INTRODUCTION:

This first full week of May is Emergency Preparedness Week (EP Week)[1] across Canada, as led by the federal government and coordinated with the provinces and territories. Everyone should be involved in assessing and testing their own preparedness – family contingency planning, businesses continuity planning, and disaster planning and preparedness at various levels of government. As part of these contingency plans and contingency preparations, it is highly advisable for both governments and businesses to also have a series of crisis management and crisis communication protocols in place.[2]

Let us take a very brief look at some best practices and lessons learned in Corporate Crisis Management.

 

LOGICAL STRATEGY PROGRESSION:

Crisis management for corporations is an art that can be done well, or badly. Specific examples abound, but whether dealing with adverse public events such as a food or vehicle recall, a transportation incident or disaster, a regulatory issue, industry mishaps in manufacturing or energy or natural resources – including spills and leaks, service outages, catastrophic fires and explosions, or suspected human error, the generalized strategy is the same and must be a logical progression of A, B-C, D, E, F&G, H-I.

– Advocacy,

– Building Coalitions,

– De-escalation,

– Ensuring Efficiency and Effectiveness,

– Funding and Guarantees, and

– Honest Interest.

The company should show honest interest in the event, finding the causes of the event, and ensuring the efficiency and effectiveness of a comprehensive response. Funding must be in place (in a combination of self-funding, insurance, and asset sales) to do this, and adequate guarantees against any recurrence – including through such corrective action as is necessary – should be provided to both the public and the regulator(s). Tensions and temperatures should be de-escalated, and the company should work very hard to build coalitions with all stakeholders from the very earliest point, as it advocates for both itself and the impacted (including through funding or support of victim services and social media campaigns).

However, those overall goals need not be achieved in that exact sequence, as the tactics to get there must first be operationalized.

 

TACTICS:

Tactics are and must always be, crisis-specific, and so they will vary greatly. However, the operationalization when everyone around you is unfocused, unbalanced, and under intense pressure, is always the same. Using the first letters of each of the eight tactical sub-operations …. CALM-DOWN!”

 

CAUTION your control persons:

This should go without saying. Too often, however, the Chief-something-officer will publicly speak-out on behalf of the company without knowing – either the background and underlying facts,[3] or the potential fallout that will eventually result from those inopportune words spoken, buried deep within written submissions and missed in the editing,[4] or placed in the public domain through social media;[5] even when apparently said in private.[6] It is better to have a dedicated spokesperson who is trained in media and public relations, and knows not to over-share or make inflammatory statements, despite intense public or media queries.

 

ALWAYS involve advisors:

Too many times you will see a company, even a sophisticated one,[7] stumble or make mis-steps in response to an adverse public event. Crisis consultants and advisors are there for a reason, and they can bring the accumulated (and updated as technology progresses and social sentiments change) body of knowledge (BOK), to bear in your efforts to: (i) devise a plan;[8] (ii) practice the plan; and (iii) make the process work, on point and on time, in your crisis management and crisis communications as essential components of any comprehensive Disaster Risk Reduction and Management (DRRM) strategy.

 

LITIGATION (and escalation) love leaks:

The advisors who “should” be consulted include legal advisors, of course, because certain practices may lead to problems; especially in the conduct of internal investigations.[9] The pretexting and email tracing tools used by one company in the course of its internal leak investigations in purported compliance with governing national laws, still landed it in hot water.[10] On the other hand, the highly-questionable and ultimately illegal, apparently standard business practices of yet another company that were leaked and escalated, brought a grinding and humiliating end to that malfeasing company.[11] Use extreme caution to create, customize, operate, and update all GRC (governance, risk, and compliance) programs.

 

MUTUALIZE the message:

Sometimes, different teams, groups, or geographical sub-divisions will operate with incomplete or a lack of information, and make public statements that are a little (or even, very) off-message. Having one dedicated source to which all the parts should defer (and know and acknowledge that they must defer), is critical to project a uniform and mutualized message across the company. People may need to be trained in place, pre-positioned, regularly rotated, or sent-out – depending on scope, size, and span.

“This is the new paradigm for compliance programs in modern business, but one should always bear in mind that any Compliance Program should be structured with due consideration for the Scope (range of products and/or services offered), Size (number of employees), and Span (geographic spread, and number and range of legal regimes to which it is subject) regarding the entity; including any and all subsidiaries and any cross-national requirements.”[12]

 

DEAL with the damage:

When companies delay in dealing swiftly, efficiently, and effectively with the damage caused by an adverse public event, they will feel the impact, although it might not be immediate. That blowback will be particularly harsh if media and social media latch-onto the aftermath,[13] and focus on the preventable additional suffering of the victims in the interim, the disparity in profits made vis-à-vis the damage actually done[14] and compensation costs promised, or both of these. If the event recurs, that media and social media mauling will be equally harsh, if not harsher. Whether that recurrence is in the same place and vicinity, or elsewhere, attention will definitely be drawn back to that earlier, other similar incident. A flash mob or a social media boycott call may not start right away. Once it does though, watch out!

 

OWN the outcomes:

Even when there has been a shoddy,[15] or a botched outright[16] initial response, all is not lost if the company at least owns the trilateral outcomes (victim services; investigations and changes to internal culture, chiefs, or controls; and the legal and regulatory impacts). Totally downplaying the event and outcomes (including the alleged or disputed disastrous outcomes of ongoing controversial practices with disputed science for- and against them),[17] trying to weasel-out, or simply closing-up shop and walking away, will not be very well accepted. Indeed, bad behaviour in one jurisdiction may well, thanks to the speed of modern communications, act as a calling card to have the entity disallowed into, disavowed by, or dismissed from, some other alert jurisdiction with an awake and internet-savvy population that does not want to be treated in that same way.[18] It pays to play fair everywhere; it costs to gloss over any ugly blotch – especially if it is in a disadvantaged or low-cost jurisdiction where you think nobody will notice.

 

WORK (and work well) with stakeholders:

Complex disasters caused by adverse events that are coupled with intervening natural events, are generally the most devastating when a failure to work well, or even work at all with stakeholders, occurs. Please note: this stakeholder group will (and must) by definition, ALWAYS, include the victims – along with traditional or tribal authorities; local governments and municipalities; regional, state, and provincial or prefecture governments; the business sector and charitable entities; federal authorities; and foreign nations to the extent that the victims include their Citizens, or they wish or are approached, to render assistance. The very broad range of victim services that can be made available by these many non-victim stakeholders, if and when working together in a coordinated way, includes combinations of:

(i) construction and demolition;

(ii) search and rescue, and salvage;

(iii) sanitation, nutrition, and shelter;

(iv) medical treatment and rehabilitation;

(v) debris removal and decontamination;

(vi) job training or retraining, and placement;

(vii) registration, and document replacement;

(iix) evacuation, relocation, and resettlement;

(ix) animal and wildlife services, and firefighting;

(x) legal and consular assistance, and financial aid;

(xi) interim and replacement goods and/or services;

(xii) movement control, security, and electronic security;

(xiii) crisis counseling, mortuary services, and clergy affairs;

(xiv) call centres and communications for victims, friends and relatives, or to coordinate reunification; and

(xv) media/social media relations, and public notices, alerts, or early warning of future/further perils.

Even while responding to an ongoing crisis on the spectrum of Disaster Risk Reduction and Management (DRRM), it is still possible, through horizon scanning and interaction with peers and stakeholders, to retain a good grasp of the bigger picture and work with them to plan for a far better result in the event of any future occurrence of a similar or dissimilar adverse event.[19] Others can then follow that positive lead to further grow the numbers, experiences, and geographic dispersion of contributors to a dynamic and responsive DRRM body of knowledge on proven, recommended, or potential best practices.[20]

 

NEVER run and hide:

When this occurs, the victims, the regulators and the public all join in escalating matters and unilaterally, jointly, and severally expanding that “A though I” strategy specified above, to go for J – meaning Justice (some might also term this as going for the jugular vein); and they will stop at nothing to reel-in and deal most resolutely and ruthlessly, with such a callous corporate entity that does not even care enough to show its face at or in relation to, the impacted space. Even when one is not literally running and hiding, but simply absent or so slow or uncoordinated in responsive action to the extent that the image given is one of running and hiding or being hopelessly ineffective (even if partly or mostly due to massive primary technology and utilities outages, failed or absent backup systems, and significant overloads and service delays in the barely functioning remnants of these critical items of public and business infrastructure), [21] then the end-results from both the long-suffering victims and actual or virtual onlookers with rising empathy and incivility to responsible responders, can be the same – (J)! This small step for the victims in one little letter of expansion, can mean a galaxy of problems for the allegedly offending and non-defending company (or government entity, as appropriate), and it may well have been avoided by taking time to CALM-DOWN, and making a concerted effort to properly prepare, practice, and put-into effect its contingency, crisis management, and crisis communication plans in Disaster Risk Reduction and Management (DRRM).

 

SUMMARY:

A logical, and effective approach such as the above becomes even more necessary with this week’s release of a United States government report showing that the increasingly severe impacts of Climate Change are already well underway on the North American continent, and globally.[22] Challenges will continue to mount as those conflicting, co-mingling, and increasingly calamitous effects increase. Everyone and every business must therefore play it part, and the leaders have to lead.

In Canada, Emergency Preparedness Week with its solid political support through Public Safety Canada and coordination at the highest levels across the nation, is indeed a good start. However, contingency planning and contingency preparation, with detailed crisis management and crisis communication protocols for more comprehensive and all-hazards[23] Disaster Risk Reduction and Management (DRRM), really and urgently need to become a 52-week affair, every day of every year.

 

*********************************************************************

Author:

Ekundayo George is a sociologist and a lawyer. He has also taken courses in organizational and micro-organizational behavior, and has significant experienced in business law and counseling (incorporations, business plans, contracts and non-disclosure agreements, teaming and joint venture agreements), diverse litigation, and regulatory compliance practice. He is licensed to practice law in Ontario, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America (U.S. business advising, outsourcing and cross-border trade, technology contracts, and U.S. financing). See, for example: http://www.ogalaws.com. A writer, blogger, and avid reader, Mr. George has sector experience in Technology (Telecommunications, eCommerce, Outsourcing, Cloud), Financial Services, Healthcare, Entertainment, Real Estate and Zoning, International/cross-border trade, other Services, and Environmental Law and Policy. He is a published author on the National Security aspects of Environmental Law, has represented clients in courts and before regulatory bodies in both Canada and the United States, and he enjoys complex systems analysis in legal, technological, and societal milieux.

Mr. George is also an experienced negotiator, facilitator, team leader, and strategic consultant- sourcing, managing, and delivering on large, strategic projects with multiple stakeholders and multidisciplinary teams. Our competencies include program investigation, sub-contracted procurement of personnel and materiel, and such diverse project deliverables as business process re-engineering, devising and delivering tailored training, and other targeted engagements through a highly-credentialed resource pool with several hundred years of combined expertise, in: Healthcare; Education & Training; Law & Regulation; Policy & Plans; Statistics, Economics, & Evaluations including feasibility studies; Infrastructure; and Information Technology/Information Systems (IT/IS) – sometimes also termed Information Communications Technologies, or ICT). See, for example: http://www.simprime-ca.com.

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”) including employees, agents, directors, officers, successors & assigns, in whole or in part for their content, accuracy, or availability.

This article creates no lawyer-client relationship, and is not intended or deemed legal advice, business advice, the rendering any professional service, or attorney advertising where restricted or barred. The author and affiliated entities specifically disclaim and reject any and all loss claimed, no matter howsoever resulting as alleged, due to any action or inaction done in reliance on the contents herein.

 

*******************************************************************

[1] Government of Canada. Emergency Preparedness Week (EP Week), May 4-10, 2014. Published on getprepared.gc.ca. Visited May 6, 2014. Online: >http://www.getprepared.gc.ca/cnt/rsrcs/ep-wk/index-eng.aspx<

[2] All of these terms, as used somewhat interchangeably her depending on the specific context, are a part of Disaster Risk Reduction and Management (DRRM), the increasingly common “catch-all” terminology.

[3] British Broadcasting Corporation (BBC). Lac-Megantic disaster: Engineer blamed for Canada blast. Posted on bbc.com, July 10, 2013. Online: >http://www.bbc.com/news/world-us-canada-23264397< Edward Burkhardt, the chief executive officer (CEO) of Rail World Inc., which owns Montreal, Maine & Atlantic Railway Ltd., first spent four days at the Rail World Inc. Chicago head office (saying he wanted to avoid causing a distraction), then traveled to the scene to speak with reporters and immediately blame both those same first responders, and his engineer employee, all before any investigation had taken place whatsoever.

[4] See e.g. Dene Moore. Kinder Morgan clarifies embarrassing oil spill benefits comments. Published on business.financialpost.com, May 6, 2014. Online: >http://business.financialpost.com/2014/05/06/kinder-morgan-clarifies-embarrassing-oil-spill-benefits-comments/?__lsa=d154-7461<

“Pipeline spills can have both positive and negative effects on local and regional economies, both in the short- and long-term, (…). Spill response and clean-up creates business and employment opportunities for affected communities, regions, and cleanup service providers.”

[5] See Contra Securities and Exchange Commission (SEC). Report of Investigation Pursuant to Section 21(a) of the Securities Exchange Act of 1934: Netflix, Inc., and Reed Hastings. SECURITIES AND EXCHANGE ACT OF 1934

Release No. 69279/April 2, 2013 Release. Visited May 6, 2014. Online: >http://www.sec.gov/litigation/investreport/34-69279.pdf< Although drawing attention in an SEC investigation, the Netflix CEO’s inopportune Facebook post did not result in a harsh penalty.

[6] CBC News. Exclusive McDonald’s Canada CEO calls foreign worker controversy ‘bullshit’. Posted on cbc.ca, April 24, 2014. Online: >http://www.cbc.ca/news/canada/british-columbia/mcdonald-s-canada-ceo-calls-foreign-worker-controversy-bullshit-1.2621151<

[7] Anne C. Mulkern, of Greenwire. BP’s PR Blunders Mirror Exxon’s, Appear Destined for Record Book. Published on nytimes.com, June 10, 2010. Online: >http://www.nytimes.com/gwire/2010/06/10/10greenwire-bps-pr-blunders-mirror-exxons-appear-destined-98819.html?pagewanted=all<

[8] See e.g. Dr. Mark Cosby. Food Processors – Recovery Before a Recall. Published on domesticpreparedness.com, January 15, 2014. Online: >http://www.domesticpreparedness.com/Infrastructure/Building_Protection/Food_Processors_-_Recovery_Before_a_Recall/<

[9] Robert Mullins, IDGNS. Corporate leak probes walk a fine line. Debate swirls about the ethics of pretexting, investigating leaks. Published on infoworld.com, October 2, 2006. Online: >http://www.infoworld.com/d/security-central/corporate-leak-probes-walk-fine-line-144< See also Adam Widdoes, Association of Corporate Counsel (ACC). QuickCounsel: Privilege in a Global Landscape Part II: International In-house Counsel. Published on acc.com, May 10, 2013. Online: >http://www.acc.com/legalresources/quickcounsel/piaglpt.cfm< This article references the case: Akzo Nobel Chemicals and Akcros Chemicals v Commission, JUDGMENT OF 17. 9. 2007 — JOINED CASES T-125/03 AND T-253/03. Online: >http://curia.europa.eu/juris/liste.jsf?language=en&num=T-125/03< There, it was ruled that in-house counsel have no attorney-client privilege with regard to matters under European law or investigation. However, separate EU member states may still recognize an in-house legal privilege.

[10] Robert Mullins, IDGNS. HP lawyer gives blow-by-blow of leak probe.   Independent investigator determines Dunn authorized two separate investigations into leaks. Published on infoworld.com, September 25, 2006. Online: >http://www.infoworld.com/t/business/hp-lawyer-gives-blow-blow-leak-probe-992?page=0,1<

[11] British Broadcasting Corporation (BBC). Q&A: News of the World phone-hacking scandal. Published on bbc.com, August 4, 2012. Online: >http://www.bbc.com/news/uk-11195407<

[12] Ekundayo George. GRC: An Overview (Part 1). Published on ogalaws.wordpress.com, October 21, 2012. Online: >https://ogalaws.wordpress.com/2012/10/21/grc-an-overview-part-1/<

[13] Tanya Talaga. Rana Plaza survivors get first compensation payments. One year after deadly Bangladesh factory collapse, $700 payments seen as far too little, and clothing brands criticized for not contributing to trust fund. Online: >http://www.thestar.com/news/world/2014/04/24/rana_plaza_survivors_get_first_compensation_payments.html<

[14] Stella Kim, Jason Hanna and Ed Payne. Ferry disaster: Too much cargo contributed to sinking, police say. Published May 6, 2014, on cnn.com. Online: >http://www.cnn.com/2014/05/06/world/asia/south-korea-ship-sinking/<

“Since the Sewol began the Incheon-Jeju route in March 2013, the ferry carried excess cargo 139 times, investigators said. Cheonghaejin Marine earned an extra 62 million South Korean won ($62,000) for the excess cargo on the April 16 voyage, and nearly 3 billion South Korean won ($2.9 million) in extra profit for all of the excess cargo that the ferry carried since March 2013, investigators said.”

[15] See e.g. Micheline Maynard. 3 Things GM’s Mary Barra Must Do To End The Recall Crisis. Published on forbes.com, April 1, 2014. Online: >http://www.forbes.com/sites/michelinemaynard/2014/04/01/3-things-gms-mary-barra-must-do-to-end-the-recall-crisis/<

[16] Amber Hildebrandt. Malaysia Airlines MH370: How to make a crisis worse. Company needs to apologize for mistakes, give only the facts and liaise with governments. Published on cbc.ca, March 12, 2014. Online: >http://www.cbc.ca/news/world/malaysia-airlines-mh370-how-to-make-a-crisis-worse-1.2570213<

[17] Edward Broughton. The Bhopal disaster and its aftermath: a review. Published on ehjournal.net, May 10, 2005. Online: >http://www.ehjournal.net/content/4/1/6<

[18] Michael Shellenberger and Ted Nordhaus. Fracktivists for Global Warming: How Celebrity NIMBYism Turned Environmentalism Against Natural Gas. Published on newgeography.com, March 7, 2013. Online: >http://www.newgeography.com/content/003549-fracktivists-global-warming-how-celebrity-nimbyism-turned-environmentalism-against-natural-gas<

[19] See e.g. Santha Oorjitham. Japan reflects on triple disaster. Published April 4, 2012 on nst.com. Online: >http://www.nst.com.my/opinion/columnist/japan-reflects-on-triple-disaster-1.70726< While still dealing with the after-effects of the 2011 deep sea earthquake, tsunami, and Fukushima Daiichi radiological explosion and release, the Japanese government planned to host a July 3-4, 2012 “high-level international conference on large-scale natural disasters”. According to Kenji Hiramatsu, director-general for global issues at the Japanese Ministry of Foreign Affairs (MoFA), the conference would “look at both “hard” and “soft” infrastructure for disaster preparedness, business continuity planning and how to secure supply chains, and better international cooperation on such disasters”. See also Ministry of Foreign Affairs of Japan (MoFA). World Ministerial Conference on Disaster Reduction in Tohoku – Joint Endeavors for Solutions: Wisdom of the World to the Disaster-Affected Areas, Lessons of the Disaster-Affected Areas to the World (July 3 and 4, 2012). Published on mofa.go.jp. Online: >http://www.mofa.go.jp/policy/environment/warm/cop/wmcdr_2012/index.html<

[20] Asia-Europe Meeting (ASEM).  ASEM Manila Conference on Disaster Risk Reduction and Management (DRRM) –   Post-Haiyan – A Way Forward, on 04-06 June 2014, in Manila. Published on aseminfoboard.org. Visited May 6, 2014. Online: >http://www.aseminfoboard.org/upcoming-events/event/479-asem-conference-on-technology-and-innovation-for-disaster-risk-reduction-and-management-and-climate-change-adaptation.html<

“The Manila Conference aims to highlight the lessons learned from Haiyan and other mega disasters, identify gaps and challenges, share best practices in technology, innovation, systems and procedures and produce the “Tacloban Declaration” which will contain proposals for the Post-2015 Framework for Disaster Risk Reduction.”

[21] Paul Piper and Miguel Ramos. A Failure to Communicate Politics, Scams, and Information Flow During Hurricane Katrina. Published on infotoday.com; visited May 6, 2014. Original in: The Searcher, Vol. 14 No. 6 — June 2006.  Online: >http://www.infotoday.com/searcher/jun06/piper_ramos.shtml<

[22] United States of America, The Global Change Research Program. National Climate Assessment 2014, at Introduction. Published May, 2014, on globalchange.gov. Online: >http://nca2014.globalchange.gov/downloads<

“The observed warming and other climatic changes are triggering wide-ranging impacts in every region of our country and throughout our economy. Some of these changes can be beneficial over the short run, such as a longer growing season in some regions and a longer shipping season on the Great Lakes. But many more are detrimental, largely because our society and its infrastructure were designed for the climate that we have had, not the rapidly changing climate we now have and can expect in the future. In addition, climate change does not occur in isolation. Rather, it is superimposed on other stresses, which combine to create new challenges.”

[23] See generally Government of Canada. Emergency Preparedness Week (EP Week), May 4-10, 2014, at “Publications”. Published on getprepared.gc.ca. Visited May 6, 2014. Online: >http://www.getprepared.gc.ca/cnt/rsrcs/pblctns/index-eng.aspx<

As this New Year starts and we all get back into the swing of work, or looking for work, or retirement, as the case may be, now is as good a time as any to reflect on what it means to be an ideal employee.

                Committed (old school):

There was a time when the ideal employee only needed to be “committed”, to his or her employer – whether in the public sector or private sector, and to a lifetime of employment with that employer.

                Conscientious:

Then the environmental movement came about, with the growth surge and popularity of Corporate Social Responsibility (CSR), which led to a search for “conscientious” candidates for employment, in some industries and service sectors.  Truth be told, there are certainly a good number of employers who could care less, or who would even, perhaps, prefer those with no pre-set views or that fully reject prevailing “environmentally-correct” or “socially-responsible” or “politically-correct” or “anti-globalization” platforms; which platforms in some cases have brought-out quite extreme and obnoxious behaviours on both sides of the fence, as adjudged by the fence-sitters in that space, place, and time.  To be conscientious about the fighting issues and only those issues, is the raison d’être at one end of the spectrum.  At the other end, however, to be conscientious about the bottom line and solely the bottom line – to the point of blatant, repeated unethical behaviour or illegality in some cases, is highly valued.

                Connected:

Now, we have the “Social” phase, with potential employers themselves or through contracted third-parties, trolling criminal record and other databases, the Internet and social media in an effort to develop a better picture of the person and the “contacts or connections” of the person, who’s paper resume, personal video, multimedia resume, or LinkedIn or Facebook profile has been sent to their inbox, pasted on their private wall, or delivered by hand.  As a result of this highly disruptive paradigm-shift, the 5 (“five”) recurrent questions in HR circles, have now become:

(i) to whom are they connected;

(ii) where;

(iii) how;

(iv) what causes or entities do they like or follow; and

(v) how will any or all of this help or hurt us if we bring them onboard?

Alas, if you have no online profile, or too few connections but years of experience, then “some” HR professionals may well think you are hiding something due to the assumption that “everyone” now has an appreciable online presence and a large connection group through all of which the original data subject may itself, be or become far better known to them through open source and standoff means.

Unfortunately, the lack of an online presence or even a large connection group does not necessarily signify an issue.  I am sure that there are many people who have simply never gotten around to it, face restrictions on what they can post online due to current and former employers or their specific lines of work, or who have simply rebelled against what they feel is over-sharing and information overload.

To counter for this potential bias, it is likely high time to go back to the basics and focus on the “Committed” aspect, as in Committed (new school), in looking to the core of what an ideal employee is, or should develop into.

Committed (new school):

With a resounding yes, we can all agree that (at least in the western world and other parts that sincerely follow the western model), two core work assumptions are now gone, forever:

(i) that there is lifetime employment on offer; and

(ii) that the employment relationship is one with more obligation of employee to employer, than employer to employee.

Today, people will have more than one career, and often simultaneously; and there are a mix of mutual obligations and rights between the employer and employee – now codified by law and custom.  On account of this, the assessment of commitment is multifactor, multidisciplinary, and always in flux.  We can look at it through the 3 sub-elements of that commitment; being: (i) Culture; (ii) Competence; and (iii) Coordination.

(i) CULTURE.

Culture is a system of values, beliefs, and norms that guides worldviews, behaviours, and relationships. The employer will have a culture, and the potential employee will have taken in the culture of one or more societies or prior employers; resulting in quite a complex of motivators.  Organizations tend to be rather intolerant of newcomers who try to change the culture from the inside-out, once allowed inside.  If a person joins an employer after being attracted by the culture, then a later discovery of mismatch, or that the culture is not quite as it seemed, can lead to disillusionment, acting-out (in performance issues or whistleblowing), or separation – whether voluntary or involuntary.  Where HR speaks of “a good fit”, they are referring to their culture, and the likelihood that the potential recruit will both say “ok”, and actually decide to stay.

Behavioural interviewing is one way of assessing how the candidate will fit into the established order.  However, some veterans of the process can be very good at giving the right-sounding answers, only to be and present a later disaster.  This is why it is essential for the employer to project its true culture to potential hires, and for jobseekers to be true to themselves in their search and responses to interview questions.  If this is just to be a survival job, then what’s your problem?  Go with the right attitude and don’t try to change the whole place around you, if you know you won’t be there for the long-term.

(ii) COMPETENCE.

Competence is that mix of skills, abilities, certifications, and knowledge (SACK) that makes the candidate attractive to a potential employer.  The potential employer may have listed a specific requirement, or the potential candidate may be targeting that employer, or working with a third-party recruiter who does the match-making as go-between.  However, in all cases, the goal is to get a match and have as many SACK-points in common as possible.

Here, we can get a better appreciation of that mutuality of obligations mentioned earlier.  If the person is hired to do a specific job because of his or her SACK, then where the SACK is not used or under-used, due to any or all of re-tasking, lack of work, or disorganization and mismanagement, then the new hire will not be happy.  Mental muscles not used will tend to atrophy over time; especially in fast-moving infotainment fields such as IT and graphic design.  In this way, candidates who are under-used, will soon become candidates again, so that they can get meaningful work that they enjoy.  While it is true that this is not always the employer’s fault, especially in a slowed economy where work can be scarce in some lines, the truth of the matter is that employees are now more focused on their own longevity and their own bottom line, as lifelong loyalty to the employer – even a government employer– is no more.  It is one thing to grow with the company ….. but the company has to be growing (or at least stable) when they get there, and not just presenting a promise of growth or stability at some indeterminate point in the future.  There are, however, differences of individual risk appetite, and so this factor may still vary.

(iii) COORDINATION.

Where the employee has accepted the culture and has the right SACK, then the only remaining questions are – (I) can he or she demonstrate an ability to coordinate these in delivering for the employer; and (II) at what level can he or she do this, and with or without additional training or supervision.  There are four levels: Planning, Leading, Undertaking and Understanding, and Managing (PLUM), and we will consider them out of order.

(a)          Understanding and Undertaking:

This is the résumé or covering letter excerpt that speaks of undertaking tasks with minimal supervision.  Can the employee understand simple instructions and undertake the work to deliver a satisfactory (or preferably above satisfactory) end-result?  This is at the basic level.  For the intermediate level, the question is can the employee understand the results of a SWOT (strengths, weaknesses, opportunities and threats) analysis and independently apply his or her individual effort to capitalize on opportunities and strengths (product placement or service excellence), or address weaknesses and threats (brand recognition, market penetration, or negative publicity).  For the advanced level, can the employee both plan and conduct a detailed SWOT analysis, and then coherently communicate the results to others?

(b)          Planning:

This is the capacity of the employee to plan or co-plan any combination of events, projects, compliance programs, or succession.  It would clearly include the planning of a program to address the results of a SWOT analysis at an advanced or intermediate level, or the planning of a discrete employee initiative – such as a training seminar, a new product presentation or service rollout, or a packaging concept or promotional design competition in an environment where the employer had initially encouraged such collaboration and input.

(c)           Leading:

Of course, these factors are presented in no particular order, and so the employee may be given a managerial role (over strategic projects, such as social media outreach) before a purely leadership role (of a shop floor team, for example), and at a multitude of available levels from front-line supervisor, through middle management, to executive assistant.  Specific roles will be determined by the available talent, and the organizational need for leaders of change, projects, teams, events, or training, amongst others.

(d)          Managing:

Some people have natural interpersonal skills, whilst others will have to be coached or trained.  The “naturals” will be easily and speedily recognized in those environments where management is alert and open to its in-house talent, and additional opportunities will be presented to further hone and apply those innate skills as and when found.  Employees can also be or become skilled at managing resources (finance, logistics, human resources) or compliance (legal and regulatory affairs, or shareholder communications) through education and training, and past or current work experience.

SUMMARY.

Committed, Conscientious, and Connected are still valid macro-level descriptors of ideal employees.  However, “Committed” is dynamic, with its own micro-keys of culture, competence, and coordination.

Constant growth, constant learning, and constant expansion of the SACK (skills, abilities, certifications, and knowledge) that one possesses and brings to the job negotiation table is mandatory – because everyone else is doing the same thing and competition is only becoming more intense.  Rent-seeking is also a new constant, as the worker should be constantly seeking-out and plucking the juiciest and most demonstrable PLUMS (planning, leadership, understanding and undertaking, and management) as assignments and means by which to deliver value to the employer, and further fill-out the proprietary and portable sack on the employee’s back.  “As I help you, I also help myself”, but in a non-selfish way!!

For the prospective and current employer, the key to recruiting and retaining the “right fit” is to have and communicate the right culture, seek-out (and actually use once onboard) the right competencies, and have enough “plums” in the air to offer:

(i) sufficient;

(ii) meaningful work; and

(iii) personal growth opportunities; with

(iv) job satisfaction; and

(v) benefits and work-life balance;

to keep people (and the sacks on their backs) around.  I refrain from saying “the right people”, because everyone who wants to and is given the opportunity, is capable of growing into a series of increasingly responsible roles.

It has often been said that the more things change, such as the “committed” employee, the more they remain the same.  Do you agree?

*********************************************************************

Author:

Ekundayo George is a sociologist and a lawyer.  He has also taken courses in organizational and micro-organizational behavior, and has significant experienced in business law and counseling (incorporations, business plans, contracts and non-disclosure agreements, teaming and joint venture agreements), diverse litigation, and regulatory practice.  He is licensed to practice law in Ontario, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America (U.S. business advising, outsourcing and cross-border trade, technology contracts, and U.S. financing).  See, for example: http://www.ogalaws.com.  A writer, blogger, and avid reader, Mr. George has sector experience in Technology (Telecommunications, eCommerce, Outsourcing, Cloud), Financial Services, Healthcare, Entertainment, Real Estate and Zoning, International/cross-border trade, other Services, and Environmental Law and Policy.  He is a published author on the National Security aspects of Environmental Law, and enjoys complex systems analysis in the legal, technological, and societal milieu.

Mr. George is also an experienced strategic consultant; sourcing, managing, and delivering on large, strategic projects (investigations, procurements, and diverse consulting engagements) with multiple stakeholders and multidisciplinary project teams.  See, for example: http://www.simprime-ca.com.

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”) including employees, agents, directors, officers, successors & assigns, in whole or in part for their content, accuracy, or availability.

This article creates no lawyer-client relationship, and is not intended or deemed legal advice, business advice, the rendering any professional service, or attorney advertising where restricted or barred.  The author and affiliated entities specifically disclaim and reject any and all loss claimed, no matter howsoever resulting as alleged, due to any action or inaction done in reliance on the contents herein.

The recent announcement of pending closure for Nirvanix,[1] a CSP, highlights a number of points that I have often stressed as critical in data assessment prior to cloud usage, cloud vendor assessment, cloud contracting specifically, and data protection and retention in general.  These are:

1. “In addition – always (have) a detailed exit protocol with a combination of specific steps, cost structures, and room to negotiate if and where possible.  Cloud Vendors offering no exit strategy, or an overly-rigid or convoluted one, should be approached with high caution.”[2]

2. “If you have critical functionalities that have moved completely or almost completely to a cloud-based solution… then it is highly-advisable to have a backup cloud.[3]

3. Protect and backup your data as per your assessment of the V5 Interplay…the mix of data volume, velocity, variety, value, and vulnerability that determines the how, where, and how often you back it up; amongst other distinct operations and/or management tasks.[4]

4. Mature cloud users should be in a state where “Legal counsel sufficiently aware of the Cloud’s advantages and disadvantages to advise you, can draft or review your Cloud Services Agreements, or negotiate them from the outset, if the latter option is actually made available to you by the Vendor.[5]

To now learn that many large and systemically significant entities in a host of industries have massive amounts of data with this one provider that they are now rushing to remove before the pending shutdown,[6] is quite worrying in terms of Cybersecurity, Cloud best practices, and attendant potential legal liability.

OPTIONS:

Of course, any speculation is pure speculation, as I have no personal knowledge of their arrangements, whether or not these exits are orderly, or if they will be concluded in good time.  However, one would expect that:

(i) for the most critical data in that V5 interplay;

(ii) multiple CSPs should have been used;

(iii) offsite backup should not have been automatically discontinued;

(iv) a detailed exit protocol (“cloud emigration”) would have been contractually agreed-upon in advance, with access to the key or contracted staff – including migration/emigration as a service providers or other such specialists;

(v) guaranteed continued availability of staff and data as was already specified in the original SLA; and

(vi) either CSP insurance (as with employment practices insurance, business interruption or business continuity insurance, or some such), a portion of the client fees segregated in advance by lockbox arrangement to pre-fund an orderly exit, or any host of other arrangements to cover those exit costs, would have been specified as preconditions for entering into a cloud services agreement in the first instance, laid-out in detail, mutually agreed, practiced and reviewed for updates from time to time, and enacted as and when needed.

CONCLUSIONS:

This case is quite instructive, and many cloud users will, doubtless, take note and a few pointers for their own contracts (whether as promptly amended or when next renewed), so as to avoid future problems when this kind of situation replicates, or any other foreseeable or unforeseen eventuality causes a similar rumble of thunder to ripple across the Cloud-sphere.  They must be able to promptly, securely, and in an organized fashionrein-in” and “reel-back” their uploaded data from the cloud, without having their own clients and data subjects rain thunder and lightning down on them, for any failure to so do.[7]  If their data gets stuck in CSP insolvency wranglings, then a whole host of new twists and turns will develop.

*********************************************************************

Author:

Ekundayo George is a sociologist and a lawyer.  He has also taken courses in organizational and micro-organizational behavior, and has significant experienced in business law and counseling (incorporations, business plans, contracts and non-disclosure agreements, teaming and joint venture agreements), diverse litigation, and regulatory practice.  He is licensed to practice law in Ontario, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America (U.S. business advising, outsourcing and cross-border trade, technology contracts, and U.S. financing).  See, for example: http://www.ogalaws.com.  A writer, blogger, and avid reader, Mr. George is a published author in Environmental Law and Policy (National Security aspects), and has sector experience in healthcare, communications, financial services, real estate, international trade, eCommerce, Cloud, and Outsourcing.

 

Mr. George is also an experienced strategic consultant; sourcing, managing, and delivering on large, high stakes, strategic projects (investigations, procurements, and consulting engagements) with multiple stakeholders and multidisciplinary project teams.  See, for example: http://www.simprime-ca.com.

 

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”) including employees, agents, directors, officers, successors & assigns, in whole or in part for their content, accuracy, or availability.

 

This article creates no lawyer-client relationship, and is not intended or deemed legal advice, business advice, the rendering any professional service, or attorney advertising where restricted or barred.  The author and affiliated entities specifically disclaim and reject any and all loss claimed, no matter howsoever resulting as alleged, due to any action or inaction done in reliance on the contents herein.

 


[1] Isha Suri.  Nirvanix Closing Down, Gives Two Weeks’ Notice of Service Shutdown.  Published on siliconangle.com, September 24, 2013.  Web: http://siliconangle.com/blog/2013/09/24/nirvanix-closing-down-gives-two-weeks-notice-of-service-shutdown/

[2] Ekundayo George.  To Cloud or Not to Cloud: What are Some of the Current, Most Pertinent Pros and Cons?  (at “Disadvantages potential – Vendor Inelasticity”).  Published on ogalaws.wordpress.com, December 28, 2011.  Web: https://ogalaws.wordpress.com/2011/12/28/to-cloud-or-not-to-cloud-what-are-some-of-the-current-most-pertinent-pros-and-cons/

[3] Ekundayo George.  Data Protection and Retention in the Cloud: Getting it Right (at “1. Backup Cloud).  Published on ogalaws.wordpress.com, March 11, 2013.  Web: https://ogalaws.wordpress.com/2013/03/11/data-protection-and-retention-in-the-cloud-getting-it-right/

[4] Id. at “4. Traditional off-Cloud Backup”, and at footnote 13).

[5] Ekundayo George.  In who’se pocket is your data packet? – International Data Governance (at “d”).  Published February 6, 2013.  Web: https://ogalaws.wordpress.com/2013/02/06/in-whose-pocket-is-your-data-packet-international-data-governance/

[6] Jeffrey Schwartz.  Cloud Storage Provider Nirvanix Goes Belly-Up, Customers Panic To Move Data.  Published on virtualizationreview.com, September 19, 2013.  Web: http://virtualizationreview.com/blogs/the-schwartz-cloud-report/2013/09/nirvanix-goes-belly-up.aspx?goback=.gde_1864210_member_275308263#!

[7]Risk Management” (such as in preventing to the extent possible, planning for, and effectively prevailing with regard to this type of snafu) and “Stakeholder Management” (calming and reassuring those division heads and business unit leaders who’se core and critical functions are residing, and hopefully resiliently so, in the Cloud, during any time of crisis), have been identified as the new and added “need to have” softer business skills for IT professionals who plan to survive and thrive in the rapidly evolving (and reputedly short-skilled) Cloud space.  See Steve Ranger.  Big data, cloud computing experts hard to hire, bosses admit.  Published on techrepublik.com, September 23, 2013.  Web: http://www.techrepublic.com/blog/european-technology/big-data-cloud-computing-experts-hard-to-hire-bosses-admit/?tag=nl.e077&s_cid=e077&ttag=e077&ftag=TRE9ae7a1a.  For a broader overview of the changing nature of IT skills with regard to changing technologies, such as Cloud Computing, see Ekundayo George.  Why “will” IT jobs persist through changing technology, and why “must” IT initial education and ongoing training be both constant, and consistent?  Published on ogalaws.wordpress.com. June 5, 2013.  Web: https://ogalaws.wordpress.com/2013/06/05/why-will-it-jobs-persist-through-changing-technology-and-why-must-it-initial-education-and-ongoing-training-be-both-constant-and-consistent/

Many people want to start a business, especially when retention prospects (let alone employment for the currently unemployed), prospects, in a regular day job are, to say the least, a little shaky, perhaps.  There are many great ideas, many great potential entrepreneurs, and some very good sources of private sector and public sector funding available – whether in the United States, Canada, or other G20 nations.[1]

Despite the best intentions, however, many businesses start but do not last, and many more never even start.  Why?  I would say that the reason is a combination of:

(i) lacking knowledge on how and where to start – from planning; through assessments of self, product or service, and market; to entity formation;

(ii) lacking access to mentors, advisors, and the legal and accounting professionals (at full or discounted rates) who can assist in proper structuring, point you in the right direction, mobilize their resources and contacts in your favour, and render ongoing advice and counsel; and

(iii) lacking commitment, becoming distracted by other pressing life issues, or lacking the funding to commence at the outset, to continue beyond the very early stages – especially if intellectual property protection is required, or to consolidate those early and hard-won gains.[2]

Funding can be a consideration at any or all stages, so I will not delve into it with this post.  In addition, every situation is different, of course.  Nevertheless, let us try to address the entire startup concept and situation holistically and comprehensively by looking at the 5 (“five”) general phases of a startup business that covers these above 3 (“three”) deficiencies to varying depths; applicable in any country, under varied laws, and to most industry & service sectors – albeit with a little tweaking here and there.  The 5 phases, are: Assess; Brainstorm; Construct; Defend; and Exploit, and we meet them in that order.

ASSESS:

There are 5 (“five”) things you must look at when starting (or thinking of starting) a business.  These are:

(a) the current market – including size, location, tastes, regulations, pre-qualifications to entry, and demand-elasticity, amongst others;

(b) the current players in that market;

(c) the consumers;

(d) applicable trends and technologies; and

(e) your own abilities.  On this last point (self-assessment), you must ask yourself: do you have the business know how or the market knowledge; do you have the time and the funds; what skills and training do you bring that are applicable and will help; and what is the good or service that you have in mind – meaning how will it solve a current problem or fill a current need that you perceive as crucial?  When I say “you”, I mean for every person on the entire founding team to perform this assessment.

If you drew-up all of these points and sub-points in a table, the remaining steps in the other 4 (“four”) columns would align, point by point, with those from this first “Assess” column.

BRAINSTORM:

(a) In the market segment, you must find your target or niche, and keep to it; at least at first.

(b) With regard to current operators, consider joining or partnering with them in some way, to gain experience and their help (e.g. co-branding, teaming, distribution agreements), or if they are smaller than you and you have the funding, then you can also buy them out to have a turnkey operation.

(c) On the subject of consumers, you need to do some research and in-depth data-mining, to determine how past trends have fared, where things currently stand, and where they are likely to go.

(d) With regard to trends and technologies, if you think that you have created a better mousetrap, then you need to find a way to get this word out quickly, professionally, and very persuasively!

(e) Finally, if you have performed that self-assessment and determined that you are lacking in some areas, then you need to recruit the talent that will cover that angle for you, and seal it with a salary, some equity, or both.  Can you adequately message and massage the sensitive public by yourself?  Can you manage investor expectations full-time while also running the company full time?  If you need additional neurons (two heads are often better than one) – especially if you found yourself lacking in market knowledge, business know how, or other critical skills, then you need to recruiting a braintrust of advisors or partners to fill those gaps.  Once this is done, you can work together to make a plan and a budget, map a road, and manage the overall performance of your founding team – including both the stars and the backstage crew.

CONSTRUCT:

(a) Once your braintrust has validated (or updated) your assessment of the current market and your targeted niche, you should move diligently on making it yours.

(b) Those operators that you have not partnered with or purchased, should be thoroughly disrupted by your entry and sufficiently so to see that they need to change.   If they “sincerely” see you a little to no threat, take heart, because this gives you the chance to build your niche with little to no interference.  I say “sincerely”, because some operators will pretend that they pay you no heed, but in reality, be the secret shoppers amongst your customers.  In any case, once you have dominated there, then you will have the experience and credibility with funders, to expand even further afield.

(c) Develop a sufficiently novel or different hook to get the attention of your customers in that niche; don’t just look like every other mousetrap, but don’t over-spend either, as it will eat more deeply into your budget than you had anticipated and you might get used to it – over-spending; a very bad habit.

(d) In terms of trends and technologies, the watchword once again, is to disrupt the norm and the status quo with, or from, a new or unexpected angle.  Either here or at an earlier stage, you will likely have captured appropriate webspace for your concept and business.  The question is: how much is enough?  The answer, unfortunately, depends on you, your appetite, and your funding level because some may advise you to cover up to 25 or more potential sites.  However, if your funds won’t go there, then neither can you.  If you will be focused on Canada and North America, then you might consider: ca, .co, .com, .biz, .info, .net, and .org.  If specificity of origin is also your main concern when based in these markets, or if you have plans to create localized branches, then you might also consider: .au, .eu, .uk, .us, and .za.  A more European, global, or emerging market focus might lead you to also consider: .jp, .br, .mx.mobi, .it, .de, .tr, .eg, .ng, and .ae.  There are also coverall suffixes: .north.am, .south.am, .com.mex, and .me.  Once again, its up to you.  However, if you get a squatter on your prime site, then the cost will be higher.  If you get squatters that totally shut you out of a majority of these suffixes, then you may be forced to change your name outright, or modify it to a hardly recognizable degree.  It’s a risk to go light.

(e) Finally, to further bolster the knowledge and abilities of your team, you should consider joining trade groups or associations, and travel and explore to see how things are done in other places, as well as to potentially recruit partners, find new suppliers, or gather fresh ideas and perspectives.  With the Internet, much of this travel can be achieved through a browser on the smartphone, laptop and tablet, or desktop.  However, it is healthy to get out every once in a while, do some exercise, get some Vitamin D from the sunlight, and enjoy the fresh air outside your basement lair.  A shave and a shower might also help, and do remember the shades and sunscreen if it has been some time since you were last out.

DEFEND:

(a) Once you have had some success, you will need to defend it.  Options include hiring a dedicated sales force (whether on salary or commission); moving to a call center model – whether proprietary or outsourced and whether for customer service, or sales, or both in an eCommerce orientation; franchising; and if you have not already done so, going “Social”.  In the current Web 2.0+world, many businesses are “starting” with Social, and only becoming “bricks-and-mortar-based” at a later stage.

(b) Operators in the same or a closely-related space will likely also have now become more of a threat.  This is where your earlier Trademark and Patent filings and attached rights can be leveraged in your favour; you can reap the benefits of those Non-disclosure and Non-compete Agreements earlier and strategically entered-into; and now you can add “sue” to your join or buy approach to those same, once slow-moving operators who are now your competitors, and trying very hard to play catch-up, or even talking-takeover, partnership, and joint venture.

(c) Focus on distribution and sales for the customer base, along with after-sales support and service, and warranty fulfilment, satisfaction guarantees, and rewarding loyalty – for both goods and services.  You will likely also want to further expand your use of social media platforms with a mixture of dedicated in-house staff, and outsourcing to third parties with appropriate legal and contractual protections.

(d) Also, having attained this level, the brand will have become something of significant value.  Hence, those long-neglected areas due to lack of funds or lack of time, can now be more seriously addressed.  These may include standards, training, and certifications for staff; stricter quality control and ISO certifications for the subject product or service; and disaster planning with heightened insurance to cover inventory, privacy, receivables, and business interruptions – across all of your business locations.

(e) Finally having done your self-assessments, gathered a braintrust, and joined the right industry and trade groups, you can now start to do some serious benchmarking, create long range strategic plans, and make evidence-based projections with sales targets, focal demographics, and feedback goals to guage the customer experience and begin or continue to feed the constant improvement loop.

EXPLOIT:

With the defences in place and a success attitude with attendant best practices ingrained, you can now move further forward to exploit those early-stage and mid-stage gains.

(a) This one is simple: go back to “Assess” to look at the state of the market, your current status in the market, and what you can do to maintain or improve your position there.

(b) Related to this, is your heightened duty to watch your back, and not treat as insignificant the same type of disruptive upstart that you were.  If you do, they may well, and soon, be eating your lunch! Be very wary of those who try to join or buy you, and try to avoid being sued.

(c) Listen to your consumers, act on their feedback, and remember that they are the reason why you went into business and why you are still in business.  So, while they “do” have some stake in what you do, and how you do it, I think we all know that you owe far more to them, as “they” vote with their feet.

(d) More businesses that one can name, have been disrupted and eventually destroyed by changes in trends and technology that they could not predict, and to which they did not or could not timely adapt You need to keep a very keen eye on the bigger picture.  Use surveys, impanel focus groups, have play-ins for your technology both before and after roll-out, and scan constantly for upcoming disruptions.

(e) With regard to your own abilities, this should also go back to the “Assess” stage.  Go global if you are not already there, stress test your operations and business model against a broad variety of scenarios, and if you have the time and funds, then send out dedicated teams to learn from the competition (legally), bring back what they have learned, and strategize in-house on how best to halt, harness, or handle any and all potential coming disruptions that you have been able to identify – from customers, competitors, and changes in the five factors of production (land, information, labour, “attentitude”, and capital).  Attentitude is a combination of Attitude (can-do, determination, no rush to quit) and Attentive (fast-thinking, multi-tasking, able to work in hyper-dynamic environments and easily switch roles).  Where change is a constant, those accustomed to dealing with it and rolling with it, will likely do best.

SUMMARY:

Hopefully, this has given you some ideas and a better grasp of what needs to be done to get off to a good start.  It is not rocket science, but it does need a methodical and disciplined approach, and the will to follow-through despite the inevitable setback or flood of setbacks.  Others have done it; why not you?

*********************************************************************

Author:

Ekundayo George is a sociologist and a lawyer.  He has also taken courses in organizational and micro-organizational behavior, and has significant experienced in business law and counseling (incorporations, business plans, contracts and non-disclosure agreements, teaming and joint venture agreements), diverse litigation, and regulatory practice.  He is licensed to practice law in Ontario, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America (U.S. business advising, outsourcing and cross-border trade, technology contracts, and U.S. financing). See, for example: http://www.ogalaws.com.  An avid writer, blogger, and reader, Mr. George is a published author in Environmental Law and Policy (National Security aspects), and has sector experience in healthcare, communications, financial services, real estate, international trade, eCommerce, and Outsourcing.

Mr. George is also an experienced strategic consultant; sourcing, managing, and delivering on large, high stakes, strategic projects (investigations, procurements, and consulting engagements) with multiple stakeholders and multidisciplinary project teams.  See, for example: http://www.simprime-ca.com.

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”) including employees, agents, directors, officers, successors & assigns, in whole or in part for their content, accuracy, or availability.

This article creates no lawyer-client relationship, and is not intended or deemed legal advice, business advice, the rendering any professional service, or attorney advertising where restricted or barred.  The author and affiliated entities specifically disclaim and reject any and all loss claimed, no matter howsoever resulting as alleged, due to any action or inaction done in reliance on the contents herein.


[1] EY.  The EY G20 Entrepreneurship Barometer 2013: Canada The power of three: governments, entrepreneurs and corporations.  Published August 23, 2013, on ey.com.  Visited September 10, 2013.  Web: http://www.ey.com/CA/en/Services/Strategic-Growth-Markets/G20-Entrepreneurship-Barometer-2013-Overview

This recent study ranked Canada amongst the top 5 G20 nations for entrepreneurs.  The United States of America, the United Kingdom, China, South Korea, and Saudi Arabia were amongst those ranking higher than Canada on the 5 key entrepreneurship measures of: Access to funding; Entrepreneurship culture; Tax and regulation; Education and training; and Coordinated support (see chart at page 11 of 12).

[2] An earlier blog saw me post on what an entrepreneur should focus on in order to coax-out funding at the early-stage, mid-stage, and late-stage of a business lifecycle.  See e.g. Ekundayo George.  Getting Funded at your Business Stage – Pitch Perfect?  Posted on ogalaws.com, September 4, 2013.  Web: https://ogalaws.wordpress.com/2013/09/04/getting-funded-at-your-business-stage-pitch-perfect/

As legal counsel, we are often approached to write or review and adjust business plans.  These can be for entities in early-stage (startup, seeking seed capital, recruiting a founding team), mid-stage (emerging, expanding, and proceeding to IPO), or late-stage (buy-back, restructuring, or receivership).  The common question is, however: what are the financiers seeking, and what is the most reliable “Unique Selling Proposition?

Early-Stage:

In a recent article, one writer wrote that assessing the team was paramount for early-stage financing; followed by a good idea, and then the presence (or promise) of a viable market.[i]  I agree!  In addition, I would further agree with the author’s assertion from his polling of some VCs, that these three elements should be considered in that order.  I would say the team should be good, but not perfect.

Now, what about the rest of the business world –entities at other stages of their existence as going (and hopefully staying) concerns?  The article is silent on this, and so I will provide my own observations.

Mid-Stage:

In the mid-stage, the emphasis should move to a well-defined vision, a solid success record, and a workable strategy.  I separate the strategy from the vision, because there “must” be some basis on which to build your persuasive case that more money will help you further that vision.  That basis, is your success record; and in your pitch, you will layout the strategy as to how you will get that done.  What defines success, and what is “enough” success for intended sponsors, will differ from case to case.  This can be anything from a raw number of units moved over a certain time, through back-orders, to actual market share gained.  There will also be some financiers who are particularly impressed by large social media followings with no revenues, as this can be monetized through advertising, co-branding their own or their partner wares, or cross-selling of additional offerings in the product or service mix of the pitching entity.  Situations will vary and will always be assessed on a case by case basis.

Late-Stage:

In the late-stage, the emphasis should move to a tangible and tested commitment, a well-developed brand, and good prospects going forwards.  Commitment as the top factor, should be something that has endured to that late stage through all of the challenges that the founder has or founders have faced.  Running a business is hardly ever a piece of cake, and if a principal has stayed the course to that late stage, than he or she is likely to continue fighting to keep the fires burning – or so financiers would likely conclude.  Similarly, if at that late stage there is no well-developed brand, then into what, precisely, are the financiers being asked to pump their money – smoke and mirrors, or a dream?  Good prospects going forwards, alone, will not open wallets if there is no brand and no commitment at that late stage.  However, where all three are present, then even if outer factors look insurmountable or the financials are not quite on point, there might still be an opportunity to get the needed funding on livable terms.

Essentially, it all centers on presentation, hitting these points as and when they need to be hit, and the content of the pitch – which need not be perfect, just right for the stage of the pitcher, and the taste of the audience pitched.  Where there is a will, there is likely still a way …. you just have to find it, and surround yourself with people who can help you do that at the stage where you need it done.

Good luck!

*********************************************************************

Author:

Ekundayo George is a sociologist and a lawyer.  He has also taken courses in organizational and micro-organizational behavior, and has significant experienced in business law and counseling (incorporations, business plans, contracts and non-disclosure agreements, teaming and joint venture agreements), diverse litigation, and regulatory practice.  He is licensed to practice law in Ontario, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America (U.S. business advising, outsourcing and cross-border trade, technology contracts, and U.S. financing).  See, for example: http://www.ogalaws.com.  An avid writer, blogger, and reader, Mr. George is a published author in Environmental Law and Policy (National Security aspects), and has sector experience in healthcare, communications, financial services, real estate, international trade, eCommerce, and Outsourcing.

 

Mr. George is also an experienced strategic consultant; sourcing, managing, and delivering on large, high stakes, strategic projects (investigations, procurements, and consulting engagements) with multiple stakeholders and multidisciplinary project teams.  See, for example: http://www.simprime-ca.com.

 

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”) including employees, agents, directors, officers, successors & assigns, in whole or in part for their content, accuracy, or availability.

 

This article creates no lawyer-client relationship, and is not intended or deemed legal advice, business advice, the rendering any professional service, or attorney advertising where restricted or barred.  The author and affiliated entities specifically disclaim and reject any and all loss claimed, no matter howsoever resulting as alleged, due to any action or inaction done in reliance on the contents herein.

 


[i] Nic Brisbourne.  Early State Startups Don’t Need a Perfect idea, They Need a Great Thesis.  posted on theequitykicker.com.  Visited September 3, 2013.  Web: http://www.theequitykicker.com/2013/07/22/early-stage-startups-dont-need-a-perfect-idea-they-need-a-great-thesis/

INTRODUCTION:

To this day – whatever day you are reading this – people debate and even argue with serious heat and animation, as to whether the chicken or the egg came first.  I always say that there is no definitive answer, as different people, different climes, and different times will all have their own perspectives.

Looking back, the increasing consumerization of information and communications technologies, the growth and maturation of outsourcing practices, just-in-time inventory systems, and both mechanization and the industrial revolution, have all caused their own paradigm shifts as disruptive technologies.  Today, it is not just the advent and development of cloud computing but a host of other factors, including: social media, mass mobility, information ubiquity, unparalleled social plus political plus economic diversity and uncertainty, and global competition for consumable inputs, consumers and their data, and other competitive advantages – have all combined to create a massive and sustained disruption in the way we both conduct business and understand business that has no known parallel.

As a result of this, it is hard to know where the supplier ends and the consumer starts (focus groups and beta testing); whether the regulator controls the business or vice versa (trade associations and lobbyists); and whether the consumer or the business decides what goes on store shelves (social media, loyalty programs and points or airmiles, and target-marketing campaigns).  One can hardly say that the business of business (governance) has become a public-private-partnership with the “Occupy” and “Anonymous” and “anti-globalization” movements, and outright revolutions here and there showing many separate and distinct actors.  However, the three “Ps” do still have a role to play.  Let me explain; using 3Ps, P3, and PPP interchangeably throughout this blog post.

CONCEPT:

There have been a few disruptive shifts in this paradigm of the 3Ps.  I would say that we have experienced a second shift, and we are therefore in the third cycle.

                Cycle 1: Goods and Services (as separate and distinct).

In the first cycle, the 3Ps were separately and distinctly applicable to each of goods and services.

In terms of goods, this stood for – Produce, Publicize, and Place on shelves.  For “widgets”, this would generally involve first creating one or more prototypes, publicizing its utility and efficacy through direct or indirect marketing, and finding the right combination of funding and sales or other patronage to make and sell ever more widgets through various distribution channels.

In terms of services, this stood for Present, Perform, and Persuade.  For “works”, the relevant steps would involve presenting or offering the service, performing for pay or as a teaser sample, and then persuading the customer to either pay for the sample, purchase more, or assist in building the market; whether or not for a set or fixed fee, or some other form of compensation.

                Cycle 2: Goods and Services (with blurred boundary lines).

In the second cycle, the 3Ps were used together and often blurred the boundary lines between goods and services.  This was and remains, the era of Public-Private Partnerships, in which engagements involved both the delivery of and performance on, a combination of goods and services mainly used to procure public infrastructure at significantly reduced public expense,[1] and yield greater value for money. Nomenclature differs slightly, such that in Canada, some of the common PPP variants have included:

(i) build and finance (BF);

(ii) operate and maintain (O&M);

(iii) build, operate, and own (BOO);

(iv) build, operate, and transfer (BOT);

(v) design and build (DB);

(vi) design, build, and finance (DBF);

(vii) design, build, finance, and operate

 (DBFO);

(iix) design, build, finance, and maintain

 (DBFM); and

(ix) design, build, finance, operate, and

 maintain (DBFOM).[2]

In other parts of the world, including the United States, some of the common PPP variants have included the above, as well as:

(x) lump-sum turnkey (LSTK);

(xi) build, lease, transfer (BLT);

(xii) build, transfer, operate (BTO);

(xiii) build, own, operate, transfer (BOOT);

(xiv) build, rehabilitate, operate, transfer

(BROT);

(xv) operate, maintain, transfer (OMT);

(xvi) design, build, finance, operate, transfer

(DBFOT);

(xvii) engineering, procurement, and

 construction (EPC);

(xiix) engineering procurement, construction

 and commissioning (EPCC);

(xix) engineering, procurement, construction

 and management (EPCM);

(xx) engineering, procurement, construction

 and installation (EPCI); and

(xxi) engineering, procurement installation

and commissioning (EPIC).[3]

Originally conceived for hard infrastructure “widgets” (bridges, airports, roads, tunnels and termnals, energy projects, and railways), PPP grew to be applied to “works” as infrastructure services (healthcare, social services, and disaster assistance through a variety of NGOs, Health Trusts in the United Kingdom, and multinational entities.  This paradigm shift to greater diversity in 3Ps application and an increased gradual blurring of the lines between goods and services, has now brought us to the third and current cycle.

                Cycle 3: Goods and Services (as indistinguishably forms encompassed by functions).[4]

In this paradigm, the focus is less on the widgets or the works, but more on the actions and inputs that go into creating these finished widgets and works.  Those actions and inputs can be put into two groups, with the Products (being both goods and services), in the middle.  On one side, would be the People, and on the other side, would be the Processes.  Hence, the 3Ps of Cycle 2 no longer stand for public-private-partnership at all, and have been eclipsed and overtaken by these 3Ps of Cycle 3, with 14 major sub-elements, as follows.

(A) People: There are 3 (“three”) main descriptors for what the people do in producing goods and services, being: Coordination (of leadership, rules, and goals); Empowerment and training/re-training; and Organic collaboration.  The first letters of these main descriptors happen to spell “CEO”;

(B) Products: There are 6 (“six”) main elements in the production process of both goods and services, being: Design; Requirements; Inventory; Virtualization; Experience; and Safety and security.  The first letters of these main elements happen to spell “drives”;

(C) Processes: There are 5 (“five”) main processes or process collectives that can impact upon the goods and services forms produced, being: Health and human rights; on-boarding and off-boarding; Market as a mammal; Environment (natural); and Supply chain.  The first letters of these processes and process collectives happen to spell “homes”.

ILLUSTRATIONS:

To show the salience of this typology, let us now consider the following illustrations, with each of these six examples containing one element from “people” (A), one from “products” (B), and one from “processes” (C), as presented in different orders to reveal all six possible, single-co-use combinations of these letters.

                Goods:

A-B-C – A new and disruptive market entrant uses an innovative organic collaboration strategy (A), to devise and deliver a product security innovation (B), through crowdsourcing and gamification; and the market as a mammal (C), shifts en-masse to both sides of collaborative production and individual consumption, of the popular good.

C-A-B – Bad off-boarding (C), and the fallout from improper segregation of duties leads to a new and more open leadership style (A), and a focus on customer experience marketing (B), through traditional and social media; all in an effort to win back market share of the demand for that good, and both public and employee confidence.

B-C-A – A product safety recall (B), stemming from faulty production processes and quality controls that led to an unsanitary contamination (C), results in significant worker re-retraining (A) for the producer of that good.

                Services:

B-A-C – The successful trade dress design (B), of a service provider demonstrates the type of inspired leadership (A), on environmental issues (C), in the use of alternative energy that generates a loyal neighborhood of patrons and significant in-bound tourists and curiosity travelers who further stimulate the local economy.

C-B-A – A lean supply chain (C), achieved by using virtualization (B), and cloud applications allows for rapid sourcing of additional services as and when required, and so keeps staff oriented and focused on discrete and achievable employee goals (A).

A-C-B – New, consumer-driven government rules (A), and regulations on carbon and pollution (C), in this service industry sector lead many of its providers to speedily re-align products in their inventory (B), to better meet regulatory and market demands.

SUMMARY:

The collective phrase spelled-out by the 14 (“fourteen”) major above elements grouped as People, Products, and Processes, is “CEO drives homes”.  This is no accident, as both producers and consumers of products and services are fully enclosed by this current paradigm – no matter where in the model you start or end your application of the paradigm to goods or services, as the above illustrations well-show.  No entity can function or properly deploy its human capital without solid goals, rules, and leadership from the C-suite; which then drives an economy as well as the homes, of all who live, work, learn, and play there.

So, what is P3 to me?  In this current cycle, post-2nd paradigm-shift, it is for me a way of doing things (works) and making things (widgets) that better sees the different inputs and impacts of people and processes, on today’s many and different types of collaboration, that lead to those “forms” or “products” that we still insist on calling goods (widgets) & services (works).

But then again, if the widget or work is the chicken, does this make the 3Ps one big egg; or is the egg actually both a widget (a good) and a work (a service, less the stork, in delivering future chickens)?

********************************************************************************

Author:

Ekundayo George is a sociologist and a lawyer.  He has also taken courses in organizational and micro-organizational behavior, and has significant experienced in business law and counseling, diverse litigation, and regulatory practice.  He is licensed to practice law in Ontario, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America (U.S.A.).  See, for example: http://www.ogalaws.com.  An avid writer, blogger, and reader, Mr. George is a published author in Environmental Law and Policy (National Security aspects), and has sector experience in healthcare, communications, financial services, real estate, international trade, eCommerce, and Outsourcing.

Mr. George is also an experienced strategic consultant; sourcing, managing, and delivering on large, high stakes, strategic projects (investigations, procurements, and consulting engagements) with multiple stakeholders and multidisciplinary project teams.  See, for example: http://www.simprime-ca.com.

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”), in whole or in part for their content, or their accuracy, or their availability.

This article creates no lawyer-client relationship, and is not legal advice, or an attorney advert where barred.


[1] Common Public-Private Partnership Projects (PPP) in Canada involved healthcare, transportation, justice, and corrections.  See Infra note 2, at text immediately preceding Table 1 in the cited material.

[2] PPP Canada (Public-Private Partnerships).  What does the Canadian P3 market look like?  Table 1: Distribution of P3 Projects in Procurement by Procurement Method (2009 – 2011).   Online: >http://www.p3canada.ca/p3-market.php<; See also The Canadian Council of Public-Private Partnerships.  Models of Public-Private Partnerships.  Online: >http://www.pppcouncil.ca/resources/about-ppp/models.html<

[3] Ministry of Finance, India.  National PPP Policy 2011 – Draft for Consultation.  Released to the public on October 15, 2011.  Online: >http://www.pppinindia.com/Defining-PPP.php<; See also The Energy Industries Council (EIC), United Kingdom.  Project Profiles and Contract Types.  Online: >http://www.the-eic.com/EICDataStream/EICDataStreamGlossary/ProjectProfilesandContractTypes.aspx<

[4] We should note that naming conventions are shifting in multiple fields, with laptops, tablets, PCs, and smartphones together and increasingly labeled “Form Factors”, as they all serve collective and distinct functions of communication, collaboration, and connectivity in ways at times similar and at times distinct, as the case may be.

Some people have said that IT careers and IT jobs will disappear due to the advent and mainstreaming of Cloud applications, as well as IT commoditization and outsourcing that will close data centers en masse.  Indeed, one author in 2012 directly predicted a coming re-imagination or demise, of 4 (“four”) specific IT roles and career paths, namely: (i) Programming; (ii) Datacenter; (iii) Data Technology; and (iv) Security.[1]  My detailed thinking on these predictions is more specifically laid-out below, in the “Analysis” section.

Will IT Jobs Disappear?

Such projections are in error, at best!  Consider this statement regarding current IT role disruptions:

The more interesting lesson is the tectonic shift in computing away from the device and software residing on the device, to data and applications access on a variety of form factors and connected operating systems”.[2]

In-house, traditional data centers are there to ensure that data and applications can be accessed from devices near and far; cloud computing data centers are there to ensure that data and applications can be accessed from devices near and far; IT staff are needed in both cases to troubleshoot, ensure that those devices and/or the servers are configured to “play nicely” with each other, and otherwise act when the system cannot itself, or its subsystems will not themselves, fail-over, add or reduce capacity, self-diagnose, grant access to technicians and tours to top brass, run out with backup tapes or portable  hard drives when all else “really” fails, things fall apart, and the (data) center cannot hold,[3] and so on.  Even when printing money and coins (stamps are less used in the West nowadays, due to the rapidity of mobility, and courier efficiencies), human eyes are still needed for that final quality control function Indeed, the case is also and stringently made that there is in fact an accelerating skills shortage in IT.[4]

What then, has changed to make the human factor suddenly obsolete?

I would say nothing, because the more things change, outwardly, the more they stay the same, behind the scenes, as IT jobs and IT professionals will always be needed; albeit with skills–sets that are both more diverse and more specialized at one and the same time, due to an increasing complexity of things.

“We estimate that by 2016 approximately 106,000 ICT jobs will need to be filled in Canada with demand for critical jobs far exceeding the supply. This figure will be further compounded if we account for the new emerging ICT sectors.  Canada is also competing in an increasingly tight labour market, emerging global economies such as Brazil, Russia, India, China and South-Africa (BRICS) are achieving unprecedented economic growth using new energy, telecommunications and information technologies”.[5]

Let us look, then, at 7 (“seven”) specific area examples to help demonstrate how and why this must be.

7 Examples as Proof of IT’s Adaptability, Persistence, and Traction (APT).

1. Cloud applications.

Late last year, there came the headline story – “Almost 1.7 Million Cloud-Related Jobs Went Unfilled in 2012: Estimate“.[6]  That’s a lot of jobs!  However, what is the Cloud and what might those jobs be, some doubtless asked?  In the 6 (“six”) months since the article was published, many of those who asked may now know a little more about the Cloud.  For others, however, an overview may help give perspective.

                                What is Cloud Computing (“Cloud”)?

According to data from the United States’ National Institute of Standards and Technology (NIST):

“Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.  This cloud model promotes availability and is composed of five essential characteristics (On-demand self-service, Broad network access, Resource pooling, Rapid elasticity, Measured Service); three service models (Cloud Software as a Service (SaaS), Cloud Platform as a Service (PaaS), Cloud Infrastructure as a Service (IaaS)); and, four deployment models (Private cloud, Community cloud, Public cloud, Hybrid cloud). Key enabling technologies include: (1) fast wide-area networks, (2) powerful, inexpensive server computers, and (3) high-performance virtualization for commodity hardware”. [7]

Unfortunately, this NIST data is already behind the market as the Cloud is advancing so fast.  There are now no less than 7 (“seven”) well-identified Cloud service models, being: Software as a Service (SaaS),[8] Security as a Service (SecaaS),[9] Platform as a Service (PaaS),[10] Infrastructure as a Service (IaaS),[11] Networking as a Service (NaaS),[12] Data as a Service (DaaS),[13] and Migration as a Service (MaaS).[14]

                                Which are the Cloud Jobs?

An October, 2012 article identified the following 10 (“ten”) IT jobs as in-demand Cloud careers;[15] being:

(I) Cloud Architect; (II) Cloud Software Engineer; (III) Cloud Sales; (IV) Cloud Engineer; (V) Cloud Services Developer; (VI) Cloud Systems Administrator; (VII) Cloud Consultant; (IIX) Cloud Systems Engineer; (IX) Cloud Network Engineer; and (X) Cloud Product Manager.

The takeaway, is that “professionals who are experts in cloud computing, software as a service and virtualization are in high demand, but those with combined skills in server, software and networking are the most sought after in the current IT job market”.[16] Add to this, another recent survey that concludes: “[c]loud related skills represent virtually all the growth opportunities in IT employment worldwide as demand for cloud-related positions grows.”[17]  Together, these findings put to rest any assertion that datacenter jobs will disappear, because servers are housed in data centers and data farms, and the need for them as well as the IT staff to tend to and manage them, is increasing with time and Cloud uptake.

Where is Cloud Heading – Long term?

In response to the PWC/Digital IQ Report that presented this year’s top 10 technology trends for business, I pondered this year’s top 5 technology trends for consumers;[18] one of which was EULA3.  This term co-represents: (i) End-User Legal Authority (free rein to develop and customize screen savers, fonts, skins, and avatars to their liking, after download from developers with the IP rights therein); (ii) End-User License Autonomy (lawful unlocking of devices and to remove geographic restrictions, freedom from multi-year service contracts, number portability, rights to opt-out of geo-tracking, receiving ongoing service or functionality updates, and in the EU, a right to be free from pre-sale, bundled OEM-ware; and (iii) End-User Leveraged Ability (massively enhanced remote and mobile collaboration and empowerment tools and technologies, in “online groups, archives, fora, encyclopedias, and societies”).[19]

My focus here, is on the leveraged ability, that allows for more creativity, collaboration, commentary, commerce, connections, and cloud applications.[20]  Within and as a result of this leveraged ability, I see the coming offering of Economies as a Service/Elasticity as a Service (EaaS).  This will go beyond the mere discrete, standalone offerings of storage, ERP, and data analytics, to offer specific enterprise-level function and service suites that are customizable to users of various sizes, and that help customers to cut-down on their overhead in a still very tight global economic climate.

I can think of 10 (“ten”) such scalable suites right now, being: (1) Administration; (2) Compliance; (3) Efficiencies (requirements analyses, efficiency audits, business process reengineering, and big data analytics with recommendations and action on same, all from one vendor– essentially, management consultant services on demand, with M2M delivery in eFormat); (4) Facilities management (electronic and sensory, in M2M/SCADA); (5) General Counsel (as outsourced to on-call, geographically distributed providers through a Cloud contact point); (6) Human Resources; (7) Operations and Development; (8) Research and Development; (9) Sales (as tasked to geographically distributed operatives, on-call in the requisite locations- little travel needed; and (10) Treasury (audit, bookkeeping, and capital markets).[21]

Which Cloud sub-sectors will likely lead?

In a 2012 report for the EU, IDC predicted that the market for public cloud services in Europe would grow at a compound, annualized, 35% (“thirty-five percent”) from 2011 to 2014, despite structural challenges (security, infrastructure, standardization), and the continued tight economic climate.[22]  IDC further posits that “[…] the diffusion of cloud computing is expected to generate substantial direct and indirect impacts on economic and employment growth in the EU, thanks to the migration to a new IT paradigm enabling greater innovation and productivity”.[23]  Admitting that jobs will both be lost and created, “the cloud market is expected to be a driver of net creation of employment in the medium term”, regarding the European economy through 2020; with their estimate of the number of European cloud industry jobs then existing, ranging from 1.3 million to 3.8 million.[24]

Globally, IDC’s results from an Infosys-sponsored July, 2012 survey of 326 large companies across the US, Germany, France, and the U.K. found that, 2 out of 3 were adopting the cloud, with private cloud more popular than public or hybrid cloud.[25]  While cloud strategy in Europe is more developed, it is standalone and needs to be integrated into a larger “whole of IT” approach; U.S. cloud adoption lags behind, but this is due to its being part of a “whole of IT” planning process with many stakeholders.[26]  According to IDC, many survey respondents across the board were reportedly dabbling in “public cloud for some specific areas, but when it comes to the core IT environments, they are starting out with private cloud. Connecting the two into a hybrid model is gaining momentum”.[27]

                                Why use the Cloud?

In essence, “cloud computing simply capitalizes on the need of a business to manage costs, stick to its core competencies and outsource the rest”.[28]  Services and servers formerly managed in house with capital expenditures, can now be managed by vendors as operational cost items, and expensed.  “Companies want to escape IT equipment and support costs, but there are also certain applications and data that large enterprises especially are unlikely to ever let out of their sight and perimeters, King said. That is why the hybrid model works pretty well for many companies right now”.[29]


2. Mobility.

“Digitization—the mass adoption of connected digital services by consumers, enterprises, and governments— is far more than a disruptive wave washing over isolated industries.  We have long since recognized that reality.  Digitization is a fundamental driver of economic growth and job creation the world over- in both developed and emerging markets”.[30]

Within the home and other fixed locations, this digitization has permitted the visual TV broadcast format to shift in many locales to High Definition, allowing for clearer pictures, denser colours and images, and added content and utilities.  In addition, ubiquitous computing is now the default mode, with digitization and packetization, and smartphones and tablets fast-nearing the raw computing power of earlier laptops; if not surpassing them in both that, and storage capacity, through the availability of add-on storage and memory card capacity. Customer-facing cloud applications (online photo storage, social media profile pages, and available-anywhere office productivity and document processing or management service offerings), all benefit from the spread of digitization and the ongoing drop in memory and hardware costs.  Taken together, these developments have enabled location independence, geo-tagging, behavioural marketing, and social business on a hitherto unprecedented scale.

“IT” with regard to mobility ranges from applications, through form factors, to networking, diagnostics, and data analytics.  Similarly, “convergence” in general, means that the field of mobile computing is already broad and deep,[31] and continues to grow with the expanding market for existing form factors (laptop, tablet, smartphone), and ever more innovative offerings to come. Even though some employers eschew creating and implementing BYOD policies for their increasingly mobile workforces (a dangerous oversight, in my opinion), while others re-think or seek to restrict aspects of the whole “mobility” dimension of work,[32] I really cannot envisage ITs mobility-enabling skills-sets facing any realistic danger of impending obsolescence.

3. Operational and ongoing improvements.

In the words of the American Society for Quality (ASQ): “[c]ontinuous improvement is an ongoing effort to improve products, services or processes.  These efforts can seek “incremental” improvement over time or “breakthrough” improvement all at once”.[33] Of course, improving the individual (skills and abilities), can also lead to improving the product, service, or process – including of business processes and in separate business cost centres.  Aside from the plethora of quality measures and quality improvement models, perhaps the simplest offering suggested by ASQ, is the P-D-C-A cycle, which stands for:

(i) Plan (identify opportunities and strategize for their exploitation);

(ii) Do (roll-out a pilot or beta of the change as planned);

(iii) Check (analyze the results and determine whether the desired result was achieved);

(iv) Act (Proceed on a larger scale if successful, or revise if not, with ongoing assessment in both cases).[34]

In the current and evolving IT environment, the need for operational and ongoing improvements is driven by a desire for post-merger, acquisition, or restructuring economies of scale; improved efficiencies in a very tight global economy and hyper-competitive climate; and to increase security in the face of heightened governance, risk, and regulatory compliance (GRC) requirements, and Cybersecurity exposures and events. Automated systems (after human programming), can gather and crunch a vast quantity of data in terms of Enterprise Resource Planning (ERP), Privacy Impact Analysis (PIA), Security and Risk Analysis (SRA), and Threat Risk Assessment (TRA).  However, in the three common, broad stages of all these activities (identification, assessment, mitigation), human input is indispensable to catch the nuances, round-out the corners, and otherwise right-size and customize both process and result.  IT professionals will always be needed to plan, to do, to check and double-check, and to act.

4. Networking.

Networking has come very far since it was merely a question of connecting desktops to servers, and making sure that different servers or server versions and their operating systems (usually all in the same place or distributed corporate space or ecosystem), all meshed well together.  Now, we network across availability zones in region, time zones, and definitely different ecosystems.  With the speed at which technology is currently advancing and generations of IT are maturing,[35] there will always be “legacy” systems in the mix, and this will require the presence of professionals who know and are familiar enough with the idiosyncracies of these legacy systems to service and maintain them.  As with the Basic, Fortran, and Pascal programming languages (which are still used, in some places), someone somewhere, will always be needed into the foreseeable future.  This peculiarity will come into the clearest focus when data must be migrated from these legacy systems, and it can only be done the hard way.  Networking also gains importance with the mainstreaming of Supervisory Control and Data Acquisition (SCADA), the Internet of Things (IoT) or Machine to Machine (M2M) communication[36] – as enabled and enhanced by MEMs[37], Software-Defined Networking (SDN), and of course, Cloud Computing.  These, in their turn, further fuel the “apolitical” socialization of business, living, and leisure.

5. Virtualization.

“The term virtualization is commonly used to refer to the creation of multiple virtual servers that operate on one physical computer. Virtualization uses fewer physical resources to do an increased amount of work in a virtual environment, cuts the costs of purchasing expensive hardware for computers, uses less physical storage space and reduces costs to power and cool physical computers”.[38]

As stated, virtualization has many benefits; including heightened productivity and cost savings.  However, the need for real human beings will persist.  Additional solutions enabled by virtualization include advanced gamification (both single user and multi-user), eLearning, and social business with real time product and service demonstrations, serious streaming and graphics, and simultaneous screen-in-screen separate software instances for multitaneous collaboration, creativity, and other connections.  Content is key, so there will always be a need for IT professionals across the 15 (“fifteen”) phases of the following, proposed new “horseshoe waterfall” software development process (up from the classic 6):

1. Requirements Analysis phase (PIA, ERP, SRA, TRA, and Objective-oriented Risk Identification);

2. Programming & Development phase (design, documentation, IP, cross-disciplinary “play-in/pet-in”[39]);

3. Vendor Development Testing phase (Quality, Usability, Interfaces, Performance, Stability – “QUIPS1”);

4. Application Security Testing (by subsystem, including to regulatory standard/industry metrics);

5. Contract Modeler/Tweaker phase (add-ons, P3 standalone software, and software for hardware);

6. P3 Development Testing phase (Quality, Usability, Interfaces, Performance, Stability – “QUIPS2”);

7. Vendor Integration phase (collective work of all subsystems & add-ons; documentation & IP updates);

8. Application Security testing (complete system by Vendor, and by user panel on late-stage beta);

9. White Hat phase (QUIPS3; with penetration testing, and to regulatory standard/industry metrics);

10. Feedback Integration phase (rectifications, new requirements, ruggedizing for special orders);

11. Deployment phase (with customer training, static testing, and onsite and remote debugging);

12. Implementation Validation phase (QUIPS4 ; with training, operational testing, and debugging);

13. Maintenance and Support phase (updates, patches, customer service, technical support);

14. Customer and Industry Feedback Analysis phase (knowledgebase, data analytics, planning);

15. Re-start at phase 1, 2, or 5: (next generation solution, fully new iteration, or market re-focus).

The falls are shaped like a horseshoe because the water can fall from several places or points at once, because the phases can easily overlap, and because the constant cycle of water never stops; so nobody can peer into the resulting product whirlpool and determine from where, or when, something fell-in.

6. Innovations.

The predictable thing about change, is that it will be constant.  Whether or not you define it as progress, technology innovations will generally have knock-on effects that include additional innovations.  This is a given, as items and areas rendered obsolete will be replaced, and those that wish to resist obsolescence, will make speedy and aggressive moves to adapt to that “new normal”.  From mainframes, through PCs, laptops, smartphones, tablets, and wearable IT[40] and other solutions, innovation feeds upon itself, and knowledgeable IT personnel will always be needed to make things work, adapt, and counter-adapt with concatenating advances in miniaturization[41] and processing power spurring “chipification[42] of ever more discrete utilities and ecosystems to enable higher functions, remote diagnostics, and interoperation.  Current and developing form factors including wearables (heartrate monitors), scannables (QR codes and RFID), flyables (drones), drivables (smart cars and next generation autopilot), and as enabled by current (Gesticuloperation – i.e. operation by voice, clap, and hand signals in the likes of Microsoft Kinect, Sony Wii, interior lighting, and otherwise by voice or eyesight recognition), or Google Glass, and future tech., will likewise still demand contributions from multifaceted IT personnel.

7. Predictive Analytics.

Big Data is here to stay, due to the proliferation of ways in which it is collected, and the depth and detail with which it is being concatenated.  Businesses will need ever-more powerful and intuitive ways to crunch and package its content, whether for ERP, CRM, or other predictive data analytics.[43]  We already see automated resume sorting, but the human eye and brain will still be needed to develop and tweak the software, perform quality checks, and deal with data input delays (illegible writing that won’t scan, jammed paper in scanner input feeds, and machine maintenance and downtime for whatever reason).

ANALYSIS:

                Rightly Forecast to Stay.

While the 2012 ICTC briefing identified 3 (“three”) specific areas of greatest need and growth potential in the prevailing IT skills shortage: Mobile Computing, Cloud Computing, and creative online content (Social Business),[44] IBM’s study of the global IT picture found a fourth: Business Analytics.[45]   Looking at the above 7 areas, Cloud computing touches (at least), 1, 5, 6, and 7; Business Analytics, touches (at least), 3, 4, 6, and 7; Mobile Computing, touches (at least), 2, 4, 6, and 5; and Social Business, touches (at most), 1 through 7.  I see no way that IT jobs or career paths can disappear any time soon.  The health of that sector may well ebb and flow, with economic growth and job prospects fluctuating back and forth; but ITs adaptability, persistence, and traction (APT), give it true staying-power as a criss-crossing, sub-factor of production supporting that new factor of production, “information” – both of which now span mere land, labor, and capital,[46] and thusly remain indispensable bedrocks of modern and future society.

                Wrongly Forecast to Go.

Similarly, regarding the 4 (“four”) specific IT roles identified for re-imagination or extinction,[47] vis-à-vis the above 7 areas: Programming; Datacenter; Data Technology; and Security.  With regard to programming, the author states that the popular or most common computer languages will change.  I agree, but the older languages will not die-out, due to the reasons I gave above.  Similarly, with regard to data technology, the author states that the new and evolving paradigms will require IT professionals who are both more multifunctional and more capable of multitasking across different cost centres in the organization (IT, data analytics, PR, R&D).  With this, I also agree, because up-skilling should be a constant when the going is good, and retraining should remain an option should the paradigm shift.

My disagreements arise with regard to the author’s predictions for IT’s datacenter functions[48] and IT’s security functions,[49] which will supposedly be forever and irretrievably changed by Unified Communications (UC) protocols, outsourced to third-parties, and otherwise surpassed or subsumed by and within the ambit of, a variety of Cloud Services Providers (CSPs).

                Datacenter, specifically.

With regard to datacenter functions, machines can still not fully administer themselves, whether it is an airliner on autopilot, a nuclear power station, the switching center of a railway system, or a conveyor belt – which is supposed to stop by itself when something clogs the mechanism, but still has an emergency stop mechanism for the occasional “human” intervention.  I think that any prediction of the demise of these jobs and functions is premature or wishful thinking at best, and ill-advised at worst.

                Security, specifically.

With regard to security functions, it is worthwhile to note that evolving data protection and privacy standards set-out by legislation, as well as industry best practices across several fields, are severely limiting the extent to which an entity can outsource the “responsibility” that it does and must hold in-house, for the ultimate security of customer or client data; especially with regard to Personally Identifiable Information (PII), including within the financial services industry, and Personal Health Information (PHI), including within the healthcare sector.  This fact, alone, will mandate the persistence of the need for in-house skill sets in “security standardization, procedures, and auditing[50], due to the necessity of verifying: (i) that third-party providers can and do perform as promised and required by law; (ii) that breach notification is timely and properly conducted, and that third-parties are aware of their contractual and legal responsibilities, as applicable; and (iii) that loss prevention, IT, managerial, and legal personal are all on the same page with regard to ERP, outsourcing, risk mitigation, and regulatory compliance across the entire IT ecosystem – whether in-house physical, in-house virtual, outsourced (including Cloud and offshoring), BYOD, or otherwise.  This security matrix must be complete, as omitted input will lead to omitted considerations, and avoidable losses that could rise to be in the extreme.

Even the much maligned practice of offshoring can have a net benefit to the outsourcing economy by pushing those it leaves behind into higher, more skilled, and managerial roles that are needed locally.

Outsourcing can help create opportunities that didn’t exist before,” […].  Recruiting more bodies in another country can “upskill” Canadian IT workers, boosting them into higher level managerial positions,[…].   “The jobs are slightly different than what they may have been before, but it actually is an economic addition, not necessarily a detractor from the economy and from the employment landscape.[51]

CONCLUSION:

For the final word on this issue, I think Stephen C. Ehrman, summarized it best, when he wrote that:

Each predictable doubling of chip power enables the development of surprising new tools for thinking, analyzing, studying, creating, and communicating in the world. Products and professions erupt, altering the content of some discipline, creating new fields, and compelling new forms of interdisciplinary collaboration in the wider world. The level of education required for many jobs is increasing as well. So technological change in the wider world both increases the number of people who need an education and changes what it is they need to learn as well.[52]

I think that should do it!

************************************************************************

Author:

Ekundayo George is a sociologist and a lawyer, with over a decade of legal experience including business law and counseling (business formation, outsourcing, commercial leasing, healthcare privacy, Cloud applications, social media, and Cybersecurity); diverse litigation, as well as ADR; and regulatory practice (planning and zoning, environmental controls, landlord and tenant, and GRC – governance, risk, and compliance investigations, audits, and counseling) in both Canada and the United States.  He is licensed to practice law in New York, New Jersey, and Washington, D.C.  Please See: http://www.ogalaws.com

He is an experienced strategic and management consultant; sourcing, managing, and delivering on high stakes, strategic projects with multiple stakeholders and multidisciplinary teams.  Please See: http://www.simprime-ca.com

Backed by courses in management, organizational behaviour and micro-organizational behaviour, and a Certificate in Field Security from the United Nations Department of Safety and Security (UNDSS), in New York, Mr. George is also a writer, tweeter and blogger (as time permits), and a published author in Environmental Law & Policy (National Security aspects).

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”), in whole or in part for their content, or their accuracy, or their availability.

This article does not constitute legal advice or create any lawyer-client relationship.


[1] Kerry Doyle, MBA.  IT Roles Facing Extinction.  Published on globalknowledge.com by Global Knowledge Training LLC, 2012.  Online: >http://images.globalknowledge.com/wwwimages/pdfs/SR_IT_Roles_Facing_Extinction.pdf<

[2] Patrick Gray.  HP and BlackBerry abandon in-house tablet ecosystems.  Published in “Tablets in the Enterprise”, on techrepublic.com, May 24, 2013.  Online: >http://www.techrepublic.com/blog/tablets/hp-and-blackberry-abandon-in-house-tablet-ecosystems/3428?tag=nl.e101&s_cid=e101&ttag=e101<

[3] Tribute to the late Professor Albert Chinualumogu (Chinua) Achebe, (1930-2013), author of the timeless classic “Things Fall Apart” (first published in A.D. 1958).

[4] A sometimes heated debate persists on whether or not the United States is currently experiencing a skills shortage in graduates of Science, Technology, Engineering and Mathematics (STEM).  See e.g. (severe shortage exists): Society for Human Resource Management (SHRM).  The Ongoing Impact of the Recession – Recruiting and Skills Gap.  Published on shrm.org, March 12, 2013.  Online: >http://www.shrm.org/Research/SurveyFindings/Articles/Pages/SHRM-Recession-Recruiting-Skill-Gaps-Technology.aspx<; see contra (no shortage found): Economic Policy Institute (EPI).Hal Salzman, Daniel Kuehn, and B. Lindsay Lowell.  Guestworkers in the high-skill U.S. labor market: An analysis of supply, employment, and wage trends.  Published in “Immigration”, on epi.org, April 24, 2013.  Online:

>http://www.epi.org/publication/bp359-guestworkers-high-skill-labor-market-analysis/<

[5] In Canada, however, the skills shortage issue appears better settled – it exists!  See e.g. Namir Anani, President and CEO of the Information and Communications Technology Council (ICTC).  Briefing – HUMA – Fixing The Skills Gap and Understanding the Labour Shortages, at page 2.  Mr. Anani delivered this briefing in Ottawa, Canada, on April 4, 2012, before the Parliamentary Standing Committee on Human Resources, Skills and Social Development and the Status of Persons with Disabilities.  Published on ictc-ctic.ca.  Online: >http://www.ictc-ctic.ca/wp-content/uploads/2012/06/ICTC_HUMAPresentation_EN_04-12.pdf<

[6] Joe McKendrick.  Almost 1.7 Million Cloud-Related Jobs Went Unfilled in 2012: Estimate.  Published in “Tech”, on forbes.com, December 21, 2012.  Online: >http://www.forbes.com/sites/joemckendrick/2012/12/21/almost-1-7-million-cloud-related-jobs-went-unfilled-in-2012-estimate/<

[7] National Institute of Standards and Technology (NIST).  NIST Cloud Computing Program.  Online: >http://www.nist.gov/itl/cloud/index.cfm<

[8] PCI Security Standards Council: Cloud Special interest Group.  PCI Data Security Standard (PCI DSS), Version 2.0 – Information Supplement: PCI DSS Cloud Computing Guidelines, at 4.  Released March, 2013.  Online: >https://www.pcisecuritystandards.org/documents/information_supplement_11.3.pdf< Software as a Service (SaaS), is there defined by PCI SSC as: “[c]apability for clients to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser, or a program interface”.  See also Ekundayo George.  Data Protection and Retention in the Cloud: Getting it Right, at Note 1.  Published on ogalaws.wordpress.com, March 11, 2013.  Online: >https://ogalaws.wordpress.com/2013/03/11/data-protection-and-retention-in-the-cloud-getting-it-right/< SaaS offerings generally include tools for processing, analysis, accounting, CRM, and back-office functions, as delivered on a “pay by use or increment” basis.

[9] Michael Hafner, Mukhtiar Memon, and Ruth Breu.  SeAAS – A Reference Architecture for Security Services in SOA.  Published 1.9.09 in the Journal of Universal Computer Science (JUCS), vol. 15, no. 15 (2009), 2916-2936, at 2924. Online: >http://www.jucs.org/jucs_15_15/seaas_a_reference_architecture/jucs_15_15_2916_2936_hafner.pdf<

Security as a Service (SecaaS), is there defined by the authors, as:

“[…] the delivery of security functionality over infrastructure components in a service-oriented manner. For SOA, this means that security services are accessed through common Web services technologies and standards”.

As stated in that publication, SecaaS offerings generally encompasses services for: authentication, authorization, security compliance, security interoperability, cryptography and message processing, protocol-based security, and security monitoring and auditing.

[10] PCI Security Standards Council: Cloud Special interest Group.  PCI Data Security Standard (PCI DSS), Version 2.0 – Information Supplement: PCI DSS Cloud Computing Guidelines, at 4.  Released March, 2013.  Online: >https://www.pcisecuritystandards.org/documents/information_supplement_11.3.pdf< Platform as a Service (PaaS), is there defined by PCI SSC as: “[c]apability for clients to deploy their applications (created or acquired) onto the cloud infrastructure, using programming languages, libraries, services, and tools supported by the provider”.  See also Ekundayo George.  Data Protection and Retention in the Cloud: Getting it Right, at Note 2.  Published on ogalaws.wordpress.com, March 11, 2013.  Online: >https://ogalaws.wordpress.com/2013/03/11/data-protection-and-retention-in-the-cloud-getting-it-right/< PaaS offerings generally include tools for email, online backup, or desktops on demand, as well as middleware and raw development platforms.

[11] PCI Security Standards Council: Cloud Special interest Group.  PCI Data Security Standard (PCI DSS), Version 2.0 – Information Supplement: PCI DSS Cloud Computing Guidelines, at 4.  Released March, 2013.  Online: >https://www.pcisecuritystandards.org/documents/information_supplement_11.3.pdf<  Infrastructure as a Service (IaaS), is there defined by PCI SSC as: “[c]apability for clients to utilize the provider’s processing, storage, networks, and other fundamental computing resources to deploy and run operating systems, applications and other software on a cloud infrastructure”.  See also Ekundayo George.  Data Protection and Retention in the Cloud: Getting it Right, at Note 3.  Published on ogalaws.wordpress.com, March 11, 2013.  Online: >https://ogalaws.wordpress.com/2013/03/11/data-protection-and-retention-in-the-cloud-getting-it-right/< IaaS offerings generally include tools for collaboration, integration, and visualization, in scalable storage and server capacity on demand.

[12] Ekundayo George.  Data Protection and Retention in the Cloud: Getting it Right, at Note 4.  Published on ogalaws.wordpress.com, March 11, 2013.  Online: >https://ogalaws.wordpress.com/2013/03/11/data-protection-and-retention-in-the-cloud-getting-it-right/<  Network as a Service (NaaS), generally includes advanced virtualization tools such as bandwidth-on-demand for multiple VPNs-on-demand, and for cloud-to-cloud networking on-demand.

[13] Data as a Service (DaaS), generally includes the hosting and delivery-on-call of data that is both form factor independent and software independent, as its storage (static) and delivery (formatted) states will differ, and the data will only be transformed from one to the other as and when needed, and as optimized to form factor or use.  Increasing data analytics and in-house ownership of the crunched result, will spur growth in this DaaS (author).

[14] Migration as a Service (MaaS), refers to the transmission or translocation of clientele (users of blogs, wikis, chats, or other collaborative portals), data and databases (documents, files, spreadsheets and folders), capital operations and office suites (applications, business processes, or operating systems from version to version, or from server to server on premise), or services (emails and VOIP/voicemails); whether from one platform or service provider, to another (on-premise to cloud transforming capital expenditures to operating expenses, or cloud to cloud).  This can be done on a self-serve basis, or through a vendor.  The volume of data that many companies now command otherwise makes migrations quite expensive, and implies that MaaS will remain a growth area (author).

[15] Christine Burns, Network World.  Cloud careers: It’s a seller’s market.  Published on networkworld.com, October 8, 2012.  Online: >http://www.networkworld.com/supp/2012/enterprise5/100812-ecs-cloud-careers-262741.html<

[16] Id.

[17] Joe McKendrick.  Almost 1.7 Million Cloud-Related Jobs Went Unfilled in 2012: Estimate.  Published in “Tech”, on forbes.com, December 21, 2012.  Online: >http://www.forbes.com/sites/joemckendrick/2012/12/21/almost-1-7-million-cloud-related-jobs-went-unfilled-in-2012-estimate/<

[18] See Ekundayo George.  Ctrl-Shift-Del: 2013’s Top 5 Technology Trends for Consumers.  Published on ogalaws.wordpress.com, March 16, 2013.  Online: >https://ogalaws.wordpress.com/2013/03/16/ctrl-shift-del-2013s-top-5-technology-trends-for-consumers/<

[19] Id.

[20] See e.g. Ekundayo George.  Social Media Policies: Why have them, and what should they cover?  Published on ogalaws.wordpress.com, May 29, 2013.  Online: >https://ogalaws.wordpress.com/2013/05/29/social-media-policies-why-have-them-and-what-should-they-cover/<

[21] I see these enabling, at the very least: (i) ”eNUB“ (email, number, and URL banking); and (ii) “Work-Shifting”.

(i) eNUB will be the response of entities and employers to salesforce BYOD, now better able to take existing contacts, prospects, vendors, and sales peers with them, due to all knowing that contact number by heart.  Hence, even if that person’s entire eRolodex gets remote-wiped, they can still be reached by their now “good old friends”. So, with growing number portability and VOIP, employers will own and manage banks of mobile contact numbers (in addition to the URLs and emails they already tag-onto/under domain names), to prevent salesforce lead-bleed.

(ii) The growing ability, through advancing mobile device management (MDM) technologies to stop and start the delivery of emails, and to route and unroute calls to BYOD-enabled workers so that they are not troubled (into working costly overtime), outside the standard workday, will enable employers to more easily juggle the workflow between permanent and contract employees in different time-zones through disclosed/undisclosed jobsharing arrangements. Hence, less downtime in a new, cloud-enabled world of work-shifting, as opposed to shift-work.

See Tom Kaneshige, CIO.  Which Workers Are the Best Fit for BYOD?  Published on cio.com, May 14, 2013.  Online: >http://www.cio.com/article/733399/Which_Workers_Are_the_Best_Fit_for_BYOD_?taxonomyId=600007<

[22] IDC.  Quantitative Estimates of the Demand for Cloud Computing in Europe and the Likely Barriers to Up-take. SMART 2011/0045.  D4 – Final Report, at 30.  Published on ec.europa.eu, July 13, 2012.  Online: >http://ec.europa.eu/information_society/activities/cloudcomputing/docs/quantitative_estimates.pdf<

[23] Id. at 9.

[24] Id. at 9.

[25] Marianne Kolding.  IDC White Paper.  Adoption of Cloud: Private Cloud is Current Flavour but Hybrid Cloud is Fast Becoming a Reality, at 1-2.  Published on Infosys.com, September, 2012.  Online: >http://www.infosys.com/cloud/features-opinions/Documents/hybrid-cloud-becoming-reality.pdf<

[26] Id. at 2.

[27] Id. at 3.

[28] Peter Brown and Leonard T. Nuara, Co-chairs.  Cloud Computing 2011: Cut Through the Fluff & Tackle the Critical Stuff.  Intellectual Property Course Handbook Series.  Number G-1055, at 49.  Published in 2011 by the Practicing Law Institute, New York (PLI).

[29] TechRepublic.  Executive’s Guide to Best practices in SAAS and the Cloud, at 14.  Published in “Whitepapers”, on ZDNet.com, March 2013.  Online: >http://www.zdnet.com/executive-guide-to-best-practices-in-saas-and-the-cloud-free-ebook-7000012032/< The author quotes Charles King, principal analyst at Pund-IT.

[30] World Economic Forum and INSEAD.  The Global Information Technology Report 2013: Growth and Jobs in a Hyperconnected WorldForeword by Cesare Mainardi, Chief Executive Officer, Booz and Company, at vii.  Published on weforum.org, 2013.  Online: >http://www3.weforum.org/docs/WEF_GITR_Report_2013.pdf<

The author takes care to point-out that while digitization brings benefits in both productivity and employment growth, there “may well come” a point of disequilibrium.  Similarly, there is a delicate balance to be found for the 3 (“three”) roles on the input matrix, being the roles of financier, facilitator, and direct developer.  Where and when the ratio is off, the national cake will not rise to meet the demand, or otherwise respond on command.

[31] See e.g. Guarav Kumar, Ph.D., Assistant Professor, Department of Computer Applications, Chitkara University, Rajpura, Punjab.  Career Guide: Career in Mobile Computing and Wireless Technology.  Published in Employment News Weekly, 25 May – 31 May, 2013, issue (No. 08), on employmentnews.gov.in.  Online: >http://www.employmentnews.gov.in/career_in_mobile.asp< This article and the sheer diversity of the career streams here listed provide a very clear idea of just how vast the mobile field now is, and promises to become.

[32] See e.g. Kara Swisher.  “Physically Together”: Here’s the Internal Yahoo No-Work-From-Home Memo for Remote Workers and Maybe More.  Published on allthingsd.com, February 22, 2013.  Online: >http://allthingsd.com/20130222/physically-together-heres-the-internal-yahoo-no-work-from-home-memo-which-extends-beyond-remote-workers/<

[33] American Society for Quality (ASQ).  Continuous Improvement.  Published on asq.org, at Continuous Improvement Model – Learning Resources.  Online: >http://asq.org/learn-about-quality/continuous-improvement/overview/overview.html<

[34] Id.

[35] Jonathan Huebner, Ph.D.  A possible declining trend for worldwide innovation.  Published 2005, in Technological Forecasting & Social Change 72 (2005) 980-986, at 981, on sciencedirect.com.  Online: > http://accelerating.org/articles/InnovationHuebnerTFSC2005.pdf<

 

There is a general consensus that technology is advancing exponentially, and that this advance will continue into the distant future. The basic assumption behind this view is that either there is no limit to technological advance, or if there is a limit, then we are far from reaching it.

[36] See Infra, note 41.

[37] Visa.  The Future of Technology and Payments report: More of the Same (2nd edition, printable version), at pp. 10-11.  Published by Visa, on visaeurope.com, April 24, 2013.  Online: >http://www.visaeurope.com/en/about_us/industry_insights/tech_trends.aspx<

“We therefore expect to see the progressive deployment of so-called Microelectromechanical systems (MEMs).  These minute devices, generally smaller than a square-millimetre, typically comprise of a microprocessor plus a sensor or actuator. Already, they are common components within consumer devices acting, for example, as accelerometers or gyroscopes. (…)”.

 

“For the future, the use of MEMs seems destined to become more widespread. More exotic sensors will become available (capable, for example, or checking blood pressure or glucose levels). Their proliferation could therefore enable the so-called “internet of things” (…). And, in the coming years, IBM holds out the prospect of a trillion connected d devices (…) – that equates to one hundred smart objects for every person on our planet”.

[38] Megan M. Kearney, Esq.  Faster Than the Speed of Law: Technological Advancements Generate a Host of Novel Legal Concerns.  Originally published in The Philadelphia Lawyer, Winter 2011, “Intellectual property law”, pepperlaw.com.  Online: >http://www.pepperlaw.com/pdfs/PhilaLawyer_Kearney.pdf<

[39] See e.g. Lucas Mearian, Computerworld.  The Time is Right for an ‘IT Petting Zoo’.  Published on cio.com, June 5, 2013.  Online: >http://www.cio.com/article/734452/The_Time_is_Right_for_an_IT_Petting_Zoo_?taxonomyId=600007<

[40] Canadian Manufacturing Daily Staff.  Ontario firm gets federal funding for wearable lithium-ion pack.  Published on canadianmanufacturing.com, April 23, 2013.  Online: >http://www.canadianmanufacturing.com/general/ontario-firm-gets-federal-funding-for-wearable-lithium-ion-pack-101574<

[41] Fundación de la Innovación, Bankinter, and Accenture.  Future Trends Forum (FTF) Series, Number 15: The Internet of Things – In a Connected World of Smart Objects.  Chapter 3, at page 37.  Published on fundacionbankinter.org, in 2011.  Online: >http://www.fundacionbankinter.org/system/documents/8189/original/XV_FTF_Interneto_of_things.pdf

 

“More than half a century on from the days of mainframe computers that took up whole rooms, components are becoming smaller and smaller, enabling faster and more powerful computers to be developed. This physical layer occupies less space, making it easier to connect practically anything, anywhere, anytime. What we are seeing is the phenomenon of miniaturization”.

 

[42] Supra note 37.

[43] Toni Bowers.  IT needs to understand the move from BI to data analytics.  Published in “Tech Decision Maker”, on techrepublic.com, May 28, 2013.  Online: >http://www.techrepublic.com/blog/tech-manager/it-needs-to-understand-the-move-from-bi-to-data-analytics/8277?tag=nl.e099&s_cid=e099&ttag=e099<

[44] Namir Anani, President and CEO of the Information and Communications Technology Council (ICTC).  Briefing – HUMA – Fixing The Skills Gap and Understanding the Labour Shortages.  Mr. Anani delivered this briefing in Ottawa, Canada, on April 4, 2012, before the Parliamentary Standing Committee on Human Resources, Skills and Social Development and the Status of Persons with Disabilities.  Published on ictc-ctic.ca.  Online: >http://www.ictc-ctic.ca/wp-content/uploads/2012/06/ICTC_HUMAPresentation_EN_04-12.pdf<

[45] See IBM.  Fast Track to the Future: The 2012 IBM Tech Trends Report.  Published by the IBM Center for Applied Insights, on ibm.com, December, 2012.  Online: >https://www.ibm.com/developerworks/community/blogs/techtrends/?lang=en<

[46] Supra note 41, at 18.  Just as in an agricultural economy, the factors of production were land and labor, and in an industrial economy they were capital and labor, information has become the production factor of the twenty-first century”.

[47] Kerry Doyle, MBA.  IT Roles Facing Extinction.  Published globalknowledge.com, by Global Knowledge Training LLC, 2012.  Online: >http://images.globalknowledge.com/wwwimages/pdfs/SR_IT_Roles_Facing_Extinction.pdf<

[48] Id. at 3.  “Gone are the service technicians responsible for rewiring and maintenance.  UC makes those skills unnecessary.  In the future, one or two systems analysts will centrally handle communication implementation and flow from within the datacenter”.

[49] Id. at 4.  “Within organizations, gone are the traditional back-up and recovery skill sets which will be relegated to third-party providers”. (…)  “Gone are the technicians who relied on security standardization, procedures, and auditing”.

[50] Id. at 4.

[51] Brian Bloom.  IDC: Offshoring IT keeps Canadian firms competitive.  Published for Computing Canada in itworldcanada.com, June 14, 2012. The quotation is from Jason Trussell, senior vice-president and Canadian regional manager at iGate Inc.  Online: >http://www.itworldcanada.com/news/idc-offshoring-it-keeps-canadian-firms-competitive/145611<

[52] Stephen C. Ehrman, Ph.D.  Technology and Revolution in Education: Ending the Cycle of Failure.  Published in Liberal Education, Fall (2000) 40-49, at “Double Double Toil and Trouble: Moore’s Law”.  This penultimate draft of the final article is available through The TLT Group (Teaching, Learning, and Technology), on tltgroup.org.  Online: >http://www.tltgroup.org/resources/V_Cycle_of_Failure.html

The story recently broke of an employee (former employee) who had high-level system access as a “software programmer and system manager”.  The allegation is that he retaliated after being passed-over for promotions, which led to his resignation in December, 2011; with a final day of work in January, 2012.[1]  According to a Criminal Complaint in the incident as filed by the Federal Bureau of Investigation (FBI) in the District Court for the Eastern District of New York, the accused had worked there for several years, and was actually “one of two employees who were primarily responsible for ensuring that the software that drove the company’s manufacturing business—including its production planning, purchasing, and inventory control—operated efficiently”,[2] showing just how much free system access he really had.  The estimate puts a cost to the former employer of his alleged activities at some $90,000.00 in damages.  Admittedly, it could have been significantly more than this.  That number is not insignificant.  However, we may or may not ever come to know whether it stopped there due to self-imposed limitation(s), or inability to do anything more destructive or wide-ranging due to security impediments.

 

On to the questions:

1. When someone with that kind of access departs, is it now necessary to change every single password of every single employee?

2. Is that the same if you have high IT turnover?  Things can get pretty hectic in that case!

Bob[3] was an “ongoing insiders”.  The current accused is therefore a “former insider” and not a “pure outsider”, if looking at the situation from a purist perspective.

3. Which of these three (ongoing insiders, former insiders, and pure outsiders) is now classified as the greater threat to employers and/or businesses in general?

 

There is a sometimes quite intense ongoing debate on whether outside threats or inside threats are greater; but both sides of the debate, and naysayers who disdain such reductionism per se or prefer to focus on purer forms of quantification and categorization, all agree that the state of Infosec/Cybersec is complex and accelerating at a breakneck pace.  Events will doubtless continue to present teachable moments.  I say that an inside the firewall/outside the firewall categorization is helpful in quantifying the potential harm from various threat vectors on available attack surfaces, and planning to address them on a constant and consistent basis.  However, I also think that all threats can be adequately considered when: (a) you focus on achieving buy-in to the need for security protocols and adherence thereto at all levels of the organization; (b) you budget accordingly for training, ERP, and the staff and tools to deal with the threat universe; and (c) you assiduously enforce best practices, even when it makes (for some) their accessing of preferred apps. or sites inconvenient to impossible, or slows people down a little.  I call this cubing the B.

The above-referenced and linked allegations remain allegations.  All parties are innocent until proven guilty in a court of law.

**********************************************************

Author:

Ekundayo George is a sociologist and a lawyer, with over a decade of legal experience including business law and counseling (business formation, outsourcing, commercial leasing, healthcare privacy, Cloud applications, social media, and Cybersecurity); diverse litigation, as well as ADR; and regulatory practice (planning and zoning, environmental controls, landlord and tenant, and GRC – governance, risk, and compliance investigations, audits, and counseling) in both Canada and the United States.  He is licensed to practice law in Ontario, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America (U.S.A.).  Please See: http://www.ogalaws.com

He is an experienced strategic and management consultant; sourcing, managing, and delivering on high stakes, strategic projects with multiple stakeholders and multidisciplinary teams.  Please See: http://www.simprime-ca.com

Backed by courses in management, organizational behaviour, and micro-organizational behaviour, Mr. George is also a writer, tweeter and blogger (as time permits), and a published author in Environmental Law and Policy (National Security aspects).

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”), in whole or in part for their content, or their accuracy, or their availability.

This article does not constitute legal advice or create any lawyer-client relationship.


[2] Federal Bureau of Investigation (FBI).  Press Release.  Long Island Software Programmer Arrested for Hacking into Network of High-Voltage Power Manufacturer.  Published by the FBI on fbi.gov, May 2, 2013.  Online: >

http://www.fbi.gov/newyork/press-releases/2013/long-island-software-programmer-arrested-for-hacking-into-network-of-high-voltage-power-manufacturer<

[3] Ekundayo George.  Cybersecurity: the Enemy is also (perhaps even more so), Within – the case of “Bob”.  Published January 17, 2013, on ogalaws.com.  Online: >https://ogalaws.wordpress.com/2013/01/17/cybersecurity-the-enemy-is-also-perhaps-even-more-so-within-the-case-of-bob/<

Comment in the discussion chain: Data Centers and Disaster Recovery in Nigeria.

Started by moderator Christopher Odutola of the Linked in group: Cloud Computing, Virtualization and Disaster Recovery in Nigeria.

Online: http://www.linkedin.com/groups/Data-Centers-Disaster-Recovery-in-3785575.S.43550562?view=&srchtype=discussedNews&gid=3785575&item=43550562&type=member&trk=eml-anet_dig-b_pd-pmt-cn&ut=1tsF8girXdkBI1

**********

Thank you, all for your highly knowledgeable and astute comments in this discussion so far.  We all know that as Nijas, we have the talent and we have the skills to get things done – as you all show.  However … na conditions!!  I think 6 factors need to be addressed to some extent before the cloud can gain more credibility and traction in Nigeria, and even in Africa, and become “e-Solid”.

“E”nergy is number one.  Data centers need cooling (especially below the equator), and drives need energy to spin, access memory, and provide those virtual instances.  The idea of generators in series has merit, but I would say turbines are better – with all the natural gas we have flaring.  I always wonder why none of our unemployed Engineers have built scalable and modular mini-re refineries that can be used in the Niger Delta instead of all these open air burns; as used to feed or as combined with, modular and scalable mini-power stations.  We do have the labour, craftsmen, engineers, and natural resources.  Perhaps some of your banking and industrial contacts can be interested in seed funding.  Such machines will get plenty of interest in similarly challenged parts of the world.  It will take quite an effort to string functioning power lines everywhere, or bury them where there are already more people than spare ground.  I think localized modularity is the way to go, as opposed to regional and national power grids.

“S”ecurity has many facets.  One the one hand, it is the day to day matter of traveling to work while avoiding roadblocks, armed robbers, militants or les beaucoup-harmers, and drivers of trucks with no brakes, or of buses full of people and tankers full of petroleum or chemicals, who are not in their right minds due to some substance or other.  The 24/7 nature of IT will require people to travel back and forth at odd times,  unless you are there on 7-12 day on, and 7-12 day off shifts, or something like that.  Even then, you will have to switch-out at some point, and face the travel hazards.  The other facet of security is data security.  Are the sys-admins selling off data sniffed in transit; is the data entirely managed within Nigeria or are portions of the cloud external and therefore subjecting the data to the laws and sniffing of other jurisdictions; are Nigerians adequately protected from identity theft and loss of funds in the case of financial data transfers through the cloud?  These are all areas where Nigerian laws are pretty far behind, due to other priorities of our dear leaders – state and federal, and legislators.

“O”versight is also highly important.   There are a plethora of regulatory bodies, associations, commissions, and parastatals in Nigeria that have overlapping and complementary functions.  When people in position wake and realize that there is money to be made from taxing, regulating, and licensing the cloud, there will be a rush to assert jurisdiction.  Will it be from NCC (due to communications), CBN (due to financial transactions in the cloud), FRSC (due to data transportation on the information highway), NIMASA for the undersea telecommunications cables, each and every state government (due to data center location), EFCC (due to the potential problems within their competence), or any combination of the security agencies, due to the potential national security implications.  How easily can the Corporate Affairs Commission define which of the above types of business the CSP/CSV is engaging in, and how many lawsuits, pleas to the President, and examples public rudeness and misbehavior at the highest levels will Nigerian have to endure from those many competing regulatory interests?  I think a massive rationalization and realignment of Nigeria’s regulatory landscape is long overdue, but it may not happen while there are so many who benefit from the current alphabet soup of a conjoint twin octopus at a grand buffet, still eating to their heart’s content.  Other countries have established central fora, fusion centers, and similar councils where many bodies work together for the same goal.  In our case, that may take some time to achieve.

“L”egal is the logical follow-on, here.  There can be a self-regulatory body established for cloud service providers that enforces standards amongst peers, coordinates training and best practices, and works to lobby the government where and when needed.  Or, providers in the space can continue to work independently and accept whatever laws and regulations – no matter how contradictory, policy-somersault-laden, or otherwise non-conducive to sane and sustained business – are handed down from above.  Tips can be taken from what transpires with regard to the cloud outside Nigeria, but we should not be so fast to adopt things full force, that might not quite fit with our unique context.  We have seen many examples of this, as well as cases where countries accepted Constitutions and laws drafted by outsiders that were just plain wrong.

For example, the Warsaw Convention limits liability to air carriers in the case of a lost luggage, persons, or goods.  The Hamburg Rules perform a similar function with regard to carriage of goods by sea.  Those work well and are generally accepted for important service industries, when coupled with insurance.  Obviously, some lawyers can always be found to sue, despite the caps!  Attitudes change, however, when the protection is given to specialized industries and interests.  You have for example the Nuclear Liability Act in Canada, and the Price-Anderson Nuclear Industries Indemnity Act, in the United States – both limiting the liability of civilian nuclear installations for any incidents.  Most recently, on top of the refusal or inability of the United States Food and Drug Administration to force the labeling of genetically modified foods and food ingredients, President Obama still signed a Monsanto Protection Act on March 28, 2013 – http://rt.com/usa/monsanto-bill-blunt-agriculture-006/.

A time may well come when the cloud industry becomes so large and all-pervasive that it will merit similar protections for all the data breach and failings we see with it in the western world – the first adopters.  However, if this happens in Nigeria before deposit insurance is taken and managed seriously (towards fewer vanishing premiums), a national identity system is firmly in place (towards fewer unusually expensive ghost workers), and business insurance and industry best practices are firmly adhered to, someone may pull a Cyprus without the government involvement.  The supposedly un-hackable Bitcoin was recently pilfered, and government should not help itself to personal bank accounts just because someone tells it to.  If the industry itself is protected, but the protection is not there or woefully inadequate for customers/consumers, some major problems could very well result.

“I”nfrastructure also needs a lot of work – whether roads and rails, buildings within which mobiles may or may not function, encryption and security of data in transit against SQL insertion and other malware exploits, and a lot more attention to such basic security as keeping programs and systems patched and up to date.  BYOD can mean both bring your own device and bring your own destruction, depending on what the device owner is knowingly or unknowingly carrying within it, or something to which the device attaches.  It is no secret that many government websites in Africa (not just Nigeria) are Trojan-laden.  This needs to be fixed, before Nations are cut-off from the outside and just go dark, due to the increasingly powerful antivirus and anti-malware programs that just block access to swathes of e-Estate, due to the real or alleged vulnerabilities that they represent.  Come on, guys and gals, we need to be able to reach you …. and there is no guarantee that VOIP will remain unaffected.  I cannot count the number of times that my system has refused to go somewhere – somewhere legitimate thank you – and then, I had to decide whether or not to disable the meguard and go there anyway.  This trend is already well-underway.  Even with all or most of the cell towers up, there should be backups in hard lines and satellites, because towers can still be taken down.  We need to get our act together and put in the kind of backup and redundancy of critical infrastructure that gives people a greater sense of confidence that things will work and continue to work when they are needed most.   With the near total absence of landlines, what happens to emergency calls when the cloud-based cellular service goes down?  Our infrastructure needs some serious work if we are to have the necessary bandwidth for greater cloud uptake (by SMBEs and conglomerates), deployment (in SaaS, PaaS, and IaaS configurations), and uptake (by the public and the powers that be); along with the other deficiencies here identified.

“D”isaster prevention, planning, response, and recovery is an obviously-ignored competence at the higher levels in Nigeria, due to the abundance of buildings and homes in flood plains – recurrently lost; the lack of an organized, national ambulance and air and water ambulance service – let alone fully-equipped, staffed, and functioning medical and dental facilities and pharmacies; poor attention to building standards, and road and rail traffic, maritime, and aviation vessel quality and facility maintenance; and the preponderant fire brigade approach with promises and prayers when things go horribly wrong.  Even where the cloud is proprietary, such as the example of your own VM instance on campus or at work, commonsense and best practices still advise the use in any combination, of off-cloud backup (such as having your digital photos both in the cloud and on a physical USB stick that can create a mirror collection with rapid and relative ease – so long as not corrupted or lost), a substitute or backup cloud (such as also storing them in another location and with another vendor,  perhaps as sent email attachments due to the current almost unlimited email storage capacity), offsite backup (on a portable hard drive at a second physical location), and perhaps physical hardcopy prints that can be laboriously scanned and uploaded, again, if and when all else fails.  Multiple redundancies are keys to data availability, reliability, and replicability, and all of the above need to be addressed before that can be more fully guaranteed with the appropriate high-uptime SLAs.

 

SUMMARY:

In summary, unless the Nigerian cloud industry members, vendors, and workers want to be misled by the kind of absentee and not quite technically competent as it is supposed to be or claims to be leadership that has characterized so much of our experience in recent memory, they (and other like-minded professional bodies tired of waiting to be disappointed, yet again), will step-up to take the lead in their own best professional and practical interests, and the interests of all Nigerians at home, abroad, and as yet unborn, to organize, strategize, and familiarize themselves with global best practices, apply only what makes most sense with regard to local idiosyncrasies, and work to build local workarounds and custom solutions to the Nigerian situation that can waylay & workaround the kind of Bigman and Bigwoman jealousy, grandstanding, and other examples of feferity and insincerity that I alluded to above; better insulating their businesses from marauders to make them e-Solid.

That’s my N 100;

I hope it helps.

************************************************************************

Author:

Ekundayo George is a sociologist and a lawyer, with over a decade of legal experience including business law and counseling (business formation, outsourcing, commercial leasing, healthcare privacy, Cloud applications, social media, and Cybersecurity); diverse litigation, as well as ADR; and regulatory practice (planning and zoning, environmental controls, landlord and tenant, and GRC – governance, risk, and compliance investigations, audits, and counseling) in both Canada and the United States.  He is licensed to practice law in Ontario, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America (U.S.A.). Please See: http://www.ogalaws.com

He is an experienced strategic and management consultant; sourcing, managing, and delivering on high stakes, strategic projects with multiple stakeholders and multidisciplinary teams.  Please See: http://www.simprime-ca.com

Backed by courses in management, organizational behaviour, and micro-organizational behaviour, Mr. George is also a writer, tweeter and blogger (as time permits), and a published author in Environmental Law and Policy (National Security aspects).

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”), in whole or in part for their content, or their accuracy, or their availability.

This article does not constitute legal advice or create any lawyer-client relationship.

I would say there are essentially 7 (“seven”) stages in this trajectory, being:

(i) SaaP;

(ii) SaaS;

(iii) SaaR;

(iv) S3aUR;

(v) PcSS;

(vi) SaEE/SaEA;

(vii) PC3S.

Kindly allow me to explain.

SaaP – Software as a Product:

(i) Software was originally a product, although many in the younger generations may have little to no recollection of those days.  It was separately shrink-wrapped and sold first in hard copy format, on disks (you might recall the almost never-ending deluge in your snail mail of all those free and unsolicited AOL, Earthlink, and MSN discs of yore), amongst others; and then, it moved online, with click-wrap licensing.

SaaS – Software as a Service:

(ii) Software as a Service developed with the outsourcing trend, and it has actually been with us for at least a good decade.  Value-added through offshoring, near-shoring, and contracting-out for the design of software to run CAD and CAM applications (as well as the machines on which to run them), all after first hiring the outside management consultants to advise on how to better streamline and align critical line and staff functions to increase ROI, boost productivity, and maximize shareholder value.

SaaR – Software as a Right:

(iii) Although many don’t quite see it – due to the fact that Stage 4 is already taking the limelight ahead of its time – Stage 3 is when we start to see Software as a Right (SaaR).  Software is becoming a right because cost-cutting has led to several European and North American governments cutting funds for hardcopy libraries, both public and at educational institutions.  As this happens, older collections are being shredded to save space and funds (sometimes with and sometimes without ensuring that they are first put to the expensive process of scanning and digitization, and very often without any public disclosure, comment, or opportunity for interested parties and departments to offer to raise the funds or find the space to preserve them).  As more and more knowledge goes online and becomes accessible only for a fee (see the recent moves of certain provides of news and commentary to dispense with the printed versions of their publications); and as more and more public government services (information, forms, e-filing, e-refunds) and even private sector services (banking, customer service, event and school registration and RSVP), then software becomes a right, to the extent that people need it for access to these essentials of daily living.

S3aUR – Software and Systemic Security at Undue Risk:

(iv) We are now seeing multiple, concatenating, and overlapping tangible and virtual instances of Software and Systemic Security at Undue Risk in multiple Availability Zones (AZ), due to hacking and malware, Advanced Persistent Threats (APT), insider fraud and disgruntled employees,[1] apparent personal grudges,[2] blatant BYOD misuse, and just bad design, mismatched configuration, or absent/inactive management.  There are climatic and other intervening “exigent events”.  However, the argument will always be made that these (including climate change), were predictable, and could therefore have been better planned for and their effects, controlled.

PCSS – Persistent Cloud Security Systems:

(v) As a result of Stage 4, discussions have already commenced and are well underway,[3] on how to best structure,[4] roll-out, and govern a Persistent Cloud Security (PCSS) that (a) works in real-time, (b) is networked to involve end-users, private sector providers, and public sector actors of various profiles, and (c) is truly multinational and achieves massive regulator and government buy-in to work consistently and predictably with common rule or principles to drill down on, rein-in, and prosecute actors in the under-most belly, of the Deep Web.[5]  Monitoring as a Service, Alerts as a Service, and like offerings will not, alone, suffice to stem Stage 4s insecurity tsunami.

SaEE/SaEA – Software as Embedded Enabler or Enhancement/Appendage or Augmentation:

(vi) Of course, being a non-Wizard, I cannot say what term precisely, will be used.  It is possible, just as is the current case with the Phase 2 SaaS variants, that different terms will be used by different providers and commentators, unless and until some sort of standardization is agreed-upon.  The need for constant updates, patches, and other communications with the thin, thick, and virtual clients running all of this massively-dispersed computing power, whether by pull-down or push-out from the update source, will eventually start to fall too far behind the developing threats and vulnerabilities presented.  At that point, one or more governments may “force” this Stage 6.

There are already “some” people experimenting with themselves by embedding RFID chips, and the agriculture industry has lots of experience on their use with farm animals.  Anecdotal stories on the internet about additional experimentation by early-adopters with pets, children, and the elderly, are yet to be proven for the most part …. I think?!  A number of nations are reportedly also spending copious amounts of declared and undeclared moneys on brain-mapping, brainwave scanning, and methods to understand, predict, and control human brainwaves and human behavior without being detected.

Whatever the case, once the critical point of the implantation quotient is achieved or nearly-achieved, there may come a time when governments “mandate” that people embed or append the software through a chip implantation of some sort.  This will be resisted on a number of fronts and may cause unrest in several jurisdictions.  However, judging by the way some governments can tend to proceed with their plans despite the protests of millions, the effects on their citizens, and the horror of other nations, things may still get pretty ugly.

As we have already seen in the case of consumer products (from smokeables, through manufactured goods and automobiles, to even fresh food), not all dangers in end-use and the potential side-effects that could and should have been disclosed, were disclosed.  Let us therefore hope that these “implants” do not create a globe of rabid zombies under the remote control of whoever can hack the system best, or hostages to brain-frying hacktivists.

PC3S – Pure Collectivized Communications Culture System:

(vii) Then, once everyone who counts or wants to count, is wired-up (or at least, all who want to be able to eat & drink, fully & freely exercise inalienable rights, or buy & sell in a fully-tracked, value-stacked, government-backed, and supposedly hard-to-crack, pay as you go system with monthly user fees and transaction levies (ePayment only in a cashless society, with interest-bearing pay-day-loans preferred so as to keep everyone happily hard at work for their own self-serving purposes) that by definition includes all but the “obvious terrorists”, we will have that Stage 7, in a Pure Collectivized Communications Culture System.  If software becomes embedded to get around hacking, then who is to say that a person’s brain will actually be able to remain free and clear of the hackers; or that interested parties with the access (such as corrupt insiders), will resist the temptation to hack someone’s brain for profit, or to create a robot on demand”, with credible and provable amnesia?  A number of 20th and 21st Century books and movies may quickly come to mind.[6]

SUMMARY:

Of course, all of this is a work of fiction and can never happen in this modern world …. except of course, for those stages in these above 7, that have already taken place, or that are …. “something of a work in progress, by someone, somewhere, for some specific purpose, and at the behest and request of some sort of sponsor”!  It is said that being fore-warned is to be fore-armed, but nobody really remembers things they read on the internet, unless there is some sensual stimulant or celebrity endorsement, right?

************************************************************************

Author:

Ekundayo George is a sociologist and a lawyer, with over a decade of legal experience including business law and counseling (business formation, outsourcing, commercial leasing, healthcare privacy, Cloud applications, social media, and Cybersecurity); diverse litigation, as well as ADR; and regulatory practice (planning and zoning, environmental controls, landlord and tenant, and GRC – governance, risk, and compliance investigations, audits, and counseling) in both Canada and the United States.  He is licensed to practice law in Ontario, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America (U.S.A.). Please See: http://www.ogalaws.com

He is an experienced strategic and management consultant; sourcing, managing, and delivering on high stakes, strategic projects with multiple stakeholders and multidisciplinary teams.  Please See: http://www.simprime-ca.com

Backed by courses in management, organizational behaviour, and micro-organizational behaviour, Mr. George is also a writer, tweeter and blogger (as time permits), and a published author in Environmental Law and Policy (National Security aspects).

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”), in whole or in part for their content, or their accuracy, or their availability.

This article does not constitute legal advice or create any lawyer-client relationship.


[1] See e.g. Ekundayo George.  Cybersecurity: the Enemy is also (perhaps even more so), Within – the case of “Bob”. Published on ogalaws.wordpress.com, January 17, 2013.  Online: >https://ogalaws.wordpress.com/2013/01/17/cybersecurity-the-enemy-is-also-perhaps-even-more-so-within-the-case-of-bob/<

[2] See Adam Edelman/New York Daily News.  Cyberbunker hosting site said to be dropping virtual ‘nuclear bomb’ on Internet with massive, global denial of service attack.  Published Wednesday, March 27, 2013 on nydailynews.com.  Online: >http://www.nydailynews.com/news/national/internet-nuked-massive-ongoing-cyber-attack-experts-article-1.1300372 <  It is “alleged” that a private dispute of some sort between Cyberbunker (a Dutch internet hosting business that will take all-comers, “except child porn and anything related to terrorism”), and The Spamhaus Project (a non-profit centred in London and Geneva, but with operating nodes in ten nations, that “works to help email providers filter out spam”), has led to the largest DDOS in history with a data stream attack magnitude of 300 billion bits per second, when 50 billion bits would suffice to bring-down the online service of many significant online businesses, including major banks.  The fact that most people have seen no significantly noticeable disruptions due to this “attack”, just goes to show the added resilience built into the system since this kind of attack was first noticed, understood, and responded to by industry and regulators. Personally, I saw some emails come through on device group “A”, but they were delayed on others – thankfully, nothing time-sensitive, and I was aware of them due to my own system of redundancies in having those multiple email access points and service providers.  Microsoft also just switched a “massive” few more users over to Outlook, so that may have also played a part in my own delayed email receipt.  In any case, investigations are ongoing into the source of the current and sustained attacks, but as with others, the true perpetrators may remain hidden.  See Infra, note 5.  See also The Spamhaus Project homepage.  Online: > http://www.spamhaus.org/organization/<; The Cyberbunker Data Centers homepage.  Online:  >http://www.cyberbunker.com< (the Cyberbunker website was verified by this author as unreachable online, at the time this SaaS Visioning-out article posted).

[3] See e.g.  Ekundayo George.  Data Protection and Retention in the Cloud: Getting it Right, at Note 17.  Posted March 11, 2013, on ogalaws.com.  Online:> https://ogalaws.wordpress.com/2013/03/11/data-protection-and-retention-in-the-cloud-getting-it-right/<

[4] See e.g. Mikael Ricknäs, IDG News Service.  AWS takes aim at security conscious enterprises with new appliance.  Published on itworld.com, March 27, 2013.  Online: >http://www.itworld.com/cloud-computing/349894/aws-takes-aim-security-conscious-enterprises-new-appliance?goback=.gde_1864210_member_226976359<  Amazon Web Services has introduced a standalone, secondary cloud-based system to manage cryptographic keys that will be used in the cloud, with limited AWS access through “strict” separation of administrative and operational duties between the vendor and the client, and segregation and limitation of access according to business need.  SOD best practices are thus clearly translated into the cloudsphere.

[5] See Gil David.  The Dark Side of the Internet.  Published on israeldefence.com, December 1, 2012.  Online:

>http://www.israeldefense.com/?CategoryID=483&ArticleID=1756<  This article provides a fairly good overview of what we are all dealing with on a daily basis, with regard to the Deep Web.  I will post at a later date, regarding some of my thoughts on how this might spur and/or impact upon, that promised “Internet of Things” to come.

[6] I think I will also have to post at a later date on what might constitute “work”, when machines do so much of one type of work, and many of the other types are outsourced to someone, somewhere else.  As automation really took hold on a massive scale in the industrial west (Japan, Europe, North America, South Korea) in the 1960s and 1970s, much was said about the coming leisure society as machines did so much, that people would have more time on their hands to relax and actually enjoy life.  Now, the “massively unemployed, migrating mass populations” in almost all geographic zones and nations, mean something clearly went very wrong.  We are a few steps away from chaos; one that may well start in the European Union –or with one or more of its “pending former” members.  Should this happen and spread as political leaders continue making very bad calls, Anonymous, Environmentalists, Occupy, and the Anti-Globalization folks will look like child’s play, even when first combined and then multiplied.

<span>%d</span> bloggers like this: