Friday, July 29, 2016

How the Citrix Technology Professionals Program produces user experience benefits from greater ecosystem collaboration

The next BriefingsDirect thought leadership panel discussion focuses on how expert user communities around technologies and solutions create powerful digital business improvements.
As an example, we will explore how the Citrix Technology Professionals Program, or CTPs as they are referred to, gives participants a larger say in essential strategy initiatives such as enabling mobile work styles.

Listen to the podcast. Find it on iTunes. Get the mobile app. Read a full transcript or download a copy.

To learn more about the CTP program and how an ongoing dialogue between vendors and experts provides the best end-user experiences, we're joined by Douglas Brown, Founder of DABCC.com in Sarasota, Florida; Rick Dehlinger, an Independent Technologist and Business Visionary in Sacramento, California; Jo Harder is the Cloud Architect at D+H and an Industry Analyst at Virtualization Practice in Fort Myers, Florida, and Steve Greenberg, President of Thin Client Computing in Scottsdale, Arizona. The discussion is moderated by me, Dana Gardner, Principal Analyst at Interarbor Solutions.

Here are some excerpts:

Gardner: We hear so much nowadays about user experience. You might say that you, as a community-based organization, are the original user experience provider. What is the CTP program as a user group and how ultimately does your user experience translate into improvements for the Citrix community and ecosystem?

Brown: I've been a CTP since the conception of the CTP Program, and within the Citrix Community since 1997.

Brown
What's neat about the CTP Program and the Citrix Community in general is that we're able to bring a bunch of great, talented people together, and then in return, take that combined experience and knowledge and share that with other people.

What was interesting and what got me into the community way back when, was the fact that there was just no information. You were just really out on your own trying to solve problems. And when we were able to then put that in the community, we all exponentially got better.

What I've found through the Citrix Community in general, the Citrix Users Group that Citrix has recently started, and the CTP Program is that you're always better together. That's the biggest takeaway for me from not just the 10 years of CTP, but 15 or 16 years of being in the greater Citrix Community itself.

Gardner: Steve, how well and effective does this advocacy role work? How much traction are you getting?

Greenberg: It's amazing how well it works. Doug referred to the old days. We had a 1997 to 2007 era, where you didn't have the feedback loop, and products evolved slowly. We'd see a new product release and ask why they did that. So, this passionate group, because of the Internet, because we're all kind of little freaks in our little neighborhoods somewhere around the world, all found each other and come together with such a passion.

Greenberg
We haven't calculated it, but it's in excess of 1,000 years of hands-on experience between this group of 50 or so people. It works, and Citrix has come to value it. Other companies are following the model and developing community programs. It's really invigorating to learn something from the true end user, the customer, and bring it back to headquarters and see the products evolve and change.

Brown: It's really a 360-degree type of program. It's not just for us; it also benefits Citrix, and then, of course, everyone, the customer and the end engineers, what have you.

Gardner: As was mentioned, we're in this era of social media, and people can be their own publisher and they can be an earphone and a megaphone at the same time. So Rick, do you feel like you're representing a large group, and how do they communicate to you what they're feeling?

Much broader audience

Dehlinger: I do feel like I represent a pretty large group, especially when you start wandering the halls of Citrix Synergy. It’s like a college or high school reunion that happens every year. I definitely feel like we represent a much broader audience.

We (the members of the CTP program) also have people who represent perspectives from various locations across the world, different industries, industry functions, different customer bases -- even different seats in the ecosystem -- the partner community, end user, customer, and other technology-provider companies.

Dehlinger
In terms of communication, some of the tools have evolved over the last 10 years. Steve made a good point. I hadn’t really thought about the fact that we have two different eras. The era of the last 10 years has really been one of greatly increased communication and transparency, and that's one of the things that the CTP program is fantastic about.

[Interesting editorial note: shortly after the inception of the CTP Program in 2006, a couple of the founding CTP’s – Brian Madden and Rick Dehlinger – wrote blog articles essentially calling Citrix out for being closed off and not showing any thought leadership in the industry.

Then Citrix CEO Mark Templeton got the message loud and clear, and reversed the policy against Citrixites blogging. This was effectively the turning point between the eras Steve Greenberg mentioned, and the first big impact the CTP’s had on Citrix and the industry.]

Learn How the Citrix Technology Professionals Program Helps
Shape the Future of Cloud Computing  
Steve had mentioned that a lot of the other vendors are starting to use this (CTP Program) as a model to build their community programs around. This group of people is very passionate about Citrix Technologies and passionate about touching the lives of others. This combines the two of those (passions) and puts us behind a closed door with the opportunity to have a very real conversation and communication with the leaders, developers, product managers at Citrix.

We have impacted some very substantial and positive change in Citrix -- helped them stop going down some roads that were very disastrous and recover from some decisions that started to be disastrous or were dead ends -- and they ultimately improved it.
We continue to be inspired by what they bring out and put in front of us as a possible vision; it’s incredible.

Greenberg: And to Doug’s 360-degree comment, we continue to be inspired by what they bring out and put in front of us as a possible vision; it’s incredible. Just so you understand, we're usually locked in a room for two full days, approximately 10 to 12 hours, a couple of times a year, and it gets deep. It’s like an inside family having a family discussion that gets real hot, but it's two-way.

Perhaps at first, it was us saying, "You have got to fix this stuff," but now it's inspiring to see what comes out, that they touch the community and say, "We're thinking about this; how would that work?" It's really, really cool.

Brown: I like the fact that Steve mentioned it’s really two different eras. Prior to the CTP Program, and I was around when they started this, we really had to push something like this for Citrix. A typical corporation back then was not about outside feedback per se. They did not blog; there was no social media. It was a very controlled message.

Nowadays, obviously they need to control the message, but it’s just wide open. It’s a wide -open world out there today.

Interactive, wide ranging

Gardner: Jo, you're like a focus group in a sense, but interactive and wide-ranging in terms of your impact and getting information from the field. So as a focus group, what did you accomplishing recently at Citrix Synergy 2016?

Harder: Let me step back and say that we're under NDA with Citrix. These closed-door discussions that Steve mentioned are very private discussions. The product managers go into what's happening, what they're thinking about for future products, and that's really the basis for those discussions.

Harder
I never really thought about us as like a focus group, but we are. It's really great that we can give feedback to each other. Because we have such varied experiences and expertise, there are some products that I know really well that the person sitting next to me might touch once a year. So we have complete variety in the group. It's really great to be able to have those discussions as a focus group, if you will, and to be able to provide that feedback to the folks at Citrix and really to each other as well, because we do learn a lot from each other.

Gardner: Because Citrix has so many different lines and different products, they have inherited things through acquisition, they have built things organically, no one user consumes them in the same way. What are you seeing in terms of adoption? What would you say is the most interesting part of Citrix’s solutions in this particular day and age?

Dehlinger: The most interesting thing for me and in our little focus group is community representation. I tend to be one of the ones that advocates very heavily for the cloud, and for increasing the pace of evolution, helping drag the traditional Citrix enterprise customer base further into the new world that we live in. For me the most exciting stuff has definitely got to be the cloud.

The evolution of Citrix’s Cloud Services, now called Citrix Cloud, and all that stuff underneath it, is fantastic. It’s monumental, not just for the consumer base, but also for Citrix, because it gets them into the world of rapid prototyping and rapid evolution, consistent, evergreen products and services, and also starts to put them into a different world, where it's cloud-based consumption and pricing.
Every day, every week, every month, every year, you have to continue to prove your value and improve your value service.

Every day, every week, every month, every year, you have to continue to prove your value and improve your value and provide a high quality level of service. If you don't, you're cut off; the customer has the opportunity to walk away.

One of the things that's most exciting about that for me is the opportunity for Citrix to evolve into the cloud first world alongside Microsoft. If you look at any of the traditional enterprise technology vendors that are out there, they've been selling based on a capital-expenditure model into the enterprise.
The customers go spend all these big bucks up front; these vendors’ entire ecosystems - their sales teams, even their product development cycles - they’re based off these big buys and long deployment processes. There's so much of a company (that revolves around up-front capital expenditure and long deployment cycles), and the entire ecosystem gets tied to that.

Then, you look at the polar opposite end of that; that is the cloud, where it’s consumption-based pricing, the attributes that I mentioned a little bit earlier.

Adoption patterns

Gardner: So it could be quite interesting on adoption patterns. We could be seeing all sorts of new models popping up, and that could be interesting for companies as well as the end user organizations.

Dehlinger: In my mind, it increases the transparency on both sides. Citrix knows and understands who is using what, and what they are not using also. The customer has an opportunity to vote with their dollars, not just once upfront when they are seeing all the stars of the sales pitch, but on a monthly or a yearly basis.

That's actually the most exciting part to me, because Microsoft has made that pivot now, with Office 365 and Azure and all that product family. They've brought their ecosystem around and they're showing the world now that it's possible to evolve from being a traditional enterprise software/ technology vendor to being a cloud service provider.
What I see as the future of Citrix and of the community is Citrix getting over that hump themselves and really getting into it. They have reinvented themselves many times over the years.

So, it's exciting for me. What I see as the future of Citrix and of the community is Citrix getting over that hump themselves and really getting into it. They have reinvented themselves many times over the years.

Gardner: Steve, thin-client computing, always an interesting solution, but tying that to any device, any cloud -- what do you see are some of the most interesting developments?

Greenberg: To me, it's that push forward, and it’s the new CEO Kirill Tatarinov making a strong statement that we're going to the cloud, as Rick says, taking it forward. But the most exciting thing for me, because day in and day out I architect and implement design, is to take this suite and to fit it to the organization. Every organization is different, and the best part of my job is going in and learning a new organization and what it is they do and how they do it. Inevitably, something Citrix is doing makes that better.

Now, as Rick said, we just have more options. If this organization needs cloud, it’s the best delivery model. Perhaps they're distributed around the world or some other factor, and now they can do it. They have Citrix behind them casting the vision.

Learn How the Citrix Technology Professionals Program Helps
Shape the Future of Cloud Computing  
So it’s the flexibility, it's the power and excitement that you get from moving at the speed of the business. It's not IT saying no, not IT saying, "Well, I can't do that new product line because our system is blah, blah, blah." If we need to move quick, throw it in Azure. Let’s get on to that new offering.

Harder: Say "yes."

Gardner: Jo, virtualization has never been as prominent as it is now. What do you see from the virtualization perspective with the new products and the new embrace of virtualization at multiple abstractions?

Tying in security

Harder: I'm looking at it from the banking sector, because that's what I live and breathe. I'm looking at it from security, compliance, everything that comes along with the finance industry. I look at that probably a little bit more cautiously than most, but what I find pretty interesting is that Citrix is really tying in security end-to-end.

Some of the sessions here at Synergy have talked about the whole security piece. You want to be progressive, but you have to do it very securely. That's one of the pieces that I'm really embracing from a virtualization standpoint.

From the standpoint of finance, there should be no data on the workstation. If somebody were to walk into a bank and steal that client device, they should not be able to walk off with any Social Security numbers, no non-public personal information (NPI), nothing of that sort. That's what excites me about virtualization and tying that together, the way that Citrix has all the moving parts.

In the future, the next step for the banks is getting into wireless, getting into mobility. Citrix is very well-poised for that. So, the future is bright.
In the future, the next step for the banks is getting into wireless, getting into mobility. Citrix is very well-poised for that.

Gardner: So, security was the original big use case for VDI, nothing on the client. But now clients are everywhere. So it's really, “How do we get the data from the edge and to the edge securely.”

Douglas, what are some of the key points from your perspective in terms of the Citrix product line and how that impacts users that you represent?

Brown: That's a good question. I'm a XenApp baby. I see the cloud as the real, true information highway. It's the enabler to allow us to bring things to market quicker. XenApp is that ultimate tool to then give access to the applications anywhere, any time.

I don't care if it's 2016, with all the stuff that we do today, or if it's 1999, at the end of the day, I have never met an end user that comes into the company and says, "Gee, I can't wait to use Windows 10," or "Gee, I can't wait to use that new Cisco Core Router they just bought." They don’t come into work and say, "Oh no, I have to do a spreadsheet today." They don't even talk about Excel.

With all these different technologies we're bringing around, be it the cloud, or mobility, or whatever, back to the user experience piece, Citrix is able to give the end user a better, faster time to market for them. At the end of the day, they're able to work better from any place, any time.

I've been living a lot in Sarasota, but also I commute to Berlin, Germany. It’s sort of an interesting commute, but it doesn't matter where I live, and this is the same story that we've said for 15 years.

It's not about a new story; it's just about bringing more components to make that, to fulfill that destiny of a better user experience. What's IT there for? It’s to enable the users to do their jobs better, and ultimately, that's what Citrix is about. Everything else is just fluff. Everything else is just the machinery.

Network intelligence

Gardner: Rick, when we think about changes in Citrix over the past couple of years -- and there have been a lot of them -- one of the things that strikes me is that they seem to be much more interested in strutting their stuff as to what their network intelligence capabilities are.

There's a lot more discussion of NetScaler and how that integrates to mobility, security, big-data analytics, and cloud. Do you agree with me that the NetScaler and the intelligent networks component are more prominent, and how does that play into the future?

Dehlinger: NetScaler was, by anybody's measure, one of the best acquisitions Citrix ever made. They got some fantastic technology and brilliant talent. Some of the things that we've been able to do with NetScaler in our tool bag, as we're out solving problems and helping customers take things to the next level, is just mind-boggling.

I'm thrilled at the change. It seems like they finally started to figure out a better way to both communicate what NetScaler is and its role in this whole game. You asked me about the Microsoft-Citrix relationship a bit earlier. Some of the stuff that Citrix is doing now (in that partnership) to start incorporating and leveraging the NetScaler and its unique layer of visibility between the user and the applications - will enable some some really amazing new capabilities.
NetScaler was, by anybody's measure, one of the best acquisitions Citrix ever made. They got some fantastic technology and brilliant talent.

I think it's fantastic that they finally found the language. NetScaler is starting to get its feet underneath it, although you could argue it already has its feet underneath it; it’s been a billion dollar-plus business for Citrix for a couple of years now.

Gardner: Jo, how about you in terms of security and in the banking sector in particular, intelligent network services, something really impressive; important or what?

Harder: Just to expand on what Rick said, I think what Citrix is doing with NetScaler is great. Some days, I feel like I don’t fully understand, and I'm immersed in these technologies, but then you learn something else that NetScaler can do for you. There is more, there is more, there is more. It’s in there, and it’s a matter of finding out exactly how to best use it, and then going ahead and using the products. With NetScaler, I totally agree with Rick; the sky is the limit on it.

Dehlinger: Well, NetScaler used to be the realm of the packet trace junkies. Load balancing is the easiest thing that people can use to describe what NetScaler does, but that whole world was just fraught with massive acronyms, crazy technology, terminology, standards, and stuff that (for the normal human being or the business person in particular) was just mind-boggling and baffling.

It’s great that Citrix is finally finding some language to be able to demystify a little bit of that, and show that underneath all that mysticism and the support for all these crazy new fancy TLAs and acronyms, here is some really amazing powerful business value there just waiting to be unlocked and leveraged.

Gardner: Steve, mobile work styles as opposed to mobility or device or bring your own device (BYOD) -- how far do you feel that your community contacts have gotten in that direction of a mobility style change rather than simply doing something with a smaller device in more places?

Transforming organizations

Greenberg: That's a great question, because I think this particular group has been at the core of this for some time, and we have taken some very notable large organizations and completely transformed them.

People work from home. People work on a multitude of devices. I can be sitting at the desktop in the office, grab a laptop and go jump in a cab, take my phone, and there is that seamless experience. We really are there. At this point, it’s just a matter of getting it more widely infiltrated, getting people aware of what they can do.

To this day, although it seems old to us, I still go into new client sites and opportunities and say, "You could do this," and they say, "Really? I didn’t know I could do that." It’s there, but now the society is catching up, if that makes sense.
Now that you can transmit data securely, when it hits your phone, you're working on it natively.

Gardner: It also seems that some of the file-share demonstrations and announcements show the benefit of the whole greater than the sum of the parts, when you can integrate with cloud, with devices. Any thoughts about the power of an integrated file share rather than just the plain vanilla one-size-fits-all type of cloud-based file share?

Greenberg: That's the final layer that makes this mobile work style a reality. Before, if you could remote in the XenApp style that Doug was referring to, you could get your job done. But now that you can transmit data securely, when it hits your phone, you're working on it natively.

I go into the subway and the signal drops. Well, that file is there and I can edit it, sign it, get my signal back, and go. It has taken that virtualization mobility to a level now where it can travel and it can be seamless.

Gardner: And that’s an intelligent container. So, if your requirements around privacy or security mean that you have to have control over what that session is and does, you can get that.

Douglas, how important is that intelligent container when put in the context of an intelligent network?

Brown: Extremely important. It's important from every aspect of the business. Nowadays, we're able to do those things where we have never been able to in the past, at the level they are at now.

It can’t be understated how important those components are. It comes down to maturity. The technology and the vision have been there -- or the vision has been there, and the technology is coming around. Now, with technologies such as that, it's matured, and then we're able to achieve all of our goals, from business, and to end users.

New capability

Greenberg: Citrix demonstrated at Synergy 2016 a new capability that wasn't there before. We're all familiar with the Dropbox model, where I can send a file, but once you send it, it’s out there in the wild. What they showed today was sending a file and then changing its status. So, even though that person had received the file and looked at it, when the status changed, they could no longer see it. That’s the home run. That’s the piece that was not part of this capability before.

Harder: I tweeted this morning that this new capability really propelled Citrix ShareFile into being the file-sharing solution for business. There are a lot of other solutions out there, but they're really not suitable for business. They don't provide that level of security and a signature signing that enables. Think about the security impacts of that, the legalities. They have it covered. There's a lot more coming. Once some of the states start to add how the digital signature can be incorporated as the notarized signature, wow.
This new capability really propelled Citrix ShareFile into being the file-sharing solution for business. There are a lot of other solutions out there, but they're really not suitable for business.

Gardner: Many business processes really do get that mobile style of work as a result, and rather than just repaving cow paths, you're really doing something quite new and different.

Before we sign off, I would like to allow our listeners and readers to get more information on the Citrix Technology Professional Program. If they're interested in learning more, maybe taking some role themselves, where should they go?

Dehlinger: Definitely start with the CTP page on the Citrix website. That's a great place to find out more about this group and what they do. However, look at the Citrix User Group Communities out there. There are a lot of fantastic people present. We (CTP’s) are blessed by having the opportunity to be able to represent a big base, but in a lot of localities around the world, the Citrix User Group Communities have been doing some fantastic things, and making a difference locally.

Gardner: Sort of a federation of groups around the world.

Dehlinger: Absolutely.

Greenberg: I would add, blog, tweet, turn out for user groups, come out to Synergy, come out to Summit. If you're one of the reseller partners, make yourself known.

We 're a community of almost-crazy enthusiasts. We have a ridiculous level of interest and passion. We have a tendency to find each other, and we're always amazed to see new people come from a place, a country, or a business we never heard of with new solutions.

Learn How the Citrix Technology Professionals Program Helps
Shape the Future of Cloud Computing  
A great event happening today is the Geek Speak tonight. We have done a GeekOvation program, where people submit their projects and their work and come up and get recognized for it and have a little contest. There are endless possibilities. Just get out there and start communicating.

Dehlinger: Participate!

Harder: And have fun.

Brown: In a couple of weeks I'm going to be going to Norway with Rick for one of the best and oldest Citrix User Groups around the world, but that advocacy, is only halfway done, programs and other things for people looking to get into the CTP Program or just sharing knowledge in general.

Start up a blog, have some fun, share knowledge. I've always said, knowledge is not power; power is in dispersing that knowledge.

Listen to the podcast. Find it on iTunes. Get the mobile app. Read a full transcript or download a copy. Sponsor: Citrix.

You may also be interested in:

Monday, July 25, 2016

CPO expert Joanna Martinez extols the virtues of redesigning procurement for strategic business agility

The next BriefingsDirect business innovation thought leadership discussion focuses on how companies are exploiting technology advances in procurement and finance services to produce new types of productivity benefits.

We'll now hear from a procurement expert on how companies can better manage their finances and have tighter control over procurement processes and their supply chain networks. This business process innovation exchange comes to you in conjunction with the Tradeshift Innovation Day held in New York on June 22, 2016.

Listen to the podcast. Find it on iTunes. Get the mobile app. Read a full transcript or  download a copy.

To learn more about how technology trends are driving innovation into invoicing and spend management, please welcome Joanna Martinez, Founder at Supply Chain Advisors and former Chief Procurement Officer at both Cushman and Wakefield and AllianceBernstein. She's based in New York. The discussion is moderated by me, Dana Gardner, Principal Analyst at Interarbor Solutions.

Here are some excerpts:

Gardner: What's behind the need to redesign business procurement for agility?

Martinez: I speak to a lot of chief procurement officers and procurement execs, and people are caught up in this idea of, we’ve got to save money, we’ve got to save money. We have to deliver five times the cost of our group, 10 times, whatever their metric is. They've been focused on this, and their businesses have been focused on this, for a long time.

The reality is that the world really is changing. It's been a 25-year run of professional procurement and strategic sourcing focused on cost out, and even the most brilliant of sourcing executives, at some point, is going to encounter a well that's run dry.

Sometimes you work in a manufacturing company, where there is a constant influx of new products. You can move from one to another, but those of us who have worked in the services industries -- in real estate, in other kinds of businesses where a tangible good isn't made and where it's really a service -- don't always have that influx. It's a real conundrum, a real problem out there.

I believe, though, that events and these changes are forcing the good, the smart procurement people to think about ways they can be more agile, accept the disruption, and figure out a way to continue to add value despite of it.

Gardner: So perhaps cost-out is still important, but innovation-in is even more important?

Changing metrics

Martinez: That's it, exactly. In fact, I have seen some things written lately. Accenture did a piece on procurement, "The Future Procurement Organization of One," I think it was called. They talked about the metrics changing, and that procurement is evolving into an organization that's measured on the value it adds to the company's strategy.

Martinez
People talk a lot about changing the conversation. I don't think it's necessarily changing the conversation; it's adjusting the conversation. After you've been reviewing your cost savings for the last five years for your CFO, you don't walk in one day and say, "Now we're going to talk about something else." No, you get smart about it, you start to think about the other ways you're adding value, and you enhance the conversation with those.

So, you don't go from a hundred to zero on the cost savings part of it. There's always going to be some expectation, a value added in that piece, but you can show relatively quickly that there are a whole lot of other places. [See related post, How new modes of buying and evaluating goods and services disrupts business procurement — for the better.]

Gardner: While it might be intimidating to some, it seems to me that there are many more tools and technologies that have come to bear that the procurement professional can use. They have many more arrows in their quiver, if they're interested in shooting them. What do you think are some of the more important technological changes that benefit procurement?

Martinez: Well, there are all these services in the cloud. It's become a lot cheaper and a lot faster to move to something new. For years, you’ve had a large IT community managing the disruption of trying to put in a product that's integrated with every piece of data and servers.

It's not over, because lot of those legacy systems are there and have to be dealt with as they age. But as new services are developed, people can learn about them and will figure out ways to bring it to the company. They require a different kind of agility: It’s OPEX, not capital expense. There is more transparency when service is being provided in the cloud. So some new procurement skill sets are required.
People talk a lot about changing the conversation. I don't think it's necessarily changing the conversation; it's adjusting the conversation.

I'm going to speak later tonight, and I have a picture of an automobile assembly line. It says, "This is yesterday's robot." When you talk about robotics, people think of Ford Motor Company. The reality is that robotics are being used in the insurance industry and in other industries that are processing a lot of repetitive information. It is the robotics of technology. The procurement organization knows these suppliers and sees what the rest of the world is doing. It's incumbent upon procurement to start to bring that new knowledge to companies.

Gardner: Joanna, we also hear a lot of these days about business networks whereby moving services and data to a cloud model, you can assimilate data that perhaps couldn't have been brought to bear before. You can create partner relationships that are automated and then create wholes greater than the sum of the parts. How do you come down on business networks as a powerful tool for procurement? [See related post, ChainLink analyst on how cloud-enabled supply chain networks drive companies to better manage finances, procurement.]

Martinez: Procurement has to get over the “not invented here” syndrome. By the way, over the years I have been as guilty of this is anyone else. You want to be in the center of things. You want to be the one at the meeting with the suppliers coming in and the new product development people at your company.

The procurement organization has to understand and make friends with the product development and the revenue-generating side of the business. Then They have to turn 180 degrees and look to the outside world, and understand how the supplier community can help to create those networks, then move onto the next one, and then, be smart enough in the contracting, and in things like the termination clauses to make sure that those networks can be decoupled when they need to be.

Redesigning procurement

Gardner: Do you have any examples of organizations that have really jumped on the bandwagon around redesigning procurement for agility? What was it like for them, and what did they get out of it? It's always important to be able to go and show some metrics of success when you're trying to reinvent something.

Martinez: If you're looking for an example, you’ve got Zara, the global retailing chain. Zara changes their product constantly. They're known for their efficient supply chains. They have some in-house manufacturing, and that in-house manufacturing gets done by them, but it's for the basic product, the high volume, where lean manufacturing is important, because the variability is low and the volume is high.

When you get to things like the trend of the minute, be it gold buttons, asymmetrical hemlines, or something like that, they're using a network of third parties to do that. In those cases, the volume is low, the variability is high, and so they create and disassemble these networks.

Whether financial services companies realize it or not, there's a lot of agility built into that. There are some firms, some third parties, that a financial services firm will use to get those shareholder reports out. They send them the monthly reports, and the companies have very high volume, very excellent quality controls. Post offices are on-site. They don't even truck it to the post office; the post office is sitting right there, and the mailings go out.
HCM is an important organization for procurement to bond with. Often, in a company, there's a lot of technology and human resources (HR) spend, and not a lot of professional third parties on the use of that spend.

When you need to do something, for example a special mailing on a particular fund or shareholder meetings that might only be held once every couple of years, you find yourself in a situation where those kinds of networks don't serve you very well, and you have to kind of assemble and disassemble temporary networks.

Gardner: We hear a lot these days, with services organizations in particular, that finding labor and skills is a big issue for them. It seems to me that when we look at some of the tools that procurement is using, and the role that procurement is playing, that perhaps there is some more synergy between procurement and human resources management than we have seen in the past.

Do you see that as a potential benefit when you're looking for agility and procurement, that they should be working hand-in-hand, perhaps using some of the same platforms and methods of procurement and human capital management (HCM)?

Martinez: HCM is an important organization for procurement to bond with. Often, in a company, there's a lot of technology and human resources (HR) spend, and not a lot of professional third parties on the use of that spend.

There consultants who can advise you on insurance policies, but they're not always using the best tools to go out and find those providers. Sometimes, there are relationships, payments, rebates, and that sort of thing that are in play that the HR community might not be aware of or asking about.

In HR, legal, and some of the other parts of a company that often use services, there are technology solutions that are coming in place. So, if you’ve got a procurement specialist working with HR who knows a lot about recruiters and doing deals with recruiters, they had better be learning how to do a deal with LinkedIn. They had better be able to understand that those traditional service providers are not going to be needed any longer.

Procurement advice

Gardner: What advice would you give procurement professionals who are interested in redesigning their procurement for agility? Maybe they haven’t begun that journey fully. What would you advise them as important opening position steps or thinking?

Martinez: Two things. Number one, there's no reason for your organization to call you up one day and say, "You can do this differently." You have to be self-motivated and you have to recognize that the change has to occur, do-it-yourself. I was going to say to ask forgiveness not permission, but you're not going to have to ask forgiveness, because you're going to find lots of good things.
There are supply chains embedded all through organizations, even when no one in the organization has heard the term “supply chain”.

The other thing is that there are supply chains embedded all through organizations, even when no one in the organization has heard the term “supply chain.”

Procurement organizations have to think about making sure that someone in their group understands supply chain or understands that mentality of owning something from start to finish, because as long as you're looking at discrete little pieces, you're not going to extract the maximum value.

Listen to the podcast. Find it on iTunes. Get the mobile app. Read a full transcript or  download a copy. Sponsor: Tradeshift.

You may also be interested in:

Thursday, July 14, 2016

How new modes of buying and evaluating goods and services disrupts business procurement — for the better

The next BriefingsDirect business innovation thought leadership discussion focuses on how new modes of buying and evaluating goods and services are disrupting business procurement.

We'll hear now from a leading industry analyst on how machine learning, cloud services, and artificial intelligence-enabled human agents are all combining to change the way that companies can order services, buy goods, and even hire employees and contractors. This business process innovation exchange comes to you in conjunction with the Tradeshift Innovation Day held in New York on June 22, 2016.

Listen to the podcast. Find it on iTunes. Get the mobile app. Read a full transcript or download a copy

To learn more about how new trends are driving innovation into invoicing and spend management, please join me in welcoming Pierre Mitchell, Chief Research Officer and Managing Director at Azul Partners, where he leads the Spend Matters Procurement research activities. The discussion is moderated by me, Dana Gardner, Principal Analyst at Interarbor Solutions.

Here are some excerpts:

Gardner: We're seeing an awful lot of disruption in how companies can buy and sell goods and how suppliers can reach new markets. What is causing this disruption?

Mitchell: The technology is disruptive. In the old days, a lot of procurement executives would just say, "The technology is really just enabling our existing process, it’s really just a tool to automate the processes that we're looking to do."

That’s starting to change. Technology is fundamentally disrupting value chains. You see what’s happening in the business-to-consumer (B2C) world and the disintermediation that’s happening. Amazon, Uber, and Airbnb are having big impacts and that’s not limited to a B2C world. Look at the impact of Amazon, Uber, Airbnb, and now someone like Tradeshift? What’s going to be the impact on the business-to-business (B2B) travel process on the supply-chain process, on freight forwarding, on the logistics? It’s going to be a major impact.

So, you can say that technology is just automating, but it’s not. It’s enabling new, much more innovative value chains, and it's truly disruptive. I know it’s a buzzword out there, but it really is.

Go and Skills

Gardner: From what you’ve heard at Tradeshift’s recent announcements around Go and Skills, what are the factors that combine in a way that you think are quite new or something that we haven’t seen before? [See related post, ChainLink analyst on how cloud-enabled supply chain networks drive companies to better manage finances, procurement.]

Mitchell: The Skills terminology is interesting. When you look at Skills, they're really talking about a fairly atomic or higher-level kind of business process as a service. And if you're going to do business process as service, it’s not just having a bunch of cloud apps, because cloud apps are basically a more efficient machine tool, if you will.

Mitchell
Just taking an on-premises app and deploying it in the cloud is great in terms of making it more efficient for the deployment, but an empty app in an empty app. What really brings the app to deliver a business outcome, to deliver that business process, is intelligence. That intelligence is going to either come from the bottom up, based on analytics that turn information as insight, but also it’s going to come from how we take information and knowledge out of our minds and put it into that software.

That’s truly disruptive and probably the topic of our conversation of what we do with 30 percent unemployment, as the robots come to take all our jobs. But certainly, in this kind of knowledge-based area, where there is some level of repetitive tasks, the game is starting to change from on-premise apps to software-as-a-service (SaaS) apps, to moving toward the cognitive and using those apps to really deliver business outcomes.

Gardner: I agree that this has wide implications across many industries and across many facets of any particular business. Just to focus on what Tradeshift is doing with Go, what’s interesting to me is that they’re combining accessible, but pertinent, real-time streamed travel data, analyzing that in the context of a data environment. But they’re also adding human travel agents, empowering humans who are very skilled in order to present very rapid returns for fairly complex business problems.

What is it about this combination of machine and human that is pushing boundaries today?

Mitchell: I like how they went about this solution. First of all, they started with the business problem and the outcome, especially in mid-market organizations, but also for large enterprises. We want to focus on making the process of buying and traveling much easier and much more intuitive, but still obviously with some of the controls that you need to have in place.

The problem is that a lot of these processes have been very siloed across multiple places. So you have your travel and expense reports, we have our purchasing cards (P-Cards), maybe an e-procurement system here and there, or maybe an e-invoicing. So you have all these different little channels that are dealing with bits and parts of the problem, but it hasn’t really come together as one kind of seamless experience.

Seamless experience

The only way that you can make that experience seamless is to have this combination of domain expertise around the process, the software to kind of support it, and then more and more this area around cognitive and the skills and being able to empower humans to do this process better.

Probably more of the repetitive tasks that those humans were previously doing will be more bot-enabled rather than human-enabled. That’s going to happen over time, but ultimately, that frees up the humans to do higher value-added activity, rather than just these rote tasks.

Gardner: My sense is that it will start with rote, but it could very easily move up a value chain of intelligence. The other interesting thing to me is that they're using a messaging application, which people are very familiar with, and brings it to a democratization level, where almost anyone in the organization can take part.

Furthermore, what’s interesting is the ability to act on it very rapidly. So, when you create a virtual credit card, you're able to pay for something as rapidly as you're able to find it. It really brings decision-making and execution down to a fundamental level of whoever in the business needs to act can act, and it removes all those middle layers. To me, that’s a fairly impressive productivity benefit.
Millennials are entering the workforce. They're highly messaging based.

Mitchell: What’s nice about it is that if you look at the changing workforce now, Millennials are entering the workforce. They're highly messaging-based. So, it’s really accommodating a multichannel world. The new UI with the changing workforce is going to be messaging-based, but just because it’s quick, easy, and real-time, and it’s in a metaphor that they’re familiar with, doesn’t mean that your need for controls goes away.

The platform capabilities that Tradeshift is increasingly bringing to bear have the ability to take these little atomic levels of services around whether I do a budget check in real time, how do I take what you’re asking for and turn that information into a commodity code, a merchant code, or into being able to translate all this complexity on the back end.

That doesn’t go away. You're just shielding the end-users from it and allowing them to work in a style that’s familiar to them. Too often, it’s been a trade-off between ease of use and high controls. If you can bring those two together, especially for this changing workforce, that’s a huge win-win.

Gardner: We hear a lot these days about the need for more productivity in our economy in general in order to create a better standard of living and increased wages and so forth. It seems to me that for many years, maybe generations, big businesses had an advantage over smaller business. They've been able to integrate processes, have efficiencies of scale, and buy and sell at scale.

But now, when you look at some of these technologies like Tradeshift has brought to bear, maybe mid-market and small companies will get an advantage. They can be fleet, agile, and use these services and cut their costs, while being innovative all along.

Do you share my sense that maybe this is a day and age where the smaller companies have an advantage?

Level of orchestration

Mitchell: Yes, and no. I would probably vote for the school of piranhas over the shark any day, but for those piranhas to win they have to be able to assemble with each other at will. That requires a new level of orchestration and standing up business processes to get those going, rather than what’s been available in the past.

So, taking a traditional enterprise architecture and trying to stand up these cloud-enabled, API-driven services in the cloud that are getting increasingly intelligent isn't possible with the older technology.

I'm with you, and it does require a new class of technology to stand-up these new value chains and these business networks.

Gardner: I suppose there's nothing really stopping even the largest companies from bringing some of these atomic services to bear inside their organizations. Yes, you have to change some processes, but it seems to me that they might not have a choice when their competition gets there first.
Look at what’s happening to the supply markets. They're getting digitized, and the supply chains are getting digitized.

Mitchell: Absolutely. There is so much activity going on right now around digital supply chain and digital disruption. Look at what’s happening to the supply markets. They're getting digitized, and the supply chains are getting digitized.

So, who were the folks who are really responsible for helping the organization tap innovation from those supply markets? Hopefully, procurement is taking a leadership role in doing that. There's a real fork in the road here for procurement to say "Look, it’s time to help us educate our stakeholders about how these value chains are going digital. How can we tap that?"

By the way, procurement is a service provider, too, and you are only going to get so much budget. So, if you can figure out some disruptive ways to carve off stuff that makes absolutely no sense for you to be doing on an ongoing basis, you can really help automate that away, so that you can focus your time on really going deep in certain categories, in innovation projects, and really doing things are really going to make a difference.

The biggest cost in procurement is the opportunity cost of wasting your time on low-value activities, such as cost-center stuff, and not really doing the true profit-center innovative kinds of things. Ultimately, you have to evolve or you're going to die. "Stay above the API," some people say.

Gardner: It sure seems like we’re now in a period where procurement can rise and become an evangelist within organizations for innovation across many different dimensions of the business that could have vast savings, but also put them in a highly competitive position when they could otherwise be disrupted.

So, to the procurement people, "Go get them," right? [See related post, ChainLink analyst on how cloud-enabled supply chain networks drive companies to better manage finances, procurement.]

Can't do it alone

Mitchell: Absolutely. And you have to work with IT and everybody else and work with your suppliers, too. You can’t do it alone, but what’s nice is that you’re finally starting to see some better options out there -- a much bigger utility belt of tools that you can use to kind of make it happen, because otherwise, it’s just not possible.

Gardner: Last point, Pierre. It seems like it’s incumbent upon organizations to get a bit more experimental. There's such a wide variety of new services coming on board. They might not want to take a bite the whole enchilada, but do you share my opinion that being experimental, doing pilot projects, trying new things is extremely important these days?

Mitchell: Absolutely. This whole notion of self funding is that it’s just become part of the new normal. The idea is what can you actually do in the short term that can add some new incremental value, demonstrate credibility, engage your stakeholders, and in doing so, unlock getting to the next level, where now you can build upon that, or if it didn’t work, you redirect, but you need to work towards a long-term vision.
You have to work with IT and everybody else and work with your suppliers too. You can’t do it alone.

This is the part where platforms, architecture, and thinking some of the stuff through is important, so that you can do stuff in the short term and get some business results, but you want to work towards a more flexible and open architecture so that you have options. Because in procurement, and for the stakeholders, it’s all about having options and flexibility. That’s what enables agility, being able to have those options.

Listen to the podcast. Find it on iTunes. Get the mobile app. Read a full transcript or download a copy. Sponsor: Tradeshift.

You may also be interested in:

Monday, July 11, 2016

How Allegiant Air solved its PCI problem and got a whole lot better security culture, too

The next BriefingsDirect security market transformation discussion explores how airline Allegiant Air solved its payment card industry (PCI) problem -- and got a whole lot better security culture to boot.

When Allegiant needed to quickly manage its compliance around the Payment Card Industry Data Security Standard, it embraced many technologies, including tokenization, but the company also adopted an improved position toward privacy methods in general.

Listen to the podcast. Find it on iTunes. Get the mobile app. Read a full transcript or download a copy.

Here to share how security technology can lead to posture maturity -- and then ultimately to cultural transformation with many business benefits -- we're joined by Chris Gullett, Director of Information Assurance at Allegiant Air in Las Vegas. The discussion is moderated by me, Dana Gardner, Principal Analyst at Interarbor Solutions.

Here are some excerpts:

Gardner: Let's begin at a high level. What are the major trends that are driving a need for better privacy and security, particularly when it comes to customer information, and not just for your airline, but for the airline industry in general?

Gullett
Gullett: The airline industry in general has quite a bit of personally identifiable information (PII). When you think about what you have to go through to get on the plane these days, everything from your whole name, your date of birth, your address, your phone number, your flight itinerary, is all going in the record.

There is lot of information that you would rather not have in the public domain, and the airline has to protect that. In fact, there have been a couple of data breaches involving major airlines with things like frequent-flyer programs. So, we have to look carefully at how we interact with our customers and make sure that data is incredibly safe. We just don't want to take the brand hit that would occur if data leaked out.

Gardner: At the same time, we’re enjoying much better benefits by attaching more data to transactions, to process; we're able to cross organizational boundaries. And so, the user-experience benefits of having more data are huge. We don't want to back off from that, but we do want to be able to make sure that that data is protected.

What are some of the major ways we can recognize the need for better data uses, but keep it protected? Can they be balanced?

Technology fronts

Gullett: The airline industry is moving forward on a lot of technology fronts. Some airlines, for example, are using mobile devices to welcome specific customers on board with a complete history of how good a customer they are to that particular airline, so they can provide additional services in the air.

Other airlines are using beaconing [location] technologies, which I think is kind of cool. If you have a mobile app on your phone for the airline and you're transiting through the airport, how cool is it to know where you are and how long it's taking you to get through security. So, the airline might adapt at the gate as to whether there are going to be problems or not in boarding that particular plane.
Learn More About Safeguarding
Data Throughout Its Lifecycle
Read the full Report
There are a lot of different data points that are being collected and used now with different airlines handling them in different ways. In any event, the need for privacy is important, especially in the European Union (EU), which has incredibly tight data-privacy protection laws.

Gardner: We've talked about that on this podcast series. Now, the answer isn’t just the old thinking around security, where we'll just wall it off, or we'll use as little data as possible. Instead, we need to have more data in more places -- even down at that mobile edge.
We need data out to the edge where it's actually being consumed; that’s what has to happen these days.

So, as we think about ways to accommodate our need for more data in more places, even everywhere, is there top-level thinking that goes along with being able to make the data private, but also usable?

Gullett: That's the balancing point. Everybody wants their data everywhere. Before, a data center protected data inside the tight little confined, hardened shell you used to have, a perimeter with a firewall, and things like that. But we need data out to the edge where it's actually being consumed; that’s what has to happen these days.

Some airlines are putting consumer PII right in hands of the flight attendant on the plane. At Allegiant, for example, we're using mobile devices to accept credit cards on the plane. We're experimenting with a number of different technologies that fall into a category of Internet of Things (IoT), when you think about them. What they all have in common is that they're outside any possible perimeter.

So, you have to find a way to make every device have its own individual perimeter, and harden the data, harden the device, or some combination of the two.

Gardner: Let's hear more about your particular airline. Tell us about Allegiant Air and what makes it unique in the airline industry.

Regular profitability

Gullett: At Allegiant, we're up to 54 consecutive quarters of profit, which is unheard of in the airline industry. The famous phrase about the airline industry is, “How do you become a millionaire? You start with a billion dollars and you buy an airline.”

The profitability of airlines has been much in the news over the last couple of decades, because it's cyclical. Airlines fail, go into bankruptcy, or consolidate. There's been a lot of consolidation in the United States, with United taking on Continental, and Delta taking on Northwest as examples. Southwest taking on AirTran is another. Everybody has been in the game.

Allegiant is kind of off on its own. We've found an interesting niche that has very little direct competition on the routes that we serve, and that is taking vacationers to their favorite vacation destinations.

We connect small- and medium-sized markets -- markets like Kalispell, Montana or Indianapolis, Indiana, a medium-sized city. We'll take them to Florida, Las Vegas, or Los Angeles. We have about 19 vacation destinations now. We have about 115 cities overall. In fact, we serve more cities than Southwest, if you want to get a comparison on the size of the route map. And we're also taking the charter operators to three different countries in the Caribbean.
We've found an interesting niche that has very little direct competition on the routes that we serve, and that is taking vacationers to their favorite vacation destinations.

We have quite a different footprint. That adds up to about $1.3 billion in revenue a year, and from a profitability standpoint, Allegiant is regularly recognized as one of the most profitable airlines in the world.

Gardner: It sounds like most of your passengers, perhaps even all of them, are vacationers, not business travelers. Does that change anything when it comes to user experience, privacy, and data security?

Gullett: It doesn't change anything as far as the need to protect the data, but it puts a greater risk of brand problems concerning data breaches.

Consider the fact that our average customer flies with us once or twice a year. They are, in many cases, flying Allegiant, rather than driving to their vacation destination. Or maybe they're taking a vacation they wouldn't have otherwise because of Allegiant's low prices.

So what you have is “not-frequent travelers.” In fact, that would be kind of a name. If we were going to have a frequent-flyer program it would be the “not-frequent-flyer program,” because vacationing people just don't fly as frequently.

If I'm a business traveler, I am on so-and-so [airline], and they had a breach, I'm going to continue to fly them because I have marvelous status with their frequent-flyer program. Allegiant customers say, “Gee, I'm a little concerned about that and if they have a data breach, I think I'll drive instead.”

So the brand damage from a breach, I believe, is higher for our airline than some of the other airlines out there.

Everyone's responsibility

Gardner: Given how important it is to your business, to your brand, how do you rationalize these approaches to security to the larger organization? I know that's probably not as prominent a problem as it used to be, because we can see directly the business implications of security issues. But how do you make security everybody's responsibility? Is that something that you have been trying to do?

Gullett: First, we're very lucky at Allegiant to have incredibly broad support from the C-suite level and the board of directors for our security program. That's not a benefit that every company has, but we do, and it certainly makes life easier in developing the procedures and processes, and the technologies, necessary to protect our customer data.

We came into the business at Allegiant with the idea that we have the typical triad of people, process, and technology to deal with in the information security program -- the three legs on a stool. If you miss one of those, you are going to be on your butt on the ground because the stool isn't going to work very well.
We've really moved into more of a stage of being people-focused now. In fact, much of our budgetary spend is on security awareness for our people.

We focused on technology and process early on, because those were the easy things. Those were the low-hanging fruit. We've really moved into more of a stage of being people-focused now. In fact, much of our budgetary spend is on security awareness for our people.

We really had to look at how we best introduce security awareness to the entire company, and to make the company more culturally sensitive to information security. That extends from the customer service agent who's checking you in at the ticket counter all the way up to the board of directors.

The [security leadership] has certainly chimed in and made our board more aware of problems concerning information security. Recently U.S. Senator Edward Markey (D-Massachusetts) has also introduced legislation that specifically targets cyber security in the United States domestic airline industry.

That need to protect the data has to be recognized, and the most important part of protecting the data is the people that are handling the data. Awareness is really a big part of our program now.

Gardner: How did PCI-compliance form a trigger for your organization? What did that change mean for you, and maybe you could explain how you have gone about it at the process, people, and technology levels?

Compliance requirements

Gullett: Well, god bless compliance, because I think I got my first information-security job thanks to an auditor telling someone that they needed an information security guy because of Sarbanes-Oxley. And I joined Allegiant because of PCI. These various compliance regulations have certainly done wonders for the job market in information security. I can only imagine what it’s like with the data security and the EU General Data Protection Regulation (GDPR).

But, in regards to our travel into the world of PCI, Allegiant is also a unique airline in that the software that runs through the airline, the applications that run the airline, are proprietary. We actually write that ourselves. We have a large development staff and every aspect of the operation of the airline is run by custom software that we control and we write.

There are a lot of benefits to that because it allows us to be very agile and flexible if we want to make changes, but there is a downside. Some of the code dates back to the green screen days of the 1990s, and that code was going to be very difficult to bring into compliance from a PCI standpoint. It was just not written with security in mind, and while it wasn’t directly handling credit-card data, it was in the process scope.
Learn More About Safeguarding
Data Throughout Its Lifecycle
Read the full Report
A big concern was how we were going to ever bring a significantly non-compliant custom app that would take a great number of application-developer hours to bring it up to snuff and still meet a relatively tight schedule for becoming PCI-compliant. And so, at the time we looked at a number of different products out there and we thought, well, we can't solve every problem right now. So let’s bite off small chunks and we'll take care of that.

The first thing that looked like it would be fairly easy to do, or at least straightforward from a technology standpoint, was tokenization. And so, our search was, how can we tokenize the cards that we are storing. And that led us to stateless tokenization. We compared a number of different products, but we looked at HPE [Secure] Stateless Tokenization, and that was ultimately our choice for tokenization.

Interestingly enough, while we were on our search for what the best tokenization product was, I happened to read a press release on a website that talked about format-preserving encryption as a new technology that was going to become available -- and that actually became HPE SecureData Web. We found that by accident; it wasn’t even a product that was available at the time. It was going to be targeted at card acquirers, and we actually had a hard time convincing the sales folks to sell it to us as a different type of end-user.

That solved our application problem because it allowed us to encrypt the data that was passing through those legacy apps. Between the tokenization and the format-preserving encryption (FPE) SecureData Web product, we were able to dramatically reduce the overall scope of PCI data, and that finally led us to become compliant.

Gardner: Now, this sounds like, with custom apps, it could take months, even quarters. How much time did it take you, and how important was that to you?

Gullett: The time to implement any application that is outside of what we develop ourselves is always a concern, because that takes our developers, who now have to serve as integrators, off of projects that might lead to higher revenues for the airline or to solve a problem or offer a feature that the airline would like to do. And we're very focused on improving the overall business.

We found that the overall implementation of the HPE products was very efficient. In fact, I think we had one-and-a-half full-time equivalent (FTE) application developers on the project. It took them about three months, and that was integrating with multiple payment-card interfaces. I think we started at the end of October and we went live at the end January. So it was pretty lightweight from the standpoint of integrating significant products into our ecosystem.

Stateless tokenization

Gardner: Secure stateless tokenization can often take organizations like yours out of the business of storing credit card information at all. You're basically passing it through and using various technologies to avoid being in a position where you could have a privacy problem. Was that the case with you, and did you extend that to other types of data?

Gullett: That was one of the marvelous parts of bringing the system online as it did take us from storing many, many millions of credit card numbers down to absolutely zero. We store no payment card numbers at this time. Everything is tokenized. The card data comes into our internal payment process and the system can send it off to the card acquirer to determine whether it should be approved or denied, and it’s immediately tokenized. So that has been a real win for the company -- just much less to worry about from the card standpoint.

Now from the standpoint of how we can encrypt or protect other data, we're looking at a number of possible scenarios now that we have gotten past the PCI hurdle. For example, while we don’t fly internationally with scheduled service, we do handle the charters for other companies. At some point, the company may well fly to international locations, and we will be collecting passport numbers. That would be the kind of thing we would also look at, in effect using some type of format preserving encryption, so that we're not storing the actual data.
We store no payment card numbers at this time. Everything is tokenized.

We've gained a lot of experience with the product over the last three years and that’s going to be a fairly easy implementation that will offer a great deal of protection. But we can also extend that out to customer names, birth dates, and all kinds of different things and we are looking at that now.

Gardner: The HPE SecureData Web and the Page-Integrated Encryption are being used by a lot of folks for the webpage, of course, the browser-based apps, but that also can provide a secure way to go to mobile. Many people are interested in the mobile web, not necessarily just native apps. Is that something you have been able to use as well? The SecureData Web as a way to get to the mobile edge securely?

Gullett: We do use SecureData Web in our mobile applications. We've been using it since we initially integrated the product several years ago. In fact, that was one of the data points that we had to protect from Day One. So we have the app going out to the Internet, grabbing the one-time encryption key and encrypting that data in the application itself on the mobile device, on the Android device, the Apple device, and then sending that encrypted data back to our payment-processing system, passing through any systems in the middle as an encrypted form.

We also have a subsidiary that it is not directly airline-related that is also developing a payment-processing app for the business space it works within. Because they're developing a true native application for iOS, they're going to be developing with the SecureData Web SDK that’s been released for mobile devices, which will certainly be much easier.

Gardner: Chris, we hear a lot of times that security is a cost center, that people don’t necessarily see it as a way of bolstering business value or growing revenue streams. It sounds like when you can employ some of these technologies, create a better posture, it frees you up, it makes you able to innovate and transform. Has that been the case with you? Can you point to any ways in which you've actually been able to increase revenue? I know that for airlines it’s a fairly tight margin on the travel, but some of those ancillary services can be a make or break; is that the case here?

Unbundled travel

Gullett: Allegiant is a leader in what we call unbundled travel; we would rather sell you exactly what you want. When an airline says that they offer free bags, for example, they're not offering you free bags. It does cost to put those bags in the hold, to put those bags in the overhead and carry those bags on the plane with you. There is weight, and then that costs fuel. So, there is an expense associated with every aspect of your travel on an airline today; that’s just the way it is.

Allegiant’s unbundled services allow us to say to a traveler, “Well, sure, if you want to get on the plane and you want to bring something and put it under the seat, we'll sell you a seat on the plane. If you want to bring 40 pounds of baggage to put in the hold, we'll charge for that,” because not everybody wants to bring a 40-pound bag to put in the hold.

The thing about Allegiant with its proprietary application that runs the airline is that if we see an opportunity to offer a new service to the customer or a new ancillary service to the customer, we don't have to go to a third-party and say, would you please add this so we can offer this feature to the customer; we can just do it.
We were able to implement the necessary controls with the HPE products in about three months, with about one-and-a-half FTEs.

At the time, we were worrying about PCI compliance and how we were going to accomplish PCI compliance, we also had a project to begin charging for carry-on bags, the bags that go up in the overhead. We could either spend a lot of time retrofitting the legacy app for PCI or we could spend time generating revenue by offering this new feature to the customer that they would be charged for carry-on bags up in the overhead.

The seats on the plane, everything associated with the airline, have a very quick expiration date. When the plane takes off, an empty seat has no value and it will have no value ever again. When a seat takes off empty, we can’t sell that person a Coke, we can’t sell them a bag, we can’t sell them a [rental] car, we can’t sell them a hotel room; that's gone forever. So, speed to market is incredibly important for the airline industry and it may be more important for Allegiant.

In the case of our travails on PCI and how we were going to solve our PCI-compliance issue, we wanted to be able to add this feature to charge for carry-on bags. So now you have a choice. Do you spend a lot of time integrating and cleaning up legacy apps for PCI? Do you move ahead with something that could bring in millions of dollars in revenue? The answer, of course is that you have to be compliant with PCI. So, we have to do that first.
Learn More About Safeguarding
Data Throughout Its Lifecycle
Read the full Report
The fact that we were able to implement the necessary controls with the HPE products in about three months, with about one-and-a-half FTEs, meant that other application developers could spend time on that carry-on bag feature in our software, allowing us to go to market with that sooner than we would have otherwise.

Now, if you look at the fact that we went to market three months earlier than we would have normally, if we had spent three months of stopping everything to do nothing but PCI compliance. Instead, we were able to use that time to develop carry-on bag charging services, that is millions of dollars that would never have been captured in any other way, because it expires, it’s gone. Once the plane leaves the ground, you can’t charge anymore.

So there was a real delivery to the bottom line as far as a profitable feature was concerned by being able to roll out that carry-on bags feature sooner. We had a much easier, quicker, and lower resource-intensity standpoint ability to integrate, using the HPE Security products.

Where next?

Gardner: So going back to our opening sentiment around the fact that you can’t just wall off data, meaning the more data, the better for your business and the more places that data can get to, the better. You've demonstrated that that’s also core to business innovation, such as growing revenue in new ways, and being agile and adaptive to very competitive markets. That’s a very interesting example.

Before we sign off, Chris, where do you go next? How do you think your security steps so far have enabled you to be more fleet, more agile, and perhaps find other business benefits?

Gullett: There is no substitute for delivering innovative solutions to problems that are well-known throughout the business, and helping that to build your credibility with the executives and the board of directors. Certainly, the solution to our PCI-compliance issues, which did get a lot of exposure to the company’s executives and the board, by being able to solve that quickly and without an impact to the operations of the airline, that brought information security awareness to a level that we had not previously enjoyed at the airline.

Although, if you talk to our executives and our board, they're going to tell you information security is very important, and I believe they believe that. The fact that you can demonstrate that you can deliver solutions that don't break the bank and do what they say they do, means a lot.

Going back to that three-legged stool, technology and the HPE Security products that we implemented for PCI are just one part. For example, if the folks aren't handling the credit cards properly or if they're not adequately protecting the data that they have on their mobile devices out in the field, our risk is just as great as a credit-card data breach would have been before we had implemented the tokenization. These are all things we kind of worry about.

Listen to the podcast. Find it on iTunes. Get the mobile app. Read a full transcript or download a copy. Sponsor: Hewlett Packard Enterprise.

You may also be interested in: