Rick Kamal, Chief Technology Officer at Harvard Business School, discussed three main threats to business: information security, clogged pipelines, and a new type of business-model disruption.
Kamal began the first keynote presentation of the day at the 2017 Information Technology and Security Forum, held on December 7 in Boston, by stating, “I know the title of my talk sounds ominous, but my thinking is that a little healthy fear leads to action.”
Beginning with the first threat, information security, Kamal noted that in both the Equifax and Uber breaches, the cause was trivial. “With Equifax, the company was notified to do a security upgrade and didn’t. Uber put code on GitHub that contained user names and password information for its Amazon Web Service data. Someone got access to this GitHub account and got all those AWS records. A little prevention could have prevented both of these,” said Kamal.
“In just the past year, billions of records have been released as the result of breaches. Each one of these impacts multiple entities, including your business. Then there’s ransomware. Almost half of all organizations report ransomware attacks. These are trivial to avoid. The problem is, we’re looking for shiny-penny solutions rather than taking preventive measures.”
“Almost half of all organizations report ransomware attacks. These are trivial to avoid. The problem is, we’re looking for shiny-penny solutions rather than taking preventive measures.”
Kamal presented seven steps to prevent a breach. “If you do the first four or five, you’re almost home free,” he stated. The seven steps are:
1. Upgrade and patch OS.
2. Upgrade and patch applications.
“Doing these two alone eliminates 60% to 70% of vulnerabilities,” Kamal pointed out.
3. Whitelist applications. “This is where we only expect applications A, B, and C or processes A, B, and C to run. If anything else tries to run, it can’t. This approach essentially blocks every possible ransomware or malware attack,” emphasized Kamal. “By doing this, you’ve upped your attack coverage by close to 90%.”
4. Have strong passwords, vaults, and multifactor authentication. “Your employees, who are accessing your sensitive systems, are likely using the same password for a number of sites. I strongly urge you to enforce the use of password vaults and multifactor authentication. Implementing the previous four actions puts organizations high into the 90s in terms of security,” said Kamal.
“Your employees, who are accessing your sensitive systems, are likely using the same password for a number of sites. I strongly urge you to enforce the use of password vaults and multifactor authentication.”
5. Encrypt data. “Encrypting data is actually very little work.”
6. Have proper key management. “When you encrypt data using keys, don’t put the keys next to the data on the same server, and encrypt the key, too.”
7. Secure points of entry. “If you have ports on your servers, close the ones you’re not using.”
Kamal also suggested inviting a third-party to review the organization’s security situation after all these steps are in place.
Moving on to the second threat, clogged pipelines, Kamal discussed jumping the S-curve. “This means, when you’re still experiencing growth in one area, start thinking about a fundamentally different service or product line.”
Next he mentioned the four types of work: innovation, core business, fighting fires, and long-term strategic. “The challenge a lot of technology organizations face is they don’t break out these four different types of work into different teams. Core business is driven by customer demand, with the result that innovation and long-term strategic initiatives get squeezed out. Each of the four has a different metric for success. One way to address this is by creating an ambidextrous organization in which teams are autonomous at the bottom and connected at the top,” stated Kamal.
Addressing the last threat, Kamal pointed out, “We’re in a new era of business-model disruption. The new issue arising is that disruption is coming from platform companies—companies that aren’t in direct competition but in indirect competition. YouTube, Etsy, Airbnb, and Uber are disruptive companies that are completely outside their conventional competitor space. The businesses being disrupted are pipeline companies that have a product or service, a type of customer, and a linear value chain,” he explained.
“A platform business model has an owner that doesn’t own anything or offer a direct service or product. All it does is facilitate communication among a bunch of producers and a bunch of consumers. The fundamental value that’s created is the ability for others to create value,” noted Kamal. “Apple became successful when it opened a platform—the Apple Store. Once customers engage with a platform business, they stick with it. Platform businesses have amazing margins and are going to explode.”
“A platform business model has an owner that doesn’t own anything or offer a direct service or product. All it does is facilitate communication among a bunch of producers and a bunch of consumers. The fundamental value that’s created is the ability for others to create value.”
Kamal concluded with these three questions that companies need to ask themselves regarding the threat of platforms:
• Will my company be disrupted?
• Do my company disrupt others?
• Will my company disrupt itself?
Rick Kamal has a track record of successful delivery of large, complex, and innovative programs across the education, financial, and high-tech industries. Currently, Rick serves as Chief Technology Officer for Harvard Business School’s online education initiative, HBX. The initiative has successfully developed an innovative course platform that delivers impactful online courses from the faculty of Harvard Business to thousands of students worldwide. In addition, the initiative has developed a breakthrough virtual classroom, HBX Live, which reproduces the intimacy and synchronous interaction of Harvard Business School’s famed case-study method in a digital environment.
Prior to joining Harvard Business School, Rick founded EduNova, an education-product development company that has partnered with the National Science Foundation, U.S. Department of Education, UNESCO, and the World Bank to develop blended curriculum for K-20. EduNova’s products and curriculum have been adopted as standards for national education systems around the globe. While at EduNova, Rick authored and co-authored seven award-winning, best-selling books.
Rick formerly served as a senior executive at Fidelity Investments, where he was responsible for the technology development of the nation’s largest private retirement and benefits outsourcing system, NetBenefits.
He has also served in senior technology positions and consulted for numerous companies and institutions including EMC, Dell, Dun and Bradstreet, and Harvard Medical School.
Rick attended Boston University, Sloan School of Management, and Stanford University.