Which is worse – being free to roam without finding work in a great recession[1] or during sustained global economic stagnation,[2] or being on full or partial lockdown in a COVID-19 Global Pandemic situation (hereinafter “Covid”) ?

Each has its own challenges in terms of earning a living.  However, with Covid, things are that much tougher because getting too close to others to shake hands or even breath the same air in sequence, can be very bad for you, or for them, or for both of you together – and even deadly.  So, what can one do to make some meaningful income while the whole world stands apart for as long as they and we individually, all can, without going stir-crazy, getting precaution-lazy, or surviving, cashless, on dry beans and gravy?

 

WHAT IS IN THE ECONOMY, ANYWAY?

Well, as always, start with the basics ………… what is the economy at its barest bones?

We have often heard of the 3 factors of production, being Land, Labor and Capital/Kapital.

Then, we hear of the human condition’s 3 survival basics, being Food, Shelter, and Clothing.

Those are 6 key elements already, but the modern economy adds or splits-out, two more, which are Technology, and Consumables.  With these 8, then, we can start to break them down, further categorize, compartmentalize, and strategize.

 

HOW DO WE SORT THESE 8?

Put Land, Labor and Technology on one side; Food and Shelter in the middle; and the three Cs (Capital, Clothing, and Consumables) on the other side, then identify them with the rule of 3.

 

L + L + T

Land, including land with improvements such as a home, an industrial plant, or a commercial or rental property building, can be any of: (a) under water or fallow land; (b) in a steady state and barely drawing even or simply where you have your own business; or (c) it can be an income property that is actually cash flow positive and producing an income.

In terms of Labor nowadays, you can be: (a) jobless; (b) working from home; or (c) in an essential function or group, and working outside the home.  Some jurisdictions, of course, have remobilized their populations and restarted to various degrees, but with varying results, and so we won`t go there right now, and there are also many different definitions of essential, such as health and security workers, grocery store clerks, utility and transportation workers, office workers in a payroll and benefits function, an inventory rotation and maintenance function, or responsible for the care of live animals, so we won’t delve deeper into those terms, either.

Technology is an enabler that helps you with: (a) knowing (which includes communication, advice, entertainment, and basic information retrieval); (b) it can help you with acting on that information; and (c) it can help you with moving – whether as a result of information, to get information, or as a movement enabling technology in its own right through some form of transportation ranging from the scooter, through an Uber, to a plane, train, or simple bicycle.  You can also know, act, and move at the same time with Technology in the massive enabling of “telepresence”, through the current super-spike of online video meetings and web-based events, where by attending without moving you really “CAN” be in two places at once.

 

F + S

Food (and drink) you can: (a) produce and sell; (b) purchase to consume; or (c) stockpile it for re-sale or later personal use.

Shelter, you can: (a) own; (b) let-out; or (c) yourself rent, whether or not you actually live there; remembering that shelter can be anything from an actual house, through an apartment or hotel room or bed and breakfast arrangement, to a mobility property such as a boat or houseboat, a private aircraft, or a camper or recreational vehicle whether towed or self-propelled.

 

C + C + C

Capital can be identified as: (a) income (inflow); (b) expense (outflow); or (c) an investment (sideflow).

Clothing can be: (a) multi-purpose basic ear; (b) general workwear including suits and pantsuits and uniforms; or (c) it can be general- or specific-purpose Personal Protective Equipment (PPE).

Consumables, finally, can be: (a) a variety of services and content; (b) medications; or once again (c) PPE.

 

ANALYSIS

You will have noticed that PPE appears twice, which is not surprising, given its importance in the middle of a Global Pandemic.  So it is a high demand category that is evident in the initial shortages of things like face masks, gloves, and household cleaning wipes, and their ongoing high rates of usage and sporadic shortages as Covid rages-on.

Without passing judgement on the ethics, legality, or propriety of any of the following, I will give some examples of: (I) same category folding, (II) cross-category pairing, and (III) tri-category bridging, to make things happen.

I.   Same Category Folding, was already seen in technology, with teleconferencing that combines moving, with information. On a non-macro-level, it can also be seen with land, where you sublet that un-used portion of a commercial property that you own or let, or with shelter where you let out a portion of the home that you occupy.  Similarly with labor, if you are at home on furlough, then you may also be able to start a home based business and work from home to supplement unemployment insurance income or leverage and re-deploy any other funds made available to you during Covid.

II.   Cross-Category Pairing, can be seen where one uses a vehicle as technology that they own or control, and combines labor as an essential worker to now drive in a Ridesharing arrangement, or to deliver food, in either case as an essential worker. One can also work from home to produce clothing in the form of masks as PPE, or even another consumable in the form of advice and counseling services.

III.   Tri-Category Bridging, was in clear view when some people used their capital in sideflow, to buy and resell large amounts of PPE (clothing or consumables) or food and drink.  Knowledge workers can likewise work from home by investing (sideflow) in technology cloud power or production equipment as simple as a few camcorders, and then acting by creating consumables in services or content for larger providers, or even by themselves, such as with a short film, infomercial, or actual YouTube channel.

 

CONCLUSIONS

One would have factored-in the ability to liquidate personal goods to generate some quick cashflow.  However, the ability of Covid to linger on hard surfaces somewhat discourages those modern garage sales for all but the most hardy.  As the above shows, though, using a little ingenuity can help you find those hidden and glaring opportunities.

Most of us can look down and see five fingers or five toes, and those who cannot, have in many cases compensated and still been able to survive and even thrive despite those limitations.  So, just look to, and take an honest inventory of:

(i) your Possessions (across the original 8 factors), including what you occupy or control;

(ii) your Abilities (in terms of labour);

(iii) the “Rational” needs of the market (rational as in what “you” can manage to provide in line with the prevailing government medical advice or lockdown status, not what the people “feel” that they need, but that is totally unattainable or otherwise ill-advised for whatever reason or reasons at that time);

(iv) your own Tolerance of risk; and

(v) the many Synergies that you can create through Tri-category bridging, Cross-category pairing, and Same category folding …………… so, go on, take these “parts” and make them – and yourself, whole !

 

Good luck; Stay safe !

****************************************************************

 

Author:

Ekundayo George is a lawyer and sociologist.  He has also taken courses in organizational and micro-organizational behavior, and gained significant experience in programs, policy, regulatory compliance, litigation, and business law and counseling.  He has been licensed to practise law in Ontario and Alberta, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America.  See, for example: https://www.ogalaws.com.  A writer, blogger, and avid reader, Mr. George has sector experience in Technology (Telecommunications, eCommerce, Outsourcing, Cloud), Financial Services, Energy, Healthcare, Entertainment, Real Estate and Zoning, International/cross-border trade, other services, and Environmental Law and Policy; working with equal ease and effectiveness in his transitions to and from the public and private sectors.  He is a published author on the national security aspects of Environmental Law, has represented clients in courts and before regulatory bodies in both Canada and the United States, and he enjoys complex systems analysis in legal, technological, and societal millieux.

 

Trained in Legal Project Management (and having organized and managed several complex projects before practicing law), Mr. George is also an experienced negotiator, facilitator, team leader, and strategic consultant – sourcing, managing, and delivering on complex engagements with multiple stakeholders and multidisciplinary teams.  Team consulting competencies include program investigation, sub-contracted procurement of personnel and materials, and such diverse project deliverables as business process re-engineering, devising and delivering tailored training, crisis consulting, and targeted engagements through tapping a highly-credentialed resource pool of contract professionals with several hundred years of combined expertise, in: healthcare; education and training; law and regulation; policy and plans; statistics, economics, and evaluations including feasibility studies and business cases; infrastructure; and information technology/information systems (IT/IS) – also sometimes termed information communications technologies (ICT).  See, for example: https://www.simprime-ca.com.

 

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”) including employees, agents, directors, officers, successors & assigns, in whole or in part for their content, accuracy, or availability.

 

This article creates no lawyer-client relationship, and is not intended or deemed legal advice, business advice, the rendering of any professional service, or attorney advertising where restricted or barred.  The author and affiliated entities specifically disclaim and reject any and all loss claimed, no matter howsoever resulting as alleged, due to any action or inaction done in reliance on the contents herein.  Past results are no guarantee of future success, and specific legal advice should be sought for particular matters through counsel of your choosing, based on such factors as you deem appropriate.

 

[1] Ekundayo George.  FINDING AND CATCHING WIND TO SAIL IN A DEAD CALM DOWNTURN (Part 1, 2011).  Posted September 3, 2011, on ogalaws.wordpress.com.  Online: >https://ogalaws.wordpress.com/issues-counseling/<

[2] Ekundayo George.  FINDING AND CATCHING WIND TO SAIL IN A DEAD CALM DOWNTURN (Part 2, 2013).  Posted January 3, 2013, on ogalaws.wordpress.com.  Online: >https://ogalaws.wordpress.com/2013/01/03/finding-and-catching-wind-to-sail-in-a-dead-calm-downturn-part-2/<

In his letter to shareholders that accompanied the 2014 annual report for Omaha, Nebraska’s sprawling Berkshire Hathaway Inc., Warren Buffet, the longtime chairman and chief executive officer, stated that he had chosen a successor, predicted potentially tougher times ahead in the quest for growth at the company, and identified 3 (“three”) historically recurrent business challenges that could fell even the oldest and largest of businesses:

 

“My successor will need one other particular strength: the ability to fight off the ABCs of business decay, which are arrogance, bureaucracy and complacency. When these corporate cancers metastasize, even the strongest of companies can falter. The examples available to prove the point are legion (…)” (Emphasis added).[1]

 

As shown in my May, 2014 post on corporate crisis management,[2] there are a whole host of “issues” that can befall a company, and severely damage or even destroy it if not properly addressed or prevented in the first instance. I would therefore not only echo Mr. Buffett on these three potential maladies that he has identified, but add 6 (“six”) more that I have repeatedly seen in my work experience and research, to total 9 (“nine”) such avoidable agents of business decay.

 

These other six, are:

  1. Debt;
  2. e-Issues (eCommerce, the environment, employment practices);
  3. Fiscal and Competitive Malfeasance (tax evasion, fraud and financial statement/disclosure issues, market abuses);
  4. GRC (governance, risk, and compliance) Failings;[3]
  5. Hue & Cry” (public reaction – including social media campaigns, boycott calls, and general “sanction or reaction traction” with regulators or prosecutors regarding an adverse event involving the company;
  6. i-Issues (most commonly being – incomplete or inappropriate preparation for surging demand, shoddy or absent contingency planning, insufficient capitalization, unreliable or skittish funding sources, and inattention to ongoing management obligations especially in supply chain quality control and general logistics, operations safety and security including cybersecurity, outsourcing and vendor competence and regulatory compliance, and oversight of all of these to include an adequate, available, and recommended internal whistleblower apparatus, and enforcing strict information governance and document retention policies).

 

A review of recent and historic business news will yield more than enough examples for each and every point, and so I will not go out of my way to name names. Suffice it to say, that if you want real business longevity for your venture – regardless of its current stage or state, then as with everything else, you need to look far beyond, and cover much more, than the mere basics or the ABC’s, and consistently so.

 

*****************************************************************

Author:

Ekundayo George is a lawyer and sociologist. He has also taken courses in organizational and micro-organizational behavior, and gained significant experiences in business law and counseling, diverse litigation, and regulatory compliance practice. He is licensed to practice law in Ontario and Alberta, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America. See, for example: http://www.ogalaws.com. A writer, blogger, and avid reader, Mr. George has sector experience in Technology (Telecommunications, eCommerce, Outsourcing, Cloud), Financial Services, Healthcare, Entertainment, Real Estate and Zoning, International/cross-border trade, other services, and Environmental Law and Policy. He is a published author on the National Security aspects of Environmental Law, has represented clients in courts and before regulatory bodies in both Canada and the United States, and he enjoys complex systems analysis in legal, technological, and societal milieux.

Trained in Legal Project Management (and having organized and managed several complex projects before practicing law), Mr. George is also an experienced negotiator, facilitator, team leader, and strategic consultant – sourcing, managing, and delivering on complex engagements with multiple stakeholders and multidisciplinary teams. Team consulting competencies include program investigation, sub-contracted procurement of personnel and materials, and such diverse project deliverables as business process re-engineering, devising and delivering tailored training, and other targeted engagements through tapping a highly-credentialed resource pool of contract professionals with several hundred years of combined expertise, in: Healthcare; Education & Training; Law & Regulation; Policy & Plans; Statistics, Economics, & Evaluations including feasibility studies; Infrastructure; and Information Technology/Information Systems (IT/IS) – also sometimes termed Information Communications Technologies (ICT). See, for example: http://www.simprime-ca.com.

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”) including employees, agents, directors, officers, successors & assigns, in whole or in part for their content, accuracy, or availability.

This article creates no lawyer-client relationship, and is not intended or deemed legal advice, business advice, the rendering of any professional service, or attorney advertising where restricted or barred. The author and affiliated entities specifically disclaim and reject any and all loss claimed, no matter howsoever resulting as alleged, due to any action or inaction done in reliance on the contents herein. Past results are no guarantee of future success, and specific legal advice should be sought for particular matters through counsel of your choosing, based on such factors as you deem appropriate.

[1] Warren Buffet. Letter to Shareholders for Fiscal Year 2014, at page 37.  Posted on berkshirehathaway.com, February 2015. Online: <http://www.berkshirehathaway.com/letters/2014ltr.pdf>

See also Luciana Lopez and Jonathan Stempel.  Warren Buffett says Berkshire has ‘right person’ as heir.

Posted on reuters.com, February 28, 2015.  Online: <http://www.reuters.com/article/2015/02/28/us-berkshire-buffett-letter-idUSKBN0LW0MG20150228>

[2] Ekundayo George. Corporate Crisis Management 101 – The A, B, Cs of Lessons Learned.  Posted on ogalaws.wordpress.com, May 7, 2014. Online: <https://ogalaws.wordpress.com/2014/05/07/corporate-crisis-management-101-the-a-b-cs-of-lessons-learned/>

[3] Ekundayo George. Governance, Risk, and Compliance (GRC): a 4-part policy framework. Posted on ogalaws.wordpress.com, October 21, 2012. Online:<https://ogalaws.wordpress.com/2012/10/21/grc-an-overview-part-1/>

PREAMBLE:

So far in this study, we have introduced the complexities of 3 of the 5 Domains or “faces” of Data as a complex system: Form Factors,[1] Applications,[2] and Categories.[3] Now, in Part 4, we consider End-Users.

 

ANALYSIS:

End-Users.

These are the different users and user-groups who can and do, make various uses of the data.

 

Level 2 (provenance): As the ultimate consumer, that end-user can be any or all of an individual or a group, a business or business group, or a government or government agency, or government collective. Hence, at this level, we have placed just two options: (i) Insiders, who are the known and permitted users of the data, and (ii) Outsiders, who are the not permitted but sometimes known users of the data, if and when a breach can be tracked-back to its point of origin,[4] or when the user without permission can be found.

 

Level 3 (management): Here, the end-users can be categorized into three separate groups for management purposes. (i) Vetted, are those end-users who have been cleared and properly credentialed for data access. (ii) Unknown users are those with spoofed or un-trusted credentials – whether it is hacked passwords, expired security certificates, or other sharp workarounds of security protocols that allow data access. (iii) CMC, are those criminal, malicious, or compromised users who may appear to be vetted or unknown, but who have ulterior motives. The essential and constant challenge for all IT security and IT governance professionals is to ensure that the vetted remain vetted; the unknown do not become or appear to be vetted; and that the CMC remain on the outside of the trusted data-user community. [5]

 

Level 4 (security): As with earlier installments, there are on this level, categories for: (i) identity and access management (IAM); (ii) management “controls for risk, encryption, and security technique” (CREST); and two categories for regulatory compliance, being (iii) Regulatory Compliance (generic) which includes privacy and Intellectual Property Rights (IPR); and (iv) Regulatory Compliance (specific), which includes subnational, national, and transnational rules, and any industry-specific codes of compliance.

 

Level 5 (attack vectors): Here, we will specify the attack vectors as targeted at or emanating from, one or more of these five distinct groups. These are: (i) individual; (ii) family; (iii) group or network; (iv) business or business group; and (v) government, or government agency or collective. The individual might be a hacktivist, or someone with a form factor that has been unknowingly compromised. The family, again, might just be the innocent victim of a botnetted[6] machine within the household that identifies their IP address as the attack’s malicious source. The group or network may have third-party packet sniffer software installed that its Sys-admin does not catch, or chooses to ignore and/or not disclose to others. And then, the business or business group may be compromised directly, or through a third-party vendor.[7] Recent revelations about alleged government cooperation with internet and technology companies,[8] show how this fifth attack vector might stand alone; might combine with the third in a complicit Sys-admin (who does or does not see a lawful warrant); or might even combine with a targeted intelligence operation by a government agency that sees a keylogger, for example, installed on a business or household form factor known or suspected to be used by, some person of interest.[9]

 

Level 6 (aggregation): Finally, data end-users can also be found and aggregated across 6 spaces. There are two, under each of: (a) being at the individual’s option (such as for biometrics and geolocation, or other consumer-friendly applications – as opted-into or “not” opted-out of); (b) the commercial need and machine-driven (such as for SCADA/Supervisory Control and Data Acquisition, RFID/Radiofrequency Identification, or other business-inspired or business enhancing applications; and (c) the Government-aggregation (for various overt matters including health, morals and welfare, on one hand; or for covert matters, such as law enforcement and intelligence-driven surveillance operations, on the other hand).

 

CONCLUSION:

The depth and breadth of Data as a complex system continue to be enhanced by the interactions of its five Domains, and of the many faces therein. Having now considered Form Factors, Applications, Categories, and End-Users, our next and final installment will consider the “Scale” Data Domain.[10]

*********************************************************************

Author:

Ekundayo George is a sociologist and a lawyer. He has also taken courses in organizational and micro-organizational behavior, and has significant experienced in business law and counseling (incorporations, business plans, contracts and non-disclosure agreements, teaming and joint venture agreements), diverse litigation, and regulatory practice. He is licensed to practice law in Ontario, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America (U.S. business advising, outsourcing and cross-border trade, technology contracts, and U.S. financing). See, for example: http://www.ogalaws.com. A writer, blogger, and avid reader, Mr. George has sector experience in Technology (Telecommunications, eCommerce, Outsourcing, Cloud), Financial Services, Healthcare, Entertainment, Real Estate and Zoning, International/cross-border trade, other Services, and Environmental Law and Policy. He is a published author on the National Security aspects of Environmental Law, and enjoys complex systems analysis in legal, technological, and societal milieux.

 

Mr. George is also an experienced strategic consultant; sourcing, managing, and delivering on large, strategic projects (investigations, procurements, and diverse consulting engagements) with multiple stakeholders and multidisciplinary project teams. See, for example: http://www.simprime-ca.com.

 

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”) including employees, agents, directors, officers, successors & assigns, in whole or in part for their content, accuracy, or availability.

 

This article creates no lawyer-client relationship, and is not intended or deemed legal advice, business advice, the rendering any professional service, or attorney advertising where restricted or barred. The author and affiliated entities specifically disclaim and reject any and all loss claimed, no matter howsoever resulting as alleged, due to any action or inaction done in reliance on the contents herein.

____________________________________________________

[1] Ekundayo George. The 100 “FACES” of Data: a 5-part Complex Systems Study (Part 1 – Form Factors). Published on ogalaws.wordpress.com, November 1, 2013. Online: >https://ogalaws.wordpress.com/2013/11/01/the-100-faces-of-data-a-5-part-complex-systems-study-part-1/<

[2] Ekundayo George. The 100 “FACES” of Data: a 5-part Complex Systems Study (Part 2 – Applications). Published on ogalaws.wordpress.com, December 27, 2013. Online: >https://ogalaws.wordpress.com/2013/12/27/the-100-faces-of-data-a-5-part-complex-systems-study-part-2-applications/<

[3] Ekundayo George. The 100 “FACES” of Data: a 5-part Complex Systems Study (Part 3 – Categories). Published on ogalaws.wordpress.com, February 4, 2014. Online: >https://ogalaws.wordpress.com/2014/02/04/the-100-faces-of-data-a-5-part-complex-systems-study-part-3-categories/<

[4] Both insiders and outsiders can be sources of significant threat to any business, or other data producer or data consumer. However, some research shows that the most significant threat comes from the outsider. See e.g. Ericka Chickowski. Should Insiders Really Be Your Biggest Concern? Published on darkreading.com, April 23, 2013.   Online: > http://www.darkreading.com/insider-threat/should-insiders-really-be-your-biggest-c/240153455 <. See contra. Ponemon Institute. Fourth Annual Benchmark Study on Patient Privacy and Data Security. Published on ponemon.org, March 12, 2014. Online: >http://www.ponemon.org/blog/fourth-annual-benchmark-study-on-patient-privacy-and-data-security< In the medical field with regard to patient data security, insider risk is greater.

[5] There is a technical, definitional difference between unauthorized and non-credentialed. Credentials, such as passwords, pass keys, and biometric inputs all grant access, and so a properly credentialed user may be vetted and therefore authorized to access data on system A, but although vetted, “not” unauthorized to access data on system B. That user on system A may nevertheless try to gain access to data on system B, as a CMC (criminal, malicious, or compromised) user. On the other hand, if one gains access or attempts to gain access to data on system A or system B with stolen or spoofed credentials (apparently vetted), or through a credentials workaround (clearly non-credentialed), then this is essentially a non-credentialed access by an unknown user (absent the availability of more information), and it is unauthorized.

[6] Jeremy Reimer. FBI: Over one million computers working for botnets. Posted on arstechnica.com, June 14, 2007. >http://arstechnica.com/security/2007/06/fbi-over-one-million-computers-working-for-botnets/<

[7] Brian Krebs. Email Attack on Vendor Set Up Breach at Target. Published on krebsonsecurity.com, February 12, 2014. Online: >http://krebsonsecurity.com/2014/02/email-attack-on-vendor-set-up-breach-at-target/<

[8] Anthony Wing Kosner. All Major Tech Companies Say NSA Actions Put Public Trust In Internet At Risk. Published on forbes.com, December 9, 2013. Online: >http://www.forbes.com/sites/anthonykosner/2013/12/09/all-major-tech-companies-say-nsa-actions-puts-public-trust-in-internet-at-risk/<

[9] Declan McCullagh. Feds use keylogger to thwart PGP, Hushmail. Published on cnet.com, July 10, 2007. Online: >http://www.cnet.com/news/feds-use-keylogger-to-thwart-pgp-hushmail/<

[10] See Ekundayo George.  The 100 “FACES” of Data: a 5-part Complex Systems Study (Part 5 – Scale).  Published on ogalaws.wordpress.com, May 15, 2014.  Online: >http://www.ogalaws.wordpress.com/2014/05/15/the-100-faces-of-data-a-5-part-complex-systems-study-part-5-scale/<

PREAMBLE:

In this data-driven world, we approached data from a complex systems perspective and assigned 5 data domains or “faces” as follows: Form Factors, Applications, Categories, End-Users, and Scale.  In Part 1 – Form Factors,[1] we identified some of the data devices through which data impacts upon us, and we impact upon the data.  In Part 2 – Applications,[2] we looked at the tools we use to collect, collate, and manipulate that data.  Now, in Part 3, we look at some of the different “Categories” of this Data.

ANALYSIS:

Categories.

These are the different ways in which we describe, define, and otherwise compartmentalize our data, in order to make it more malleable, manageable, and ultimately intelligible.

Level 2 (management): At this level, we have placed just two options: (i) an Externalized one for aggregation and analytics; and (ii) an Internalized one for commoditization and consumption.  In the first category, we have the original “Big Data” as collected, which is then aggregated and analyzed in various ways, by person and/or by machine.  It is the end-product in pieces, predictions and prognostications, or printouts, which is then packaged into more manageable morsels for the ultimate consumer.  That ultimate consumer can be any or all of a business, an individual or group, or a government or government agency.

Level 3 (security): As our focus is on the categories of data in a general sense, this “security” level will differ somewhat in its focus on the base-level “non-controls” or “intentional security lapses” that can now generally apply to data in three different spheres.  These, collectively termed “EULA3” or “EULA Cubed“,[3] are: (i) End-User Legal Authority; (ii) End-user License Autonomy; and (iii) End-User Leveraged Ability.  The first refers to the copyright exemption-like authority now permitting many end-users to further customize and develop commercial off-the-shelf software, such as screensavers, skins, avatars, and general gaming applications.[4]  The second refers to the various degrees of autonomy from traditional and restrictive use and geographic licensing that some consumers have, by using unlocked data devices – whether lawfully or not so lawfully unlocked.  This can range from having data devices function to reach data from geographic locations where they would not otherwise have been functioning; through number or service portability and the freedom it provides from multi-year service contracts with single providers; to opting-out of otherwise automated software updates and pre-sale software bundling.[5]  The third refers to the enhanced data-centric abilities that end-users now have as a result of the interconnected nature of data and the many faces of data.[6]  With the increasing expanse and depth of social media and apps for almost anything thinkable and unthinkable, there is no longer really any such thing as “use only as recommended”, because many future uses (Applications) of today’s data devices (Form Factors) – and of the data itself, are yet to be set-down or even known, and whether or not lawful where or when so ultimately used.

Level 4 (provenance): On this level, there are four categories for the origin of the data.  These are Social, Business, Personal and Government.  (i) Social as a source category, can include anything and everything ever put online.  (ii) Business as a source category, can include any and all personally identifiable, preference, contact information, and other data (personal data) voluntarily or involuntarily provided to a business by a consumer, or by another business.  Some restrictions on resale and usage, or transfer by and between internal divisions may apply, as per the entity’s Privacy Policy.  However, there can be exemptions for certain categories of data; additional concessions and goodies, such as rebates and special offers can be provided to customers who give the data custodian company carte blanche with regard to their provided data; and, of course, there are those instances where things go wrong or misplaced, or when careless business moves and messy business bankruptcies lead to provided data finding its way into dumpsters,[7] pawn shops,[8] second-hand and auctioned goods,[9] and to provided data being otherwise exposed through data breaches.[10]  (iii) Personal as a source category, may include spoken or written communications, non-verbal cues, and the contents of a lost wallet, purse, form factor, or mass storage device.  Finally, (iv) government as a source category, encompasses all the information that a government has (or could possibly have) on the individual or the business within its jurisdiction (or data-reach), for whatever reason, and from whatever other or intermediary origin point.

Level 5 (attack surfaces): As with the prior data domains covered – Form Factors and Applications – there are myriad, overlapping, and ever-multiplying attack vectors.  Here, we will merely identify the five transitional steps as attack surfaces within data categorization, where attacks may occur.  These are, at: (i) creation, collection, and collation; (ii) tokenization, encryption, and manipulation; (iii) storage and access; (iv) transmission and transportation (whether actual or virtual); and (v) disposal and destruction.[11]

Level 6 (aggregation): Finally, and just as with Applications, all Data “Categories” levels can be found and aggregated across the same 6 spaces as identified for Applications.  These are: (i) Cloud API; (ii) Datacenter; (iii) In-house server; (iv) workgroup; (v) single system desktop or laptop, social media, or gaming console/application; and (vi) mobile, to include tablet, smartphone, and wearable-tech.

CONCLUSION:

The depth and breadth of Data as a complex system continue to be enhanced by the interactions of its five Domains, and of the many faces therein. Having now considered Form Factors, Applications, and Categories, our next and penultimate installment will consider the “End-Users” Data Domain.[12]

*********************************************************************

Author:

Ekundayo George is a sociologist and a lawyer.  He has also taken courses in organizational and micro-organizational behavior, and has significant experienced in business law and counseling (incorporations, business plans, contracts and non-disclosure agreements, teaming and joint venture agreements), diverse litigation, and regulatory practice.  He is licensed to practice law in Ontario, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America (U.S. business advising, outsourcing and cross-border trade, technology contracts, and U.S. financing).  See, for example: http://www.ogalaws.com.  A writer, blogger, and avid reader, Mr. George has sector experience in Technology (Telecommunications, eCommerce, Outsourcing, Cloud), Financial Services, Healthcare, Entertainment, Real Estate and Zoning, International/cross-border trade, other Services, and Environmental Law and Policy.  He is a published author on the National Security aspects of Environmental Law, and enjoys complex systems analysis in legal, technological, and societal milieux.

Mr. George is also an experienced strategic consultant; sourcing, managing, and delivering on large, strategic projects (investigations, procurements, and diverse consulting engagements) with multiple stakeholders and multidisciplinary project teams.  See, for example: http://www.simprime-ca.com.

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”) including employees, agents, directors, officers, successors & assigns, in whole or in part for their content, accuracy, or availability.

This article creates no lawyer-client relationship, and is not intended or deemed legal advice, business advice, the rendering any professional service, or attorney advertising where restricted or barred.  The author and affiliated entities specifically disclaim and reject any and all loss claimed, no matter howsoever resulting as alleged, due to any action or inaction done in reliance on the contents herein.


[1] Ekundayo George.  The 100 “FACES” of Data: a 5-part Complex Systems Study (Part 1 – Form Factors).  Published on ogalaws.wordpress.com, November 1, 2013.  Online: >https://ogalaws.wordpress.com/2013/11/01/the-100-faces-of-data-a-5-part-complex-systems-study-part-1/<

[2] Ekundayo George.  The 100 “FACES” of Data: a 5-part Complex Systems Study (Part 2 – Applications).  Published on ogalaws.wordpress.com, December 27, 2013.  Online: >https://ogalaws.wordpress.com/2013/12/27/the-100-faces-of-data-a-5-part-complex-systems-study-part-2-applications/<

[3] Ekundayo George.  Ctrl-Shift-Del: 2013’s Top 5 Technology Trends for Consumers (at section z:  “End-User Legal Authority/ License Autonomy/ Leveraged Ability (EULA3, or cubed)”).  Posted on ogalaws.com, March 16, 2013.  Web: >https://ogalaws.wordpress.com/tag/end-user-leveraged-ability/<

[4] Id.

[5] Id.

[6] Id.

[7] Chris Saldana, Reporter.  Dumpster Full of Personal Information Discovered.  Posted on 8newsnow.com, September 18, 2007.  Online: >http://www.8newsnow.com/Global/story.asp?S=7091061&nav=168XJuYl<

[8] Danielle Walker, Reporter. Doctor’s stolen laptop found at pawn shop; data of 652 patients exposed.  Posted on scmagazine.com, April 1, 2013.   Online: >http://www.scmagazine.com/doctors-stolen-laptop-found-at-pawn-shop-data-of-652-patients-exposed/article/286812/<

[9] Joe Willis, Regional Chief Reporter.  Workers’ personal information found in cabinet sold at auction.  Posted on thenorthernecho.co.uk, August 5, 2013.  Online: >http://www.thenorthernecho.co.uk/news/10589828.County_Durham_workers__personal_information_found_in_cabinet_sold_to_Spennymoor_man_at_Newcastle_auction/?ref=nt<

[10] Sean Sposito.  Data breaches: It’s likely to happen to you. Published on theglobeandmail.com, January 28, 2014.  Online: >http://www.theglobeandmail.com/report-on-business/international-business/data-breaches-its-likely-to-happen-to-you/article16558877/?page=all<

[11] The 3 customary data state categorizations of: (A) Data at rest; (B) Data in use; and (C) Data in motion, are too limited for the purposes of our schema, and any comprehensive implementation of a Data Loss Prevention (DLP) regime.

[12] See Ekundayo George.  The 100 “FACES” of Data: a 5-part Complex Systems Study (Part 4 – End-Users)Posted on ogalaws.wordpress.com, April 9, 2014.   Online: >http://www.ogalaws.wordpress.com/2014/04/09/the-100-faces-of-data-a-5-part-complex-systems-study-part-4-end-users-2/<

As this New Year starts and we all get back into the swing of work, or looking for work, or retirement, as the case may be, now is as good a time as any to reflect on what it means to be an ideal employee.

                Committed (old school):

There was a time when the ideal employee only needed to be “committed”, to his or her employer – whether in the public sector or private sector, and to a lifetime of employment with that employer.

                Conscientious:

Then the environmental movement came about, with the growth surge and popularity of Corporate Social Responsibility (CSR), which led to a search for “conscientious” candidates for employment, in some industries and service sectors.  Truth be told, there are certainly a good number of employers who could care less, or who would even, perhaps, prefer those with no pre-set views or that fully reject prevailing “environmentally-correct” or “socially-responsible” or “politically-correct” or “anti-globalization” platforms; which platforms in some cases have brought-out quite extreme and obnoxious behaviours on both sides of the fence, as adjudged by the fence-sitters in that space, place, and time.  To be conscientious about the fighting issues and only those issues, is the raison d’être at one end of the spectrum.  At the other end, however, to be conscientious about the bottom line and solely the bottom line – to the point of blatant, repeated unethical behaviour or illegality in some cases, is highly valued.

                Connected:

Now, we have the “Social” phase, with potential employers themselves or through contracted third-parties, trolling criminal record and other databases, the Internet and social media in an effort to develop a better picture of the person and the “contacts or connections” of the person, who’s paper resume, personal video, multimedia resume, or LinkedIn or Facebook profile has been sent to their inbox, pasted on their private wall, or delivered by hand.  As a result of this highly disruptive paradigm-shift, the 5 (“five”) recurrent questions in HR circles, have now become:

(i) to whom are they connected;

(ii) where;

(iii) how;

(iv) what causes or entities do they like or follow; and

(v) how will any or all of this help or hurt us if we bring them onboard?

Alas, if you have no online profile, or too few connections but years of experience, then “some” HR professionals may well think you are hiding something due to the assumption that “everyone” now has an appreciable online presence and a large connection group through all of which the original data subject may itself, be or become far better known to them through open source and standoff means.

Unfortunately, the lack of an online presence or even a large connection group does not necessarily signify an issue.  I am sure that there are many people who have simply never gotten around to it, face restrictions on what they can post online due to current and former employers or their specific lines of work, or who have simply rebelled against what they feel is over-sharing and information overload.

To counter for this potential bias, it is likely high time to go back to the basics and focus on the “Committed” aspect, as in Committed (new school), in looking to the core of what an ideal employee is, or should develop into.

Committed (new school):

With a resounding yes, we can all agree that (at least in the western world and other parts that sincerely follow the western model), two core work assumptions are now gone, forever:

(i) that there is lifetime employment on offer; and

(ii) that the employment relationship is one with more obligation of employee to employer, than employer to employee.

Today, people will have more than one career, and often simultaneously; and there are a mix of mutual obligations and rights between the employer and employee – now codified by law and custom.  On account of this, the assessment of commitment is multifactor, multidisciplinary, and always in flux.  We can look at it through the 3 sub-elements of that commitment; being: (i) Culture; (ii) Competence; and (iii) Coordination.

(i) CULTURE.

Culture is a system of values, beliefs, and norms that guides worldviews, behaviours, and relationships. The employer will have a culture, and the potential employee will have taken in the culture of one or more societies or prior employers; resulting in quite a complex of motivators.  Organizations tend to be rather intolerant of newcomers who try to change the culture from the inside-out, once allowed inside.  If a person joins an employer after being attracted by the culture, then a later discovery of mismatch, or that the culture is not quite as it seemed, can lead to disillusionment, acting-out (in performance issues or whistleblowing), or separation – whether voluntary or involuntary.  Where HR speaks of “a good fit”, they are referring to their culture, and the likelihood that the potential recruit will both say “ok”, and actually decide to stay.

Behavioural interviewing is one way of assessing how the candidate will fit into the established order.  However, some veterans of the process can be very good at giving the right-sounding answers, only to be and present a later disaster.  This is why it is essential for the employer to project its true culture to potential hires, and for jobseekers to be true to themselves in their search and responses to interview questions.  If this is just to be a survival job, then what’s your problem?  Go with the right attitude and don’t try to change the whole place around you, if you know you won’t be there for the long-term.

(ii) COMPETENCE.

Competence is that mix of skills, abilities, certifications, and knowledge (SACK) that makes the candidate attractive to a potential employer.  The potential employer may have listed a specific requirement, or the potential candidate may be targeting that employer, or working with a third-party recruiter who does the match-making as go-between.  However, in all cases, the goal is to get a match and have as many SACK-points in common as possible.

Here, we can get a better appreciation of that mutuality of obligations mentioned earlier.  If the person is hired to do a specific job because of his or her SACK, then where the SACK is not used or under-used, due to any or all of re-tasking, lack of work, or disorganization and mismanagement, then the new hire will not be happy.  Mental muscles not used will tend to atrophy over time; especially in fast-moving infotainment fields such as IT and graphic design.  In this way, candidates who are under-used, will soon become candidates again, so that they can get meaningful work that they enjoy.  While it is true that this is not always the employer’s fault, especially in a slowed economy where work can be scarce in some lines, the truth of the matter is that employees are now more focused on their own longevity and their own bottom line, as lifelong loyalty to the employer – even a government employer– is no more.  It is one thing to grow with the company ….. but the company has to be growing (or at least stable) when they get there, and not just presenting a promise of growth or stability at some indeterminate point in the future.  There are, however, differences of individual risk appetite, and so this factor may still vary.

(iii) COORDINATION.

Where the employee has accepted the culture and has the right SACK, then the only remaining questions are – (I) can he or she demonstrate an ability to coordinate these in delivering for the employer; and (II) at what level can he or she do this, and with or without additional training or supervision.  There are four levels: Planning, Leading, Undertaking and Understanding, and Managing (PLUM), and we will consider them out of order.

(a)          Understanding and Undertaking:

This is the résumé or covering letter excerpt that speaks of undertaking tasks with minimal supervision.  Can the employee understand simple instructions and undertake the work to deliver a satisfactory (or preferably above satisfactory) end-result?  This is at the basic level.  For the intermediate level, the question is can the employee understand the results of a SWOT (strengths, weaknesses, opportunities and threats) analysis and independently apply his or her individual effort to capitalize on opportunities and strengths (product placement or service excellence), or address weaknesses and threats (brand recognition, market penetration, or negative publicity).  For the advanced level, can the employee both plan and conduct a detailed SWOT analysis, and then coherently communicate the results to others?

(b)          Planning:

This is the capacity of the employee to plan or co-plan any combination of events, projects, compliance programs, or succession.  It would clearly include the planning of a program to address the results of a SWOT analysis at an advanced or intermediate level, or the planning of a discrete employee initiative – such as a training seminar, a new product presentation or service rollout, or a packaging concept or promotional design competition in an environment where the employer had initially encouraged such collaboration and input.

(c)           Leading:

Of course, these factors are presented in no particular order, and so the employee may be given a managerial role (over strategic projects, such as social media outreach) before a purely leadership role (of a shop floor team, for example), and at a multitude of available levels from front-line supervisor, through middle management, to executive assistant.  Specific roles will be determined by the available talent, and the organizational need for leaders of change, projects, teams, events, or training, amongst others.

(d)          Managing:

Some people have natural interpersonal skills, whilst others will have to be coached or trained.  The “naturals” will be easily and speedily recognized in those environments where management is alert and open to its in-house talent, and additional opportunities will be presented to further hone and apply those innate skills as and when found.  Employees can also be or become skilled at managing resources (finance, logistics, human resources) or compliance (legal and regulatory affairs, or shareholder communications) through education and training, and past or current work experience.

SUMMARY.

Committed, Conscientious, and Connected are still valid macro-level descriptors of ideal employees.  However, “Committed” is dynamic, with its own micro-keys of culture, competence, and coordination.

Constant growth, constant learning, and constant expansion of the SACK (skills, abilities, certifications, and knowledge) that one possesses and brings to the job negotiation table is mandatory – because everyone else is doing the same thing and competition is only becoming more intense.  Rent-seeking is also a new constant, as the worker should be constantly seeking-out and plucking the juiciest and most demonstrable PLUMS (planning, leadership, understanding and undertaking, and management) as assignments and means by which to deliver value to the employer, and further fill-out the proprietary and portable sack on the employee’s back.  “As I help you, I also help myself”, but in a non-selfish way!!

For the prospective and current employer, the key to recruiting and retaining the “right fit” is to have and communicate the right culture, seek-out (and actually use once onboard) the right competencies, and have enough “plums” in the air to offer:

(i) sufficient;

(ii) meaningful work; and

(iii) personal growth opportunities; with

(iv) job satisfaction; and

(v) benefits and work-life balance;

to keep people (and the sacks on their backs) around.  I refrain from saying “the right people”, because everyone who wants to and is given the opportunity, is capable of growing into a series of increasingly responsible roles.

It has often been said that the more things change, such as the “committed” employee, the more they remain the same.  Do you agree?

*********************************************************************

Author:

Ekundayo George is a sociologist and a lawyer.  He has also taken courses in organizational and micro-organizational behavior, and has significant experienced in business law and counseling (incorporations, business plans, contracts and non-disclosure agreements, teaming and joint venture agreements), diverse litigation, and regulatory practice.  He is licensed to practice law in Ontario, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America (U.S. business advising, outsourcing and cross-border trade, technology contracts, and U.S. financing).  See, for example: http://www.ogalaws.com.  A writer, blogger, and avid reader, Mr. George has sector experience in Technology (Telecommunications, eCommerce, Outsourcing, Cloud), Financial Services, Healthcare, Entertainment, Real Estate and Zoning, International/cross-border trade, other Services, and Environmental Law and Policy.  He is a published author on the National Security aspects of Environmental Law, and enjoys complex systems analysis in the legal, technological, and societal milieu.

Mr. George is also an experienced strategic consultant; sourcing, managing, and delivering on large, strategic projects (investigations, procurements, and diverse consulting engagements) with multiple stakeholders and multidisciplinary project teams.  See, for example: http://www.simprime-ca.com.

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”) including employees, agents, directors, officers, successors & assigns, in whole or in part for their content, accuracy, or availability.

This article creates no lawyer-client relationship, and is not intended or deemed legal advice, business advice, the rendering any professional service, or attorney advertising where restricted or barred.  The author and affiliated entities specifically disclaim and reject any and all loss claimed, no matter howsoever resulting as alleged, due to any action or inaction done in reliance on the contents herein.

PREAMBLE:

In Part 1,[1] we acknowledged our data-driven world and identified some of the ways in which data impacts upon us, and we impinge upon and build-upon the vast volumes of data now in play from day to day.  It remains essential for us to gain a better understanding of this data, and so we considered it from a complex systems perspective by assigning 5 data domains or “faces” as follows: Form Factors, Applications, Categories, End-Users, and Scale.  Part 1 introduced and explained the model, illustrating it by further treating Form Factors across its 6 levels.  Now, in Part 2, we do the same for “Applications”.

ANALYSIS:

Applications.

These are the tools with which we actually collect, collate, manipulate, and further relate to the data.

Level 2 (provenance): At this level, we bifurcate into native applications and web-based applications.[2]  The former are predominantly created and generally managed locally, while the latter are often available for access or download on the world wide web, and managed remotely – if at all.  There is very wide variation in the level of stability, support, and functionality that web-based applications offer (unless they are home-grown and hosted on a proprietary intranet, and thus arguably native); and some vendors will still not stand behind their offerings, or lack the funding to roll-out more robust supports.[3]

Level 3 (management): The great variety of available applications leads to a plethora of management issues.  We see the following three main spheres of management with regard to applications: (i) Network Management; (ii) Intrusion Management; and (iii) Data Loss Prevention (DLP)/Business Continuity Planning (BCP).  The first is primarily concerned with ensuring sufficient network uptime to meet intended network/IT goals and required business functions, that all applications play nicely together, and that sufficient resources and related support tools and personnel are timely provisioned for respective business units and functions.  The second concentrates on ensuring that the network remains secure against malicious software, rogue actors (whether identifiable insiders escalating privileges, unknown outsiders socially engineering entry, or criminal groups and government agencies stretching the law and sometimes the facts, to manufacture or utilize real and virtual backdoors into third-party client and customer data).[4]  The third, focuses on eliminating or at least minimizing the harm from a breach event, as well as ensuring that critical business functions can continue – whether onsite, or virtually, or in some third recovery location – should the main system or systems become compromised or fully go down for any reason.  This can range from natural disaster, through terrorist event or utility failure, to a lockout with ransomware,[5] or distributed denial of service (DDOS) attack.

Level 4 (security): Just as with form factors, there are on this level categories for identity and access management (IAM); management “controls for risk, encryption, and security technique” (CREST); and two categories for regulatory compliance.  Regulatory Compliance (generic) includes privacy and Intellectual Property Rights (IPR) regimes, which, although they may differ somewhat across jurisdictions, tend to follow similar lines of reasoning.  Regulatory Compliance (specific) includes subnational, national, and transnational rules, and any industry-specific codes to which the business must adhere.  Despite the strong security presence on level 3 for applications, level 4 is a more appropriate one to actually place that identifier because much of these regulatory compliance metrics and standards have been regulator or industry-vetted, and have stringent security measures built-in.  This point also illustrates why we have put MPS together as interchangeable across levels 2, 3, and 4.

Level 5 (attack surfaces): As with form factors, the available attack vectors for applications are almost innumerable and continue to multiply and morph daily, intra-day, and across timezones.  However, there will always be many more attack surfaces within applications than there can be form factors.  This can range from corrupted code, imperfectly patched applications, omitted vulnerability updates, and even malicious software that masquerades as the legitimate version on a legitimate, semi-legitimate (sponsored or popular – i.e. “but, everyone uses it/goes there”), or a spoofed site that is unwittingly reached and trusted by a victim – including embedded advertising that might take you to or through many pop-up levels of where you really don’t want to be if you click on them by accident or in curiosity.[6]

Level 6 (aggregation): Applications can be aggregated across 6 main spaces: at the outer reaches, we have (i) the Cloud API, (ii) the Datacenter, and (iii) the In-house server.  Applications hosted in these spaces are (or should be) much more robust and better managed, due to their accessibility and use by far larger numbers of people than those found at the last three aggregation spaces.  Those last aggregation spaces are (iv) the workgroup,[7] (v) the single system desktop or laptop, social media, or gaming console/application,[8] and (vi) the mobile, to include tablet, smartphone, and wearable-tech.

CONCLUSION:

Once again, these above 20 faces (6+5+4+3+2) in the Applications Data Domain can combine and interact with, each and every one of the other 80 faces across the other four Data Domains identified, and so the depth and diversity of data remains and grows in its complexity as a system.

In the next installment, we will look at the “Categories” Data Domain.[9]  In the meantime, I bid all readers and blog visitors a very Merry Christmas, and a peaceful, prosperous, and progressive New Year 2014.

*********************************************************************

Author:

Ekundayo George is a sociologist and a lawyer.  He has also taken courses in organizational and micro-organizational behavior, and has significant experienced in business law and counseling (incorporations, business plans, contracts and non-disclosure agreements, teaming and joint venture agreements), diverse litigation, and regulatory practice.  He is licensed to practice law in Ontario, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America (U.S. business advising, outsourcing and cross-border trade, technology contracts, and U.S. financing).  See, for example: http://www.ogalaws.com.  A writer, blogger, and avid reader, Mr. George has sector experience in Technology (Telecommunications, eCommerce, Outsourcing, Cloud), Financial Services, Healthcare, Entertainment, Real Estate and Zoning, International/cross-border trade, other Services, and Environmental Law and Policy.  He is a published author on the National Security aspects of Environmental Law, and enjoys complex systems analysis in the legal, technological, and societal milieu.

Mr. George is also an experienced strategic consultant; sourcing, managing, and delivering on large, strategic projects (investigations, procurements, and diverse consulting engagements) with multiple stakeholders and multidisciplinary project teams.  See, for example: http://www.simprime-ca.com.

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”) including employees, agents, directors, officers, successors & assigns, in whole or in part for their content, accuracy, or availability.

This article creates no lawyer-client relationship, and is not intended or deemed legal advice, business advice, the rendering any professional service, or attorney advertising where restricted or barred.  The author and affiliated entities specifically disclaim and reject any and all loss claimed, no matter howsoever resulting as alleged, due to any action or inaction done in reliance on the contents herein.


[1] Ekundayo George.  The 100 “FACES” of Data: a 5-part Complex Systems Study (Part 1 – Form Factors).  Published on ogalaws.wordpress.com, November 1, 2013.  Online: > https://ogalaws.wordpress.com/2013/11/01/the-100-faces-of-data-a-5-part-complex-systems-study-part-1/<

[2] Casey Frechette.  What journalists need to know about the difference between Web apps and native apps.  Posted on poynter.org, April 11, 2013.   Web: > http://www.poynter.org/how-tos/digital-strategies/209768/what-journalists-need-to-know-about-the-difference-between-web-apps-and-native-apps/<

[3] Again, however, that is not always a credible excuse, as the following (albeit dated) review of then-available online support and helpdesk applications clearly shows an attempt to bridge that gap.  See e.g. Muj Parkes.  10 Great Online Support and Help Desk Apps.  Published on appstorm.com, June 28, 2010.  Online: >http://web.appstorm.net/roundups/communication-roundups/10-online-support-and-help-desk-apps/< ; See also International Federation of Red Cross and Red Crescent Societies (IFRC).  Innovation contest will provide support and funding for app development.  Published on ifrc.org, October 8, 2013.  Online: >http://www.ifrc.org/en/news-and-media/news-stories/international/can-humanitarian-apps-have-a-positive-impact-on-individuals-and-communities-63501/<  This was a more recent multiparty effort to spur development and rollout of socially-useful humanitarian applications by offering funding through a “(…) contest which asks young people to come up with a concept for an app that will help people make a positive contribution to their communities and improve their own skills at the same time. Winners will receive both mentoring and financial support to help bring their ideas to fruition”.  Today now, in some jurisdictions, there is also a crowdfunding option.

[4] Barton Gellman.  Edward Snowden, after months of NSA revelations, says his mission’s accomplished.  Published on washingtonpost.com, December 23, 2013.  Online: >http://www.washingtonpost.com/world/national-security/edward-snowden-after-months-of-nsa-revelations-says-his-missions-accomplished/2013/12/23/49fc36de-6c1c-11e3-a523-fe73f0ff6b8d_story.html<; See also Joe Shute.  Christmas – the busiest time of year for the criminal cyber gangs.  Published on telegraph.co.uk, December 9, 2013.  Online: >http://www.telegraph.co.uk/technology/internet-security/10505962/Christmas-the-busiest-time-of-year-for-the-criminal-cyber-gangs.html<

[5] Peter Suciu.  Cryptolocker Malware Holding Up To 250,000 Computers Ransom.  Published on redorbit.com, December 26, 2013.  Online: >http://www.redorbit.com/news/technology/1113035548/cryptolocker-holds-250000-computers-ransom-122613/<

[6] Lee Bell.  Drive-by exploits are the top web security threat, says ENISA. Published on theinquirer.net, January 8, 2013.  Online: >http://www.theinquirer.net/inquirer/news/2234637/driveby-exploits-are-the-top-web-security-threat-says-enisa<

[7] Into this “workgroup” space, I would also breakout and insert such critical applications as the implanted ones (pacemaker applications), and the SCADA (remote monitoring and control applications).  These would all need to be more robust and have designed-in or otherwise deeply-embedded security features against hacking, due to the delicacy of their functions, their potential or design for remote operation and monitoring, and the developing Internet of Things (IOT) that will create workgroups out of several dozens or hundreds or more networked “hordes” of single such applications and application groups; all capable of hijack if not adequately secured.

[8] There is strong overlap between the workgroup, mobile/gaming, and wearable spaces with the proliferation of gaming applications that have wearable enhancements or other utilities bringing a virtual reality, multiple players in several locations beyond line-of-sight, and the potential to scale-up to large numbers of simultaneous users.  This is echoed by multi-user social media applications including chat and comment sites, pastable walls and apps., and all past, present, and future “virtual world/virtual reality” applications.  Again, subject to available or inbuilt security features and the patched/unpatched nature of the form factor used to access them, these apps. can be manna or minefield.

[9] See Ekundayo George.  The 100 “FACES” of Data: a 5-part Complex Systems Study (Part 3 – Categories)Published on ogalaws.wordpress.com, February 4, 2014.   Online: >https://ogalaws.wordpress.com/2014/02/04/the-100-faces-of-data-a-5-part-complex-systems-study-part-3-categories/<

PREAMBLE:

We live today, in a data-driven world, full of data-driven economies (with projection and attempted matching of demand and supply); data-driven goods (with just-in-time components, and trends); data-driven services (customer preferences, and promotions); and even data-driven data – such as with supervisory control and data acquisition (SCADA), network functions virtualization (NFV), software-defined networking (SDN), and a host of analytics functionalities.  With so much data at stake, in play, and even getting in the way of people and other data, we should at the very least, try to gain a better understanding of it.  What is it, where does it come from, how do we use and interact with it, and what visible and invisible impacts does it now have (or might it later have), on us as individuals, on our societies and groups, on our behaviour and interactions, and on our individual and collective futures?

INTRODUCTION:

Let us consider “data” from a complex systems perspective.  We adopt a business perspective, excluding the individual one which would make the model unwieldy.  So, to begin, we single-out and assign 5 Data Domains: Form Factors, Applications, Categories, End-Users, and Scale; using the mnemonic of “faces”.

In order to visualize this conception, each of these 5 “faces” is placed in the order of their above presentation looking-out in 5 directions as emanating from about a central point labeled “DATA”.  Each of these 5 is also set on the flat top of an equilateral pyramid that radiates outward to occupy an arc of 72 degrees.  The total of 72 degrees as multiplied by 5, fills the entire 360 degrees of allocable area as emanating from that central “Data” point.  Hence, there are actually 5 separate and distinct pyramids growing out of that Data.  By the way, despite this visualized introduction, we won’t get too technical.

With the flat top of the pyramid being the source, each pyramid is further divided into 6 levels, with each level having increasingly more elements as one moves further out from the central point of origin.  The first level has that single element on the flat-top; the second has two; the third has three; the fourth has four; the fifth has five; and the sixth has six.

Adding the totals of 2 through 6 (in elements per level) within each pyramid, yields 20.  Multiplying this 20 by the 5 Domains, gives 100, thereby creating those 100 Faces of Data, for which the study is named.

ANALYSIS:

We shall now consider the 5 Data Domains in their “faces” order of appearance under this model, which differs from the logical “cafes” sequencing.

Form Factors.

These are the tools with which we gain access to data.

Level 2 (security): In the simplest bifurcation at this level (security), these are wired and wireless, with each needing different approaches, tools, and standards to ensure and maintain their security, availability or uptime, and ongoing reliability as fit for the intended purpose.[1]  The former (wired), would be anything in a home or office environment that was tethered, such as a desktop or laptop on the wired LAN, whilst the latter (wireless), would encompass anything from a laptop connecting by means of a wireless router, through to a smartphone or tablet with WI-FI access (or Li-Fi access),[2] or any wearable, implantable or near-field communication (NFC) device pulling, pushing, or both pulling and pushing data.

Level 3 (provenance): The variety of available form factors is further enhanced at this level, where they are divisible into customer-configured, commercial and-off-the-shelf (COTS) or unknown, and custom-configured.  Items in the last category are or have been, or are capable of being configured for optimum functionality, security, and ease of administration including in-house or outsourced mobile device management (MDM) by a responsible system administrator, such as with a company-issued form factor.  The first (customer-configured) category is known by the system administrator to be or have been configured by the customer (employee) or client (third-party accessing a company website or subsystem), such as with devices they own in their own names; which may or may not be capable of transformation or migration to the third category in a Bring Your Own Device (BYOD)-type scenario.  The second (COTS) category, is those form factors of which the responsible system administrator has no knowledge, or that are commercial and off-the shelf and possibly not even configured at the most basic level.  These would include jail-broken devices, those running pirated and illegal software, and those belonging to or co-opted by, rogue operators and networks with proven or potential malicious intent.

Level 4 (management): On this level, there is a category for identity and access management (IAM), a category holding management “controls for risk, encryption, and security technique” (CREST), and two categories for regulatory compliance.  Regulatory Compliance (generic) includes privacy and Intellectual Property Rights (IPR) regimes, which, although they may differ somewhat across jurisdictions, tend to follow similar lines of reasoning.  Regulatory Compliance (specific) includes subnational, national, and transnational rules, and any industry-specific codes to which the business must adhere; such as the federal Health Insurance Portability and Accountability Act (HIPAA) governing covered entities in the United States of America’s healthcare industry and all Business Associates involved with them; the Payment Card Industry Data Security Standards (PCI-DSS) for the global financial services industry to the extent that its members do business with or through the United States; and transnational rules and accords for banking (BASEL III), countering transnational crime (Anti-Money-laundering), and when applicable, any sanctions applied by a national body (nation state), a regional grouping (such as the European Union), or a global collective, such as the United Nations Organization (UN).

Level 5 (attack surfaces): The available attack vectors are myriad and constantly evolving, as they range from social engineering, through exploiting little known or common software vulnerabilities for “man in the middle” spoofing and “zero-day-vulnerability” phishing attacks, to advanced persistent threats such as distributed denial of service (DDOS), SQL-injection, and the full panoply of malware payloads for keylogging, botnetting, and data exfiltration on a massive scale.[3]  Our concern here is on the vulnerable areas, that soft underbelly of the form factor as an attack surfaces that remains under-or un-protected far too often.  For the individual owner, the form factor attack surface would include the solely-owned real device, and the single-user virtual device or service.[4]  For the business owner, this would be the business-owned device.  And finally, for the business non-owner, this would include the business-leased real device, and the business-leased virtual device or service; which fully implicates and encapsulates the cloud space.  Each of these attack surfaces represents its own known and unknown vulnerabilities that ideally require active governance and running adaptation[5] to responsibly manage.

Level 6 (aggregation): Businesses should consider six categories of relevant form factor aggregation on their owned and leased devices.  For businesses specifically, the two categories would be: Business to Business (B2B), and Business to Consumer (B2C) sales and marketing, and also the device and customer servicing that follow business and consumer trends and prevailing practices.  For governments, specifically, the two categories would be: in aid of current regulatory activities, and in aid of future service planning and preparation – as knowing which form factors are likely to be most in use aids in network capacity planning and regulation.  Businesses should also be aware that criminals and criminal groups also try to aggregate the form factors of and as used by businesses, for purposes of planning and conducting exploit campaigns, and also for purposes of monetization on their exploit campaigns as planned, while still live and underway, or as recently suspended for a time or fully concluded.

TABULATION:

Level

*Standard Name

Form Factors

Applications

Categories

End-Users

Scale

 

 

 

 

 

 

 

1

domain

form factors

applications

categories

end users

spaces

2

*MPS

MPS

MPS

MPS

MPS

MPS

3

MPS

MPS

MPS

MPS

MPS

MPS

4

MPS

MPS

MPS

MPS

MPS

MPS

5

attack surfaces

attack surfaces

attack surfaces

attack surfaces

attack surfaces

attack surfaces

6

aggregation

level

aggregation

level

aggregation

level

aggregation

level

aggregation

level

aggregation

level

 

 

 

 

 

 

 

MPS stands for management, provenance (or origin), and security.  The 5 Domains vary as to the level on which each of these applies.  However, the lack of cross-level comparison is restricted to these three levels, alone.  In the rest of the tabulation, direct parallels between levels can be more easily made.

CONCLUSION:

The relationship of data to form factors is clearly broad and deep, as these 20 distinct points show.  When considering that each of these above 20 faces in the Form Factors Data Domain can combine with and interact with each and every one of the other 80 faces across the other four Data Domains identified, one begins to understand how this is a complex system in the most classic sense of that term.

In the next installment, we will look at the “Applications” Data Domain.[6]

*********************************************************************

Author:

Ekundayo George is a sociologist and a lawyer.  He has also taken courses in organizational and micro-organizational behavior, and has significant experienced in business law and counseling (incorporations, business plans, contracts and non-disclosure agreements, teaming and joint venture agreements), diverse litigation, and regulatory practice.  He is licensed to practice law in Ontario, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America (U.S. business advising, outsourcing and cross-border trade, technology contracts, and U.S. financing).  See, for example: http://www.ogalaws.com.  A writer, blogger, and avid reader, Mr. George has sector experience in Technology (Telecommunications, eCommerce, Outsourcing, Cloud), Financial Services, Healthcare, Entertainment, Real Estate and Zoning, International/cross-border trade, other Services, and Environmental Law and Policy.  He is a published author on the National Security aspects of Environmental Law, and enjoys complex systems analysis in the legal, technological, and societal milieu.

Mr. George is also an experienced strategic consultant; sourcing, managing, and delivering on large, strategic projects (investigations, procurements, and diverse consulting engagements) with multiple stakeholders and multidisciplinary project teams.  See, for example: http://www.simprime-ca.com.

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”) including employees, agents, directors, officers, successors & assigns, in whole or in part for their content, accuracy, or availability.

This article creates no lawyer-client relationship, and is not intended or deemed legal advice, business advice, the rendering any professional service, or attorney advertising where restricted or barred.  The author and affiliated entities specifically disclaim and reject any and all loss claimed, no matter howsoever resulting as alleged, due to any action or inaction done in reliance on the contents herein.


[1] There was a time when senior management in many large businesses did not take Information Security /Cybersecurity advisories as seriously as they should have.  Today, however, with fines and penalties for preventable privacy breaches running into the millions (before individual lawsuits), and the potential for the loss of millions of records on the loss of a single flash drive or portable hard drive, that story has changed.  However, it cannot hurt to remind everyone to simply “cube the B” when planning for security, so that it sticks.  This stands for ensuring Buy-in at all levels with regard to security policies and rules – especially with senior management; which should be followed by Budgeting accordingly, so that IT can secure the human, material, and financial resources to do its job and do it well without constantly having to justify more funding; and following Best Practices in the industry or the art when it comes to security forecasting, planning, drafting, implementing, and reviewing.  See e.g. Ekundayo George.  Individual (allegedly) Wreaks Havoc with Former Employer – Another Teachable Moment in Infosec.  Posted on ogalaws.com, May 16, 2013.  Web: >https://ogalaws.wordpress.com/2013/05/16/individual-allegedly-wreaks-havoc-with-former-employer-another-teachable-moment-in-infosec-2/<

[2] Nick Heath, in European Technology.  Researchers break speed record for transmitting data using light bulbs.  Published on techrepublik.com, October 29, 2013.  Web: >http://www.techrepublic.com/blog/european-technology/researchers-break-speed-record-for-transmitting-data-using-lightbulbs/?tag=nl.e101&s_cid=e101&ttag=e101&ftag=TRE684d531<

[3] For a brief overview of a recently-discovered, critical browser–specific attack vector, see Iain Thomson.  Big browser builders scramble to fix cross-platform zero-day flaw.  Published on theregister.co.uk, June 13, 2013.  Web: >http://www.theregister.co.uk/2013/06/13/cross_platform_browser_flaw_in_wild/<

[4] “Service” as here used, includes the entire “as a service” category, whether SaaS, PaaS, IaaS, or otherwise.

[5] For one prediction of the likely steps needed to maintain protection across an ever-expanding Attack Surface, See Patrick Lambert, in IT Security.  Growing attack surfaces require new security model.  Published in techrepublic.com, January 15, 2013.  Web: >http://www.techrepublic.com/blog/it-security/growing-attack-surfaces-require-new-security-model/<

[6] See Ekundayo George. The 100 “FACES” of Data: a 5-part Complex Systems Study (Part 2 – Applications).  Published on ogalaws.wordpress.com, December 27, 2013. Online: >https://ogalaws.wordpress.com/2013/12/27/the-100-faces-of-data-a-5-part-complex-systems-study-part-2-applications/<

Many people want to start a business, especially when retention prospects (let alone employment for the currently unemployed), prospects, in a regular day job are, to say the least, a little shaky, perhaps.  There are many great ideas, many great potential entrepreneurs, and some very good sources of private sector and public sector funding available – whether in the United States, Canada, or other G20 nations.[1]

Despite the best intentions, however, many businesses start but do not last, and many more never even start.  Why?  I would say that the reason is a combination of:

(i) lacking knowledge on how and where to start – from planning; through assessments of self, product or service, and market; to entity formation;

(ii) lacking access to mentors, advisors, and the legal and accounting professionals (at full or discounted rates) who can assist in proper structuring, point you in the right direction, mobilize their resources and contacts in your favour, and render ongoing advice and counsel; and

(iii) lacking commitment, becoming distracted by other pressing life issues, or lacking the funding to commence at the outset, to continue beyond the very early stages – especially if intellectual property protection is required, or to consolidate those early and hard-won gains.[2]

Funding can be a consideration at any or all stages, so I will not delve into it with this post.  In addition, every situation is different, of course.  Nevertheless, let us try to address the entire startup concept and situation holistically and comprehensively by looking at the 5 (“five”) general phases of a startup business that covers these above 3 (“three”) deficiencies to varying depths; applicable in any country, under varied laws, and to most industry & service sectors – albeit with a little tweaking here and there.  The 5 phases, are: Assess; Brainstorm; Construct; Defend; and Exploit, and we meet them in that order.

ASSESS:

There are 5 (“five”) things you must look at when starting (or thinking of starting) a business.  These are:

(a) the current market – including size, location, tastes, regulations, pre-qualifications to entry, and demand-elasticity, amongst others;

(b) the current players in that market;

(c) the consumers;

(d) applicable trends and technologies; and

(e) your own abilities.  On this last point (self-assessment), you must ask yourself: do you have the business know how or the market knowledge; do you have the time and the funds; what skills and training do you bring that are applicable and will help; and what is the good or service that you have in mind – meaning how will it solve a current problem or fill a current need that you perceive as crucial?  When I say “you”, I mean for every person on the entire founding team to perform this assessment.

If you drew-up all of these points and sub-points in a table, the remaining steps in the other 4 (“four”) columns would align, point by point, with those from this first “Assess” column.

BRAINSTORM:

(a) In the market segment, you must find your target or niche, and keep to it; at least at first.

(b) With regard to current operators, consider joining or partnering with them in some way, to gain experience and their help (e.g. co-branding, teaming, distribution agreements), or if they are smaller than you and you have the funding, then you can also buy them out to have a turnkey operation.

(c) On the subject of consumers, you need to do some research and in-depth data-mining, to determine how past trends have fared, where things currently stand, and where they are likely to go.

(d) With regard to trends and technologies, if you think that you have created a better mousetrap, then you need to find a way to get this word out quickly, professionally, and very persuasively!

(e) Finally, if you have performed that self-assessment and determined that you are lacking in some areas, then you need to recruit the talent that will cover that angle for you, and seal it with a salary, some equity, or both.  Can you adequately message and massage the sensitive public by yourself?  Can you manage investor expectations full-time while also running the company full time?  If you need additional neurons (two heads are often better than one) – especially if you found yourself lacking in market knowledge, business know how, or other critical skills, then you need to recruiting a braintrust of advisors or partners to fill those gaps.  Once this is done, you can work together to make a plan and a budget, map a road, and manage the overall performance of your founding team – including both the stars and the backstage crew.

CONSTRUCT:

(a) Once your braintrust has validated (or updated) your assessment of the current market and your targeted niche, you should move diligently on making it yours.

(b) Those operators that you have not partnered with or purchased, should be thoroughly disrupted by your entry and sufficiently so to see that they need to change.   If they “sincerely” see you a little to no threat, take heart, because this gives you the chance to build your niche with little to no interference.  I say “sincerely”, because some operators will pretend that they pay you no heed, but in reality, be the secret shoppers amongst your customers.  In any case, once you have dominated there, then you will have the experience and credibility with funders, to expand even further afield.

(c) Develop a sufficiently novel or different hook to get the attention of your customers in that niche; don’t just look like every other mousetrap, but don’t over-spend either, as it will eat more deeply into your budget than you had anticipated and you might get used to it – over-spending; a very bad habit.

(d) In terms of trends and technologies, the watchword once again, is to disrupt the norm and the status quo with, or from, a new or unexpected angle.  Either here or at an earlier stage, you will likely have captured appropriate webspace for your concept and business.  The question is: how much is enough?  The answer, unfortunately, depends on you, your appetite, and your funding level because some may advise you to cover up to 25 or more potential sites.  However, if your funds won’t go there, then neither can you.  If you will be focused on Canada and North America, then you might consider: ca, .co, .com, .biz, .info, .net, and .org.  If specificity of origin is also your main concern when based in these markets, or if you have plans to create localized branches, then you might also consider: .au, .eu, .uk, .us, and .za.  A more European, global, or emerging market focus might lead you to also consider: .jp, .br, .mx.mobi, .it, .de, .tr, .eg, .ng, and .ae.  There are also coverall suffixes: .north.am, .south.am, .com.mex, and .me.  Once again, its up to you.  However, if you get a squatter on your prime site, then the cost will be higher.  If you get squatters that totally shut you out of a majority of these suffixes, then you may be forced to change your name outright, or modify it to a hardly recognizable degree.  It’s a risk to go light.

(e) Finally, to further bolster the knowledge and abilities of your team, you should consider joining trade groups or associations, and travel and explore to see how things are done in other places, as well as to potentially recruit partners, find new suppliers, or gather fresh ideas and perspectives.  With the Internet, much of this travel can be achieved through a browser on the smartphone, laptop and tablet, or desktop.  However, it is healthy to get out every once in a while, do some exercise, get some Vitamin D from the sunlight, and enjoy the fresh air outside your basement lair.  A shave and a shower might also help, and do remember the shades and sunscreen if it has been some time since you were last out.

DEFEND:

(a) Once you have had some success, you will need to defend it.  Options include hiring a dedicated sales force (whether on salary or commission); moving to a call center model – whether proprietary or outsourced and whether for customer service, or sales, or both in an eCommerce orientation; franchising; and if you have not already done so, going “Social”.  In the current Web 2.0+world, many businesses are “starting” with Social, and only becoming “bricks-and-mortar-based” at a later stage.

(b) Operators in the same or a closely-related space will likely also have now become more of a threat.  This is where your earlier Trademark and Patent filings and attached rights can be leveraged in your favour; you can reap the benefits of those Non-disclosure and Non-compete Agreements earlier and strategically entered-into; and now you can add “sue” to your join or buy approach to those same, once slow-moving operators who are now your competitors, and trying very hard to play catch-up, or even talking-takeover, partnership, and joint venture.

(c) Focus on distribution and sales for the customer base, along with after-sales support and service, and warranty fulfilment, satisfaction guarantees, and rewarding loyalty – for both goods and services.  You will likely also want to further expand your use of social media platforms with a mixture of dedicated in-house staff, and outsourcing to third parties with appropriate legal and contractual protections.

(d) Also, having attained this level, the brand will have become something of significant value.  Hence, those long-neglected areas due to lack of funds or lack of time, can now be more seriously addressed.  These may include standards, training, and certifications for staff; stricter quality control and ISO certifications for the subject product or service; and disaster planning with heightened insurance to cover inventory, privacy, receivables, and business interruptions – across all of your business locations.

(e) Finally having done your self-assessments, gathered a braintrust, and joined the right industry and trade groups, you can now start to do some serious benchmarking, create long range strategic plans, and make evidence-based projections with sales targets, focal demographics, and feedback goals to guage the customer experience and begin or continue to feed the constant improvement loop.

EXPLOIT:

With the defences in place and a success attitude with attendant best practices ingrained, you can now move further forward to exploit those early-stage and mid-stage gains.

(a) This one is simple: go back to “Assess” to look at the state of the market, your current status in the market, and what you can do to maintain or improve your position there.

(b) Related to this, is your heightened duty to watch your back, and not treat as insignificant the same type of disruptive upstart that you were.  If you do, they may well, and soon, be eating your lunch! Be very wary of those who try to join or buy you, and try to avoid being sued.

(c) Listen to your consumers, act on their feedback, and remember that they are the reason why you went into business and why you are still in business.  So, while they “do” have some stake in what you do, and how you do it, I think we all know that you owe far more to them, as “they” vote with their feet.

(d) More businesses that one can name, have been disrupted and eventually destroyed by changes in trends and technology that they could not predict, and to which they did not or could not timely adapt You need to keep a very keen eye on the bigger picture.  Use surveys, impanel focus groups, have play-ins for your technology both before and after roll-out, and scan constantly for upcoming disruptions.

(e) With regard to your own abilities, this should also go back to the “Assess” stage.  Go global if you are not already there, stress test your operations and business model against a broad variety of scenarios, and if you have the time and funds, then send out dedicated teams to learn from the competition (legally), bring back what they have learned, and strategize in-house on how best to halt, harness, or handle any and all potential coming disruptions that you have been able to identify – from customers, competitors, and changes in the five factors of production (land, information, labour, “attentitude”, and capital).  Attentitude is a combination of Attitude (can-do, determination, no rush to quit) and Attentive (fast-thinking, multi-tasking, able to work in hyper-dynamic environments and easily switch roles).  Where change is a constant, those accustomed to dealing with it and rolling with it, will likely do best.

SUMMARY:

Hopefully, this has given you some ideas and a better grasp of what needs to be done to get off to a good start.  It is not rocket science, but it does need a methodical and disciplined approach, and the will to follow-through despite the inevitable setback or flood of setbacks.  Others have done it; why not you?

*********************************************************************

Author:

Ekundayo George is a sociologist and a lawyer.  He has also taken courses in organizational and micro-organizational behavior, and has significant experienced in business law and counseling (incorporations, business plans, contracts and non-disclosure agreements, teaming and joint venture agreements), diverse litigation, and regulatory practice.  He is licensed to practice law in Ontario, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America (U.S. business advising, outsourcing and cross-border trade, technology contracts, and U.S. financing). See, for example: http://www.ogalaws.com.  An avid writer, blogger, and reader, Mr. George is a published author in Environmental Law and Policy (National Security aspects), and has sector experience in healthcare, communications, financial services, real estate, international trade, eCommerce, and Outsourcing.

Mr. George is also an experienced strategic consultant; sourcing, managing, and delivering on large, high stakes, strategic projects (investigations, procurements, and consulting engagements) with multiple stakeholders and multidisciplinary project teams.  See, for example: http://www.simprime-ca.com.

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”) including employees, agents, directors, officers, successors & assigns, in whole or in part for their content, accuracy, or availability.

This article creates no lawyer-client relationship, and is not intended or deemed legal advice, business advice, the rendering any professional service, or attorney advertising where restricted or barred.  The author and affiliated entities specifically disclaim and reject any and all loss claimed, no matter howsoever resulting as alleged, due to any action or inaction done in reliance on the contents herein.


[1] EY.  The EY G20 Entrepreneurship Barometer 2013: Canada The power of three: governments, entrepreneurs and corporations.  Published August 23, 2013, on ey.com.  Visited September 10, 2013.  Web: http://www.ey.com/CA/en/Services/Strategic-Growth-Markets/G20-Entrepreneurship-Barometer-2013-Overview

This recent study ranked Canada amongst the top 5 G20 nations for entrepreneurs.  The United States of America, the United Kingdom, China, South Korea, and Saudi Arabia were amongst those ranking higher than Canada on the 5 key entrepreneurship measures of: Access to funding; Entrepreneurship culture; Tax and regulation; Education and training; and Coordinated support (see chart at page 11 of 12).

[2] An earlier blog saw me post on what an entrepreneur should focus on in order to coax-out funding at the early-stage, mid-stage, and late-stage of a business lifecycle.  See e.g. Ekundayo George.  Getting Funded at your Business Stage – Pitch Perfect?  Posted on ogalaws.com, September 4, 2013.  Web: https://ogalaws.wordpress.com/2013/09/04/getting-funded-at-your-business-stage-pitch-perfect/

As legal counsel, we are often approached to write or review and adjust business plans.  These can be for entities in early-stage (startup, seeking seed capital, recruiting a founding team), mid-stage (emerging, expanding, and proceeding to IPO), or late-stage (buy-back, restructuring, or receivership).  The common question is, however: what are the financiers seeking, and what is the most reliable “Unique Selling Proposition?

Early-Stage:

In a recent article, one writer wrote that assessing the team was paramount for early-stage financing; followed by a good idea, and then the presence (or promise) of a viable market.[i]  I agree!  In addition, I would further agree with the author’s assertion from his polling of some VCs, that these three elements should be considered in that order.  I would say the team should be good, but not perfect.

Now, what about the rest of the business world –entities at other stages of their existence as going (and hopefully staying) concerns?  The article is silent on this, and so I will provide my own observations.

Mid-Stage:

In the mid-stage, the emphasis should move to a well-defined vision, a solid success record, and a workable strategy.  I separate the strategy from the vision, because there “must” be some basis on which to build your persuasive case that more money will help you further that vision.  That basis, is your success record; and in your pitch, you will layout the strategy as to how you will get that done.  What defines success, and what is “enough” success for intended sponsors, will differ from case to case.  This can be anything from a raw number of units moved over a certain time, through back-orders, to actual market share gained.  There will also be some financiers who are particularly impressed by large social media followings with no revenues, as this can be monetized through advertising, co-branding their own or their partner wares, or cross-selling of additional offerings in the product or service mix of the pitching entity.  Situations will vary and will always be assessed on a case by case basis.

Late-Stage:

In the late-stage, the emphasis should move to a tangible and tested commitment, a well-developed brand, and good prospects going forwards.  Commitment as the top factor, should be something that has endured to that late stage through all of the challenges that the founder has or founders have faced.  Running a business is hardly ever a piece of cake, and if a principal has stayed the course to that late stage, than he or she is likely to continue fighting to keep the fires burning – or so financiers would likely conclude.  Similarly, if at that late stage there is no well-developed brand, then into what, precisely, are the financiers being asked to pump their money – smoke and mirrors, or a dream?  Good prospects going forwards, alone, will not open wallets if there is no brand and no commitment at that late stage.  However, where all three are present, then even if outer factors look insurmountable or the financials are not quite on point, there might still be an opportunity to get the needed funding on livable terms.

Essentially, it all centers on presentation, hitting these points as and when they need to be hit, and the content of the pitch – which need not be perfect, just right for the stage of the pitcher, and the taste of the audience pitched.  Where there is a will, there is likely still a way …. you just have to find it, and surround yourself with people who can help you do that at the stage where you need it done.

Good luck!

*********************************************************************

Author:

Ekundayo George is a sociologist and a lawyer.  He has also taken courses in organizational and micro-organizational behavior, and has significant experienced in business law and counseling (incorporations, business plans, contracts and non-disclosure agreements, teaming and joint venture agreements), diverse litigation, and regulatory practice.  He is licensed to practice law in Ontario, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America (U.S. business advising, outsourcing and cross-border trade, technology contracts, and U.S. financing).  See, for example: http://www.ogalaws.com.  An avid writer, blogger, and reader, Mr. George is a published author in Environmental Law and Policy (National Security aspects), and has sector experience in healthcare, communications, financial services, real estate, international trade, eCommerce, and Outsourcing.

 

Mr. George is also an experienced strategic consultant; sourcing, managing, and delivering on large, high stakes, strategic projects (investigations, procurements, and consulting engagements) with multiple stakeholders and multidisciplinary project teams.  See, for example: http://www.simprime-ca.com.

 

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”) including employees, agents, directors, officers, successors & assigns, in whole or in part for their content, accuracy, or availability.

 

This article creates no lawyer-client relationship, and is not intended or deemed legal advice, business advice, the rendering any professional service, or attorney advertising where restricted or barred.  The author and affiliated entities specifically disclaim and reject any and all loss claimed, no matter howsoever resulting as alleged, due to any action or inaction done in reliance on the contents herein.

 


[i] Nic Brisbourne.  Early State Startups Don’t Need a Perfect idea, They Need a Great Thesis.  posted on theequitykicker.com.  Visited September 3, 2013.  Web: http://www.theequitykicker.com/2013/07/22/early-stage-startups-dont-need-a-perfect-idea-they-need-a-great-thesis/

%d bloggers like this: