November/ December 2018
INSIGHT FOR TECHNOLOGY PROFESSIONALS
DYNAMIC WORKPLACES Levelling the playing field for small businesses
Publication Mail Registration Number: 42169527
Three mistakes that can sink your IT projects How chatbots are improving the employee experience www.itincanadaonline.ca
Your business is not too small to experience cyber fraud
6 Three mistakes that can sink your IT projects By Ross Hebert
8 Dynamic workplaces can level the playing field for small businesses By Ching Mac
10 Tools to develop a smart risk management strategy in today’s digitized workforce By Paul Chapman
12 Alert? What alert? By Eric Jacksch
14 Don’t Blame SQL By Eric Jacksch
16 How chatbots are improving the employee experience By Marc LeCuyer
18 Three ways AI can improve your small business’s finances By Brian Veloso
20 Your business is not too small to experience cyber fraud
COVER STORY: Dynamic workplaces can level the playing field for small businesses
By Brian Veloso
21 Citrix changes the game of how we work with Workspace app By Marcello Sukhdeo
22 Box Feed: An intuitive and smart way to surface content that is relevant to you By Marcello Sukhdeo
Online Extras: www.itincanadaonline.ca
Missed an issue? Misplaced an article? Visit www.itincanadaonline.ca for a full archive of past IT in Canada Online issues, as well as online extras from our many contributors.
November/December 2018 IT in Canada Online / 3
MESSAGE FROM THE EDITOR-IN-CHIEF INSIGHT FOR TECHNOLOGY PROFESSIONALS
EDITORIAL EDITOR-IN-CHIEF: J. RICHARD JONES
EDITOR: MARCELLO SUKHDEO
905-727-3875 x4 Marcello@promotivemedia.ca
CONTRIBUTING WRITERS: PAUL CHAPMAN ROSS HEBERT ERIC JACKSCH MARC LECUYER CHING MAC BRIAN VELOSO SALES MARCOM, OPERATIONS MANAGER: DAVID BLONDEAU
ART & PRODUCTION ART DIRECTOR: ELENA PANKOVA
SUBSCRIPTIONS AND ADDRESS CHANGES CIRCULATION COORDINATOR
1-226 Edward Street, Aurora, ON, L4G 3S8 Phone 905-727-3875 Fax 905-727-4428 CORPORATE COO AND GROUP PUBLISHER: J. RICHARD JONES
PUBLISHER’S MAIL AGREEMENT: 42169527 IT in Canada Online magazine is published six times per year. All opinions expressed herein are those of the contributors and do not necessarily reflect the views of the publisher or any person or organization associated with the magazine. Letters, submissions, comments and suggested topics are welcome, and should be sent to John@promotivemedia.ca
www.itincanadaonline.ca REPRINT INFORMATION
High quality reprints of articles and additional copies of the magazine are available through firstname.lastname@example.org or by phone: 905-727-3875 All rights reserved. No part of this publication may be reproduced without written consent. All inquiries should be addressed to email@example.com
Dynamic workplaces As we head toward the end of the year, it is exciting to take a look back to see the advancement within the tech field. From cloud to data, AI to mobile, so much is happening at such an exponential rate. All of this with the aim to improve productivity and efficiency in the workplace and in our personal lives. In this issue of IT in Canada, we have dedicated a sizable portion to the workplace and AI. But before I tell you more about this upcoming issue, I would like to convey some news about what to expect for IT in Canada Online in the next months. We are planning a fresh new design of our website with a focus on bringing more relevant content for Clevel executives, IT professionals, security experts and consumers. In the past, we haven’t put much emphasis on end users, but with the growth in mobile, we can see a blend of what we do in the corporate world and at home. This new makeover will include more videos, podcasts and reporting from the tech world. So, stay tuned. Now back to this issue, in the leading article on dynamic workplaces, Ching Mac, Director, Citrix Canada talks about how despite the growth in digital, technology adoption remains low among small businesses. To grow, companies today have the opportunity to join the digital movement to build more mobile, flexible and secure workplaces. Paul Chapman, Chief Information Officer, Box Inc. shares some tools to consider in building a smart risk management strategy in today’s digitized workforce. He points out that cloud services can lead to more opportunities for control and visibility for businesses. With AI being talked about in every industry, Brian Veloso, Senior Director, SAP Concur Canada writes about three ways AI can improve small business finances. The rise of chatbots is also taking businesses by storm. Marc LeCuyer, Canada Country Manager, ServiceNow discusses how chatbots are improving the employee experience and the power it brings to a business is undeniable. Other articles on mistakes that can sink your IT projects, your business is not too small to experience cyber fraud, and a workspace app to manage all your apps in one place are in this issue. Thanks for taking the time to view this issue, we hope that you find it informative and insightful.
J. Richard Jones Publisher and Executive Editor
4 / IT in Canada Online November/December 2018
save the Date
JanuaRy 30, 2019 Venue: Chateau Laurier, Ottawa RegistRation is open
By Ross Hebert
Three mistakes that can sink your IT projects
ost articles you’ll read will provide you with best practices and tips on how to effectively identify and implement cutting-edge technologies. While there are many factors that go into the success of an implementation, there are some considerations that will definitely cause your project to fail; these are rarely discussed. Too often, leaders are preoccupied with the day-to-day logistics of a deployment – when do we start, how many seats do we buy – that they make major strategic mistakes that can hamstring their project. To highlight key areas to sidestep, I’d like to use Canada Post’s organization-wide implementation of an electronic management solution that featured SharePoint and a few key add-ons such as harmon.ie, a workplace productivity app. The goal of the project was to help us manage Canada Post’s 10+ terabytes of (mostly unstructured) data. The initial aim was to make it easier for employees to store and manage within SharePoint. Research conducted by my team demonstrated some privacy and compliance concerns where corporate information was being stored. Worse, we found a significant number of documents that were beyond their required retention period as determined by our retention and disposition schedule. This chaotic environment made it difficult to find specific information so workers were often forced to unnecessarily – and sometimes unknowingly – recreate documents because they were unaware that the information already existed. It was a big, complicated and messy project so it was imperative that we sidestep any of the common pitfalls that agencies can fall into.
Mistake #1: Death by Consultant I’ve always been fortunate to have ultratalented project teams but Canada Post, like most government agencies, lacked the
6 / IT in Canada Online November/December 2018
IT PROJECTS WE STARTED THE PROJECT THINKING THAT WE WERE GOING TO MIGRATE ALL OF OUR DOCUMENTS TO SHAREPOINT AND THEN DISCOVERED THE COMPLICATIONS THIS WOULD CREATE.
in-house expertise to roll out large-scale IT projects. That’s not the problem. The problem arises when a government leader hires external help and essentially hands over the keys to the project. Agencies must have a great internal team managing and participating in the work alongside their external partners. Consultants can have more technical skills and know-how than the internal team, but they don’t know the internal culture, workflow and specific requirements of each department. External partners should be willing to adapt their formal methodology to meet the unique needs of the project, as opposed to taking a hard stance. That said, partners must be more than just arms and legs; outside firms must be empowered to offer their expertise to ensure the best ideas from the entire project team are utilized. As long as you’re looking to achieve the goals of the project, you have to be flexible in how you implement your methodology and willing to compromise. It’s also imperative that both parties speak the same language. I’ve always found that outcomes-based language – “I need a 95 per cent adoption rate for this tool” vs. “I need 400 seats” – is much more productive because it allows the consultants to flex their strategic muscles and make recommendations on the most efficient way to achieve project goals. IT projects are fluid and even the best-laid plans often undergo significant changes. External partners that are willing to take the journey along with you – including all of its ups and downs – are valuable assets. However, if you keep hearing the phrase “change request” uttered, I recommend you change consultants.
Mistake #2: One Sales Pitch, Many Departments
A successful technology project – at its heart – is about convincing people that the impending change is not only required but a
step in the right direction. A wide variety of departments within Canada Post would be using this new functionality but would have a different set of problems that would need to be resolved. The project team has to execute what would in the political realm be called a “hearts and minds” campaign. The fact of the matter is that workers don’t want to change the way they work and so, therefore, must be convinced. Government IT leaders need to accept the fact that the only individual that wants change is a baby and even they cry during the experience. If you go one-size-fitsall, you’re doomed to failure. This was a major motivation for using harmon.ie in this particular project. harmon.ie is an Outlook plug-in that presents SharePoint directly within the Outlook window, so workers don’t need to toggle between the two apps to upload document attachments and email messages to SharePoint. And since we knew the majority of Canada’s Post’s office employees used Outlook as their primary working portal we wanted to provide tools that would facilitate that workflow. With harmon.ie, employees were able to use the drag and drop interface to tag and store files within our SharePoint system right from Outlook. Our employees needed very little training because harmon. ie fit snugly within their existing workflow. Choosing user-friendly software like harmon.ie helped us sell the project is a nonhindrance to their workflows. My teams used a “franchise in a box” model. We had a core methodology that we used to create a continuous learning curve so we could improve the outcomes of each departmental rollout. Accountants are going to have wildly different interactions with the project team than the engineering team. These input sessions allowed us to introduce the project and start to build the trust necessary for employee buy-in. Over the course of the project, we dis-
covered a number of other pain points that needed to be resolved. Workers were using a number of unconventional methods to store information so we needed to work with them to get everyone back in the fold. It’s important that government IT leaders be willing to adjust their goals to accommodate serendipity.
Mistake #3: When it Comes to Mass Document Migration... Don’t Do It!
This may be a niche problem but it’s worth mentioning: mass document migration is a nightmare and should be avoided wherever possible. Records management projects typically require some kind of transition from one platform to another but there’s typically a high proportion of unnecessary, duplicate and very old documents to justify the tremendous amount of work, resources and headaches required to execute. At the end of the day, the team will be spending a ton of time and effort to move documents no one will ever open again. This is a great example of where changing your methodology makes sense. We started the project thinking that we were going to migrate all of our documents to SharePoint and then discovered the complications this would create. Our decision to change saved significant heartache and, utilizing harmon. ie, allowed us to make this change and save our project considerable costs. In compliance with your retention and disposition schedule, my recommendation would be to encourage workers to ruthlessly remove all unnecessary documents. Instead of migrating everything, harmon.ie enabled workers to easily choose which documents they themselves required and thereby execute low-volume migrations without any complications. It’s important for project teams to understand that not everyone cares about their project. It’s up to the project team to prove that the tools being implement provide value to their everyday work lives. Project teams that don’t make tech easy for users to learn and use will find their brilliantly executed implementations flop. Systems and processes must be easy and intuitive or else failure is imminent. By Ross Hebert is the former Director of Compliance at Canada Post.
November/December 2018 IT in Canada Online / 7
By Ching Mac
Dynamic workplaces can level the playing field
FOR SMALL BUSINESSES Cash flow, fatigue, finding and retaining profitable customers and staying current with technology â&#x20AC;&#x201C; these are just some of the problems faced by Canadian small business owners. These issues were brought to the forefront during Small Business Week. 8 / IT in Canada Online November/December 2018
here are more than 1.3 million businesses in Canada. Ninety-eight cent of these companies are either small businesses or micro-businesses and employ over 70 per cent of the workforce in the private sector. Despite that significant footprint, digital technology adoption remains low among small businesses. According to a 2017 Startup Canada report, the main barriers to general digital adoption among Small Business Owners (SBOs) were high cost (44 per cent) and time (38 per cent) with updating and maintaining new technology platforms within their companies. These same barriers
were also stated by SBOs looking to adopt advanced digital technologies. This is problematic considering we are moving towards a place where work is no longer a place â&#x20AC;&#x201C; even for small businesses. Itâ&#x20AC;&#x2122;s an increasingly dynamic activity that people expect to be as adaptable as they are. Employees, especially top-talent and millennials, are looking for flexibility and mobility in their workplace. Providing the right technologies to support workplace trends is critical to finding and maintaining the best people. Small businesses are vulnerable to being overrun by bigger companies, with larger budgets
WORKPLACE and more advanced infrastructure, if they lag in this area. One avenue to level the playing field is cloud computing, which lets small business reap the benefits of cloud while avoiding the unpleasant costs of investing in IT infrastructure and maintenance. For example, a small communications agency or a delivery franchise can give employees access to work applications on the go, enabling them to be more productive and efficient while not risking security or convenience. This can mean supplying work applications, such as Salesforce, Office 365, QuickBooks Online and more while out of the office. Ultimately, cloud computing can provide small businesses with new levels of flexibility and mobility. Other benefits for small businesses include data backup, easier information-sharing across devices, file storage, and importantly – the right sized infrastructure. Having the right digital technology means small businesses are prepared to scale – whether up or down. The cloud can be customized to the unique size of the workforce, the roster of projects, or other variables. This means small businesses don’t have to put up an initial investment in IT infrastructure that may be useless if a company experiences a downturn or loses a big client but can also be accelerated if necessary. There’s no need to hire an IT manager if a business grows, only to fire them if it shrinks. Usage can be small and gradually increase when needed. This is possible because small businesses can outsource to cloud service providers that maintain the IT infrastructure for them. This includes the major players such as AWS, Google Cloud, and Microsoft Azure, which can often operate in tandem with a company’s on-premise IT. By hiring a cloud vendor, cloud computing apps are regularly updated, so owners don’t have to spend time and money doing it. Perhaps most importantly, cloud services have built-in security features– making it one less line item business-owners have to worry about. It’s a well-publicized reality that cybersecurity can be a company’s pitfall. Facebook, Uber, Equifax – these are the company case studies that get thrown around. However, security should be at the top of the corporate
priority list, in every industry and every size– which research has found not to be the case. For example, the Citrix Cloud and Security Survey found four-in-10 Canadians email work data home to their personal email. It also found that 63 per cent have shopped or surfed the web on a company device, and 50 per cent have been a victim of a phishing email or an online virus. Incorporating services such as cloud, or virtualization – where work data is stored in a virtual data center that is secured rather than on the device itself – can limit opportunities for breaches, whether they are caused by malicious attacks or employee mistakes. Small businesses, whether they want to grow to a larger company or stay small and nimble, have the opportunity to join the movement to more mobile, flexible and secure workplaces. As competitors increasingly hop on this trend, small business owners’ bottom lines may just depend on whether they can compete in an uncertain economy.
INCORPORATING SERVICES SUCH AS CLOUD, OR VIRTUALIZATION – WHERE WORK DATA IS STORED IN A VIRTUAL DATA CENTER THAT IS SECURED RATHER THAN ON THE DEVICE ITSELF – CAN LIMIT OPPORTUNITIES FOR BREACHES, WHETHER THEY ARE CAUSED BY MALICIOUS ATTACKS OR EMPLOYEE MISTAKES.
Ching Mac is the Director for Citrix Canada. November/December 2018 IT in Canada Online / 9
By Paul Chapman
TOOLS TO DEVELOP A SMART
RISK MANAGEMENT STRATEGY in today’s digitized workforce
ith digitization of the workplace, the impact of the speed of change on an organization can be overwhelming. One major change impacting enterprises in Canada is the move to cloud services; in fact, 47 per cent of Canadian organizations cite cloud computing as a form of technology that will have a major impact on their businesses in the next three years. However, an increasing reliance on cloud services, while positive, means businesses need the proper tools to address compliance, data residency and privacy concerns to gain control of their content and to harness its full potential. It is essential to take preventative steps to mitigate risks associated with moving to a new technology architecture, that’s why a robust risk management program is essential to ensure future success in today’s innovationdriven climate. As businesses embrace these paradigm’s, there’s an opportunity for CIOs to turn risks and risk mitigation activities into strategic business benefits; building trust inside and outside of an organization by equipping employees with the right knowledge and support to navigate the cloud. Below are my thoughts on four areas CIOs should embrace to manage risk as businesses move to a digital world.
Access controls are key Cloud services offer the convenience for employees to access information from any de10 / IT in Canada Online November/December 2018
vice and anywhere, providing more flexible working conditions. However, this can also mean sensitive content is more vulnerable to exposure. Having an IT security strategy that requires every user, system or endpoint device to be validated and verified before connecting to the system helps to drastically reduce risk. Data is one of the most valuable tools in today’s economy; with the increased reliance on data and the trending topic of data privacy concerns, it is critical for companies to take precautions to ensure their content is encrypted and well-protected.
Leveraging automation Automation helps people do more – which is especially helpful when systems are constantly changing, and users need more control. Cloud services in order to be viable require having an advanced screening process and more vigilance for system integrity. Automation and regular updates will decrease the risk of a security threat and help ensure everything is running smoothly. Automate everything you can (i.e. auditing configurations, software updates, workflow tools etc.) to make systems easier and save time from mundane tasks. Using automated tools to detect potential problems will allow employees to focus on more higher value work.
Avoiding Legalities Cloud services offer the quick sharing of
content between employees, allowing for the benefit of collecting and storing a vast amount of information. Certain cloud platforms have security built into their design to mitigate issues of copyright risk and have added increased security features using ML/ AI technology to protect sharable content. Modern cloud providers use smart features to detect and flag anomalies any time specified content is uploaded to the cloud. This enables end users and IT admins to classify content based on the level of confidentiality. For instance, if a user tries to upload a file marked ‘sensitive’, this can trigger a response from the IT team requesting certain actions and permissions that are needed. Anomaly detection on cloud platforms can help identify access abuse and flag any unusual activity and behaviour. These features will help to avoid and reduce any legalities in the long run.
Finding the right solution Finally, with the increased popularity of cloud services, there are numerous options to choose from so it is important to ask the right questions: Is the provider adequately secured? Does the provider have multilayered encryption? What are its processes on data handling? Does it have a high level of availability and sophisticated backup capabilities? In fact, what may seem like small details can play a large role in the overall success of your business. Cloud services are becoming ubiquitous because of the new benefits and opportunities it offers for risk management; increasing security and a better more flexible cloud architecture. By incorporating the above recommendations into your business plan and educating employees on the proper use, cloud services can lead to more opportunities for control and visibility than in previous paradigms. Paul Chapman is the Chief Information Officer (CIO) at Box.
Join us each week for a brand new podcast! Presenting the top stories from the IT industry.
Find us on iTunes and Stitcher by searching for “WRLWNDradio”.
Or check it out through our website: www.itincanadaonline.ca
By Eric Jacksch
ALERT? WHAT ALERT?
ornado warnings broadcast a few weeks ago in Eastern Ontario and parts of Quebec are being praised for saving lives. But, as is too often the case in the high-tech world, people who didn’t receive the warning are being told they have themselves to blame. Emergency alerts in Canada have traditionally suffered from inadequate last-mile distribution. Skilled Environment Canada meteorologists have issued warnings, watches, and various other bulletins for decades. With fewer people watching TV and listening to traditional radio, their warnings
often don’t make it to those who needed it the most. Email services and third-party software tried to fill the gap; it was not particularly effective. When tornado warnings are issued, minutes count. Sometimes even seconds. Canada’s new Alert Ready system is a solid step in the right direction. Alerts from government agencies are aggregated by Palmorex Corp, the Canadian company that owns The Weather Network. The National Alert Aggregation and Dissemination System distributes the messages to last-mile distributors (television, radio, mobile opera-
tors, and some social media sites) via satellite and the Internet. The XML-formatted messages include the type of event, various textual information in both official languages, the geographic areas to which the alert applies, flags to tell broadcasters and mobile phone operators if immediate transmission of the message is required, and even pointers to sound files. As of April 6, 2018, the CRTC requires mobile phone providers to “deliver potential life-saving emergency alert messages to compatible mobile wireless devices that are connected to an LTE wireless network.”
WHEN TORNADO WARNINGS ARE ISSUED, MINUTES COUNT. SOMETIMES EVEN SECONDS. CANADA’S NEW ALERT READY SYSTEM IS A SOLID STEP IN THE RIGHT DIRECTION.
12 / IT in Canada Online November/December 2018
This watered-down requirement creates serious gaps. If you have a 3G phone, you’re out of luck. This places many seniors, low-income Canadians, and others with basic phones at higher risk. Phones must be Wireless Public Alerting compatible. For Apple customers that means iPhone 5s or newer. Android phones appear to be hit and miss. Perhaps least excusable, your phone may not alert you if on mute or Do Not Disturb. When you slide an iPhone’s switch to silence the ringer, it also silences alerts relating to potential life-threatening events. Your phone’s alarm will still ring to wake you in the morning, and your Tile app will override the switch setting to help you find your phone, but a tornado warning will remain absurdly silent. That is exactly what happened to me last Friday. Neither I, nor the people around me, want to hear my phone constantly ring and beep. It’s generally considered impolite to
take your phone off the vibrate setting, and configuring Do Not Disturb while sleeping is critical. So there I was, with an iPhone X in my pocket and an Apple Watch on my wrist, when I heard about the tornado warning from my neighbour. I thought it was an isolated incident and contacted Apple for clarification. The first support representative was surprised, but upon escalation, I was told that emergency alerts do indeed follow the switch setting, and no override option is available to Apple customers. Pelmorex’s Alert Ready website explains: “A compatible wireless device that is set to silent will display an emergency alert, but you might not hear the emergency alert sound. The emergency alert sound will usually play at whatever the current volume setting is on the wireless device, so if your wireless device is set to silent, no sound will accompany the emergency alert message. However, this behaviour can differ depending on your wireless device and in some
NEXT TIME AN EMERGENCY ALERT IS ISSUED, YOUR PHONE WILL PROBABLY DISPLAY A MESSAGE, AND IT MIGHT SOUND AN ALERT. BUT REST ASSURED, DOUBLE-CLICKING YOUR TILE WILL MAKE YOUR PHONE RING AT MAXIMUM VOLUME EVERY TIME. instances, the alert sound may override your user settings.” Rogers helpfully directed me to their support article, which states, “To receive audible alerts, confirm that the volume on your device is turned on (not on mute) and Do Not Disturb is turned off.” The CRTC, who regulates the industry, should be looking out for the best interests of Canadians. They did not respond to email inquiries. There are two obvious solutions. First and foremost, the CRTC should mandate an audio alert. If a message is important enough to interrupt TV and radio broadcasts, every mobile phone in the area should light up and sing. Apple and other mobile phone vendors have the opportunity to do the right thing: Add an option to make every emergency alert audible. And, while they’re at it since an iPhone can share voice calls and SMS with a Mac, why not share emergency alerts as well? Nobody in their right mind would design a smoke detector with a mute switch or an option to remain silent at night. Next time an emergency alert is issued, your phone will probably display a message, and it might sound an alert. But rest assured, double-clicking your Tile will make your phone ring at maximum volume every time. November/December 2018 IT in Canada Online / 13
By Eric Jacksch
QL injections have, and continue to be, responsible for serious data breaches. The problem is not the SQL databases themselves, nor the SQL language, but rather the negligent ways in which they are being used. It is no surprise that injection attacks retained the top spot in the Open Web Application Security Project (OWASP) Top 10 for 2017. Their report summarizes the issue well: “An application is vulnerable to attack when: • User-supplied data is not validated, filtered, or sanitized by the application. • Dynamic queries or non-parameterized calls without context aware escaping are used directly in the interpreter. • Hostile data is used within object-relational mapping (ORM) search parameters to extract additional, sensitive records. • Hostile data is directly used or concatenated, such that the SQL or command contains both structure and hostile data in dynamic queries, commands, or stored procedures.” Injection vulnerabilities usually result from avoidable software errors that can be easily identified during code reviews. Penetration testing and automated test tools can help, but examining source code remains the least expensive and most reliable approach. 14 / IT in Canada Online November/December 2018
Poor security architectures contribute to the prevalence and often devastating impact of injection attacks. In some cases, they result from adapters (and similar modules) that connect applications to databases or LDAP directories without considering end-to-end security requirements. This is particularly common when database and directory connectivity is optional or added as an afterthought to meet customer requirements. Popular SQL databases, such as MySQL, provide efficient, reliable, and cost-effective data storage. They include flexible and robust access controls, but many deployments do not take advantage of them. Instead, credentials with all privileges on the database are often provided to applications requiring access. When those credentials are stored on a web server, or similar first tier, the stage is set for mass data exfiltration. Security architecture deficiencies are unfortunately common. WordPress, which currently powers about 30 per cent of web sites, is a prime example of a successful product with a terrible security architecture. Database credentials are stored within a .php file inside the web server document root. A simple configuration error, injection vulnerability, or code execution issue will provide an attacker with the ability to dump — or modify — the contents of the entire database. Corporate websites and blogs may store only published public information and
administrator credentials in the WordPress database. Assuming appropriate backup and disaster recovery processes are in place, this may limit the impact of an intrusion to downtime and reputation damage. However, if users authenticate to comment or access restricted content, a breach could trigger notification obligations, especially in light of the GDPR. Ultimately every business using WordPress needs to weigh the benefits of using the world’s leading free content management system against the potential costs of a breach. Unfortunately, the same two-tier design pattern is very common in other types of web applications that collect large volumes of consumer information, including ecommerce. These systems are literally one configuration or coding mistake away from a total database breach. Solving this problem requires a shift toward multi-tiered designs with additional security layers. Some web application architectures place a RESTful API between the web app and back-end services. From a security perspective, this is definitely a move in the right direction. A carefully-designed, well implemented API will help narrow the scope of a breach to individual users. Compromising the web server may allow attackers to steal credentials and impersonate users, but instead of downloading entire database tables with a single SQL query, criminals will be forced to authenticate to the API as each individual user. This, in turn, provides the opportunity for application security logic or a SIEM to identify unusual behaviour patterns and limit the number of users that are impacted. Databases and web applications aren’t going away. In fact, if the last few years are any indication, their exponential growth will continue and expand into additional facets of business and daily life. The question is whether application developers and security professionals will work together to build more secure and intrusion-resistant systems, or whether the escalating slew of data breaches will continue. In any event, don’t blame SQL
ShipTech Forum 2019
ShipTech Forum March 5, 2019 Shaw Centre, Ottawa, Ontario RegistRation is open
By Marc LeCuyer
HOW CHATBOTS are improving the employee experience
ith the continued advancement of artificial intelligence, chatbots have emerged as a key tool in personal communication. Now, these tools are flooding the business world, improving communication between clients and service providers, and, most importantly, transforming the overall employee experience. The power chatbots can bring to a business is undeniable. At ServiceNow, 15 to 20 per cent of routine interactions can be handled by our Virtual Agent; these tasks range in complexity from a quick question to an entire business action plan. When businesses make work life easier for their employees, it frees up time for more thoughtful, productive and important tasks. As chatbots become more ingrained in everyday business functions, they are improving work life through personalization and efficiency across customer service, IT and human resource departments. 16 / IT in Canada Online November/December 2018
AI Streamlining Customer Service Delivery Gone are the days of customer service members answering the same questions countless times a day. With business chatbots, employees and customers can engage with a virtual agent similarly to how they communicate online with a customer support employee. As machine learning and natural language processing methods improve, so does the ability for chatbots to deliver sophisticated, accurate responses to everyday questions or issues. Chatbots are programmed to handle mundane and repetitive tasks, allocating more time for employees to focus on providing deeper levels of customer service. If a chatbot determines a customer is dissatisfied with a product or service, they can be programmed to transfer the customer to connect with a human agent for more complex conversations. As this conversation is transitioned, the agent will already have detailed context of the issue and will be better equipped to provide a solution. In taking on these simple tasks, chatbots enable employees to focus on more complex customer service issues, which can be more interesting and rewarding for them, and, ultimately, helps deliver a better experience for both the customer and employee.
Automating IT Service Management IT departments are vital to the success of a company, maintaining all network systems and solving technological issues as they arise. Familiarity and comfort level with technology varies from employee to employee, and IT departments can often experience a high volume of questions or requests that have simple solutions. As every employee IT issue must be addressed, it can be timeconsuming for the IT department and can take away from their capacity to complete other tasks, such as advancing or improving a business’s IT processes. When chatbots are incorporated into a company’s IT department, they use machine learning to automatically categorize, route and prioritize issues. In turn, basic IT problems can be handled quickly by a virtual agent, getting the employee up and running faster, and saving time for the IT department to focus on more critical tasks.
CHATBOTS OFFER A PRODUCTIVE WAY FOR EMPLOYEES TO ACCESS DOCUMENTS AND INFORMATION, SCHEDULE TIME OFF, INFORM MANAGERS ABOUT SICK LEAVE AND ASK OTHER INTERNAL WORK-RELATED QUESTIONS. Implementing a chatbot makes IT help accessible no matter where an employee is working. As workplaces become more flexible to adapt to employee needs in a competitive talent market, companies must be equipped to provide support remotely and outside business hours. Since chatbots can conveniently be accessed from any device the employee chooses to work on, they allow for both greater convenience and accessibility.
Modernizing Human Resources Human resources is another area where we see automation and implementing chatbots having a dramatic impact in reducing the time HR spends on simple tasks. Chatbots can accurately locate information across a company’s databases to quickly and confidentially deliver the appropriate documentation to HR for thousands of employees. A recent study from ServiceNow surveyed over 350 HR leaders, and found that employees struggle to access key HR policies and processes when needed. Although 99 per cent of respondents say it’s valuable for employees to feel as if they could find information on company policies in the
evening or after hours, only 12 per cent say it is easy to do so. Chatbots offer a productive way for employees to access documents and information, schedule time off, inform managers about sick leave and ask other internal work-related questions. With businesses facing a talent war, organizations are adopting new business solutions that focus on the needs of their people to retain top talent in a competitive market. High performing employees are demanding more from their workplaces, and employee satisfaction is a crucial factor contributing to company success. Businesses are increasingly taking advantage of new tools that are making work life easier for employees by giving them easier access to information and taking routine and mundane tasks off their desks. In doing so, businesses are creating more opportunities for employees to undertake thoughtful and creative projects to grow and improve the business, encouraging them to be more motivated and productive and improving the overall employee experience. Marc LeCuyer is the Canada Country Manager at ServiceNow. November/December 2018 IT in Canada Online / 17
HOW AI TO
By Brian Veloso
THREE WAYS AI CAN IMPROVE your small business’s finances
rtificial Intelligence (AI) is everywhere. We’re constantly exposed to stories in the news about researchers attempting to recreate humanlike intelligence and robots with new skills. According to a recent Canada-wide survey, general awareness of artificial intelligence is high, with 80 per cent of respondents being familiar with the term. Despite the familiarity with the term, there is still widespread misunderstanding about what AI really is. The same report found that 86 per cent don’t know what the term means, while 84 per cent of respondents claiming to know that AI is provided the wrong definition. Many of us overlook the real ways that AI can be implemented to improve our everyday work lives, but business owners, leaders and decision-makers should explore the current opportunities offered by AI. The potential to improve business operations is massive. When scaling and growing a business, using AI will allow internal processes flow more smoothly. This is especially true within a team’s finance department, as in the past few years it has become easier for finance managers to track company spend. Advancements in AI have allowed businesses
to explore new ways of solving finance challenges in areas such as expense report reliability, policy management and reducing fraud. And thanks to scalable cloud solutions, many of the opportunities afforded by AI are accessible to businesses of all sizes.
Increasing expense report reliability For a team’s finance department, manually analyzing, organizing and processing finance documents is tedious and time-consuming. Canadian finance teams reported spending about 13.2 hours per week on manually processing expense reports, which equates to nearly eight full work days for a single employee each month. AI can reduce auditing time significantly by as much as 90 per cent and applies “human thinking” when automatically checking all expense reports to reduce expense reporting errors by 60 per cent. Implementing AI and automated expense and invoicing solutions into a business help finance teams spend less time on monotonous tasks so they spend more time focusing on actionable ways to improve the business. For small businesses, prioritizing employee time will help drive growth.
Using data to manage policy changes Today’s businesses demand data to make informed decisions. The ability of artificial intelligence to provide real-time data helps improve visibility into where and how money is being spent. Having the ability to quickly access reliable data allows the finance department to gain more control over a company’s cash flow. With increased visibility, companies can better optimize which policies are working for the company. Data can help reveal if certain policy violations are justifiable. For example, using ride-share services such as Uber instead of taxis could potentially save the company money, suggesting an opportunity for updated policy procedures that align with employee habits. Using an AI application when gathering and summarizing numbers will help identify trends and keep things better organized, allowing small businesses can make data-driven decisions when it comes to changing policies.
Pattern detection helps employees be compliant With increased visibility, the risk of fraud and noncompliance decreases. AI can predict patterns that humans may overlook and is trained to detect a wide range of anomalies in expense reports. By detecting patterns, businesses are better equipped to tackle expense fraud from employees expensing things they shouldn’t be. According to the Association of Certified Fraud Examiners, the average organization loses five per cent of its annual revenue to internal fraud. For a small business, this can be a significant loss. By leveraging AI, organizations can automatically detect expense violations such as disallowed or personal spend, unverifiable receipts, personal credit card usage, disallowed merchants and travel add-ons, to help reduce the impact of expense fraud. Brian Veloso is the Senior Director at SAP Concur Canada
18 / IT in Canada Online November/December November/December 2018 2018
Joy is a wonder drug Happiness heals. Every smile, every moment of joy can raise the spirit - and strength - of a seriously ill child. It’s a wonder we see every day at Children’s Wish. With the support of caring people like you, we ease the pain of three children every single day by making their special wishes come true. But there are so many wishes waiting to be granted, and so many children who just can’t wait.
Wishes work wonders!
Donate and see why today at www.childrenswish.ca
By Brian Veloso
Your business is not too small to experience
oday’s economy is more connected than ever before. With continued innovations in cloud-based technologies and digital transformation in businesses, there are more opportunities for connectivity and collaboration in organizations of all sizes. Adopting digital tools can have a significant impact on small business productivity, as automated solutions can free up employees from tedious and time-consuming tasks, so they can focus on helping the business grow. While these tools improve our work experience, they also increase susceptibility to cybercrime. According to Canada’s Department of Finance, Canada has more computers per capita than any other country (129 devices per 100 people) and Canadians are the heaviest internet users in the world, spending more than 40 hours online per person, per month. This leaves Canadians as prime targets for cyberattacks. When looking at businesses, the same government report states that about 70 per cent of Canadian businesses have been victims of cyberattacks with an average cost of $15,000 per incident. That’s almost three-quarters of all Canadian businesses. For small businesses especially, an unexpected cost like this can be detrimental to 20 / IT in Canada Online November/December 2018
their bottom line. But SMBs don’t have to go it alone. Now more than ever, there are tools available to help small businesses detect vulnerabilities and improve their cybersecurity preparedness.
Be aware of the risks The first step to mitigating these risks is to be aware of and monitor how the technology landscape is changing. For small businesses exploring the latest tools to adopt, it’s important to consider how things like Internet of Things (IoT) devices and cloud-based solutions are more vulnerable to cyberattack, by virtue of the fact that they are more connected. It’s important to understand the potential vulnerabilities so small businesses can make informed decisions about the vendors they select, such as choosing ones that have cybersecurity built into the product or solution from the beginning. And while technology has, in some cases, made cyberattacks more sophisticated, simple attacks are still commonplace. For example, invoice phishing – when cybercriminals send fraudulent invoices in the hopes that a company will pay them out – is still a frequent occurrence. Having solutions that can detect patterns and irregularities in invoices can help spot these invoices before
they get paid out, preventing businesses from becoming a victim to these schemes.
Controlling the risks Small businesses can mitigate risk by making sure they are using the latest technologies with up-to-date protections. Older systems often have little to no protection, so sensitive information such as a company’s finances can easily be accessed by hackers. Small businesses should look for the latest solutions that provide protections for cybersecurity and fraud. Tools like SAP Concur, that automate expense and invoice processes for greater visibility and transparency, can help identify anomalies and protect against expense and invoice fraud. In addition, making sure devices are updated with the latest security software to detect malware, are password protected and require a VPN to access a company’s server on external networks are important steps to prevent cyberattacks. According to the Association of Certified Fraud Examiners, organizations with anti-fraud safeguards detect fraud up to 50 per cent faster than those without. Small business owners need to research and select the right solutions that will work for their organizations.
Stay ahead of threats Canada’s Department of Finance indicates the current global market for cybersecurity products and services is expected to increase to over $170 billion by 2020. In this growing market, there are many opportunities for small businesses to find the right products and solutions that fit and can scale with their security needs. Every small business should have a proactive plan in place to protect itself against cybercrime by harnessing the tools technology has to offer. Cybersecurity preparedness is one of the most important investments for a business, and in today’s technology landscape, it’s a necessity. Brian Veloso is Senior Director at SAP Concur Canada.
By Marcello Sukhdeo
Citrix changes the game of how we work with
he Citrix Workspace app which was announced at Citrix Synergy in Anaheim, California in May, is creating a lot of stir.. This new app is going to revolutionize the way we work by improving productivity, reducing cost while providing a secure and safe environment to work. Vishal Ganeriwala, Senior Director, Product Marketing for Citrix Workspace sees this app as a game changer in the industry. “We are delivering a very innovative solution with one single sign on to provide customers with all their apps in one location.” He pointed out that this is the first for this type of solution. “It is pretty game changing.” Since the announcement, the feedback from customers and partners of Citrix is one that is positive. “They are really excited about this new chapter at Citrix around securing and delivering SaaS applications.” Most of the applications in use today by businesses are SaaS apps running on the web, mobile, virtualization and desktops. This solution from Citrix provides an easy to use, all in one service for not only SaaS apps but include web apps, files, mobile apps, virtual apps and desktops apps. Customers can access their Citrix Workspace from different
platforms running Windows, Mac, iOS, Android, and Linux. Access to the Workspace app is through a single sign-on that gives users access to all apps bundled in Workspace. It reduces the need to sign in to each individual application for work but at the same time raises the question about security. Ganeriwala explained that the Workspace app has an analytics component built in that monitors the behaviour of the user. He referenced the credit card industry in describing how it learns our habits, which devices we are using, how often we use them and the locations for our purchases. Similarly, the analytics derived from data collected through the Workspace app provides a profile of the behaviour of the user, the device type whether managed or unmanaged, corporate or BYOD, wired network or WiFi. If there is a security breach, the realtime monitoring will trigger a set of steps to prevent or block access to specific apps, and will even ask for other authentication steps to ensure that the user is approved to have access. The customer sets these boundaries, but the monitoring is through the Citrix offering and machine learning.
Another critical part of securing the Workspace app is where the user identity is kept. “The customer picks the location where the user identity is stored,” said Thomas Berger, Senior Manager, Product Marketing of Citrix Workspace. He went on to explain that the customers set these security guard rails, and Citrix monitors the behaviours of the users. Citrix then autonomously acts to restrict users to the limitations placed. The customer sets the perimeters, and that will include the number of devices per user, the type of devices which is customizable through the different packages of the Workspace app. These are grouped into managed and unmanaged devices. The Workspace app provides the ability to browse the Internet through the app as well, eliminating the need for a local browser. This keeps track of building analytics of the user and maintains visibility to IT which gives an additional layer of control. With this safe browsing, a user can log in to the Workspace app using an unsecured WiFi network like at an airport and remains secure. “This is a work dedicated browser that is stripped down to the bare minimum to keep it secure,” said Berger. The use of this cloud-hosted web browser, which is completely isolated from the corporate network allows users to browse without exposing the network to malicious attacks. One of the challenges Ganeriwala pointed out in deploying this new app is on the customer side. The educational aspect of training users how to use this “new” way will be a challenge even though it is fairly simple. Generally, people don’t like to change the way they are doing things. But with the benefits of using the Workspace app - the ease of use, fast access to all files, work access from any device, single sign-on experience, and remaining secure - users will hopefully be excited to make the transition to this whole new unified workspace. Finally, there is an app that you can work from, using any of your devices, and access everything you need, all from one place indeed a game-changing way to work. November/December 2018 IT in Canada Online / 21
By Marcello Sukhdeo
BOX FEED An intuitive and smart way to surface content that is relevant to you
The dramatic growth of content over the years has created a plethora of information that is right at our fingertips to use. But the principal issue with this rapid growth is that we don’t have sufficient time to sift through to find content that is relevant to us.
his identical problem is prevalent within our organizations. With multiple reports, documents, orders and files circulating on the job, it is often difficult to set up a filter to surface only what needs your attention. The solution of having an assistant to go through all content and provide a list of what you need to look at would save time and cost. But on this front, it is still limited, as it involves a manual process and a human assistant. Advanced artificial intelligence and machine learning of today have made it easier to resolve this issue. Removing the manual
process and hours out of the equation, while serving up files in an automated way to review is an essential need in this digital age. One company that is providing a solution for this issue is Box, Inc. As a cloud content management company based in Redwood City, California, Box is continuing to innovate “on the future of work in the enterprise,” according to Aaron Levie, CEO, Co-founder and Chairman of Box. Levie, speaking during the opening keynote at Boxworks 2018, said that they are working with companies that are both digital native organizations that were born digital - as well
PATEL EXPLAINED THAT THE WAY PEOPLE FIND CONTENT IS BY BROWSING AND SEARCHING. “BUT THE PROBLEM WITH SEARCHING FOR CONTENT IS THAT YOU NEED TO KNOW EXACTLY WHAT YOU ARE LOOKING FOR. ” — Jeetu Patel, Senior Vice President of Platform and Chief Strategy Officer (CSO) of Box
22 / IT in Canada Online November/December 2018
WORKPLACE WHAT IS INTERESTING AS WELL IS THAT FEED WILL PUSH A DOCUMENT UP FOR YOUR VIEW EVEN THOUGH YOU HAVE NOT BEEN WORKING DIRECTLY ON IT BUT IT KNOWS THAT IT IS SOMETHING THAT YOU NEED TO GET TO BASED ON THE PREVIOUS USAGE. “IT SURFS UP CONTENT THAT YOU DON’T EVEN REALIZE THAT YOU WERE SUPPOSED TO GET TO.” — Jon Fan, Vice President of Product Management at Box as organizations that have been around for over 100 years in transforming themselves. Levie, along with his friend and Box CFO Dylan Smith, started Box in 2005 which was born out of the idea of a college business project that Levie was working on a year earlier on cloud storage. Levie found that the market was too fragmented and there was a dire need for a solution to access and store information. Over the past 13 years, Box has grown to become a $2 Billion business with over 87,000 customers, many coming from 69 per cent of Fortune 500 companies. In continuing to innovate in the digital workplace, the company announced at BoxWorks 2018 in San Francisco yesterday, Box Feed. This product is an intuitive and secure way to curate and serve up content to users that need their attention. Box Feed was launched last year, but since yesterday it has moved into the public beta stage. According to Jeetu Patel, Senior Vice President of Platform and Chief Strategy Officer (CSO) of Box, Feed makes it easier to discover content. Patel explained that the way people find content is by browsing and
searching. “But the problem with searching for content is that you need to know exactly what you are looking for,” he said. He went on to ask what happens if the system is smart enough to know exactly what content might be relevant to you based on your pattern of usage and then surfaces that content to you at the right time? That is why the company launched Box Feed. Jon Fan, Vice President of Product Management at Box reiterated that Feed is a way of looking at the interaction between users and content and then to serve up the right information based on what you have been working on in an automated way. Feed was designed to provide a user the right information at the right time while allowing the person to work on it from that interface. This product provides a better user experience to get to documents quicker. Fan said that one of the key benefits is that “it cuts the time it takes to go looking for a file on your system.” What is interesting as well is that Feed will push a document up for your view even though you have not been working directly on it but it knows that it
is something that you need to get to based on the previous usage. “It surfs up content that you don’t even realize that you were supposed to get to,” Fan said. “That’s really helpful as you can comment on a file that your team may be working on or view the progress on an assignment,” he added. The Feed proactively provides content so that you can get to the most relevant files that demand your attention and has been personalized to the individual user. Another important aspect of this product is that the system will surface files only that a user has permission to access. This ensures that security requirements are being adhered to within an organization. This intuitive and secure system ensures that users have their most relevant content at the top of their Feed along with a “Recents” digest of their most current work to reduce time spent searching for files or tracking ongoing work. The “Trending Content” and “Recommended Content” tabs keep the users in touch with what is happening in their organizations. Feed also provides seamless collaboration among users where people can comment, share and favourite files right in Box Feed. On the privacy and security side, the system will only provide files in users Box Feed only if they have permission to view it. In cases where users want to keep a file from showing up in Box Feed, they can easily mark it as private. For customers, the public beta version of Box Feed can be turned on in the Box Admin Console. At BoxWorks 2018, the company also announced: New Activity Stream and Recommended Apps, Box for G Suite, New Automations in Box, Box Skills Kit, Custom Trained AI Models and BoxShield which provides anomaly detection and smart access. November/December 2018 IT in Canada Online / 23
Are you missing out?
Please supply us the following information to allow us to provide Free subscriptions to IT in Canada Online.
Fax: 905-727-4428 mail: 1-226 edward street, aurora, ON l4g 3s8 email: firstname.lastname@example.org
suBsCriBe TO Free digiTal ediTiON
suBsCriBe TO Free weekly e-NewsleTTer?