Download pdf - Joining of hands: some thoughts about collaborationon

ThorntonMay

“A New Joining of Hands”

[email protected]

Security Summit: Challenges to our Future State of Readiness12 August 2009

1

Part 1

I am part of…

A Time-Boxed, Multi-ActExecutive Learning Experience…

My role is to…

Set the Stage for the messages that follow…

Before We go too far…Why Are Humans at the Top of the Food Chain?

If We Did a S.W.O.T. Analysis On Humans…

Our eyesight is limited - we possess no ability to see the ultraviolet light that guides

butterflies.

No night vision that aids owls and ocelots.

We can’t see as far as eagles.

We have none of the echolocation by which bats and whales hunt and orient.

We are olfactory idiots, having a very primitive sense of smell.

We can’t run as fast as the antelope, swim as well as the dolphin, nor possess the strength

of the lion.

So how come we aren’t lunch?

The trait which separates us from the lower orders…

the thing that generates our inter-species competitive advantage…

the behavior that places us at the top of the food chain

is the ability to work with others.

Species-to-Species S.W.O.T. Analysis

How we ‘Collaborate’ is important

200

20

2

Macro Changes I have been on a massive ‘walk-about’

More to Know

More Ways to Know

Increased ExpectationsThat You Will Do Something

Efficacious With What You Know

Macro Change

Key Actors & High Performance Enterprises

Have become adept at Collaborative

‘knowing’

Wisdom of Crowds

Collaboration Matters!

“If people knew how to collaborate well,

the world would simply work better.”Morten T. Hansen

“Good collaboration amplifies strength,

but poor collaboration is worse than

no collaboration at all.”Jim Collins

In your group:

Please Come Up With

Two Examples Where ‘good’ collaborationmade the enterprise more secure;

And two examples where ‘bad’ collaborationmade the organization less secure

Collaboration/SecurityStory Telling

QuickWarm UpExercise

Report Backs

Collaboration is increasing on the enterprise radar screen…

…is almost universallyperceived as

a key ingredient of success in just about

every field of endeavor

What were your major take-awaysfrom Ken’s comments last night?

The Value of Collaboration

Adapt the learnings of others to your particular circumstance

What were your major take-awaysfrom Ken’s comments last night?

The Value of Collaboration

We are at an inflection point

Changes in Threat Landscape

Transitioning from ‘Inhibitor’ to ‘Enabler”

“Automation”

New model Managed Infrastructure, Information-centric, Risk Based and Policy-Driven

Reputation-based security

Solution Gallery “Jump Ball”#1

16

Is the practice of security in your enterprise at an inflection point?

If so, what are you transitioning from?

What are you transitioning to?

Solution Gallery “Jump Ball”#2

17

What have you done to ‘automate’

the practice of securityin your enterprise?

Automation?

Coming Back to Socrates

20

Socratic Principle #1: “The unexamined life is not worth living”

Socratic Principle #2: “Wisdom begins by knowing that you don’t know”

Socratic Principle #3: “Skill is teachable and learnable”

Socratic Principle #4: “No One Does Evil Willingly”


21

Socratic Principle #1: “The unexamined life is not worth living”

Please describe how your enterprise ‘examines’ [i.e., audits/monitors security]


22

Socratic Principle #2: “Wisdom begins by knowing that you don’t know”

What don’t you know?

In early 2003, Howard Stringer, head of U.S. operations

for Japanese electronics giant Sony, was plotting to respond to

Apple’s amazing success with the iPod…

Sony did not want to let Apple take over the market.

Morten T. Hansen, Collaboration: How Leaders Avoid the Traps, Create Unity, and Reap Big Results [Boston: Harvard Business Press, 2009].

Sony as Collaborator

It was after all, a market Sony should own. It had invented the idea of carrying music around on people’s heads

with the iconoclastic Walkman, which was introduced in 1979 and had sold nearly 200 million units by the time the iPod became the new kid on the block.



It was after all, a market Sony should own. It had invented the idea of carrying music around on people’s heads

with the iconoclastic Walkman, which was introduced in 1979 and had sold nearly 200 million units by the time the iPod became the new kid on

the block.

Stringer was the right man to lead the charge. A jovial, Oxford-educated Englishman

in a six-foot-three-inch frame, he had been brought into Sony in 1997

to help forge unity among its headstrong and independent music, film, and electronics divisions

in the United States. Stringer had had a long career in media –

as a journalist, head of CBS news, and president of CBS –

and was an experienced executive who understood media and could cultivate

collaboration in Sony.



By 2003 Sony was a formidable company.

With annual sales of $62 billion, it was ten times as large as Apple,

which had $6.2 billion in sales.

Sony was much better placed than Apple to launch portable music players

and an online music store.



Sony had the Walkman division [and so could develop its own hard-disk music player],

the VAIO personal computer line [and so it knew computers],

Sony Music [and so it knew a thing or two about music],

and Sony Electronics [and so it had a range of devices and batteries]. Ironically, it supplied the batteries for the iPod.

Sony was also well known for sleek design.



October 23, 2001 – that day Steve Jobs, introduced the iPod to the world:

“This amazing little device holds a thousand songs, and it goes right in my pocket.

The 200 invited guests, many of them journalists,

had no idea that Apple was introducing a portable music player that day.

[The coy invitation letter read,“Hint: It’s not a Mac.”]

Morten T. Hansen, Collaboration: How Leaders Avoid the Traps, Create Unity, and Reap Big Results [Boston: Harvard Business Press, 2009], 5-6.

Appleas Collaborator

It was a great comeback moment for Jobs, who had cofounded Apple in 1976 at age 21, was fired by CEO John Sculley in 1985,

and then resurfaced as interim chief executive in 1997 when Apple had sunk close to bankruptcy.



The iPod was not the first portable music player using a hard drive to hit the market

[the Rio, a portable music player holding about 100 songs, appeared in 1998]. But the iPod was easy to use, looked cool, and worked with Apple’s iTunes

software to allow users to manage music on their computers.



As people started looking under the hood, they soon realized that the iPod

wasn’t a marvelous technological revolution but rather

a shrewd combination of many existing pieces.

“This was a highly leveraged product from the technologies we already had in place.”

Jon Rubinstein, Apple’s senior vice president of hardware.

Morten T. Hansen, Collaboration: How Leaders Avoid the Traps, Create Unity, and Reap Big Results [Boston: Harvard Business Press, 2009], 7.


The hard disk holding the songs was a tiny 1.8-inch drive from Toshiba;

the minute battery was from Sony;

the hardware blueprint was provided by a small Silicon Valley company called PortalPlayer;

the digital-to-analog converter came from Wolfson Microelectronics;

the FireWire interface controller was shipped by Texas Instruments;

and some of the software came from Pixo.”



Inside Apple, a hardware team lead by Tony Fadell and reporting to Rubinstein had crafted the architecture of the dwelling that housed these technologies.

According to The Perfect Thing, Steven Levy’s book on the iPod, the team had had to integrate all the pieces from outside Apple

and work across several units inside the company.

This included Rubinstein’s hardware division, Jeff Robbin’s iTunes division,

and Apple’s vaunted industrial design unit, headed by design wizard Jonathan Ive [dubbed the ‘Armani of Apple”].





Inside Apple resolving complicated issues required many interactions

between the hardware and software teams.

Robbins described this complexity:

“We had to figure out how iTunes was going to sync the content onto the ‘pod, how the ‘pod was going to access that

information,how we could do a database on the device

that was just incredibly simple to use.”

Tony Fadell had started the projectin February 2001, and the product was readyby October 2001, just before the Christmas season.



Meanwhile, at Sony, Stringer was busy trying to connect the parts…

The problem was that a critical piece was missing from Stringer’s plan: a culture of collaboration among Sony’s various divisions.

“Sony has long thrived on a hyper-competitive culture, where engineers were encouraged to outdo each other, not work together,”

observed Wall Street Journal reporter Phred Dvorak.


Sonyas Collaborator

Hyper‐CompetitiveCulture

In the past, Sony’s competitive culture had worked wonderfully, allowing entrepreneurial groups to work largely by themselves

to develop hit products like the Walkman and the Playstation video game player.


Sonyas Collaborator


But Connect was not a stand-alone product. It required collaboration among five Sony divisions: the personal computer group based in Tokyo; the portable audio team responsible for the Walkman; another team responsible for the flash memory players; Sony Music in the United States; and Sony Music in Japan.

It was a new ball game, and Sony’s organization was not up to it.


Sonyas Collaborator


For starters, each division had its own idea about what to do. The PC and Walkman groups introduced their own competing music players, and three

other groups – Sony Music in Japan, Sony Music in the United States, and Sony Electronics in the United States – had their own music portals or download services.

Stringer, who had no authority over Japanese operations, complained, to no avail, that the Connect software being developed in Japan was hard to use.

Whereas the U.S. team wanted a hard disk for the music player [as in the iPod], the Japanese team went with the arcane MiniDisc.

And whereas the U.S. group pushed for using the MP3 format – the defacto U.S. standard – the Japanese PC division chose a proprietary standard called ATRAC.


Sonyas Collaborator

The Sony Silos

Complained Stringer,

“it’s impossible to communicate with everybody when you have that many silos.”

It was a mess.


Sonyas Collaborator

The Sony Silos

When Connect finally debuted in May 2004, the mess turned into a market disaster. The influential Walt Mossberg of the Wall Street Journal panned the product in a review:

“The Walkman’s biggest weakness is its lousy user interface, which is dense and confusing. The SonicStage 2 software and the Connect music store are also badly

designed. This is because, for all its historic brilliance in designing hardware, Sony stinks at software…Until Sony fixes the multitude of sins in this product, steer clear of it.”

Walt Mossberg, “The Mossberg Solution: Sony’s iPod Killer – New Digital Walkman Offers Longer Battery Life, but Apple’s Player Still Rules,” Wall Street Journal [28 July 2004].

Sonyas Collaborator

The Sony Silos

Homo sapiens sapiens is the only animal that engages in

elaborate task-sharing –

the division of labor between genetically

unrelated members of the same species.

It is a phenomenon as remarkable and uniquely human as language itself.

Re-thinking the “Collaboration Thing”

The intersection of…

Collaboration Security

Culture

Do you currently measurecollaboration/”collaborativeness”

in your organization?

Should you?

Quick Level Set

As Harvard economist John Kenneth Galbraith

rightly observed,

“Measurement motivates.”

We need to put in place some motivational IA metrics.

Re-branding Information Security

Do you currently manage culturein your organization?

How do you do that?

Quick Level Set

May 29, 2009 was a hinge of history, a turning point in technology trajectory. This was the day President Barack Obama unambiguously

declared cyber-security a national security priority.

We meet today at a transformational moment -- a moment in history when our interconnected world presents us, at once, with great promise but also great peril.

…it's now clear this cyber threat is one of the most serious economic and national security challenges we face as a nation….[The] status quo is no longer acceptable -- not when there's so much at stake. We can and we must do better….cyberspace is real. And so are the risks

that come with it.

From now on, our digital infrastructure -- the networks and computers we depend on every day -- will be treated as they should be: as a strategic national asset. Protecting this

infrastructure will be a national security priority. We will ensure that these networks are secure, trustworthy and resilient.

“Text: Obama’s Remarks on Cyber-Security,” New York Times [29 May 2009]. http://www.nytimes.com/2009/05/29/us/politics/29obama.text.html

[See Appendix “Text of Obama Speech on Cyber-Security”]

Do you currently measuresecurity

in your organization?

How?

Quick Level Set

Behavior ChangeMost organizations have an information assurance problem.

The problem is not one of commission – no one is doing anything wrong.

The problem is not one of omission.

The problem is perceptual.

Information assurance [IA] is, in many instances is perceivedas getting in the way of key value producing activities,

of adding unnecessary red tape, of being a non-value-added hassle, of causing work place misery.

Quick Level Set

IA as it is currently practiced at many enterprises todayis perceived as embodying all three elements of a miserable job:

ANONYMITY – IA tasks make the staff feel unknown and invisible.“When people feel subjected to arbitrary unintelligible actions… they feel anxious,

frustrated and, finally, angry.

IRRELEVANCE - IA tasks are perceived as negatively effecting the impact employees have on the lives of others, and reduces their ability to do their best work.

IMMEASUREMENT - IA tasks fail to provide a clear means of assessing progress or success toward a goal.

IA and risk management needs to be re-branded

Patrick Lencioni, The Three Signs of a Miserable Job, [NY: Jossey-Bass, 2007].

Do you agree with the following statements:

IA as it is currently practiced at many enterprises todayis perceived as embodying all three elements of a miserable job:

ANONYMITY – IA tasks make the staff feel unknown and invisible.“When people feel subjected to arbitrary unintelligible actions… they feel anxious,

frustrated and, finally, angry.

IRRELEVANCE - IA tasks are perceived as negatively effecting the impact employees have on the lives of others, and reduces their ability to do their best work.

IMMEASUREMENT - IA tasks fail to provide a clear means of assessing progress or success toward a goal.

IA and risk management needs to be re-branded



Loyalty beyond reason


Read this book:

The intersection of…

Collaboration Security

Culture