Your “ART-ful” Enterprise: Security and Trustworthiness

TechArt(own)resizesAs discussed here previously, to become more “ART-ful,” your enterprise must become more agile, resilient, and trustworthy. This post digs a bit more deeply into trustworthiness, why it matters, how to achieve and sustain it and the critical role of security in those efforts.

Let’s cut to the chase. There are likely no circumstances under which you would choose to do business with any person or business you could not trust. It is equally likely that every client (internal and external), partner, and prospect of your enterprise thinks and feels exactly the same way. Trustworthiness is therefore at least as critical to your enterprise’s success as agility or resilience.

Or, to quote perhaps the world’s best-known investor and businessperson, Warren Buffett, “Trust is like the air we breathe. When it’s present, nobody really notices. But when it’s absent, everybody notices.”

This is especially true for companies that sell products or services, which is just about all companies. Hank Barnes is a research director at Gartner, focused on go-to-market strategies for technology providers. In a Feb. 3, 2015 blog post, Barnes wrote, “Trust levels are the underlying current that drives buying. And providers are usually starting from a weak, un-trusted position. Everything you do needs to be about building trust between the buyer and you, your product, and your organization.”

Trust and the Bottom Line

Stephen M.R. Covey is the author of the book “The Speed of Trust: The One Thing That Changes Everything.” from which the above quotes come. He is also the son of Stephen R. Covey, the author of the worldwide bestseller, “The 7 Habits of Highly Effective People,” and was CEO of the Covey Leadership Center. In three years, Stephen M.R. Covey grew that Center from $2.4 million to $160 million in revenues, before orchestrating its merger with Franklin Quest to form Franklin Covey.

A central element of Stephen M.R. Covey’s thesis is that deals get closed faster and are more successful when those involved share high levels of trust. As he says in his book, “Above all, success in business requires two things: a winning competitive strategy, and superb organizational execution. Distrust is the enemy of both. I submit that while high trust won’t necessarily rescue a poor strategy, low trust will almost always derail a good one.” Franklin Covey also operates a Web site that features case studies, task lists, and other resources intended to improve organizational trustworthiness.

The bottom line? Edelman, the world’s largest PR firm, surveyed some 33,000 people worldwide for its 2015 Edelman Trust Barometer. Of those respondents, 63 percent said that they simply refuse to buy anything from those they don’t trust, while 80 percent will only buy from those they trust. Or as Zig Ziglar, one of the best known and widely read sales professionals in the world, once said, “If people like you, they will listen to you. But if they trust you, they’ll do business with you.”

How to Achieve and Sustain Trustworthiness

Know where you are. Bite the bullet, and ask your most important constituent groups (privately, of course) questions that help you assess how much they trust your team or company. At minimum, ask if they’d do business with your team or company again, if they’d recommend your team or company to peers, and why or why not.

Fix what’s broken. Use those questions and answers to identify any unsatisfied constituents, find out why they’re unsatisfied, and fix it. Every unsatisfied constituent is a detriment to trustworthiness, and you should assume that your constituents talk with each other.

Cultivate advocacy. Use those questions and answers to identify your happiest, most trusting clients and partners, then ask them to let you make them stars. That is, ask for their permission and cooperation to showcase them in your outreach efforts. Then, make it as easy for them as possible to be featured in the success stories, presentations, interviews, and other content you produce with their cooperation and support.

Show your work. It’s one thing to claim to be trustworthy. It’s another to be able to demonstrate and document trustworthiness credibly and on demand to any and all stakeholders –from customers, partners, and prospects to auditors and regulators. This is a major, long-term, continuing effort. And everything you do to make and keep your organization’s IT infrastructure comprehensively, demonstrably secure greatly aids these efforts. Comprehensive, proactive, user-centered security is a firm foundation for managing governance, operational transparency, and reporting. All of these, in turn, enhance your organization’s ability to both claim and credibly demonstrate trustworthiness.

Make the goal of trustworthiness a significant part of every plan, strategy, and process that governs your business. Especially those focused on IT security, since the security of your IT infrastructure has direct and profound effects on your organization’s ability to be trusted. And include your internal and external clients and partners in this effort wherever practical. It may be the single most significant thing you can do to minimize time to success and maximize the number and value of constituent relationships, for your constituents, your team, and your enterprise.

Next: tying it all together!

November Patch Tuesday 2015

2015_11_09 PatchTuesday01


November Patch Tuesday comes with 12 Microsoft bulletins and an update for Adobe Flash Player. For Windows 10 users there is the question of the Fall Refresh. It did not release today, but it’s likely not too far off. We may even see it on Thursday.

Microsoft has released four critical updates and eight important updates. The updates are mostly OS related, but there is an Office update and two other updates that affect Skype for Business. Four of the bulletins are resolving a vulnerability that has been publicly disclosed. This means that these four bulletins are a higher risk of exploit. For these, expect that in as few as two to four weeks there could be working code exploits taking advantage of these vulnerabilities.

If you look closely at MS15-113, the update for the Edge browser on Windows 10, you will see that it has been released for the Fall Refresh (Threshold 2). Expect that you’ll need to apply this after you upgrade to Windows 10 build 1511, which we expect on Thursday of this week.

MS15-115 resolves seven vulnerabilities in Windows, which could allow remote code execution.  CVE-2015-6109 is resolved by this bulletin and has been publicly disclosed. This particular vulnerability resolves an issue where an attacker could gain information on the location of the Kernal driver in memory. 

MS15-116 resolves seven vulnerabilities in Office, Sharepoint, Lync and Skype for Business, which could allow remote code execution. CVE-2015-2503 is resolved by this bulletin and has been publicly disclosed. This vulnerability on its own is not too terrible, but if used in conjunction with other vulnerabilities it could be used to elevate privileges. 

MS15-120 resolves one vulnerability in Windows, which could allow an attacker to cause a denial of service to systems running IPSec. CVE-2015-6111 is resolved by this bulletin and has been publicly disclosed. 

MS15-121 resolves one vulnerability in Windows, which could allow an attacker to exploit Schannel using a man-in-the-middle attack. CVE-2015-6112 is resolved by this bulletin and has been publicly disclosed. 

On the third party front, Flash player has released an update that includes 17 security fixes. This is a Priority 1 update and should be considered a high priority. Keep in mind that with Flash Player comes additional updates. You should expect plug-in updates for Internet Explorer, FireFox and Chrome today as well. You must update the Player instance and all browser plug-ins to be fully protected from these 17 vulnerabilities.

Join us tomorrow for the November Patch Tuesday webinar where we will discuss the bulletins in more detail.

Your “ART-ful” Enterprise: Security and Resilience

Cybersecurity(Own)As discussed previously (in “Security and the ‘ART-ful’ Enterprise” and “Your ‘ART-ful’ Enterprise: Security and Agility“), to become more “ART-ful,” your enterprise must become more agile, resilient, and trustworthy. This post digs a bit more deeply into what business resilience (or its less common synonym, “resiliency”) is, why it matters, and how to achieve and sustain it.

As is true with business agility, business resilience is a much broader and deeper consideration than many typical discussions of the subject seem to indicate. Those discussions tend to focus on disaster recovery and business continuity (DR/BC) tactics and tools. However, true business resilience is more than disaster recovery and even more than business continuity. True enterprise resilience is a strategic focus on maintaining operational integrity and restoring it as quickly and completely as possible after any disruption – planned or unplanned, minor or catastrophic.

Not all hackers are bad: insights from the Cybersecurity Summit

Cybersecurity(Own)A few weeks ago I had the opportunity to attend a Cybersecurity Summit in Washington D.C. One of my favorite presentations was titled Understanding the Hacker Community. The speaker for this presentation, Bruce Potter, Chief Technology Officer of KEYW Corporation, provided some very interesting insights into the minds of hackers. As I’m sure many of you are just as interested in this topic as me, and with hacking once again in the news due to the recent hack of the CIA director’s email account, let me share a bit of what I learned.