish a recovery time objective (RTO) and recovery point objective (RPO) as loss-minimization baselines. Lowering the RTO and RPO will save money, so a Cloudonomics analysis must show the ROI impact of spending on resilience solutions.

Virus publishers now produce viruses for sale at dirt cheap prices. They also offer customer service to buyers. Illegal enterprises have now adopted the practices of mature business models. It's ransomware-as-a-service on the dark Web. I believe there is a market for automated countermeasures that hit back at attackers, but there is legal risk because those active counterattacks may themselves be considered malware. The tech sector really needs to collaborate with the US federal government and sort this out.

Speaking of government help, the US's NIST maintains a National Vulnerability Database (NVD) for automating data security. The NIST also maintains a Computer Security Resource Center (CSRC) with a large library of standards publications. Anyone supervising an information security operations center (ISOC) should incorporate those database updates into their network defense protocols and drills. Building an ISOC from scratch starts with the CIS Critical Security Controls, aka the SANS Top 20.

Gartner's continuous adaptive risk and trust assessment (CARTA) interprets cybersecurity governance in the language of business practitioners. A good business rule management system (BRMS) makes adaptiveness easy by generating continuous analytics. The BRMS should produce user and entity behavior analytics (UEBA) tracking system anomalies.

The average time to detect an organization's data breach is measured in months, leaving a huge window of vulnerability. Just like the market for automated counterattacks, there is certainly a a market for automated forensics solutions that accelerate attack reviews to discover vectors and data anomalies. Sandboxing is one way to identify indicators of compromise.

The ISO/IEC 27001 information security standards should guide a CISO's design effort, along with the NIST, CIS, and CARTA approaches. The ever-helpful Gartner people also have a Market Guide for Mobile Threat Defense Solutions just in case the CARTA approach doesn't identify the most obvious vendors.

I will conclude with an observation about what sells in cybersecurity. Solutions vendors tout their deep learning automated analytics, advanced heuristics, and other factors appealing to people enamored with buzzwords. All such factors are amenable to optimization via machine learning (ML), which is fast becoming a fundamental investment. The CISO is the decision maker in security purchases, and must now have a minimal competence in data science just to accurately evaluate the effectiveness of ML-driven security solutions.

There's a lot to know for anyone who buys, sells, or operates cybersecurity systems. Organizations that get security right will make a lot of money. That is why I will continue to attend these Data Connectors events.

The Haiku of Finance for 12/30/17

Search your Box platform
Audio or video
Get auto-transcript

Alfidi Capital at BoxWorks 2017

Here we go with another very special description of my experience with the Box ecosystem. I'm talking about BoxWorks 2017, of course, and I attended for more than just the free food. Check out my badge selfie below, and then we can get to work talking about enterprise cloud computing.

Alfidi Capital at BoxWorks 2017.

Box CEO Aaron Levie is still as dynamic and charismatic as ever in his public appearances. He had a nice dig at Juicero's failure: "The only sector not disrupted (by digital tech) is juice." I'm glad I never bought a Juicero machine. There weren't any clear breakpoints between the four eras of content management's evolution he described, but the clear driver of progress is the cloud's ability to rapidly scale up processes. Study up on information governance and encryption key management to know how IT pros manage their secure clouds.

The "wow" moments for me came during some of the product demos. Box workflows now enable assigning business tasks to trusted partners outside the enterprise. The BoxSkills video search can map facial recognition by frame, make tags searchable in a content management system, and extract an entire transcript of a video's conversation into text and closed captions. That is a big leap in machine learning (ML). It can do similar things with audio file searches, and it performs a sentiment analysis of the voices in an audio file. Wow, I mean, like, wow.

Airbnb CEO Brian Chesky came out for a chat with Aaron Levie. I did not know that these hoteliers started by selling boxed cereal. Mr. Chesky had a bunch of insights to share on innovation, especially on building a team that actually pushes an innovative project. His description of a handcrafted design thinking process is also covered in Reid Hoffman's Masters of Scale podcast, which used Airbnb as one of its many case studies. Yes folks, I pay attention what these experts broadcast.

Building apps without coding is the future of development. Low-code development platforms (LCDPs) are part of the low-code/no-code (LCNC) movement that enables non-computer scientists to build business apps. Box showed off their LCDPs where an amateur's business apps can integrate with workflows and define triggers for actions. The revelation for me is that any API connection (as a process) can be automated, and even blockchain integration is possible with these homemade apps.

American companies must now prepare for the EU's General Data Protection Regulation (GDPR), a very comprehensive regulation that touches any data process touching an EU nation's citizens. Expect serious fines for even inadvertent violations. Businesses developing binding corporate rules (BCRs) for GDPR compliance will pay premiums for "good practice" (GxP) implementation consultants if they don't have in-house EU expertise. They can start by reviewing the Privacy Shield Frameworks the US has worked out with its European counterparts. Cloud providers in particular will need to implement the BSI Cloud Computing Compliance Control Catalogue (C5) and Trusted Cloud Data Protection Profile (TCDP) if they do business in Germany. Attend BoxWorks and you learn about this stuff.

I had an epiphany during the second day's keynote. We need new metrics to evaluate both revenue per user and the cost of API calls per month for cloud companies and the data sector. It's no longer sufficient to process huge numbers of API calls per month, because call usage must be profitable to sustain the cloud enterprise. These metrics work just like revenue passenger miles in the airline sector and ton miles in trucking. Atomized revenue metrics determine whether an enterprise's assets are adding value at their full capacity.

The fun Crystal Ball keynote used a fake "Space Ham" movie production as a vehicle to Box's planned future product functions. No one outside the company will know whether these dream products make it to market. I was more impressed with the audio and video products they already have. The audience was seeded with Box employees for recognition at the end, and they obviously led applause prompts at key moments. Every aspiring enterprise tech startup should learn how to evenly distribute the ringers throughout their sponsored conference. Enthusiasm is contagious.

Dr. Neil deGrasse Tyson gave the closing keynote, and he was a knockout as usual. The dude had galaxies on his necktie, which just reinforces my opinion that he should run NASA. I noticed a typo on his slide showing this 2017's Santa Rosa, California wildfires dated "2018," the wrong year. That's a trivial error in an otherwise flawless presentation on species intelligence, global consciousness, and the humility that comes with a cosmic perspective. He got a standing ovation at the end after totally capturing everyone's attention and imagination. Dr. Tyson is definitely qualified for national and global leadership roles.

BoxWorks exceeded my expectations, just like the other Box events I have attended. If you're putting on a tech show, it needs to be big, loud, and most of all packed with expert wisdom. I will see Mr. Levie and the rest of the team in years to come.