IT in Canada February 2012 by Promotive Communications

Mary aNN yulE ubiquitous computing driving security challenges p.16

Marc-aNdrÉ charroN on the ‘art’ of social media p.20

February 2012 vOluME 3 nuMBEr 1 www.itincanada.ca

CANADA’S TECHNOLOGY RESEARCH AUTHORITY

SECURITY AND THE

MEDIA:

HOW SAFE, HOW SOCIAL ARE YOU? Publication Mail Registration Number: 41382532

Network Security Managed IP Services Business Continuity Cloud Services

Is your business ready?

Canadaâ&#x20AC;&#x2122;s all-business communications provider Allstream is the only national provider that works exclusively with business customers. We help organizations of all sizes boost productivity and serve customers better with high-performance voice, data and Internet solutions that meet todayâ&#x20AC;&#x2122;s priorities and anticipate future needs. From the latest collaboration tools to cloud services, we ensure your business is ready for success.

Call us today at 1-855-225-9881 or visit allstream.com ÂŽ Manitoba Telecom Services Inc., used under license.

Contents

www.itincanada.ca

Vol 3 No 1 January/February 2012

Technospective on Management

Features 4 Editorial 13 The Security Beat What dangers are lurking under your social media surface? 14 Spotlight Feature Getting up to speed with social media 21 Technospective on Management Searching for the two Mâ&#x20AC;&#x2122;s 30 Executive Perspectives Smart Trust

6 Cover Story: Security 2012: The corporate management scorecard Departments 10 From the Inquiries Desk 12 Case Study FaithLife Financial: Donâ&#x20AC;&#x2122;t panic! Outsource your notebook security 16 In the Middle More than video: the evolving reality of collaboration solutions

20 Case Study Reebok & CCM: Winning friends and influencing players 26 Case Study TD: Unleashing the Inner Genius(es) 28 New in Social Perspective and invective from the IT in Canada Forum

Online Extras: www.itincanada.ca Missed an issue? Misplaced an article? Visit www.itincanada.ca for a full archive of past It in Canada issues, as well as online extras from our many contributors. 26 Case Study January/February 2012 ITinCanada.com / 3

Canada’s technology research authority

Editorial

CHIEF CONTENT OFFICER: MICHAEL O’NEIL

michael.oneil@itincanada.ca

Editor and Toronto Bureau Chief: MARY ALLEN

mary.allen@itincanada.ca

OTTAWA BUREAU CHIEF: STEFAN DUBOWSKI

stefan.dubowski@itincanada.ca

Contributors: Dave Chappelle, Chris Rogers, Paul Crookall sales National Account Manager: Patricia Bush

905-727-4091 x336 trisha.bush@itincanada.ca Events

Events manager: Sandra Service

sandra.service@itincanada.ca

art & production Art Director: Elena Pankova

elena.pankova@itincanada.ca

GRAPHIC DESIGNER

David Potocki

Subscriptions and Address Changes CIRCULATION DIRECTOR: Denys Cruz

circulation@itincanada.ca

Circulation Coordinator

circulation@itincanada.ca

General Inquiries

24-4 Vata Court, Aurora, ON, L4G 4B6 Phone 905-727 4091 Fax 905-727-4428 corporate COO AND GROUP PUBLISHER: John Jones

publisher@itincanada.ca

CTO: MICHAEL HOWE

michael.howe@itincanada.ca

RESEARCH MANAGEMENT: MICHAEL O’NEIL

michael.oneil@itincanada.ca www.itincanada.ca

Publisher’s Mail Agreement: 42169527 IT in Canada magazine is published six times per year by Brighton Communications Inc., in partnership with IT Market Dynamics Inc. (ITMD) All opinions expressed herein are those of the contributors and do not necessarily reflect the views of the publisher or any person or organization associated with the magazine. Letters, submissions, comments and suggested topics are welcome, and should be sent to michael.oneil@itincanada.ca.

IT in Canada is Canada’s only integrated social media news network. Appealing to IT professionals and executives in industries that rely on technology to support their business operations, IT in Canada brings together the essential information assets of the 21st century – news articles sourced from established, reputable publications, video and other broadcast content types, interactive forums that categorize social media as well as data from our related research company, IT Market Dynamics – to add depth to our coverage and analysis. The resulting network provides a perspective that takes full advantage of the “new media” opportunities provided by the Internet, offering a rich destination that benefits readers and advertisers alike. www.itincanada.ca Reprint Information

High quality reprints of articles and additional copies of the magazine are available through circulation@itincanada.ca or by phone: 905-727-3875 ex 336 One year subscription rates

Canada: $50/year; USA $60/year ; International $100/year. All rights reserved. No part of this publication may be reproduced without written consent. All inquiries should be addressed to circulatin@itinCanada.ca

4 / IT in Canada January/February 2012

“

Content at rest equals cost; content in motion equals value,” pronounced by IBM’s GM of collaboration solutions Alistair Rennie at Lotusphere in January, is a fitting précis of prevailing notions about information and information technology. Virtually everyone agrees that information management represents growing cost for the organization, and increasing burden for the IT department: at the same time, hope for the creation of new value resides in that same data – as long as it is shared. The care and nurture of data, and craft and use of new social business models are also the primary themes of this latest issue of IT in Canada. After some inspiring dialogue on hot industry topics with new friends in our CIO community, IT in Canada has chosen to usher in 2012 by broadening the coverage in each of our magazines from one topic to two. In our current issue, we explore how businesses are working to improve IT management through best security practices, and how companies are using social tools to generate new business opportunity. Common to both though, is focus on business worth. In our research feature on security, for example, Michael O’Neil has transformed IT Market Dynamics research on security practice into a “scorecard” that measures the performance of IT departments in the eyes of business managers. While IT generally gets pretty good grades, the data suggests more could be done to educate and communicate on the value of security investments. In a “content in motion” era, security is an area that requires continued attention and investment. Threats now hail from an explosive number of sources – viruses, bots, malware, social engineering scams, identity theft, and DoS attacks are all on the rise – and IT management needs also to guard against risky behaviour from disgruntled or lax employees. For some businesses, constant security vigilance is proving a daunting task that they are choosing to address by outsourcing security requirements to experts in the field. In our case review of the Waterloo, Ontario-based FaithLife Financial, Chris Rogers explores the concept of ‘Notebooksas-a-Service’ to learn more about No Panic Computing’s novel approach to managing security needs on behalf of clients. To understand more about the new security demands that are being placed on IT departments by social media in all its multimedia hues, IT in Canada has scoured the web to uncover real life examples – with results in our Inquiries section may surprise you. And to round out our security coverage, we are introducing a new feature that will grace the IT in Canada magazine throughout 2012. In this initial “Security Beat,” our resident expert, Dave Chappelle, takes aim at the dangers “lurking under your social media surface.” Our ‘spotlight’ topic for the current IT in Canada issue is centred on understanding the ‘who’ and the ‘how’ of social media use by Canadian business. Despite the hype, IT Market Dynamics research into adoption rates has shown that many companies north of the 49th parallel still have some reservations about ‘why’ they should move ahead with deployment. A good deal of this hesitance appears to stem from lack of understanding about the need to invest in order to realize the business benefits that social media can bring: while smaller organizations tend to be more laissez faire about use of social tools and enterprises more proscriptive, few in either group have much budget dedicated to building social presence. Interestingly, it is precisely this investment in staff resources and a strategic plan that Canadian media consulting experts point to in our Management Technspective as the differentiator – and that our Canadian cases cite as the critical success factors. From an established social media studio, Reebok & CCM has put KPIs in place to measure efforts to seed brand awareness amongst a distinct player group, while TD Bank has managed to quickly build an internal network through “social geniuses” who will blaze the trail in the bank’s ultimate social communication with customers. What’s your plan?

Mary Allen Editor, IT in Canada

Every day, billions of transactions pass through Brocade network fabrics as they push high-bandwidth applications to the very edges of the network.

Brocade. The world leader in Ethernet fabrics. Our self-forming Ethernet fabrics allow you to deploy new switches, migrate virtual machines, and reconfigure your network as your business needs demand, without a moment of interruption. It’s an automated, on-demand network designed for today’s high-bandwidth applications. And perhaps, best of all, it’s here today. More than 85% of our deployed Ethernet fabrics are in production—a benchmark no other networking vendor can touch.

Find out what Brocade customers already know. Learn more at brocade.com/everywhere

A18908_2a_EF3_CAN.indd

Research Feature

By Michael O’Neil

Security 2012: The corporate management scorecard To an IT manager, security is a critical aspect of corporate infrastructure, requiring constant attention. How does it look to business management? In this scorecard edition, we give you the answers – and the grades.

ne of the most difficult tasks in IT within the organization, focusing on the management is developing and key business outcome from security indelivering an optimal approach to vestments. As Figure 1 shows, business IT security. Security offers a dramatic exmanagers consider efficiency to be the most ample of IT being most effective when it’s important result from effective IT strateinvisible. No CIO wants to wake up to find gies. Half of small businesses, and 60% of that malware is eating corporate data and mid-sized and large organizations, agree or panicking the staff, or see his/her corporate strongly agree that “establishing effective logo on the TV news in connection with a IT security practices allows our employees privacy breach – and no business executive to work more efficiently.” They are less wants to find the CIO in that position. To persuaded that effective security practices establish a secure environment, however, IT lead to improved productivity, but they are management must concoct a complex brew at least accepting of the idea that security of product investments, IT skills, user trainneed not impede the introduction of new ITing, and business executive policy decisions. enabled capabilities; the rating for “security Both budget and policy commitment is the major impediment to deploying IT depend on the support of business managesolutions within our organization” is shown ment. But do non-IT managers understand in red because here, a lower number is a and value IT security? To answer that question, IT Market Dynamics, the reFigure 1. S ecurity as a corporate priority search arm of IT in Canada, commissioned a survey of 346 non-IT business managers, and supplemented findings from this research with parallel questions directed at our IT audience. Based on that data, we’ve developed a 2012 scorecard to help IT managers understand security through the eyes of their business colleagues.

Building the context The name of the game is “efficiency” The first part of our management survey looked at the context for security 6 / IT in Canada January/February 2012

better result. As you can see in the Figure, only about one-third of business managers from large and mid-sized organizations, and just 15% from small businesses, believe that security concerns make it difficult to introduce new applications. Security is a worthy investment area Our business management audience also provided opinions on the importance of IT security investments by comparing this with investments in other IT and corporate categories. In each of the seven categories shown in Figure 2, respondents were asked whether IT security was “more important than,” “less important than,” or “about as important as” investments in new PCs, social media, smartphones, business applications,

Research Feature management does a good job of briefing corporate branding, corporate advertising, management on the security issues conand corporate travel. nected with new applications, policies, and The ratings show that business managebusiness initiatives,” respondents reported ment places a relatively high value on IT that the flow of information from IT to busisecurity; in all cases, these investments were ness managers is generally adequate. While rated (overall) as being at least on par with alternatives. At a more detailed level, we see that business managers view security as being about Figure 2. S ecurity as an investment area as important as new PCs or business applications, and more important than smartphones or social media. They view investments in corporate branding and (to a somewhat lesser extent) corporate advertising as also being roughly comparable in importance to IT security, and view security as a noticeably more essential expenditure than corporate travel.

somewhat less than 40% of small business managers agree or strongly agree with the statement, large business managers, at 53%, are happier with the insights they receive from their IT peers. Overall rating: B

Grading IT With that context established, how do IT security policies fare when they are evaluated by business management? Overall, the results are quite positive. Translating our 1-5 ratings into the alpha scales used in report cards, we find that IT managers garner a B- rating from business managers, and that IT security as a category – including two areas that are directly controlled by the non-IT managers themselves – receives a grade of B. Here are the results by category:

Figure 3. P resenting the security implications of business initiatives

Presenting the security implications of business initiatives Asked to assess the truth of the statement, “Our IT January/February 2012 ITinCanada.com / 7

Research Feature managers themselves. The first question Employee training: securing workplace here was, “our business management has set data clear guidelines for the data we need to colThe ratings in this category are incredibly lect from customers and prospects.” Perhaps consistent, with 44%-45% of small, midunsurprisingly, business management finds sized, and large organizations agreeing that that they themselves are generally clear in “Our employees are well-trained in taking setting policy. Over 50% of small and over measures to secure the data they work with.” 60% of large enterprises agree or strongly Mid-sized organizations are somewhat more likely to disagree with the statement (21% disagree or strongly disagree, as Figure 4. E mployee training: securing workplace data compared with 16% of small businesses and 13% of large enterprises), but overall, the ratings reflect positively on IT management. Overall rating: B Employee training: avoiding threats from social engineering Responses to a follow-up question focused on social engineering were again consistent, but this time, somewhat less positive. Large enterprises in particular seem to appreciate this threat source, with only 38% agreeing that “our employees are welltrained in taking measures to avoid social engineering security threats.” This seems to ITMD to be a volatile area: on the one hand, there’s room for improvement, but on the other, increasing general awareness of the threat posed by social engineering could increase scrutiny on prevention measures. Overall rating: BManagement sets clear guidelines for data collection In the final two report card categories, we shifted focus from IT to business 8 / IT in Canada January/February 2012

agree with the statement, leading to the report card’s highest grade. Overall rating: A Management sets clear guidelines for data deletion There is far less unanimity within the business management respondent group

Figure 5. E mployee training: avoiding threats from social engineering

Research Feature regarding guidelines for data destruction, which is often seen as an essential step in safeguarding customer/prospect data against unauthorized release. While 53% of large organizations concur with the statement, “our business management has set clear guidelines for the deletion of data that is no longer needed by our organization,” just 31% of their peers from mid-sized organizations agree. Overall rating: B-

Figure 6. M anagement sets clear guidelines for data collection

Concluding observations It occurred to ITMD as we reviewed the report card data that the “eye of the beholder” might have played an important role Figure 7. M anagement sets clear guidelines for data deletion in the fact that business managers rate their own policy communication higher than any IT-initiated activity. Would it be the case, we wondered, that IT management had a similarly positive view of its own efforts? To investigate this question, we drew upon 131 surveys from a parallel IT-focused research initiative, and compared these findings with the results of an identical set of questions asked of our business respondents. The questions asked about security status included: Is the organization’s security, continuity, and privacy readiness consistent with levels expected they address? business users to report that they are meetfor other organizations in the same industry As you can see from Figure 8, while our ing or exceeding peer levels of readiness and of a similar size? Would the organization business management respondents generally and that investments are keeping pace with be considered to be in the top 10% within agree with these statements, IT respondents threats, and more than 50% more likely to its peer group? And have investments in are overwhelmingly positive in all three report that they are in the top 10% of peer these areas kept pace with the threats that areas. IT is roughly 33% more likely than

Continued on page 24

January/February 2012 ITinCanada.com / 9

From the Inquiry Desk

By IT in Canada staff

The IT in Canada inquiry takes a deeper look at a common assumption: that social networking increases security exposure

“What are the worst security breaches that can be attributed to social networking?”

It’s commonly believed that social networking increases information leakage from public and private sector organizations. Worries about identity data are not unfounded – the Public Interest Advocacy Centre published a report in December 2011 claiming that “Data breaches are a modern consumer scourge... mishandlings of data by business, government or non-profit organizations appear to the Privacy Commissioner of Canada to be involving more records and becoming more serious by the month” – but our online research revealed few specifics to support the link between breaches and social networking. There are some high-profile consumer breaches that can be attached to networks or communities, including the PlayStation breach in April, 2011 involving 70 million gamers worldwide, but there are few corresponding examples involving business operations. This may be at least partially due to the fact that Canadian companies can be less than fully forthcoming about breaches when they have occurred (as of today, only Alberta makes disclosure of incidents involving the theft or loss of personal information mandatory). There does seem to be some evidence, though, that the spectre of social media sites acting as a conduit for attacks on sensitive data is based more on the belief that such transgressions are possible, than by real life examples. One important piece of evidence comes from the 2011 Telus-Rotman Joint Study on Canadian IT Security Practices. That document notes that 24% of the study’s government respondents and 19% of those from publicly-held companies block access to social media sites for security reasons. 10 / IT in Canada January/February 2012

However, this tactic does not seem to have had the desired result: organizations that block social networking sites in the name of security actually averaged more security incidents over the past 12 months (10.3) than those that do not block social media for security reasons (7.2). It may be that blocking social media creates more problems than it solves: the study’s authors believe that if an organization “only blocks a social media site partially…the user may feel encouraged to use an alternate method, such as a smartphone or tablet to access the site. In such cases, the policy is actually forcing users to access non-trusted sites, using a technology that is not monitored or controlled by the enterprise security program. This doesn’t mean that there management should have no concern with respect to the intersection of “security” and “social.” A June, 2011 research report delivered by Ponemon Institute (and sponsored by Juniper Networks) entitled Perceptions About Network Security: Survey of IT & IT security practitioners in the U.S. finds that 29% of organizations surveyed (from a total population of 583 respondents, roughly half of whom represented enterprises with 5,000 or more employees) experienced data breaches attributable to malware downloaded from social media. Given the high cost of cyber attacks (41% of the Ponemon respondents reported that such attacks cost their organizations $500,000 or more last year), IT and business management have reason to protect their networks against

threats travelling over social sites. And even experts can be drawn in by these kinds of attacks: in its coverage of an April, 2011 breach involving 40 million two-factor authentication accounts stolen from security vendor RSA, ReadWriteWeb reports that RSA recommended that “customers increase their focus on security for social media applications and on the use of those applications and websites by anyone with access to their critical networks,” adding its own speculation that “it looks like someone may have been fooled by a social media trap.” Nor is the threat limited to direct malware downloads. A search on “IT security threats – social engineering” returns over 2.7 million hits, with warnings/advice from many of the leading names in IT and IT media. As this issue’s “security scorecard” feature shows, business management sees that employee training in this area is underway – but the grade of B- indicates that more can be done here to safeguard Canadian operations. Despite the lack of “horror stories,” this seems sensible – after all, if even the experts at RSA are vulnerable, anyone’s staff might be at risk!

media:scape™

furniture and technology merged to help teams access and share information www.steelcase.com/cometogether

expect more

·media:scape™ creates a collaborative destination ·Everyone can share their digital information instantly ·Information is visible by all participants

POI Business Interiors has more than 50 years of experience in providing knowledge, products and services that help people work more effectively. We understand the issues facing organizations today. T 888 296 9967, F 905 479 6941 www.poi.ca info@poi.ca

Case study

Don’t panic!

By Christopher Rogers

With approximately 100 agents in the field and mounting concerns about the security and privacy of the company’s current hardware fleet, Joe Alvarez needed a solution.

osted software solutions, virtualization, and trends such as BYOD (bring your own device) have given organizations lots to think about when deploying new hardware. With approximately 100 agents in the field and mounting concerns about the security and privacy of the company’s current hardware fleet, Joe Alvarez, VP business development and operations at FaithLife Financial, needed to find the best path to trustworthy client computing. FaithLife Financial is a Waterloo, Ontariobased Christian, not-for-profit, memberbased financial services organization. Agents provide insurance and investment services to over 33,000 members across Canada. The organization reinvests a portion of its earnings in programs that support its members and communities as well as people in need worldwide. FaithLife agents had older machines in the field and FaithLife, like the rest of the financial services industry, was facing growing regulation around the privacy and security of data. Alvarez said the company had begun investigating an upgrade to Windows 7 and encryption based on that operating system. FaithLife’s current encryption, based on Windows XP, was safe but expensive to maintain. “As we started to upgrade the machines we started thinking, ‘this is good, but is this the right way to go?’” Alvarez said. When some of the agents discovered Markham, Ontario-based No Panic Computing (NPC), they immediately recognized that NPC might be a perfect fit for FaithLife’s computing needs. NPC provides managed notebooks and offers outsourced deployment, setup and continuous protection services. NPC’s offerings range from highly-mobile 12.5” notebooks to large-format 15.6”

12 / IT in Canada January/February 2012

laptops. The products are also available with integrated Rogers Rocket mobility, so agents that choose this option are able to connect to Rogers’ 4G HSPA+ where available. After deciding to proceed with a pilot to test the viability of implementing a full NPC environment, Alvarez found that FaithLife would require extensive customization of the default notebook image. FaithLife needed its custom software, including CRM, an illustration system and custom Outlook extensions, to be integrated into the new machines. For his part, Alvarez wanted agents to get a machine that was personal while still being deployed by a third party. Although NPC does have a managed tablet and desktop offering, FaithLife wanted its field staff to stick with notebooks and gave its agents the choice of small, medium or large laptops. Before deployment, the three machines were tested in an in-house project. “We tested to make sure they were identical and that they would run our software identically,” Alvarez said. The second phase of the pilot program involved dispatch of uncustomized machines to select district managers and agents to test the need for customization. NPC ended up building a custom login screen for FaithLife agents. The organization’s illustration system and other custom applications are also available “out of the box,” helping agents to gain a level of familiarity with the devices right away. The NPC solution provides a good balance between accepting new trends such as BYOD, mobility and cloud and maintaining control over FaithLife’s data. These are not hosted devices – all data resides on the clients – but data is backed up to a secure location by NPC, which Alvarez said was an important piece of the solution. Since agents are independent, FaithLife wanted

Joe Alvarez, FaithLife Financial

them to own the devices but a certain level of control needed to be maintained. In the event that an agent leaves the company, NPC can lock-down the device until corporate data can be removed. Agents maintain their personal data, and FaithLife retains control of its confidential information. Training on security best practices and even basic computer tips were also provided to FaithLife agents by NPC. Alvarez said the training was welcome because FaithLife’s own trainers needed to focus on teaching agents sales techniques, rather than about security and privacy. FaithLife’s agents are now also protected with 24-hour technical support from NPC; previously, many agents in Western time zones were not able to access support during hours when the Eastern headquarters was closed. Although the FaithLife deployment is still in its early stages (the initial deployment began January 1, 2012) the NPC solutions already brings some structure to security and FaithLife can now easily make the case it is a privacy-sensitive organization.

Security Beat

By Dave Chappelle

What dangers are lurking under your social media surface? “The consequences of not understanding what you are doing can be consequential.” - Fred Reed

ost of us are social creatures. We enjoy interacting with others. Social media offers us an ability to broadcast to the world or narrowcast to a chosen group our thoughts, opinions, and feelings. That’s what appeals to the social media users I’ve asked.

Beware... or be aware As with anything popular, there are unscrupulous individuals seeking to ruin or profit from other’s fun. (Without the dark there can be no light. The universe must be balanced.) Malware remains the most common social media threat. Next is the risk of reputation destruction via customer complaints that spread around the globe. Of course there are more... You’ve seen reports of how Twitter and Facebook helped both Arab protestors and London rioters organize. Fearing they might be next, several American politicians began calling for an Internet shutoff switch. The chess players in the Kremlin prepared for such protests by creating what some believe may be thousands of Twitter accounts. When protestors called the Russian elections a fraud, Russian government sympathizers used those accounts to harangue protestors. Some tweets attempted to pollute the protestor news stream by filling the protester feeds with nonsense words. It’s an efficient tactic, similar to DDOS. Could a competitor or disgruntled customer outsource a similar attack on your social media presence?

If you aim at nothing, you’ll hit it Not all social media threats involve security or are privacy related. In some cases, organizations are adopting social simply because they are afraid of being left behind. As outlined in previous IT in Canada issues, that’s a lousy reason to adopt any IT strategy. Social media must meet the same business criteria as other technology investments. Spending money on your social media presence merely to latch onto a popular trend can cause problems. Those problems are magnified with insufficient planning. Imagine the consequences of allowing any employee to say anything in a post. Actually, don’t imagine – learn from other’s mistakes. Social media management firm NMS landed the Chrysler account. And lost it when a NMS employee used the Chrysler account to tweet “I find it ironic that Detroit is referred to as the motor city yet no one here knows how to f___ing drive.”

No Facebook for you Wasting time reading the Interweb is easy to do for a learn-it-all like me. Add in other’s comments, especially of friends who live far away, and time disappears – automagically. And when time flies, productivity goes along for the ride. So unless I’m researching a Facebook story, I don’t go on Facebook. Two groups of people also ruined Facebook for me. The first is people I don’t know who want to be friends. For example, a former schoolmate I met in Grade 1 and haven’t seen since high school is now a local radio personality. The day after I friended

him, other personalities from his station wanted to be friends. I neither know nor listen to them. The second group is people I’ve recently met and barely know. By immediately trying to friend me are they desperate for attention, or assembling a massive friends list, or hoping to become true friends someday? Who knows? Because I’m (usually) polite and I empathize with the awful pain of rejection, I was unable to ignore these invitations. Soon my Facebook page filled with comments from people I barely knew, talking about others even more distant. What is a liability on Facebook becomes an asset on LinkedIn, the business networking site. Connecting with strangers on LinkedIn helps build professional connections. Anecdotal proof: In the past dozen years every decent job I’ve had except one came from someone I knew. (The indecent jobs arrived from other sources).

I saw it on the Internet, so it must be true And then there’s video... the final social frontier. It slurps up our bandwidth while draining our productivity. It launches (Justin Bieber) and ends (Billy Squier) careers. Your organization may have a YouTube video. Next time you’re there, click on a following video and watch what comes up. You may be shocked... although not as shocked as your unsuspecting prospect who clicks on the video following yours and sees a... well, go see for yourself.

January/February 2012 ITinCanada.com / 13

Spotlight feature

By IT Market Dynamics

Getting up to speed with social media There’s a lot of “smoke” around social media – and that leads to pressure on IT. But how much real social “fire” is there in the Canadian workplace?

henever we hear about the “consumerization” of IT, we’re told that social media – Facebook, Twitter, LinkedIn – has changed the way that Canadians approach the web, and that IT is under pressure to deliver systems and policies which can take advantage of social capabilities without exposing management to the potential productivity nightmare of an office full of FarmVille players. All of this buzz led IT in Canada to wonder, “how widespread is social media use within the Canadian workplace?” To find out, we asked a sample of 346 business managers (members of Leger Marketing’s Business Panel) to give us some insight into how social media is used within their organizations.

Don’t have a strategy in place? You’re not alone The first question we asked was, “Which of the following best describes your approach to corporate use of social media sites like Facebook, Twitter and LinkedIn?” Respondents were given four response options: • Social media is actively integrated into our corporate communications and collaboration strategies – we connect with our stakeholders through social media; • Social media serves a useful purpose as a source of input to our monitoring and analytics systems, helping us to understand what is being said about us; • We have some individuals who use Twitter, LinkedIn and Facebook to connect with contacts in the market, but no corporate-wide strategy for social engagement; and • We discourage use of social media as a forum for corporate communications and collaboration. Continued on page 25 14 / IT in Canada January/February 2012

Figure 1. Current approach to corporate use of social media sites

As Figure 1 shows, less than one-third of respondents report that they have active social media strategies. There is also relatively little variation across e-size categories, suggesting that this is less a matter of laggards failing to grasp the opportunity than of

market-wide indecision: for example, only 15% of small businesses, 10% of mid-sized organizations, and 13% of large enterprises report that “social media is actively integrated into our corporate communications and collaboration strategies.” With roughly

We don’t go home happy until you do.

Maurice

Downtown Ottawa 377 O’Connor St. 800.465.7275 victoriapark.com

and the snow storm

Maurice, our Front Desk Agent, isn’t exactly a huge fan of the snow. And driving in the stuff? He dislikes that even more. But one cold, grey December evening, our intrepid Maurice ventured out into one of the biggest storms of the season. What could have driven him to drive into this tempest? His sense of duty. You see, one of our guests had left an important item behind.

Knowing that a cab wouldn’t make it to the airport in time to reunite our guest with his property, Maurice took matters, as well as a frigid steering wheel, into his own hands. Arriving at the airport with mere minutes to spare, Maurice personally handed the item to our surprised, and extremely relieved, traveller. Proof once again that, even after you’ve left our hotel, you’re still a VIP.

Really,

ReallyBig Hotel Suites.

The moment.You know it. It happens any time you stay at a new hotel, right after you swipe your room key. The moment before you open the door. Will the room be big, or small? Light, or dark? Nice, or not?

and feature real bedrooms, real kitchens and real living rooms. And they don’t cost any more than those of our competitors. Really, why would you stay any place else?

Here’s what you’ll find the moment you open your door at Albert at Bay—space, and lots of it. Our suites are the biggest in Ottawa

DOWNTOWN OTTAWA

435 ALBERT STREET

613.238.8858

RESERVATIONS 800.267.6644 ALBERTATBAY.COM

In the Middle

By Chris Rogers

From left to right: Brian Bourne, CEO, CMS Consulting; Mary Ann Yule, vice president and general manager, CDW Canada; Stephen Perciballi, security solution leader, Softchoice; Rick Reid, president, Tech Data Canada; Claudiu Popa, president, Informatica; Ken Stewart, senior partner, Root Cellar Technologies

Canada’s IT channel speaks out on security and social media

s social media continues to make inroads into the way we communicate, 2012 promises ongoing emphasis on the benefits of social interaction and platforms. However, companies remain cautious about embracing technologies that will leave them vulnerable to phishing and socially engineered attacks. Social media might present more advantages than ever before, but never have there been more risks for companies looking to embrace it. This month’s In the Middle asks our experts to comment on security, social media, and the ways in which the two issues are connected in business strategy.

Q: It seems as if the range of potential threats continues to increase. Where do you expect your customers to focus their security energies and investments in 2012? Brian Bourne, CMS Consulting: Certainly threats continue to evolve. As defenses get 16 / IT in Canada January/February 2012

better, so do the attackers. Where customers need to invest varies. It depends on both what investments the customer made in the past and what assets they need to protect most. Managing and securing mobile devices, specifically Android and iOS, are top of mind, but it doesn’t always sort to the top. Mary Ann Yule, CDW Canada: One security challenge customers will face over the coming months will be driven by the concept of ubiquitous computing. With companies looking to make company information readily available through many mediums and devices to ensure better decision making, the threat of information loss increases. One example of this is the Bring-Your-Own-Device (BYOD) movement which is garnering a significant amount of interest by companies. This concept is where organizations let their employees bring their personal smartphones, tablets and laptops into the corporate environment

as business productivity devices. The arrival of these devices on the enterprise scene will catapult mobile device security straight to the top of our customers’ lists of security concerns. Rick Reid, Tech Data Canada: As we continue to see the growth of tablets, Bring Your Own Device (BYOD) trends and the evolution of cloud computing, the range of threats certainly has increased. There are new malware threats on smartphones, not to mention the potential for Wi-Fi attacks. However, I think in the enterprise world, we have come to the realization that “one security solution does not fit all.” As threats become more sophisticated, so must the solutions, and to that end we have seen more specialized vendors enter the marketplace. In most cases, a layered defence supported by multiple vendors working in harmony will be the most robust solution. Not only should an enterprise be thinking of intrusion

In the Middle

prevention systems (IPS), firewalls and antivirus, but they also need to consider DDoS, web 2.0 and endpoint protection. Ken Stewart, Root Cellar Technologies: Many companies are looking for a better way to protect their VM environments and traditional methods for securing physical devices have severe performance impacts in virtual environments. There is also lots of interest in VDI (virtual desktop infrastructure), which increases the need to look closely at security in the data centre. Stephen Perciballi, Softchoice: This will be the year of mobile device management (MDM) and data loss prevention (DLP). Last year, organizations realized the need for MDM solutions but were in the investigation phase. As organizations further embrace social media for business use, DLP technologies will be the most effective way to ensure sensitive data is contained. Claudiu Popa, Informatica: This will be a year of standardization. Clients and industries as a whole have gained maturity and awareness over the past three years and they’re putting it to good use this year by creatively allocating budgets to: improving security controls for key operational areas, such as physical controls, databases and

communications (including 3rd party data sharing); employee awareness programs and new policies that aim to contain data leakage and improve compliance for savvy-enterprises; and the adoption of best practices from hiring experts to conducting internal risk assessments.

Q: Several of you have mentioned the use of consumer PCs, smartphones and tablets and the need to apply corporate-grade security to these devices. Are there specific products and tactics that IT management should employ, to prevent malware from getting into the corporate environment and data from leaking out? Reid: First and foremost, it’s all about policy. Clear guidelines need to be established regarding such consumer devices being used on a corporate network. These devices can be compromised in many ways whether through cellular networks, Wi-Fi or Bluetooth, and we now have a growing number of vendors who specialize in securing these different endpoints to provide multiple layers of protection. While it would be a utopia to live in a world without IT security threats, unfortunately it doesn’t look like this will be a reality anytime soon – or ever, for that matter. The threats are growing and become more sophisticated and diverse. It’s

no wonder that security is topping the polls in most of the IT surveys I have recently seen regarding the IT space in 2012. Yule: The best solution is a combination of clear usage policies and robust management tools and this is where the partner play comes in. A whole segment of new mobile device management technologies has cropped up to help organizations cope effectively with the BYOD phenomenon, and it is critical to align with an IT solution provider to assess needs and identify mobile management products and solutions that suit companies’ unique environments. Perciballi: The first step in a mobility strategy is to employ MDM. This will allow for self-service provisioning and centralized management of IT policies on mobile phones and tablets. Again, the goal is to prevent data from being lost, and DLP technologies at the network layer can help to mitigate loss by preventing certain types of data getting to these mobile devices. Popa: We recommend standardizing on a single mobile platform for mobile communications that can be verifiably secured and we absolutely require all clients to have security and privacy awareness education before being allowed to take any devices (USB, January/February 2012 ITinCanada.com / 17

In the Middle mobile phones or laptops) out of the office environment. Recurring policy training is also an absolute must for today’s companies.

Q: Moving on to social media — there has been both positive and negative sentiment about how the use of social media impacts business operations. How has social media benefitted, or had a negative impact, on your clients? Perciballi: One of the biggest threats regarding social media is social engineering where someone can trick a user into providing information based on who they are (pretending to be). Preventing users from using social media is the same as preventing them from sending large files over email, they just use a USB key as a back channel. DLP solutions either in a web gateway, email gateway or dedicated appliance can help prevent certain information from making it, purposefully or not, to the social networks while still allowing users to generate content. Popa: Social media is an operational part of business, so it’s absolutely imperative for organizations to understand it, secure it, control it and leverage it intelligently. We interact with clients, partners and the media through at least five channels and centralize our control of the overall social media strategy. This allows us to keep in touch with our clients while developing even better ways to deal with security and privacy challenges. Yule: The proliferation of smartphones and tablets has meant that, more than ever, people connect to the Internet, social networking sites and their friends wherever and whenever they want. These new connections provide a rich new avenue for people to research suppliers and make decisions about whether they want to engage in business relationships. The relevance of the various social media platforms in the realms of business-to-business (B2B) versus business-to-customer (B2C) is something we’ve considered. LinkedIn and Twitter may be more applicable to B2B scenarios, while Facebook might be relevant for B2C initiatives.

18 / IT in Canada January/February 2012

Q: Lastly, to tie our two subjects together — are there any security issues associated with business use of social media, and if so, what should businesses do to protect themselves? Bourne: Certainly malware can spread through social media, but from a purely technical level, this usually falls into the categories of traditional web-borne malware and phishing. The bigger risk to the average business is that their social media account gets phished, or password compromised. This can create obvious public relation problems. Popa: Countermeasures are specific to each organization; however, the preventive controls are shared by all clients. They are: strong but clear social media policies, continuous education through employee involvement in intranet and blogging activities, and proper incident reporting and threat awareness. These are the three key elements of proper protection against security and privacy breaches arising from the corporate use of social media. Unfortunately, we expect to see some significant breaches affecting corporate reputations in 2012 and hope that they do not result in extensive amounts of trust erosion. Yule: There are plenty of security issues associated with using social media in the business world, ranging from brand marketing risks such as public opinion and quality of messaging to the more traditional risks such as lost productivity and leakage of proprietary data which are associated with allowing employees to access social sites. Often, employees can actually inadvertently contribute to a security issue by revealing information over social media that can be pieced together by a hacker with ill intentions. These unintended consequences can also arise when employees post sensitive information to a social site or blog using a personal social media account and referencing their employer. In fact, serious issues can arise even when the information being posted is not sensitive…But just as organizations worried in the past about employees using e-mail, instant messaging and the

Internet, businesses now must face the reality that social media in the business world is here to stay. Perciballi: Because this generation wants to communicate via social media, it should be embraced. Users should be briefed on what is appropriate to share and who to share it with. A data protection strategy should be implemented to ensure certain data stays either on the PC or in the network. Reid: The unscrupulous individuals of the online world are actually becoming even more sophisticated thanks to social media. Since a great deal of our personal life is now made public, it really doesn’t take much for someone with bad intentions to find out a little about your interests and set of friends, and target you with malicious attempts to gain unfettered entry into your network. This is happening even at the most senior levels. It’s not a stretch to target and figure out a certain CEO’s friends and interests. There really are people out there who can then easily send an email from one of your “friends” with a link you think is trustworthy (based on your mutually shared interests) that has just opened up your network to a threat. Though it may seem obvious to have a solid IT infrastructure with robust security hardware and software in place to protect your networks and email, I think people still underestimate the potential of social media threats…Of course, in the end, it’s just another way that humanity communicates, and we have to adjust and adapt accordingly. That’s the nature of our business and life. The first thing to do when even discussing social media in the workplace is to develop a solid and well documented and distributed policy that details exactly what is expected of an individual in the social media space when representing themselves and the organization. It should clearly state what topics can be discussed openly and who within the organization is even authorized to discuss such topics. Otherwise, it can be your own employees divulging confidential information, even unintentionally, that can be the biggest threat.

SAVE THE DATE

Please join us for our

Annual CIO Symposium Wednesday, June 20, 2012 8:00 am â&#x20AC;&#x201C; 5:00 pm King Edward Hotel 37 King Street East, Toronto

For more information please contact Sandra Service at sandra.service@itincanada.ca or 905-727-4091 Ext. 228

Brought to you by:

Case study

By Mary Allen

Winning friends and influencing players Hockey equipment supplier deploys Meltwater service to put social media between the pipes.

legendary name in Canadian hockey equipment supply, Reebok & CCM Hockey now runs a global operation with approximately 700 employees in Canada, Europe and the US and an extensive network of distributors worldwide. CCM was purchased by Reebok in 2004 (which was purchased in turn by Adidas in 2007); however, the group operates as a separate hockey business within the corporation from its Montreal headquarters and two manufacturing facilities in St-JeanSur-le-Richelieu (pro skates & gloves) and St-Hyacinthe (jerseys). Reebok & CCM Hockey is a top designer and manufacturer of all categories of hockey gear, a licensee to the NHL, and equips a number of professional hockey players, including superstar Sidney Crosby. But the company has come under increasing pressure from other market players, and has had to respond with new tactics in order to maintain its leading position in the industry. To meet this challenge, Reebok & CCM has developed what global brand marketing director Marc-André Charron calls “the power triangle” – a strategy to increase exposure through: pro validation of products, investment in R&D for product innovation, and marketing, via digital media in particular, which Charron notes “provides good focus and is low cost.” Through digital mediums, Reebok & CCM has built an impressive fan base of 215,000 on its Facebook page; however, Charron explains, in Canada at least, “everybody is a fan, but we are after the player with our hockey gear... With media, the real challenge is always ‘what is the most effective way to reach out to the consumer’?” Implementation: To build a more focused audience, Reebok & CCM decided a year ago to “take things to the next level” through deployment of Meltwater’s Buzz service. 20 / IT in Canada January/February 2012

Marc-André Charron, global brand marketing director, Reebok & CCM Hockey

Charron’s goal was to identify the active online participants and key influencers, and “turn these into brand evangelists or to empower those who were already active to become more so.” Since Buzz is delivered via SaaS, implementation involved a one day session led by the local Meltwater sales/ service consultant, who provided staff with a demo of the tool as well as integration with Reebok & CCM back office systems. And while the Buzz service is easy to use, Charron notes that they have been able to rely on ongoing service, support and training from their local Meltwater rep. But the company’s social media strategy involved more than tool deployment. CCM set up a social media studio, staffed by a dedicated social media analyst and a social media digital director, who are responsible for making sense of the data generated by Buzz, and who have the professionalism re-

quired to execute on a communications plan that associates the CCM brand and hockey player achievements with the appropriate subtly. According to Charron, the company also took the time needed to set up filters and KPIs to ensure effective use of Buzz – the biggest challenge, he noted, is to manage the massive amount of data produced by social media, and apply the analysis needed to turn data into real intelligence. With key objectives in place, Charron expects social media use will evolve at Reebok & CCM as his team learns more about the tool, and as the rapidly changing industry develops. Benefits: The Meltwater tool has a dashboard that enables Reebok & CCM to quickly see and measure performance against specific KPIs. However, for Charron, “it’s less about quantity and more about quality moving forwards” – the company has already reached a “critical mass” in terms of fan base, and is now more interested in better engagement with them using applications like sentiment analysis, based on the comprehensive web monitoring incorporated into Buzz. Ultimately, the Meltwater platform has helped the company to better understand market perception of its brand and topics of interest to the community, to respond to individual detractors and “feed” support for specific campaigns, product launches and the brand generally by connecting with individuals that are likely to have positive impact. But this is only possible if an organization is willing to invest with appropriate resources. For Charron, best practice entails a fully dedicated person: “It’s a mistake to think that you can cram the social media function with brand management, or PR or marketing... If you do, it will be really shallow, and you won’t move the needle. You have to care, and you have to put the proper function in place. More and more, this is becoming an art.”

By Mary Allen

on Management

Technospective

Searching for the two M’s Social media is hot, but how can companies harness its potential?

ocial media is big, bold and ubiquitous, but is there a business case for introducing social tools to the workplace, and how does it operate? While the social giants – the Facebooks of the world – after much wringing of hands have established workable models for monetization of the media, for many potential users, creating demonstrable value from use of these tools lingers in a mire of hopeful expectation. The notion that all organizations must become “social,” though, or risk relegation to the dustbin of irrelevance has begun to permeate business culture to the point where some observers argue we have reached a tipping point in adoption. Research by the Portland-based Whitehorse Agency, for example, argued in 2010 that 82% of B2C and 86% of B2B firms are using social media, and that 93% of business buyers believe all companies should have a social media presence. Closer to home, however, it appears that widespread adoption of social media is not yet fait accompli: the latest poll from IT Market Dynamics has found that social media “is actively integrated into corporate communications and collaboration strategies” at only 13% of Canadian organizations, and that two-thirds either have no “corporate-wide strategy for social engagement” or “discourage use of social media as a forum for corporate communications.” Market numbers can serve many masters, but this disparity in results begs the question: if everyone is rumoured to be doing it – what exactly are they doing? As with many technology areas, definitional questions may cloud our understanding of social media and its promise. While “social” usually conjures Facebook, Twitter or Google icons in the minds of the uninitiated, James Burchill, founder and CEO of

James Burchill, founder and CEO of Business Fusion Marketing

Business Fusion Marketing, has offered a broad definition that better captures the scope and potential of social media: “social media is a methodology and a mindset – it’s two things. It is a suite of tools that are ever expanding and ever changing, which enable us to do what we are naturally talented at – and that is to connect, communicate and share stories.” According to Burchill, social media is conducted via “multimodal messaging or video, audio, pictures and words,” and there are tools that are “predisposed to certain types of use and to certain segments of the marketplace.” Text-based Twitter, for example, is popular with users who are looking for rapid and direct sharing of information; Facebook, which integrates additional media such as picture and video, offers a “richer dimensionality,” while other specialty networks like Flickr or Google Plus are aimed at specialty channels.

Social tools within the corporate environment Another way to look at social tools is to consider their application within corporate environments. In this context, social media may be divided into outward-facing tools used to build profile with prospects and

customers, networks designed to facilitate communication within an organization or defined business community, and listening tools that companies may use to understand more about their own profile and markets. According to Toronto-based social media consultant Sara Chi, many companies have been reluctant to embrace the outwardfacing approach to digital media because it means relinquishing ownership of broadcast messaging as “the consumer’s voice takes control.” For Burchill, sluggish adoption of social technology as a way of building collaboration – at least until 2011 – resulted from perception that social media was “frivolous” or entailed a decrease in employee productivity and IT security. While some of these issues can be addressed through usage policy that trains and incents employees to use social media in a productive manner, another approach is to use of a new category of social solutions targeted largely at the enterprise customer, which address the security and productivity demands of the corporate world. Examples from the collaboration field include Cisco’s Quad, an internal or B2B network introduced last year that enables social engagement but operates within the security parameters set by Cisco’s UC platform, and the social components of IBM’s Connections platform, which allows users to access all data contained in the Lotus communications suite. Secure within the ‘walled garden’, users of these tools have been empowered to find the right expert resources, create global communities of interest, and collaborate via a variety of media – to increase productivity by thinking social through what Burchill calls “the private label social network” that does not carry the same security risk as do networks in the public domain. On the ‘listening’ side of the equation, January/February 2012 ITinCanada.com / 21

Technospective vendors have developed a different set of tools that crawl the Internet, mining social networks, blogs and other forums for information on a specific topics or brands. Going forward, Burchill believes the “two M’s – monetization and measurement” will have a significant impact on social media adoption rates. If this is the case, listening tools may lead the way as the business case is more apparent – or at least more immediate – in this category of products. Examples include Radian6 (now part of the salesforce.com family), a pioneer in social media monitoring that now provides monitoring on behalf of a number of global brands, including Dell, which recently launched a Social Command Centre to support its call centre, marketing and product development divisions. Some of the larger vendors have also entered the social listening space: HP, for example, has just released a Social Intelligence tool that takes advantage of contextual interpretation and unstructured data management capabilities acquired through its purchase of UK-based Autonomy Corp., while IBM offers Cognos Consumer Insight Analytics to help customers to monitor, analyze and respond to changes in consumer sentiment. But how do these tools actually drive the “two Ms”? On this score, Meltwater’s Buzz offers some insight. Headquartered in Norway, Meltwater has grown rapidly over the past 11 years into a global firm with offices in 27 countries, including three in Canada, based on a social product portfolio aimed at providing business intelligence. According to Ric Pratte, architect and director of Meltwater Buzz, the monitoring tool was originally designed to provide a “simple” solution for gathering that intelligence from global social media sources, which could be refined through support from local sales/ service consultants for regional relevance and delivered via SaaS, to help early adopters capture the opportunity to be “disruptive in their own markets.” Today, Pratte noted, as use of social media has gone “more mainstream,” Meltwater has pushed its product to enable its 2,500 global clients to react to market change more quickly through a service that is accessible, easy to use, and that provides a “quick return.” In Buzz, ‘return’ flows from a speedy, customizable 24/7 search of web mentions across 260 22 / IT in Canada January/February 2012

million sources, sentiment analysis based on natural language processing to determine the tenor of these conversations, as well as a breakdown of responding media types. Armed with this information, a client may develop new strategies for market messaging and advertising vehicles. Additionally, a company may use this information to proactively engage in the conversation, responding directly from the Buzz dashboard to customer queries, scheduling targeted posts to curate content, or creating new and supporting existing communities that exhibit positive brand identification. For this last activity, the tool provides a history of social activity as well as the social influence (connectedness) of individuals who may serve as brand or product advocates. While an exact ROI on this kind of activity may not be easily calculated, Pratte explains that the Meltwater SaaS model involves little investment in IT infrastructure, and that ultimately, social media is a communications medium that can be compared with the telephone: “There’s an ROI for the telephone, but measuring it is pretty tough.” And while it may be impossible to control conversations, it may be possible to lead them – in a positive way that extends beyond reputation management.

Expanding the impact of social connections In addition to brand management, social media is now being used by companies for sales and marketing, search marketing, development of market intelligence, lead generation, R&D, product design research, and customer service in consumer facing industries, as well as for communications or recruitment, particularly of next gen workers, in B2B scenarios across the vertical spectrum. Sara Chi has described three levels of engagement that companies evolve through as they develop expertise in social media: the first involves building awareness of your company or product; the second entails marketing of the service through the channel; and the third – building brand loyalty – speaks to the unique capability of social tools. The first two levels are not dissimilar to what traditional marketers have always done, except “it costs less” with digital media – but in the third stage, Chi explains, you build “your customer base

or community, and turn these customers into advocates or crusaders that would be prepared to fight on your behalf without you being involved.” She calls this process “earned media,” which is based on trust built through social networks – and something that you cannot buy. In some ways, Chi sees small businesses that may have “less bureaucracy” – fewer formalized process for managing the message – as more adaptable to the immediacy of social media. Additionally, small and medium businesses may not have the same requirement as global enterprises for sophisticated, multi-seat collaboration or monitoring tools that can integrate with other company systems or direct social data to the appropriate audience – or the budget for complex monitoring services that would have to be supplemented with staff resources close to the business. For SMBs, free tools with third-party advice may be a good approach. More important than technology, though, is planning. Chi advises companies considering use of social media to “start small” by first listening for a couple of months to what people are saying before planning a content or marketing media strategy. Once a strategy with clear business goals is in place, it becomes possible to measure project ROI. Burchill also sees alignment of social media strategy with business goals as a critical success factor: for fast onboarding, he recommends that companies “form a small steering committee or think tank of people who have a stake in the project who can sit down and figure out ‘what are we trying to achieve’?” In his view, good social media strategy includes analyzing the tools, the objectives and putting a plan in place that features concrete, measurable statements – “the ‘how’ becomes dead simple, and blatantly obvious, once you know ‘why’ you’re doing it” – and dedication of appropriate staffing resources. “It is not free to implement social media,” he concludes: it is a “fiercely time intensive” proposition that may be eased through intelligent automation, but which needs to be “curated, generally encouraged, and managed with a light touch by somebody senior within the corporation” as “social media is successful only if you say the right thing, on the right channel, at the right time.”

IT in Canada’s Reseller Reference File (RREF) is our directory of lead ing Canadian resellers

Receive current, actionable intelligence on the 900 most important and innovative VARs in Canada Type/size Geography Products carried Vendors carried Company description VAR records include company name and address, URL, phone number, and contact executives. Almost all records also contain the names of key contacts within the organization. Regular updates and expansion: Each entry checked annually for “in business” status, and 150 new entries added to the file each quarter The RREF has been built from a variety of sources – lists of top resellers, of Microsoft partners, of advanced partners of 20+ other vendors, of firms selling targeted solutions, and by including firms covered in our research activities, including those who have won BusinessPeople’s Choice© awards. Most recent additions: 100+ leading ERP solution partners.

The RREF is sold as an Access database application The interface allows customers to search on any of the fields in the database: products carried vendors carried, location of headquarters or branch offices, or the scope of the reseller’s operations (national/ international, super-regional, regional, local). Customers can also search by VAR name Available today, to help increase the productivity of your channel sales force! For more information on the RREF

at Sales@itincanada.ca

or call Patricia Bush 905-727-4091 x336

Research Feature Continued from page 9

organizations – though the fact that only 11% of Figure 8. B usiness and IT views on the organization security status respondents don’t believe that they are in the top 10% of their peer group suggests that there are some unrealistic perceptions within our IT respondent community. The data overall, and this discrepancy specifically, point to some interesting implications for IT managers. On a general level, business management believes that IT is doing a good but not outstanding job of providing for information security; there is room to grow, but a solid base to grow from. If IT management is in fact performing better than busition, though, IT management may want to ness management understands, readers may use benchmarking services from specialized want to spend some time educating their ITMD’s 2012 security research providers or from communities (including line of business colleagues about what is is delivered in two reports – one IT in Canada’s IT Insight Exchange) to build being done to secure corporate information based on a survey of business a data supported dialogue that can help assets – after all, security is viewed by busiusers, and another (upcomalign perceptions inside and outside the IT ness managers as a worthwhile investment department. area, so discussions on the topic are likely ing) document integrating this to be well received. As a step in that direcperspective with a survey of IT

decision makers. Both reports are available to members of IT in Canada’s IT Insight Exchange program and subscribers to All Points Connected research program at no charge. In addition, qualified IT managers can take advantage of ITMD’s Security Benchmark survey to assess their approach to security, privacy, continuity and compliance vs. peer organizations. Please contact Stephen Symonds at stephen.symonds@itincanada.ca for more information.

24 / IT in Canada January/February 2012

Spotlight feature Continued from page 14

one-third of respondents discouraging use of social media, it is clear that the wave of social media excitement found in the media is not universally shared by business managers.

Figure 2. Policy towards employee use of social media during work hours

Facebook in the office – pro, con, agnostic? Our second question asked business managers about policies towards use of social media sites during working hours. As Figure 2 illustrates, we see a difference between small businesses and (presumably more regimented) mid-sized and large enterprises: 46% of respondents from 1-99 employee organizations report that they either have no formal policy governing social media use or consider it to be positive for their business culture, vs. just 27% of larger enterprises. These larger organizations are nearly twice as likely (37% vs. 20%) to prohibit use of social media sites during working hours.

Figure 3. Funding for social media presence management

Social presence management The lack of enthusiasm shown by mid-sized and large enterprises for employee use of social media doesn’t necessarily mean that these organizations are disinterested in affecting the perceptions shaped by these sites. ITMD asked respondents “Does your organization have a formal budget for managing your social presence via sites like Twitter, Facebook, or LinkedIn?” As Figure 3 shows, 30% of our 97 large enterprise management respondents report that their organizations are dedicating budget to developing their social presence. Small businesses, which are more laissez faire about employee use of these sites, apparently are less interested in formal participation – just 10% report having budgets for social presence management.

Management upshot Combined, these three data points tell an interesting story. Respondents from all e-size categories have similar official policies with respect to corporate use of social media. However, execution varies widely: small businesses take a hands-off approach to

both employee use and to corporate presence management, while larger organizations are more likely to try to channel social media tools away from staff, and towards achievement of corporate positioning goals. Over time, it’s likely that these points will start to converge – that large organizations will become less proscriptive against employee use, while smaller firms will become more proactive with respect to social management of their corporate presences. In both cases – and throughout the journey – IT will be called upon to deliver support

for these policies. Through use of data like this, IT can expand its role from execution to advice, helping management peers to understand how best to plot a social strategy.

In 2012, IT Market Dynamics is launching a new SoLoMoN (social, local, mobile, networked) research program. If you are interested in social media in the Canadian business context, please contact Stephen Symonds at stephen.symonds@itincanada.ca January/February 2012 ITinCanada.com / 25

Case study

By Michael O’Neil

Unleashing the Inner Genius(es) With the support of 300 volunteer “social geniuses,” TD delivers social business across the enterprise

ackground: TD is familiar to all Canadians – and increasingly, as a result of recent acquisitions, to retail bank clients in the U.S. as well. TD is a full service North American bank with more than 19 million customers, serviced by 85,000 employees working in nearly 3,000 locations. The competitive environment is fierce – CIO Glenda Crisp describes, retail banking as “a game of inches, played out over years” – and the company is commited to exploring any potential source of advantage. TD sees social as an important and longterm strategy, beneficial both within the company and in the broader marketplace. TD vice president, social media and digital communications Wendy Arnott says, “We believe that social is the way that we will ultimately be connecting with our customers.” Because TD is in a regulated industry, however, the company decided to start its social activity with an internal system – “the biggest, most open, social network that we could... [to] unleash the power of our employees to collaborate, connect, and communicate.” TD expects to reap immediate productivity gains from this internal deployment, but also believes that the benefits will expand over time: “a lot of it is learning, for now. It’s new, and we want to be early in the game so that we gain that competitive advantage.” Social, in TD’s view, will ultimately play a key role in the bank’s business. “How do we win in this highly-competitive world?” Ms. Arnott asks. “The answer is really clear – become a social business…social in everything we do, and how we do it.”

The business context: TD is a growing organization, and much of that growth has been fuelled by recent acquisitions in the U.S. As a result, it can be difficult for staff to identify internal contacts who can help them to resolve process or customer issues. In a 26 / IT in Canada January/February 2012

service industry like banking – where timely, accurate responses are essential to satisfying existing customers and winning new ones – richer and more efficient communications pathways can be critical to success. Internally, TD prides itself on “a culture of transparency and openness.” Employees “are used to being able to comment on every news story we put up on the Internet and to having a dialogue.” This corporate pattern of participation has helped spur both the opportunity for and the take-up of the social solution. Technology approach: TD has implemented IBM’s Connections platform to enable its social interaction. Connections allows TD to integrate communications capabilities – such as Sametime instant messaging, Lotus Notes email, WebSphere portal technology, and video – with the ability to quickly and easily create individual profiles and online communities.TD has integrated this solution with third party technologies, including Microsoft SharePoint (which was in use prior to the Connections rollout) and VoIP to create a rich collaboration environment. Through the Connections deployment, TD did rely on support from IBM Laboratories Services, and from a third party consultant with experience in social networking, but the project to date has not required “a huge amount of system integration work.” It did require some new platform hardware, but as CIO Crisp notes, “We also were in the process of upgrading our portal, and... we factored in Connections…we took a step back and spent a little more time assessing how much hardware we should buy. So we actually slowed down the process to make sure that we got it right.” One interesting aspect of TD’s approach was having Jeff Schick, IBM vice president of social software, sit on TD’s executive steering committee. This paid dividends in

several areas: it provided TD executives with a knowledgeable peer who could help them to understand social opportunities, and it gave the IT team a conduit back to their supplier “so that if we did encounter issues along the way with the project, we could immediately get the right attention from IBM.” User staging and acceptance: TD’s target audience for the Connections solution is “all of our employees…over 85,000 employees in Canada and the U.S., [and] some in the U.K. as well.” The deployment escalated very rapidly: from an initial pilot of 500, to 5,000 users in Canada, to TD’s 50,000 Canadian employees, followed by an initial group of 3,000 U.S. staff members, which will be followed by another 25,000 American bank staff members. Uptake of Connections within TD has been far beyond expectations. The broad Canadian launch began at the end of November 2011, and has already resulted in the creation of more than 2,000 communities, with more than 40,000 users having already logged into the system. Ms. Arnott believes that this is proof of “how much people want to use these tools at work,” while Ms. Crisp adds, “We had some expected volumes that we thought we would hit based on some industry benchmarks, and a lot of conversations with IBM. The first week we exceeded those by a factor of seven.” One of the unique factors driving this groundswell of social engagement was the establishment of a “social genius” group within the bank. Employees “who are more socially savvy, or just interested” in learning more about the social platform were asked to join the Connections Genius program. Members were given access to enhanced resources, and then in turn became peer leaders within the bank’s employee community. More than 300 TD employees have already volunteered to become part of the Connec-

Case study

Glenda Crisp, VP & CIO, TD, and Wendy Arnott, VP, social media and digital communications, TD, with IBM senior vice president Mike Rhodin at Lotusphere 2012

tions Genius group, and the program provides a means of engaging business units in the social system. Ms. Arnott says that when she is approached by a business unit manager saying, “we’re not really sure how to get started” with Connections, her team recommends appointing a ‘genius’, and tells the manager: “It’s a great opportunity for them, and you’ll be able to move forward…[The employee will get access to] all the materials and training that TD’s social media team has, and then they’ll be able to help you” to capitalize on social business opportunities. Ms. Arnott notes that this kind of business unit involvement can help uncover new uses for Connections: “The closer you can get to the real problem that a business is trying to solve, the better, and so who’s better to do that than the people in the business?” Business results: Since TD views social business as a long-term strategy, it expects success measurements to change over time: “initially, [the key benefit is] an improved

employee experience and better employee engagement. But over time...collaboration, ultimately, will yield cost savings.” At present, TD’s key metrics focus on the number of people within the bank who are actively using Connections, and the extent to which they are building and/or joining workplace communities. As noted above, to date, TD has seen both broad take-up (over 40,000 employees logged in) and depth (more than 2,000 communities created). Even at this early juncture, TD is able to point to many tangible benefits arising from the Connections system. With it, “you can find experts faster, and that’s really important – there are always fewer experts than employees…You can [also] find information faster…things used to be worked on in isolation, in e-mail, they’re now part of an asset that is searchable and findable by others.” Ms. Arnott also notes that, for TD, “making it easy for people to work across silos is a huge benefit...and our workforce, at all levels, will become more understand-

ing of how social communication and collaboration works…making us more agile, more flexible, as an organization. It’s going to allow us to leverage talent better. “ Peer advice: Both Ms. Arnott and Ms. Crisp offered social business advice based on TD’s experience. Ms. Arnott offers “five practical words of advice:” leadership matters (executive support is crucial); dedicated team (“someone should be waking up every morning thinking about how to make this a success”); great partnership (many groups – business, IT, legal, compliance, etc. – need to be at the table); get into the weeds (work with early adopters, and showcase their successes); and engage employees (employees “get it,” and they become advocates for the solution). Representing the IT perspective on the question, Ms. Crisp expands on the partnership theme: “engage security and compliance teams early on – because they’re going to drive requirements which you do need to address.” January/February 2012 ITinCanada.com / 27

New in Social

Perspective and invective from the IT in Canada Forum

The IT in Canada IT Forum is Canada’s most active source of IT-focused social content. Here’s a sampling of what’s new/active, as of Jan. 18, 10:37 a.m. Hackers Want Their Own Satellites Posted: 3 hours, 19 minutes ago...Started by: James Burchill… Forum: IT Bulletin: Insights for SMBs...Views: 14... Replies: 1 Hackers wearing white hats (meaning the good guys) are hoping to build a world-wide network of people donating funds, energy, and expertise to help create a private network of orbiting satellites capable of maintaining an uncensored Internet experience. The idea comes as a reaction to the increasing trend of government censorship of the Internet and World Wide Web, including pending legislation in the U.S. They’re calling the project the Hackerspace Global Grid and are building plans for a grid of ground stations and communications satellites that would be independent of governments worldwide. Long-term, if the initial project succeeds, they’d like to further prove the model that governments aren’t the only answer by staging the first moon landing since the Apollo missions. The Challenges Beyond the obvious challenge of funding, the technological feats here would be huge. So far, hobbyists and amateurs have only managed to put low-orbit satellites into space for short periods and tracking has proved nearly 28 / IT in Canada January/February 2012

impossible without a large budget to afford complex and costly hardware. Of course, none of this means that HGG would have to launch their satellites themselves. Or even make the satellites to be launched. All could be purchased from professionals already in the game, many of which are private and not government. That goes back to funding. A satellite and launch can cost in the millions. Nick Farr, the hacker-activist (not the same as a ‘hactivist’) behind the HGG project, has only just begun asking for donations in August. So the project is still in its infancy. The Ground Network Will Be Toughest The toughest part of the project will be the ground network. Since virtually all land on the earth is claimed by one or another government, any buildings or equipment used to track and communicate with satellites in orbit would be subject to their laws (and enforcement). To counter this problem, the HGG project is proposing a ‘grid’ of small stations - something that could be in a person’s home, backyard, or even stashed on an abandoned property - that would act as a sort of reverse GPS. Rather than using a satellite to track geo-locations, the grid would use geolocation systems to track satellites. If the sites are fixed and in precisely-known locations, this would be easy and would not require expensive hardware. HGG Overall The total plan is ambitious, interesting, and definitely fun to speculate about. Would it make reality? That depends entirely on the will of those who are on-board with the project. Larger things have been accomplished by dedicated groups before. There’s no reason this one should be any different.

Reply: • If the Internet boycott that launched today in protest against government intervention, and the Stop Online Piracy Act and the Protect Intellectual Property Act bills specifically, is any indication, this may be an idea with some legs. Organizers of SOPAStrike.com have lined up sites such as WordPress, Mozilla, Wikipedia, and Google to participate - the total number of websites that have signed on to the strike is apparently 7,000. Past appeals from Wikipedia for funding to support open sharing of information have not gone unheard, and a number of the Internet giants that have expressed concern are not without resources of their own. Wonder if a link between a day of protest and a technology solution can be established? or a musical version of the protest, F check this out: http://www.youtube.com/ watch?v=1p-TV4jaCMk&feature=player_ embedded#!

Angry Chinese chuck eggs at Apple reseller store Posted: 4 days, 16 hours ago...Started by: DaveChappelle… Forum: Security...Views: 180... Replies: 1 The Apple distributor in China had several bad experiences when it ran out of iPhones on launch day. Angry wanna-be buyers threw eggs at one store. And if hyping and then not delivering a product millions want wasn’t enough of a screw-up, it turns out the voice recognition software doesn’t do Mandarin. Steve, you’re sorely missed. Reply: • I’m a little short of sympathy for the Apple

NEW iN Social

folks - it was a self-inflicted wound. They worked very hard to build expectations way beyond what they could deliver, and then are baffled when customers get irked? Come on!

DATA BrEACHES In CAnADA Posted: 1 week ago...Started by: Nubee… Forum: Security...Views: 209... Replies: 2 Only the province of Alberta currently requires companies to report incidents involving the theft or loss of personal information. While there are changes ahead to Canada’s privacy laws (found in Bill C-12), the Ottawa based Public Interest Advocacy Centre (PIAC) is concerned. From the executive summary of their report Data Breaches: Worth Noticing? Data breaches are a modern consumer scourge. Born of large databases of personal information, these mishandlings of data by business, government or non-profit organizations appear to the Privacy Commissioner of Canada to be involving more records and becoming more serious by the month. The potential results of data breaches for consumers are identity theft, serious disruption to banking and other commercial activities, mistrust of organizations, reluctance to

engage in online commerce and general consumer disappointment and stress. The report recommends that Bill C-12, An Act to amend the Personal Information Protection and Electronic Documents Act, be significantly toughened to require all data breaches be reported promptly to the Federal Privacy Commissioner, who in turn should have the power to order companies to notify individual consumers when there is a real risk of significant harm to them. The report also recommends Bill C-12 be amended to give the Privacy Commissioner of Canada order-making power to enforce the requirements and a fining power for non-compliance. w w w. pi a c . c a / pr i v a c y / c h an g e _ d a t a_ breach_b...s_new_piac_report_1/ Reply: • Greater minds than mine have disclosed why full disclosure is the best. www.schneier.com/blog/archives/2011/11/ full_disclosure_1.html www.schneier.com/blog/archives/2011/12/ recent_developm.html Nevertheless this bill is incapable of fixing breaches no one has yet identified. Yes I know no one is capable of fixing unidentified threats -- altho some security vendors claim their products are.

“The absence of evidence is not the evidence of absence” said Martin Rees. Samuel L Jackson says it better when voicing a white thug in The Boondocks. Reply: • I hope the federal and provincial privacy commissioners have the wit to collaborate, and not get into jurisdiction wars about what should be reported to whom. The important thing is for consumers to be protected from identity theft and other misuse of their personal information.

If you want to check out the IT Forum yourself, you can find it at www.itforumexchange.com (or simply by clicking on the Forums link at the top any page on IT in Canada, www.itincanada.ca). While you’re there, why don’t you register (it’s free) and join the debate?

January/February 2012 ITinCanada.com / 29

Executive Perspectives

Smart Trust C

By Dr. Paul Crookall

Dr. Stephen Covey, author of The 7 Habits of Highly Effective People, is one of the world’s most respected business thinkers. Here’s what he has to say about Smart Trust ontext: Dr. Stephen Covey has sold more than 20 million books, and his The 7 Habits of Highly Effective People is included on “must-read management books” lists compiled by Forbes, Time Magazine, and others. In recent years, Dr. Covey has focused his attention on the issue of trust. His most recent book, Smart Trust, was published on January 10, and his previous book, The Speed of Trust, has sold more than one million copies. Dr. Covey spoke recently with Dr. Paul Crookall (editor emeritus for IT in Canada sister publication Canadian Government Executive) about establishing trust in public and private sector organizations.

Paul Crookall: Why does the concept of trust resonate so well in both the public and private sectors? Steven Covey: Both are increasingly being asked to do more with less, and they need to team, partner and collaborate. Trust isn’t a fuzzy soft social virtue, but a hard-edged economic driver. If leaders can increase trust, the speed increases and the cost decreases. Trust accelerates performance.

Crookall: How do you get there? Covey: It’s not enough to say “Go build trust.” At one level, people get it. We all know people we can trust and those we can’t. But we don’t all know the actions to get there. Trustworthiness is credibility, a combination of character and competence. It requires self-reflection. How credible am I? Do I trust myself? Do I give others a person they can trust? First, focus on our values. Second, focus on our behaviours. Assess – do I behave in ways that build trust? What behaviours in others cause me to trust them? Do I show those behaviours? Ask your team: “What more can I do to build trust?” Tell your team: “Here’s what more you can do to build trust with me.” 30 / IT in Canada January/February 2012

Best-selling author Stephen Covey

We identified 13 high leverage behaviours that build trust (see box). They make common sense and if they become common practice, the organization builds a high trust culture. We’re just trying to make common sense common practice. Your responsibility is to control yourself and create a trustable person, while creating the conditions in your workplace for others to trust you, and each other.

Crookall: So, can we stop the tension of doing more with less, and build trust that focuses on productivity? Covey: We need to constantly get better. Good leaders provide a vision of that goal. They build a team that can model trust behaviour, which can be productive and innovative. They clarify expectations and achieve the organization’s goals while creating energy and joy. In the end, if someone is a trust destroyer, and not able to change their behaviour, they may be in the wrong seat on the bus, or even need to get off the bus. If you get it right, the culture becomes the enforcer, rather than the rules, and people hold each other accountable. When you try to make changes like this, you get lots of push back. “What if we get it wrong?” “You don’t understand our world.” “How do you build trust in a rules-based organization?” Crookall: How can leaders contribute to building trust?

Trust-Building Behaviours 1. Talk straight 2. Demonstrate respect 3. Create transparency 4. Right wrongs 5. Show loyalty 6. Deliver results 7. Get better 8. Confront reality 9. Clarify expectations 10. Practice accountability 11. Listen first 12. Keep commitments 13. Extend trust Covey: Five steps are: 1. It begins with recognition that if we build trust we can better serve the public, and have more joy in the public service workplace. So we choose trust. 2. Start with yourself. 3. Declare your intent to build trust. 4. Do what you said you were going to do. 5. Have the courage to go first and extend trust. Don’t extend it naively, nor as an absolute. But don’t let trust abusers, poor performers, or unethical behaviour define the culture. Behave your way into trust – doing what you say you will do is the simplest, most important technique. The biggest trust-killer is declaring you will do something, and not following through.

Note to readers: IT in Canada is working with our sister publication, Canadian Government Executive, to bring Dr. Covey to Ottawa for a morning presentation, which will be followed by a “Technology and Trust” afternoon workshop. All attendees will receive a copy of Smart Trust. For more information, please contact Sandra Service at sandra.service@itincanada.ca

SAVE THE DATE Smart Trust with Stephen Covey Join us as we look at how Trust and Technology is a critical issue in forging the links that connect business operations with customers. KEYNOTE SPEAKER:

Stephen M.R. Covey Co-founder and CEO of CoveyLink Worldwide

June 2012 Ottawa, ON

He is the author of The SPEED of Trust, a ground-breaking and paradigm-shifting book that challenges our age-old assumption that trust is merely a soft, social virtue and instead demonstrates that trust is a hard-edged, economic driver â&#x20AC;&#x201D; a learnable and measurable skill that makes organizations more effective, people more promotable, and relationships more energizing.

REGISTER NOW! For more information please contact Sandra Service at sandra.service@itincanada.ca or 905-727-4091 Ext. 228

Brought to you by:

Meetings from a laptop. File sharing in the cloud. Closing deals by videoconference. It all works together.

Introducing Microsoft Ofce 365. Collaborate in the cloud with Ofce, Exchange, SharePoint, and Lync videoconferencing. Starting as low as $11.75 per user per month. Begin your free trial now at ITCdn.Ofce365.ca

Scan this tag with your smartphone to see Ofce 365 in action.

14842_MSA062_Communicate_ITcanada_8p125x10p875.indd 1

12/21/11 11:48 AM