Improving Business through Data - Focusing on Fundamentals

Posted by K Krasnow Waterman on Sun, Nov 04, 2007 @ 18:11 PM

Tags: technology for business managers, technology management

Business owners and managers often see Information Technology as a bottomless expense and sometimes wonder aloud what IT professionals are really doing for them. The job descriptions are an alphabet soup of acronyms and sometimes those unknown abbreviations leak into increasingly incomprehensible presentations. Slavish chasing of flavor-of-the-year certifications, software, and trademarked processes overwhelms consideration of the fundamentals.

Why, then, does IT matter? What value does it bring to every business? A computer can calculate or process things faster than a human and can store vastly greater quantities of information. For most businesses, those traits were maximized a long time ago when manual labor and paper file cabinets were replaced. Today, IT's greatest vaue is its contributions to senior management decision making.

Every manager is faced with the same fundamental questions:

1) How do we propose to generate revenue?

2) How should I allocate resources to accomplish that?

3) How well did we meet the revenue goal? Why?

From the business' existing stores of data, IT can provide information to assist in answering these questions. In addition, when needed, IT professionals should know the best sources of data about the performance of the competition, the demographics of the potential customer base, and be first to offer meaningful enhancements to analytic techniques.

Executives should ask the relevance to the business of any IT activity.  Data is "cleansed", "harmonized", and "integrated" not because it makes data processing more efficient but because it provides more accurate answers to business questions which ask "how many?" "who?" "what are they doing?" Software applications and visualization tools should not be replaced simply because enhanced technology is available, but only when these tools change the prism on available information and can provide more relevant insight to a manager or line of business. Even system security should not be enhanced to protect IT, but rather to protect competitive advantage and support client retention. The best IT professionals can and should always address their work from the perspective of the value it provides to the business and the bottom line.






Article has 0 Comments. Click here to read/write comments

Virtual World Collaboration for Business

Posted by K Krasnow Waterman on Thu, Sep 27, 2007 @ 10:09 AM

Tags: technology innovation, business collaboration, technology for business managers, virtual world

If you work in the world of technology, you've certainly heard of Second Life, the 3D virtual world that started as a social game site. With more than 40 million registered users, over a million claimed active users, and the generation of revenue in not-so-virtual millions, it's a long way from the 1970's Troll Room of Zork. But, did you know that this technology is now creeping back to the corporate world?

Recently, I've been working on a project that required me to give myself a crash course in online collaboration spaces. Sure, I've known Groove, GoToMeeting, and WebEx. This, though, is the beginning of a new world in which telecommuting and outsourcing become increasingly irrelevant issues as people have the ability to work in persistent, fully functional, 3D, web offices.

Imagine "going" to work by logging on to the web and having your 3D avatar with your face walk into your "office." Your office can have your whiteboard as you left it and one or more iterations of your desktop applications. Then, walk into the "coffee room" where you run into co-workers who are physically in Mumbai or London. You can communicate through text chat, emoticons, and the physical gestures of your avatars; or, you can be yourself through microphone and webcam if you prefer. Some technology so replicates the real world that voices will increase and recede in volume as you move towards and away from other avatars.

You can hold meetings anytime with those remote co-workers in "rooms" which allow you to project on the wall any desktop application or live web browser, or share a whiteboard or document. You can leave the room and come back to everything in place ("persistent state") if that's your preference. Assuming the "door" is not locked, you can also "walk" into co-workers offices to visit or ask questions, again sharing computer and web screens.

Not so long ago, talking to people from the other side of the world was clunky and slow.  Just as international telephone calls have become fast, clear, and reliable, so too here in the virtual world; the delays ("latency") are minimal. 

In this configuration, the collaboration platforms are relatively new.  As the offerings expand and mature, customization will be easier and prices will be quite reasonable.  It won't be long (two years?) before this technology takes off and is considered an everyday choice for those managing dispersed workers.
Article has 1 Comment. Click here to read/write comments

Lucky 13, Nicely Nicely and User Attributes in Identity Management for Access Control

Posted by K Krasnow Waterman on Wed, Aug 15, 2007 @ 09:08 AM

Tags: technology innovation, access control, identity management, technology for business managers, technology, technology management

I've always loved the Guys and Dolls song in which a bunch of guys sing a catchy round about picking their favorite nag at the track. They're telling each other why they've made their pick. It goes like this:

"I got the horse right here
The name is Paul Revere
And here's a guy that says that the weather's clear
Can do, can do, this guy says the horse can do"
"I'm pickin' Valentine, 'cause on the morning line
A guy has got him figured at five to nine
I know it's Valentine, the morning work looks fine
Besides the jockey's brother's a friend of mine "
"And just a minute, boys.
I've got the feed box noise
It says the great-grandfather was Equipoise "

What does this have to do with computers? It provides an easy to understand example of how we make decisions. The gamblers are describing where they got their information and what categories of information matter to them. They rely on a favorite racing form, friends of friends, and gossip from the staff. In the brave new world of dynamic access control, we want to do the same thing to reach an automated decision about what data you can see. Instead of racing forms, we have "trusted sources" or "authoritative data" -- repositories we believe have reliable information. And, instead of the weather, lineage, and distance, we're looking for other categories of facts that consistently help us to reach our decisions.

I've recently done a project in which we attempted to define how many things you really need to know about a system user to decide whether or not s/he can have access to particular government work-related information. The idea was to see if there was an universal core of attributes that most system access rules are seeking. In other words, does the decision about what you can see in the human resources system rely on the most of the same categories of information about you as the decision about what you can see in a criminal case file or a person's tax filing. Our answer is "yes," if you create the right sort of categories. And, much to our surprise, our core list is only thirteen attributes.

What's the right sort of category? Other proposals have made each fact its own category. For example, imagine an attribute which indicates whether someone is a law enforcement officer and a different one for whether someone is a lawyer. Organized that way, you would need thousands (millions?) of attribute categories. But, if you say the attribute is "job description" then you can include officer, attorney, and a million other jobs in one attribute category.

Having a small number of needed attribute categories has a tremendous advantage. It means the software can be less complex, handling a smaller number of variables. It means the processing time should be faster. In this design, each system needs to know only the values it cares about. For example, if the access rules for a system only permit government auditors and law enforcement officers to view the data, the particular system doesn't need to know that a person can be a doctor or a dog catcher. It only looks to see if the person seeking access matches (or has an equivalent to) "government auditor" or "law enforcement officer" in his "job description" attribute.

We think the 13 user attributes are:

Employer Name
Employer Subgroup (as many hierarchical levels as needed)
Employer Type (e.g., federal government, private hospital)
Employment Type (e.g., permanent, temporary assignment, contractor)
Job Designation
Location (physical and virtual)
Location Type (permanent, temporary)
Special authorities/licenses (granted by others)
Management Level
Direct Reports
Rating/Reviewing Official
Skill (ability, irrespective of outside grants)
Skill Level

So far, we haven't come across a data access rule we couldn't parse into one of these attributes. If you do, please tell me.

Article has 0 Comments. Click here to read/write comments

A Million New Chinese Surnames

Posted by K Krasnow Waterman on Wed, Jun 20, 2007 @ 19:06 PM

Tags: technology for business managers, technology management

Last week, the New York Times carried a small Reuters piece explaining that the Chinese government is considering having people combine their mother's and father's family names in order to dramatically expand the number of surnames in China.  With only 100 surnames currently in use, the police and other government officials are presumed to have significant difficulties distinguishing individuals.  The new combinations would create an estimated 1.3 million new surnames.

In the long run, such a change may aid authorities in distinguishing one person from another.  In the short run, though, it may create an unintended problem.  The designers of software for business and security are constantly creating system rules to reduce errors  As business has gone global, tremendous effort has been put into dealing with the variations of names from so many cultures and countries.  For  example, are there programs that have rules to "disambiguate" -- to properly match records from two people with the same name to the right person.  And, there are programs to identify "dirty" data and "cleanse" it -- to recognize common spelling, typing, or transliteration errors and change them.  The big question, then, is how many of those programs would fail to run or would run but reach the wrong results with the addition of a million new names.  Are there programs currently in use that would kick out as "dirty data" those records for Chinese citizens with surnames other that those on the list of 100? 

Article has 0 Comments. Click here to read/write comments

XDR/TB Scenario - Transparent Accountable Data Mining Initiative

Posted by K Krasnow Waterman on Wed, May 30, 2007 @ 23:05 PM

Tags: technology for business managers

Truth is stranger than fiction.  For several months, the TAMI team has been building a hypothetical scenario involving a patient with Extra Drug Resistant Tuberculosis (XDR/TB) and a need for the CDC to use data mining to find the people to whom he might have spread the disease.  Just a few weeks ago, we expanded the hypothetical scenario to include a branch in which the patient was the subject of a court hearing over whether he had to be involuntarily confined to a hospital (quarantined).  Then, today, the news was filled with the real-world case of a man with XDR/TB who traveled  half-way round the world on commercial flights, his quarantine by the US government, and the CDC investigation  seeking to use airline data records to identify potential contacts. 
Article has 0 Comments. Click here to read/write comments

New technologies for Authority Based Access Control

Posted by K Krasnow Waterman on Sun, May 20, 2007 @ 09:05 AM

Tags: technology innovation, technology for business managers

Traditionally, if someone wanted to restrict access to a computer system,  the first line of defense was a list of authorized users...a list of people, by name.  These systems generally relied on one central administrator to keep track and keep up.  Not surprisingly, in any system with more than a few users, it was hard to keep up with who should and who shouldn't have access.  System administrators had to rely on others to keep them informed when people quit a job or left a group.  There have certainly been occasions when fired employees continue to have access to the systems of their former employers for at least some time.  At the personal or small group level, the name registry sort of security has just been too hard for most and we end up either posting things to the entire internet (like this blog), or not posting things that we might worry about people using inappropriately (like pictures of small kids).   Today, many of us are tackling ways to grant and deny access to information without making and maintaining lists of authorized persons. 

One method is to allow access based upon "attributes."  Instead of trying to identify people by name, we say what kind of people we want to let in.  We might focus on what sort of job they have (anyone in sales can have access) or what their relationship is to us (anyone who is a member of this museum, but not anyone who is an affiliate of a member).  In more complex systems, we can allow for multiple attributes (employees, in the sales department, who work in the western region).  In order for this to be successful, we still must have access to information about the people who will seek access (the employee roster, the membership list).  This model allows for limited decentralization; we can get the attributes from a number of systems that centralize each attribute. In an environment like the government, this could be successful, because the government can mandate a relatively high level of structure and consistency.

Another method is to give people "permissions."  In the physical world, when we want to give someone access to our home or office, we give them a key.  If we trust them, we may give them a key that they can copy (my housekeeper had the set she carried plus the set she made as a back-up at home; my mother-in-law makes a copy for my brother-in-law); if we trust them less, or have more to secure, we give them a key that cannot be copied without special permission or special equipment.  In the virtual world, we can give someone a bit of code that works much the same way.  With software, though, we can create more permutations of the key.  It might only work during certain hours, only work for a certain number of times, or only be shareable with people with a particular type of userID, say a company webname.  This is a distributed trust model; it lets us trust people who have access to our information to make decisions about whether other people should have access. 

Both of these models assume that each system has its own structure and that information presented must be structured in a manner expected by a system.   On the web, we can expand capability even more.  Imagine carrying "keys" that describe all the different aspects of who you are and the verifications of those facts by others.  For example, you have a "key" that says "I'm the den mother of the Girl Scout troop #4566" and a verification from the regional Scouting office.  When you approach a Girl Scout website with that key, the site can calculate and give you appropriate access, say to the phone numbers of the parents of your troop, but not the parents of the troop in the next town. 

Using semantic web technologies, there is work underway to go one step better.  In the prior example, the Girl Scout website could anticipate that you would be coming.  What about the larger world, where you want to go new places, where the people don't know you at all? Say as den mother, you want to get the phone numbers of the troop leaders for other children's groups in the region: Boy Scouts, Campfire Girls, etc.  Or, your girls are doing a project on Korea and you want to get email addresses for girls in a troop there, so that your girls can write and ask them questions.  You could approach these different sites and each would look at your Den Mother key and decide if, according to their own rules, you can have the information you're seeking.  The benefit of the semantic web technologies is that it lets you present your credentials to systems that didn't know or expect you.  This works by including some information with your keys that explains how your keys are structured, how to read and understand them.  The tremendous advantage to this is that everyone doesn't have to use the same software or the same structure.  It can be adopted and used more readily because it doesn't require everyone with a system or everyone with keys to agree in advance how they will be built.  To be fair, it does require some minimal adherence to common principles much the way the internet works today.

One other exciting benefit of these movements in technology is the potential to improve privacy protection.  You could subdivide your virtual keyring.  So, personal facts (I'm Susie's brother; I'm Frank's friend) would not be revealed to a site for which you were seeking job-related access.  Nor would professional facts be shared with friends, volunteer associates, or commercial vendors.  This will be a significant improvement over the cookies that are passed to websites, because most people don't understand what information their computer is giving out or know how to find out.
Article has 0 Comments. Click here to read/write comments

Thesis: Data Mining Email for Compliance (Using Enron as an Example)

Posted by K Krasnow Waterman on Sat, Jun 17, 2006 @ 11:06 AM

Tags: technology implementing law, technology for lawyers, technology for business managers

I finished my thesis on May 15, 2006.  Here's the abstract: 

"I propose the creation of a real-time compliance “bot” – software to momentarily pause
each employee’s email at the moment of sending and to electronically assess whether that
email is likely to create liability or unanticipated expense for the corporation. My thesis
describes the confluence of historical events making such a product necessary and
desirable – increase in corporate regulation, explosive growth of email, acceptance of
email as evidence in litigation. The cautionary tale of Enron provides the backdrop for the
thesis. The government released hundreds of thousands of Enron management emails and
they have become research fodder for those interested in “Knowledge Discovery,” a
computer science discipline that gleans meaningful information from data otherwise
indecipherable due to its sheer size. CEO’s and other C-level corporate managers are my
intended audience, so I have attempted to counter the weightiness of the technical topics by
focusing on the search for readily understandable management headaches such as the loss
of productivity due to high participation in the fantasy football pool or the potential for
dirty jokes to become evidence in an employment law claim."

If you would like a copy of my thesis (described below) please send me an email at


Article has 5 Comments. Click here to read/write comments