Zero Trust Security needs around Remote Access

As the whole world has been taken over by COVID-19 pandemic, and the recovery is still far insight, remote access to applications and data has become the new normal for employees of every company.

The security needs around enabling remote access to enterprise application needs is a primary topic that of interest to me these days.

This brings the focus around addressing these questions.

1. How to enable Remote Access to employees, partners, and contractors securely?
2. How to keep the IT cost low and productivity high without having to invest in additional desktops and mobile devices? Can we allow users to use their personal/BYOD?
3. How do we make sure the devices and endpoints are safe, and they meet the IT compliance needs, so they are no data breach and security attacks on enterprise assets?

These questions are not new when it comes to application security, even though these are the main drivers for a digital workplace, which is the new buzz word for digital transformation at every enterprise. Though the adoption of digital workplace benefits includes increased employee productivity, reduces overall cost reductions, and improves employee trust, the concepts around zero-trust security have remained the same. The evolution around Zero trust security is to take more and more attributes around the identity and the endpoints to defend, secure, and protect applications and the enterprise data on your network.

Digital workspace is a rapidly evolving market and is the green field that enterprises are experimenting with zero-trust security. This market expected to grow $54.2Billion by 2027, with a CAGR of 11.3%.

As I understand, digital workspace is an integrated technology framework that centralizes the management of the enterprise’s applications, data, and endpoints, allowing users to collaborate and work remotely. It also provides users with the self-service, out-of-the-box experiences that can scale across platforms, locations, and devices, allowing them to work in a digital environment. Adopting a Bring Your Own Devices (BYOD) strategy can help drive the adoption of the digital workplace faster since around the globe, users, on average own at least two personal devices on their own, which they use regularly. Building a bridge between BYOD and Digital workspace is the future.

The topic I want to focus on is zero-trust security needs around Remote Access and the best practices around users and endpoints.

Providing Business Agility 

One of the vital business aspects of remote access in a digital workplace environment is providing business agility and continuity for users to operate from any device and get access to their applications and data. This would require that the requirements around Remote Access and security are met so your traffic is protected and data breaches are prevented, so the remote access is efficient.

Here are the best practices to follow around the Zero Trust Security requirements for Remote Access.

They fall into these four main categories.

1. Endpoint protection

Remote Access users are typically provided with a managed desktops or can use an unmanaged BYOD to access company apps or data. This would require that the security posture of these devices be validated to ensure that the endpoint meets all the device trust criteria before they are allowed into the network.

Requires these endpoints are validated to prevent data breaches and are kept monitored to keep track of what these device endpoints are doing so the network stays safe at all times.

2. Authentication

Users from managed devices or an unmanaged BYOD have to be authenticated to identify who the user is before they are allowed into the enterprise network. Depending on the device’s security posture, the context or behavior attributes of the user, multi-factor authentication, and encryption for the endpoint should also be enforced.

Identity and access management solution here is what can help address the needs around identity provisioning and authentication needs around devices and users.

3. Vulnerability Assessment

Enforcing a systematic vulnerability assessment for the security weaknesses to satisfy the compliance needs around a managed device or a BYOD will help to assess the threats and keep the risks to the data and the information systems under control. It evaluates if the endpoint devices and the users are susceptible to any known vulnerabilities, assigns severity levels to those vulnerabilities, and recommends remediation or mitigation, if and whenever needed.

Taking steps to do continuous monitoring of the endpoints to meet the device compliance rules, assessing the risks around user’s behaviors, and session through continuous verification will keep the remediation and mitigation efforts to a minimum at all times.

4. Access Management

Access Management is the process that controls and monitors who gets access to what at all times. Typically enforced through a policy framework around a BYOD that allows policy definitions against, type of devices, type of users with additional user criteria like the user context and behaviors, types of applications, type of data, and more. The fine-grained the policy controls are the fine-grained remote access management can be enforced around the apps and resources that a typical remote user would want to access through his BYOD in a digital workplace.

In conclusion, the COVID-19 pandemic has caused rapid and significant changes in how employees adapt to remote access. There is a shift in enterprise security needs to support remote access to applications and data. This requires the adoption of new technologies that can apply the security controls and do a better analysis of the threats faster and accurately to avoid data breaches.

I recently came across an IDC global survey on how COVID-19 impact on the IT strategy. Here are the four main takeaways that are worth noting, which strengthens the case for a strong Zero Trust security strategy to support business agility.

#	Takeaways	Worldwide	North America
1	Encourage working from home and support remote work	40%	47%
2	Support for Mobile devices and applications	39%	37%
3	Make changes to IT security strategy and systems.	36%	39%
4	Move data and applications to the cloud aggressively.	35%	34%

Remote access to employees is here to stay, and it’s proven that productivity has not diminished as more and more employees are working from home.

Facilitating the ability for employees to have the same user experience, whether they are using company-provided devices or a BYOD, has to stay the same without compromising enterprise security.

The bottom line is as enterprises embrace and enable a Digital workspace environment for their remote workers, they need a better and reliable security strategy, so there is no compromise on security and risks.

Consumer Digital Identity – Why a business should care.

The business world as we know it is rapidly changing and one of the fundamental drivers is digital transformation( https://www.i-scoop.eu/digital-transformation/). The online interactions between people, business, devices, data, and services are the backbone of the digital economy. This means a business need to have an interconnected view of people, organizations, machines, devices and the internet of things (IoT) at all times to understand who your consumers are and what they want. Consumer digital identity is the one that can address this and is an important factor in today’s digital economy for all enterprises.

What is Consumer digital Identity?

Gone are the days when consumers would come seeking for business solutions. In the current age, a business has to seek the consumers. There is a strong realization that digital identity is the front door for all business.

Enterprises currently have their consumers coming in as anonymous or they have pre-established identities that are distributed across various old and new systems. Know your customer (KYC) has been the biggest challenge for enterprises to solve. Addressing other business problems and efficiency around customer experience, lead generation, building awareness of their products, consumer recommendations, up-selling or reselling, billing, loyalty programs, retention, license management has snowballed this challenge.

64 percent of enterprises already indicate that Security, AI, and analytics as the top three efforts on their list of digital transformation technologies they are most interested in. With the advances in the digital Identity, mechanisms offer the promise of greater efficiency, security, and trust in a wide variety of settings.

Opportunities with Consumer digital Identity

1. Consumer Security and Fraud management.
Data breach is a common problem for a business these days. Hence security is crucial in protecting the consumers as well as their business assets. Identity and access management along with identity governance, audit and compliance allow to monitor and manage who has access to what, when and why. This helps a business to be aware who is coming through their front door so their consumers can access the products and services. This also helps to monitor and manage unwanted solicitors who want to create fraud or damage to the business.

2. Consumer Trust and engagement.
Consumers have a small attention span to engage with a business or a brand. This would mean that the process of engagement should be light and frictionless. At the same time, consumers should feel comfortable to trust the brand or business to share who they are so they can establish an identity.
Establishing trust by engaging customers across multiple channels (phone, web, social media, in-store) with personalized offerings based on real-time insights has to be a priority in order to expand and building a strong customer base.

3. Consumer Brand awareness and lead generation.
Importance of brand awareness is an important task for marketing team in any business. Marketing has a need to identify their consumers and tailor their campaign messages so that there is a better return on investment for their marketing dollars spent.
By leveraging the identity data of a consumer helps marketing to segment, tailor and personalize their campaigns and efficiency around lead generation activities

4. Consumer Retention and loyalty.
Customer loyalty is an intangible but extremely valuable business asset that helps to up-sell and/or resell product and services. The ability to measure and model customer loyalty is an essential element to building customer relationships and expanding the market size. The ability to retain customers is a factor that is important to increase your recurring revenue. Understanding the behavioral and contextual insights of the individual customer through their identity data will allow to influence, advocate and expand the loyalty and retention base for any business.

5. 360 Degree view of your consumers.
Consumer data in a typical enterprise resides in multiple systems depending on the customer journey that an individual takes with various products and services through multiple channels ( i.e cross-device, online, in-store and more). Aggregating data of the consumer from various systems and channels into a single unified view based on an individual’s identity becomes a very valuable asset for any business.

Business can then leverage this 360-degree view and the data to make intelligent business decisions around personalization, discounts, recommendation, alerts, notifications, deliver value-added services and more.

Current Technology and Business Trends in Consumer Digital Identity.

1. Identity and Access Management (IAM) Security Standards.
Standard protocols like SCIM, SAML, OAUTH2, OpenID Connect, UMA, REST make it easy for the business to adopt digital Identity for their consumers. The approach to security standards strengthens interoperability both in a SaaS, on-premise or hybrid IAM environments across users, web, phones, social, devices, desktops, and IoT.

2. Self-service and data-driven consumer journey is the new norm.
Easy to use interfaces in IAM that allow consumer self-service interactions to not only establish their digital identity with a business but also allow to consumers to carry their existing digital identity established with a social provider. This experience should be frictionless.

Consumers want their experiences tailored to their needs and wants. A business will have to take a data-driven customer experience by design approach to collect, analyze and provide a very personalized journey at every touchpoint to their consumers. Self-service UX and Data Analytics along with Identity Governance should be an integral part of IAM.

3. Privacy and Data Protection is in the forefront for consumer trust.
Security and privacy by design is the foundation for data privacy. IAM Technology should be able to help a business to maintain their consumers and prospect data secure at all times including the loss, theft or corruption of data. With General Data Protection Regulation (GDPR) going live in Europe and more GDPR like regulation to come into effect in the US, there is more need for Privacy and Data Protection to be in the forefront for establishing trust with consumers.

4. Devops and Microservice are the new standards for deployment.
A business now operate in a complex model where the consumers identity and access is expanding across users (ex. Employees, Contractors, Partners. Members), devices (ex. Enterprise computers, enterprise devices, public computers, IoT devices, phones) and apps (ex. SaaS apps, Public cloud apps, partner apps, private cloud apps, on-prem apps).

This would mean that the identity and access management solutions should handle DevOps and Microservice are the new standards for deployment for IAM.

5. Disruption and innovation through SaaS, AI/ML, Blockchain, Chabot, Big Data, is the new normal.
With customer data playing the forefront of all innovation, there is a lot of focus on the technology trend like Blockchain to decentralize the consumer identity information that can help business to scale globally.

Use of AI/ML can power insights from a consumer’s history, preferences, context, and behaviors to deliver more targeted offers and better the outcomes that can increase sales and the customer experiences.

The automated tasks like customer on-boarding, post-sale services, and support can be managed by Chatbots which helps to increase the efficiency, scale, and satisfaction for consumers.

 

Product Management efficiencies to drive Digital Transformation

I am currently reading the book “Slow down to Speed up” by Liz Bywater and understand the importance of leading, succeeding and thriving in the fast pacing 24/7 world of Product Management. Sharing my thoughts to help Product Managers on how you can drive business to achieve complete digital transformation around product development and innovation.

I have been in the software industry as a product manager for the last 15+ years. It’s interesting to see how Product Management and Product development is continuously evolving. Now with Cloud computing and SaaS being the main business drivers for software efficiencies, companies need to pay attention to the details around the digital transformation efforts around strategy, decision making and execution to stay innovative. Understanding the current gaps in their product development process and addressing them at the earliest is critical.

I will cover some of the areas that a Product Manager or a Product Owner can make a difference.

Digital Transformation mindset to explore business problems

Everyone is talking about digital transformation on how it is important for every organization. But there is a specific structure that every company needs to follow if they want to be successful. There are a few variables that each company needs to put in place since Product strategy is a continuous process.

1. Executives and senior level management need a new mindset that is flexible and open to exploring a business strategy that is a continuous journey.  The strategy will have to be based on various different factors that are continuously monitored and fine-tuned.
2. Product Managers and Product owners will need to do the following to have help defining a strategy and get buy-in from the executives on a regular basis.
   • Gain knowledge about the macro and micro trends in the industry around their business. Understand the pros, and cons and how that would have an effect on the business needs.
   • Maintain a continuous and ongoing dialogue and transparency with the customers to understand their pain points, their business needs and the changes that drive their success.
   • Monitor the competitive landscape to understand the gaps and the innovation practices.
   • Build partnerships that would add value to the business and can help address gaps.
   • Design thinking to define and understand the market problems and brainstorming various ideas driven by outcomes on how the market problems could be addressed.
   • Drive continuous experimentation on each idea to gather data on the business outcomes.

Decision-Making to build the right things

Decision-making is both an art and science. There are various frameworks that are available to help Product managers and Product owners in the decision-making process https://blog.usejournal.com/top-11-frameworks-every-product-manager-should-know-aad46dd37b62.

Irrespective of the framework that a company adopts, a data-driven decision-making process makes the decisions error proof and provides insights and learning to innovate. Remember data gathering is a continuous process just like strategy. Data helps you to make better decisions that are low risk but high business value.

Here are a few ideas on how to gather data

1. Continuous data gathering through experimentation on ideas. Helps to identify the right market fit and defining business outcomes. Thereby helps to add value to your customers.
2. Continuous data gathering through customer engagement with your product to enhance customer experience.
3. Continuous data gathering from customer interactions and feedback captured as the voice of the customer.
4. Continuous data gathering from sales around win/loss analysis.
5. Continuous data gathering from customer success on product issues and improvements.
6. Continuous data gathering from marketing around product promotions.
7. Continuous data gathering from finance around product pricing

Execution to build and launch things right

Once the decision is made to build an idea into a product, the path to execution starts. The steps that are involved to trigger execution is to break down the idea into smaller and lean set of requirements that can be launched and continuously gather data and insights to improve the building process more efficiently.  This is a collaborative effort that a Product Owner drives with engineering. Agile is the popular methodology that is quite common across all companies these days when it comes to how software is built.

This would mean that you take time to do the following steps

1. Planning: As a product owner, break down the idea into a smaller subset of requirements and define the acceptance criteria that fit into an agile sprint and add that into to the sprint backlog.
2. Prioritization: Leverage the data that you have continuously gathered earlier to prioritize the backlog on what to build next sprint and launch.
3. Build: As a product owner, work with engineering to make sure the implementation addresses the requirements, meets the acceptance criteria around functionality, performance baselines and data is captured around specific KPIs.
4. Launch: As a product owner, work with marketing, sales, and support to get the market positioning and the sales and support enablement right.
5. Analyze Data: As a product owner, analyze the data to gain insights after every launch, fine-tune the KPIs to improve the qualitative data that you capture in each build. Based on insights that you have gathered from the data, go back to Step 2 to re-prioritize the backlog

Execution now is a continuous journey where you rinse and repeat to innovate!

Conclusion

Product Management is a continuous journey of the product you manage. Hence you need to “Slow down to Speed up” to stay current and relevant in the digital transformation age.

My Identity and Access Management (IAM) journey. Where is it heading…

Its been couple of years since I published any articles on my blog site.

I am in London this week and been busy with meetings and other activities around work all day. Also this week I will also be participating two Identity events where we get to see how our customers are adopting the products around Identity and Access Management.

Right now as I am enjoying some quiet time in my hotel room, which has an unusual setup because of the advanced controls, made me think how I have been spending my time at work and where identity and Access Management(IAM) heading. Is the latest trend in IAM solving specific business requirements and making our human lives better? I am thinking to myself where are we going with this trend? I am sure we all get these thoughts and we want to find answers. Thought I will start that journey today and see where that will take me.

I have been working as a Product Manager in the IAM space for the last 15+ years. Though the concepts around Identity and Access Management have stayed the same all these years, the evolution in technology has made us address the Identity and Access Management needs differently. Identity these days is not just limited to users alone. The devices and things (IoT) also have an Identity. We as humans want to track users, devices, and things through an Identity. We want to enrich, personalize our experiences and needs through Identity.  We want to share these experiences with others by enforcing access control around this identity.  As a result, we now refer to it as Consumer Identity and Access Management (CIAM).

Here is what my CIAM experience this week has been as I walked into the hotel. I was received by a computer terminal which asked me to enter my hotel confirmation number and my last name. It pulled up all my information which I had submitted when I had made my hotel reservation through the web couple of weeks ago. I was asked to confirm my information using my credit card. My identity was registered and linked to my credit card to it. Once the registration to the hotel was confirmed, I was asked to scan a hotel access card in a kiosk which assigned me (i.e my identity) a room number and enabled me access to that room. I take an elevator to the room, scan the card at the door and I am in. Not a single human interaction so far. In the room I see an iPad waiting for me to swipe. Once I swipe in, I can now switch on/off the lights, switch on/off my TV, close/open window blinds, switch on/off my AC and much more.

I was very excited to play with all these settings. I had not seen such a hotel room through all the travels I had done so far. I was also happy to see how the CIAM products that I was helping build was put into action as places like the hotel and room I was in. Soon I get the creepy feeling that the someone can watch me through the iPad camera as it is charging its battery. I immediately think of my privacy. I take steps to address my Privacy issues in my own room.

Two days have passed since I have been in this hotel and the room. I hate every bit of my experience. I miss my TV remote, the light switches, my privacy.  This makes me question, all this technology, and the gadgets in the hotel room, who is it really helping. Am I a happy consumer today? Does CIAM address my needs as a human?

More to follow in my next post…..

Top 10 Points for Customer Success

More and more organizations these days focus on customer success when it comes to their go to market strategy to win, serve and retain customers. It is key that you build and deliver products that engage, retain and delight them, especially in the early stages of your product. It is well known that it is easier to keep a customer than to acquire a new one.

Here is what Gartner says:

“80% of your future business will come from 20% of your current customers”

As a product manager I am always conscious of incorporating features that are customer centric and growth centric. From the get go, it is important to have a growth hacking approach to the product development. This leads to a better customer acquisition and retention product strategy.

Here are the 10 important points for a good customer success story board:

1. Onboarding
Provide self-service customer on-boarding, free trials, product evaluation and training. Empower the customer to evaluate the product. Offer online easy to use tutorials and self training for rapid learning. Educate the customer about the value proposition to assist purchase decisio.

2. Proactive Customer Service
In a highly competitive, constantly changing market there is a strong need to engage and provide superior customer service to your customers even before they make any purchase decisions.

• Focus on addressing the end to end product experience (download, install, configure, deploy and use) and not just making the download available.
• Articulate the benefits that the products will offer by solving their business issue and providing a realistic expectation on the ROI instead of focusing on the price and the competitive differentiators alone.
• Invest in resources that will tailor and provide better education and support to the buyers so the end to end experience of the product from purchase to deployment to maintenance is delightful.

3. Voice of the Customer
Understanding what your customers think, experience, and want is critical for retention and growth. Engaging customers to get feedback and responding to them positively will build more confidence and trust with the customers. Make the product sticky.

4. Analytics
From the inception, ensure that your product captures usage metrics that help educate you about different aspects of your product and its usage.

• Product usage metrics: Track signups, logins, and application usage metrics. Capture the app version, the license type, content type,  location data, environment data, events, error conditions, peak times of usage, etc.
• Business metrics: is the customers getting the end-result they expected by tracking their performance metrics like response time, application availability, authentication time, users per day and more
• Service utilization metrics: gathering data to see if the customer is fully utilizing the product features, how many product defects gets raised and against which feature.
• Customer rating metrics: Track customer happiness, their experience and their feedback. Gather metrics around sales bookings, churn, ROI and adoption metrics.
• Support and operations metrics: are there any outstanding support, SLA or invoicing issues, unplanned outages. Track the mean time to resolve a support incident, incident initial response time, affected users on a single incident.

5. Customer Experience Mapping
There are several approaches to experience mapping. Understand how customers flow through the organization and the challenges that customers encounter, opportunities lost versus gained, the customer value and cost, their adoption journey, and ROI are all important data points that can help in generating more leads at the same time facilitate to retain existing customers.

6. Customer Segmentation
Categorizing customers into market or service groups and providing services tailored to these segments for winning and retaining the right customers.

7. Customer Engagement and Retention based Marketing
Establish proactive customer outreach programs and tools for effective Communications and Openness thereby to foster better customer relationship and creating customer value and profit margins while preserving existing revenues.

8. Customer Loyalty Rewards
Provide Customers insights to review where their money is spent and consolidate their purchasing under loyalty programs featuring rewards that they actually want. For maximum appeal, offer customer-relevant reward options and a quick, easy redemption process.

9. Customer Win-Back Program
If customers did leave, reach out to understand what happened, tell them about the changes you’ve made to resolve the issues that led to their departure; share product roadmaps and future vision; entice customers to come back with a loyalty offer they’ll value—and then keep them with excellence.

10. Employee Customer Engagement
Last but certainly not least, happy employees are a crucial prerequisite for happy customers: the relationship between employee engagement and customer engagement is undeniable. It is vital to ensure that employees are educated, encouraged, and empowered to promote and enact customer retention strategy at all times.

Security and Privacy in the Cloud

Hortonworks announced their plan to acquire XA Secure and open source it. XA Secure claims it is a comprehensive approach to Hadoop security. This made me think of the the various aspects of security in the cloud.

Security in the cloud spans across multiple layers that involve people, compute, network and storage. Security in the cloud  requires an integrated strategy of process and tools, to allow end users be able to complete their work in an environment that enforces compliance without getting in their way.

Here is how I think of the top 5 areas of focus for security in the cloud.

Focus Area 1:  APPLICATION SECURITY

Application security mainly deals with protecting the application resources. This includes a multi-pronged approach to cover the following:

• Enforcing strong authentication and authorization
• Date encryption on the wire: End-to-end encryption using SSL for all connections, both browser and APIs
• Data encryption for data at rest
• Data encryption for data in memory
• Application white listing
• Role based access to application resources
• Session tracking
• Controls for privileged or elevated access
• Enforce context awareness and notifications

Focus Area 2:  DATA SECURITY

According to Forrester’s TechRadar report () on Data security, security is the second largest portion of the IT budget. In 2014, the investment is expected to rise by 45%. Data security is no more an IT issue. It is an important business driver since data is now closely tied to the the financial cost of companies and  the business damage that it can cause as a result of data breaches.

Data masking and Data Loss Prevention(DLP) offerings are best suited for addressing data security. To enforce security on the data you would want to know:

• Where the data exists (both structured and unstructured) to secure it
• Continuously monitoring access to the data
• Protecting both production and non-production data
• Regular audits for maintaining compliance

Focus Area 3: NETWORK AND STORAGE

Explosive growth in data and digital assets in the cloud , drives the need for high performance reliable network and storage. This calls for sensitive information flowing through the network and storage to be encrypted both in-motion and at rest.

With customers requiring the need to continue to productively use their prior investments on software, the hybrid cloud is pushing needs for cloud security to operate in a hybrid model. In such hybrid environments there is need to support secure links and encryption across on-premise networks and storage units.

Some of the important features to pay attention around Network and Storage Security are

• Authentication
• Confidentiality and Data level protection
• Certifications  for compliance with legislative and regulatory mandates
• Privileged user access and separation of duties
• Centralized key management
• Realtime monitoring of traffic across network

Focus Area 4:  DATA PRIVACY

In this digital age especially in the cloud where we end up capturing personal identifiable information or other sensitive information is collected and stored, privacy concerns are highly prominent. The challenge of data privacy is to share data while protecting personally identifiable information. Data privacy has become of a very high priority in certain markets like Healthcare, Criminal Justice, Financial, Life Sciences and more. These days the laws for the protection of privacy have been adopted worldwide , but their definitions and objectives vary from one country to another.

It is important that the cloud vendors make sure that their cloud offerings gets certified under EU, US and other Safe Harbor Programs.

Focus Area 5: DATA CENTERS

Primarily due to cost effectiveness, customers are adopting cloud and hybrid services as their business model in various stages of their business cycle. This is driving data centers to adopt  virtualization technologies to rapidly expanding their data center infrastructures reliably and effectively into the cloud.

Some of the common challenges around security in the data center are:

1. Multi-Tenancy  

The resources belonging to multiple customers reside on the same physical platforms. Proper security measures must be adopted such that customer data cannot be breached or spilled over, even if the multiple customers are leveraging the same resources and platform in the virtual environment.

2. Compliance and Privacy Restrictions

Even though the infrastructure and resources of the data centers are managed by the cloud vendor, they should be prevented from monitoring and auditing any components or data. This includes preventing them from inspecting the network through which customer data will be passing because of compliance and privacy restrictions. The cloud vendors should think through these privacy and compliance challenges so you can clearly isolate these tasks and provide ownership to the customers to manage, monitor and audit on their own. Providers may need to comply with the ISO17799 based policies and procedures and be regularly reviewed as part of the SAS70 Type II audit process.

In summary, security enforcement in data centers involves

• Data Protection at the application, network and storage through access control and encryption
• Protecting systems through hardening, intrusion detection and prevention
• Monitoring and Auditing through certifications to meet compliance regulations, change control around upgrades and patches, proper role and privileged access management.

What is Application Platform as a Service (aPaaS)?.

For those who have worked and dealt with Middleware software in the past which provided services to software applications beyond the  operating system, the term aPaaS should not be a hard to understand concept.

An aPaaS as per Gartner’s definition is as a PaaS (app middleware + cloud characteristics) designed to enable runtime deployment, management and maintenance of cloud business application services. It supports requirements for business application and application projects and is delivered as-a-service..

Middleware has been the commonly used term for on premise software that enabled communication and management of data in distributed applications. Middleware gained popularity in the 1980s as a solution to the problem of how to link newer applications to older legacy systems. The vendors who built and offered Middleware had a strategy of building a complete and integrated suite of middleware to allow our customers to develop, deploy, and manage applications. For customers the middleware software not only offered off the self features around building and hosting application but also the ease around the integration burdens which facilitated the ability to link applications together and provide more consistent access to information.

You can now relate the same middleware software capabilities to an aPaaS in the cloud that offers the following services

• Platform services
• Identity Services
• Integration services
• Business Process Management Services
• Development Tools
• Deployment Tools
• Management Tools

Why would anyone need an aPaaS?

These days cloud services is picking up lot of traction when it comes to SaaS, PaaS or IaaS. Refer to my earlier blog post ” Why Software-as-a-Service (SaaS) model matters for both customers as well as vendors” as to the reasons why oth customers and vendors are investing in the rapidly evolving application platform.

Gartner recently published their first Magic Quadrant (MQ) for aPaaS with their  focuses on public cloud enterprise aPaaS offerings. – See more at: https://www.gartner.com/doc/2645317?pcp=itg. It’s interesting to see how quickly the aPaaS market has evolved in a period of  less than 9 months, now that Gartner now has a MQ for this space. Quite a few Platform as a Service (PaaS) vendors whose primary focus in 2013 was providing Platform Services are now posiioing and evolving their services to address the aPaaS space. This is a clear indication that PaaS market has matured and the revenue opportunities are shrinking. The PaaS vendors clearly see that the growth opportunity is to move into the application space and they need to innovate quickly to become market leaders.

An aPaaS infrastructure is a self contained environment that will offer the following
1. Build applications
The application platform provides you with all the tools you need to iterate quickly, and adopt the right technologies for your project
2. Deploy apps in minutes, with tools you love. 
Reduces development and deployment time. They offer a way to rollout new application features into production has never been easier. Set up staging and test environments that match production so you can deliver functionality without fear, and continuously make improvements.
3. Scale the application to millions of users.
Tools and features that will help to scale your application at the same time ability to upgrade your database software in a few simple steps.The growth could happen over a year or overnight,  but aPaaS will facilitate you to grow on demand to capture opportunity.
4. Integrate with various other applications
Provides additional software services like operating system, database, security and vulnerability management, API and integration  infrastructure and more

Stay tuned, in my next log topic that I would like to explore is “What’s next after aPaaS for both vendors and customers?.”

Why Software-as-a-Service (SaaS) model matters for both customers as well as vendors

When times are hard, winning a business or selling smart is important for both customers and vendors who are competing head-to-head which can be cut throat especially when markets are flat or growing slowly.

These days the idea of IT  installing and maintaining software onPremise at customer sites is completely winding down. Customers are looking to transition more to make their IT as a service. Meanwhile, software vendors are  offering  increasing amount of software via direct download or as a cloud hosted service known as Software as a Service (SaaS). The SaaS model is growing popular for personal, business and mobile applications and the market is only expected to get bigger in the coming years. This is why the Software-as-a-Service (SaaS) matters as a very scalable and an economical model for both a software vendor as well as for the customer, who are looking for a easy and a cost effective way to address their immediate software needs.

Take a look at how a SaaS model can address the functional areas for both a vendor and a customer:

Functional Areas	SaaS Vendor	SaaS  Customer
Market Problems	The vendor understands the market problems and has a close working relationship with its existing customers and knows what the future potential customers wants. This helps vendors to bring in rapid innovations to market thereby mapping a solid innovation strategy to creating a new market space for their products and solutions	Customers look for a solution with minimal initial investment but with a greater return and value that is easy to onboard, solves their problem and can be accessed from anywhere.
Technology	Vendors provides, maintains and manages the hardware and software components of their product and/or solution. The vendor has more control over which hardware/software configurations to support.Vendors need to address scalability and multi tenancy requirements at the software level to allow multiple customers to share hardware and software services.On a long term this becomes a very cost-effective model to support infinite scalability.	Customers don’t care much about the back-end system as long as it works when they want it, fast, securely, and reliably.Each customer will have specific requirements around performance, scalability, and security requirements that vendors to meet  so their personal data and information is secure and do not get breached at any point in time.
Product/Solution Support	Quality issues might impact everyone in customer base at same time. Hence greater attention will have to be taken by the vendor to provide and maintain controlled quality of serviceNew releases of the product or solution, application of patches and service packs can be released more timely and quickly to the customers, but requires more rigorous quality control.	Customer have a greater need for the Service level agreements(SLAs) to be met by the Vendor specifically around production requirements for system performance and capacity for multiple tenants will have to be addressed.Customers often have higher usability expectations as well.Customers experience a painless software upgrades.
Initial & Operational Cost	The initial cost to set up the service (hardware and services) are incurred by the vendor. Also, all the ongoing operational costs of running the service are incurred by the vendor, not the customer.	Customers have overall reduced operations costs and Zero infrastructure cost.
Product Performance	Customers will have to monitor and analyze how well the product is performing including product profitability, actual to planned revenue, customer satisfaction, and market share.Areas to focus to monitor performance are: internal measurements to determine the product value to the customers. impact of product profitability which includes product lifecycle, quality, technical support, marketing programs, and sales support.	Customers as buyers want proof of uptime and performance level.Customers want predictability and efficiency with more automation of services.
Revenue & Pricing	Revenue is recurring for the vendor but is recognized as the service is rendered, not in a lump sum up front like on-premise product/solution.	Pricing for the customer is typically subscription-based with a  “pay as you go” model based on the value received for the vendor’s services. This provides better cash flow for the customer.Up-front implementation services cost might be charged to the customer.
Sales Process	Sales cycles are typically shorter.	Customers will have greater flexibility to shift to competitive product if they do not see value with an existing vendor offering and services.

“Lean In” is the beginning. How about we also “Lean On” and “Lean Out” for one another.

Ever since Sheryl Sandberg’s book ‘Lean In’ came out, I see that women are excited with the message. Most of my friends bought the book and have read it already. They also have joined forces as members of the LeanIn.org and want to be active participants of this movement. I still have not read the book yet.  But, I  have been tuning in to all the TV and Radio interviews that Sheryl Sandberg has been on so far. It has been interesting to watch how the media has created a buzz around this book which is good for Sandberg’s cause. Sadly, I also see more push back and citicism for Sandberg’s Lean In is coming from other women who think that Sandberg is preaching a wrong message.  This made me ask myself – How about we women also ‘Lean on’ and ‘Lean out’ to support one another.

‘Lean In’ is just one side of the problem

Speaking from experience as a woman, a mother and a professional, I am glad Sheryl Sandberg is using her position and voice to generate awareness around the controversial topic at workplace differences between men and women. She is encouraging women to Lean In, be more ambitious and to demand and expect more for their contributions at the work place, as men do it.

As we all know Sheryl Sandberg is a Harvard-educated, who is now the chief operating officer of Facebook who previously was the Vice President at Google. She had longtime mentors like Larry Summers and other influential people along the way that  helped her to be where she is now in her career. Though she was a privileged along the way I appreciate that she took the courage  and passion to make  the fight for women’s rights at workplace her cause now.

But, I feel that Sheryl Sandberg has only scratched the tip of the iceberg and there is much more serious issues that we women need to address among ourselves even before we  deal with workplace inequalities.

‘Lean on’ and ‘Lean out’ to  others

If we need to see real change in the betterment of women in all places and situations we need to learn to “Lean on” and “Lean out” for this cause. Right now women can be the biggest critics and road block for other women. We can be mean and intimidating to one another. But we women need to support one another, build a strong support network so we can let others who need our support to ‘Lean On’ us, whether it is at work or other places. Women in power can use their position to help, influence and bring change for other women who need that support by ‘Leaning Out’.

Only then we all can say we have the power and win this uphill battle for good.

Evolution of Entrepreneurship

I recently came across a presentation from Bret Victor which was both educational and enlightening for me. Thought I will share this with you all and add in my 2 cents to see if all this make sense to the fabric of reality.

Current  Entrepreneur Trend

I am seeing a shift in the business world where Social entrepreneurship is picking up a lot of steam among both the old and the younger generations. Social entrepreneurship by definition means identifying or recognizing a social problem and using entrepreneurial principles to organize, create, and manage a social venture to achieve a desired social change. You can build a social entrepreneurship as a non-profit venture or as a for-profit venture but with a strong intention to create a   social change. The dynamics and sustainability of both these models do need cash flows and hence the business rules and functions remain the same.

One well-known  social entrepreneur that comes to mind is Muhammad Yunus, founder of Grameen Bank a micro finance organization and community development bank which got started in Bangladesh to address a social problem that his country was facing and desperately needed attention. He got the idea of helping the people with the concept of micro loans which helped a lot of people in Bangladesh to stay out of poverty. Muhammad Yunus was awarded a Nobel Peace Prize in 2006 for his work for his country. The concept of microfinance is now every popular in all developing countries and many local banks in these counties are now exploring it as a banking option as part of their business model.

Check out the top 5 trends Entrepreneurs will see in 2013: http://www.businessnewsdaily.com/3688-entrepreneur-trends-new-year.html

Social Entrepreneurship will succeed since we are all connected…

As per the theory of Quantum mechanics, which Albert Einstein in 1935 called it Quantum entanglement, two particles in different locations, even if they are on other sides of the universe, influences each other and stays in communication with each other since they are connected. Albert Einstein named it the “spooky action at a distance”.

Recently, I saw in the news that Christoph Simon and Boris Braverman from the Massachusetts Institute of Technology published a paper which proposes a way in which the effect of quantum entanglement, this spooky action can be shown experimentally.

Since we all humans are spiritual biological beings who are embedded in matter and part of this universe, whose brain produces mind and consciousness, we are all connected. On the basis of Quantum entanglement we can say that every action from every  individual on this planet counts to make this world a better place and generate an unified field.

On this basis it makes more sense now that business and entrepreneurs are leaning towards Social entrepreneurship.

Time for us all to plant a seed in your subconscious mind and see where that journey will take us.