Transcript
Cyber Security, Digital world and the impact on Ticino’s industrial system
Lugano, 4 Ottobre 2016
Mettiamo a proprio agio l’utente in its digital experiences with the brand.
CHI SIAMO
Codd & Date: a historical nameof the IT Management Consulting and System Integration, with strong experience in complex delivery, professional advice in IT and Organisational environments, in strategic alignment betweenBusiness and IT
Mobile Payment Services company, with a strong international presence, basedin Milan & London and listedon the London Stock Exchange
THENETWORK
CODD&DATE SKILLS
Data Governanace IT Governance, Risk, Compliance, Assurance & Security
Multichannel software factory
Enterprise Architectures
Designs, Managesand Ensuresmaximum output for every projects
CONSULTINGConsulting means to be close to the customers to design, supervise and ensure themaximum performance of each operational strategy. Codd&Date Suisse is not aTechnology Provider so is not involved in typical technology qualifications programs.
And for every solution we plan and implement the most effective approach, providingthe customer with a team of services supported by professionals specialized in each industry.Third party advisory role is one of our main assets.
IT Strategies & Governance
Project Management
IT Governance, Risk , Compliance, Audit & Security
IT & Data Architectures
Payments Architectures &
Consulting
Digital Innovation & TrasformationThe propagation of fintech companies aschange the key factors of the financialmarket because they promote the evolutionof payment channels and data aggregation.PSD 2 (Payment Services Directive 2) allowsother operators, different from banks, tomanage payments lower than 500€.This particular process means a wave ofpotential new streams that can representnew incomes ‐> the entity should create anautomatic interface to manage this type ofpayments (profilization of customers anddata administration).
We can bring back this events to a specificgroup of «best practices» that can help theentity in the management of thisphenomena.
Cyber Security
The cyber security needs a technological drill‐down and a in‐depth knowledge of thedirectives/regulations.
We can offer convertible matrix for te conversion of the EU directives into Suissescenery.
We can provide managerial support for the development of new internal structures ‐>this topic includes the supplier definition and a specific services choice.
If necessary, we can lead penetration test for the risk‐management helped by somepartherships with specific companies.
CODD&DATE for Security
Compliance Governance & Risk Mgmt
Assurance & Security
Management Models
Organizational Models
BPM Models
IT Governance, Strategies and Design
Covering
Constant uptime of IT operational engine andrelevant components(Business Continuity)
Technical choices toavoid vulnerability(Cyber Security,
Information Security, Security By Design)
BUSINESS AS USUAL
Cyber Security, Digital world and the impact on Ticino’s industrial system
The Digitization: opportunities and risks between market forces and security needs
Dario Carnelli – Codd&Date Suisse – Principal Advisor
IL Digital WorldAbolition of time and space«Wide» access to known and unknown usersAnywhere – Anytime (reti) – Anymedia (login with multiple devicesmore and more cheaper‐ smartphone that costs 4$)New needs‐> New business opportunities («Apps»)Social Media dimensionShared/sharable Processes‐> information circulation (Barilla 2020)
3A
NEW OPPORTUNITIES FOR ENTERPRISESoMarketsoMore efficient protectionoMore efficient processes (internal)o«end‐to‐end» efficiencyoProtection and administration of processes
RISK DIMENSIONS MAP Don’t get the evolution! (dino sindrome) “Stakeholders” expectations Representation (brand awareness) Corporate Management Information confidentiality / protection
Impact
• Mrketse‐Commerce (B2x)e‐Brand
• Efficiency (from «star» to «hub»)Processes
a) IT share (workflow)b) Usability anywhere / anytimec) “paper‐free”
“end‐to‐end”a) Lack of “information delay”b) Controlled merge of processes – corporate level/ hub
• Relation Customer management (Unified Communication Process)Multichannel commercial possibilities (i.e. marketplace)
Opportunities
Strategic oneoPresume that a «still niche» could even existoroles and mission of corporate functions‐> «change in culture»
Stakeholders expectationso Performance & CIA (response time, availability 24x7x365) = preserve value
o New opportunity = create value through “end‐to‐end” integration(e.g. pagamento come step integrato: Psd/2, new payment media app‐based, integrated authentication)
Risks
ImageoOffer unsuitabilityo SOCIAL
• Avalanche effect• Information’s quality can not be verified• “Anonymity”
IT management: “size” as the key‐driveroBusiness alignment thru architectureoProcess availability (continuity)oProcess performanceoRight costingoRisk management (through IT process maturity)
Risks
Information confidentiality / protectionoINSIDER THREATS‐> fast analysis of huge loads of data‐> identity / access management
oOUTSIDER THREATS ‐> Cyber crime (a new global structuredbusiness)
oCOMPLIANCE COST ‐> EU/Suisse regulation
Risks
New IT approach (XaaS) (size factor)– Cloud (infra level)– SaaS / PRaaS– “resource hub”
LEGO architecture: IT as enabler of the processes connected to it(toconsider in a «wide» / «end‐to‐end» view)SECURITY (cyber, logical, physical related to INFORMATION)Integrated governance bodyProven process of risk management (“black swan”)
..to do list…
Cyber Security, Digital world and the impact on the Ticino’s industrial system
Management and design aspects of the new world
Giancarlo Nocerino – Codd&Date Suisse ‐ Senior Project Manager & IT Advisor
A new world….same critical issues
20
The «world» in the past….
21
The new one….
22
23 23
The New WorldProjects
SecurityIntegration
Trends
Innovation
Progetti
24
The New WorldProjects
SecurityIntegration
Trends
Innovation
25
The same challanges…
25
1973 First LCD watch with a «6 figures»
display
60.000 Jobs lost in Switzerland
…same solutions
26
SWATCH creates its first low-cost collection
Huge INNOVATION• 80% cheaper thanks to the assembly parts
• Automated with a less number of parts (from 91 to 51 )
• Water resistant
• CHEAPER!!!
Different timelines…
27
1973 1983
10 years1974 1975 1976 1977 1978 1979 1980 1981 1982
28
Il caso Smartwatch
28
29 29
12 milionsSmartWatch sold in 2015
180 milionsSmartWatch production forecast for the
2019
Smartwatch theme
30
• si ricevono le notifiche, • si effettuano pagamenti via Apple Pay, • si chiedono informazioni a Siri, • si dettano promemoria. • si risponde a messaggi o direttamente alle telefonate • può funzionare da controllo remoto per la musica, per la
fotocamera dell’iPhone o anche per Apple TV.• si può utilizzare anche per le prenotazioni delle camere degli
hotel e direttamente come chiave per aprire la porta della camera.
• si possono controllare i voli aerei e • prenotare camere in albergo. • Si può anche essere usato come chiave per aprire la porta della
camera dell’hotel. Può interagire via HomeKit per aprire la porta del garage.
• In ambito Salute, lo smartwatch ha forti potenzialità, grazie all’accelerometro e al cardiofrequenzimetro integrato
Some considerations..
31
• Innovation’s challanges haven’t change too much• The rates of reactions are changed (from 10 years to months)• The innovation projects must be manage with efficiency and effectiveness
Due to the hard theme of “Growth”, “Change” and “Innovation” the resources dedicated to these themes arelower owing to the exponential growth of the “projects”.
1800Agricultural Society
1900IndustrialSociety
2000Digital Society
Operations
Projects80%
“CHANGE”80%
“CHANGE”
20%
“RUN”20%
“RUN”
The increasing share of projects (Shenhar and Dvir)
“[…]the only way organizations can change, implement a strategy, innovate, or gain competitive advantage is through projects”
More than 60% of the IT processes is featured with critical issuesMore than 60% of the IT processes is featured with critical issuesThe projects world..
IProjects as the aim to create and develpo new products and processes. Due to theirimportance, their failure could cause huge damage to the enteprises.
PERCHE “FALLISCONO”? CHE ERRORI VENGONO COMMESSI?
Competenza del Project ManagerCompetenza del Project Manager
Competenza delle strutture a supporto del Project Manager
Competenza delle strutture a supporto del Project Manager
Competenza nel Recovery di progetti “in sofferenza”
Competenza nel Recovery di progetti “in sofferenza”
Maturità delle Organizzazioni nel Project Management
Maturità delle Organizzazioni nel Project Management
35
The facts…
The presence of economical resources don’t get to a complete success. They should be match with specific skills and good practices.
I PROGETTI DEVONO ESSERE GESTITI IN MODO “PROFESSIONALE”
I Projects are used to sustain the innovation, new products and new solutions. INNOVATION, NEW PRODUCT AND EVOLUTION
Projects are widely used in the enterprises and this means huge economical resources to invest.
PROJECTS AND OPERATIONS
Security
36
The New WorldProjects
SecurityIntegration
Trends
Innovation
Some examples from the public affairs…
37
breachalarm.com
worlds‐biggest‐data‐breaches‐hacks/
38 38
…to the private ones
39
Some considerations…
40
• Weak systems?• Complete projects?• Not so effective implementation?• Not so effective test?• Not so effective control and management?• Little attention on the assessments?
Codd&date incontra ATED 41
42 42
The new WorldProjects
SecurityIntegration
Trends
Innovation
Main themes…• How to manage security projects• How to manage projects to ensure a high level of security and efficiency• How to manage projects to maintain a high level of security• How to ensure best practices/behaviour to manage a security project
43
The paradign is steady…
44
Initiating Planning
Executing
Controlling
Closing
• Identify security’s requirements
• Project with own employees
• Warining for regulation
• Detailed design
• Fine tuning with experts
• Specific risk Assessment
• Manage the security’s project
• Watch out for sharing infos on theproject
• Security tests
• Fine tuning operation before therelease.
• Manage the info‐flow with highstandard of security
• Manage the «decommissioning»phase
• Delete password and qualifications
• Manage the evolution of the projectfrom «beta» to «product»
Addition of security elements in the projects
1. Project environment security
2. Workforce security knowledge
3. Business continuity planning
4. Secure project supply chain
5. Project deliverable security
6. Project deliverable resiliency
45
46
The new worldProjects
SecurityIntegrazione
Trends
Innovation
Trends
The crisis was very fast…
48
CHF downfall…
49
50
The New WorldProjects
SecurityIntergration
Trends
Innovation
Innovation
Does a good recipe exist to manage this criticcal issues?
51
52
Key factors for succesfull bussinesses of CH SMEs– Credit Suisse
Integration
53
The New WorldProjects
SecurityIntegration
Trends
Innovation
Integration• Finance integration• Integration projects (es. Horizon 2020)
54
55
The SMEs – an anchorage
Representing the 99,6% of all Suisse companies with an employment rate of 66,6%,
The SMEs are the pillar of the Switzerland economy
Number
99.6%
Number
99.6% Employment rate
66.6%
Employment rate
66.6%
See more at: http://www.swissbanking.org/it/home/finanzplatz‐link/kmu‐einleitung.htm#sthash.HQB9Racu.dpuf
56
The SMEs main features…1. They develop brand new products with a crafts process during the creation/realization
2. The follow the internationalisation in new markets;
3. Strong relationship with customers and the local area (employees)
4. They usually set up a network made by strong connection (knowledge, products, production) with other SME
5. They have an industrial enterpreneurship
6. They take part in an «ordered area of growth» that can be chaotic from an external point of view
7. The corporate management splits in a «official» one and a «real» one.
57
.
SMEs and the local area…
58
SMEs needs…• The SMEs needs a efficient management in those area where they invest (Sales, Investments, New Product…)
• They aren‘t familiar with project managment tools
• Lack of resources for their projects
• Very often the IT processes have benn outsourced with comunication/cooperation problems.
• They underline the effort of a project and the effort for the Project Management figures
• «Governance» is affected by the splited company structure (informal/real)
• Project Management skills are limited
• The step form «change» to «product» is always very problematic
• Difficulties in evolve the «steakholders»
59
In the end…• BOK, Best Practice, Specific Behaviour, typical of big enterprises, can’t fit in SMEs world
• It should be suggest a «dynamic» approach• The projects must be manage with SMEs mentality• The cost structure must be typical of a SME.
60
Cyber Security, Digital world and the impact on the Ticino’s industrial systemOur system between value conservation and changing
Professor Andrea Giochetta – Università Cattolica di Milano
62
Uncertanty leads the world…
•Financial crisis
• Downturn conditions of raw materials
• Terrorism and «third world war»
• Climate changes
• Ageing and population growth
•Immigration
63
Globalization and his effects
Globalization has move high crafted processes (with an high level of labour) to those developing countries wherejob is less expensive.This leads to:
•Connection between markets: decision/behaviour/practices that are typical of a are/market give rise toproblems/fallout in other markets/areas.
•Correlation between import and lower wages
•Expansion of supply: to ensure higher profits and competition in market
•Raise of investments: to ensure an advantage towards competitors
•Transformation of labour: from a craft type to an innovation/project one.
64
Industrail districts: Success aspects and changings in the spinneret
At the begging, a large group of individual companies join forces to be more competitive and to become moreinfluent all over the area.Doing that the industrial districts have learned to:1.Coexistence of traditional labour and innovation to gain an advantage at a high level2.Face complexity with:
● Self exploration● Risk taking● Learning from others mistakes
3. Create an iternal organization model that would be usefull for those companies which hasn’t enough power to change the regulationMore recently the enterprise network were born which allow SMEs to collaborate and comunicate more effective.
65
The enterprise network model allows the SMEs to coordinate work and investments. There are different types ofnetworks:
• Associations network: born with the thrust of an Association.• Local-area network: they put enphasis on the territorial aspects to quicken the promotion on international markets• Horizontal networks: companies join forces to create/project a brand new•Consortia: it focus its action on those activities that don’t represent the core business of SMEs. It focus its attention oninternational visibility, cost reduction and efficient processes.• Epistemic network: born based a project/idea which has the aim to create new demand which could be satisfied by thenetwork.
Enterprise Network
66
Enterpirse network: Italian focus
Economia e finanza dei distretti industriali - Settimo Rapporto Annuale - Intesasanpaolo - febbraio 2015
The italian SMEs decided to focus their efforts in their local area keeping a close relationship with the territory. They hasn’t focus their struggles onth internazionalization; this meant that the foreign investments had been used for local needs.
67
Economical results reward innovative branches
Economia e finanza dei distretti industriali - Settimo Rapporto Annuale - Intesasanpaolo - febbraio 2015
68
Innovation as a key factor: USA focus
Multiplying factor: for a single employee in the hitech market there are 5 more in other sectors, 2 of theme areprofessional figures, and 3 of them are no-specialized figures. Instead, for a single employee in the tradizional hand-made product market there are 1,6 more in other sectors.
The Globalization create unemployment in the traditional branch but this trend is different for those companieswhich create innovation: Standard crafting jobs are sent to China/India but hi-tech specialist market is growing a lot.In 2000 Oracle had 20000 employees in USA and 21000 abroad; in 2015 Oracle had 40000 employees in USA and over66000 abroad.
After the innovation process, from 20% to 30% of the total benefit is reflected on employees (in terms of wages)
69
Innovation provoque the downfall of traditional branches
At the end of XX century, the competition between companies was focused on the research of capital/money.Nowadays these battle is focused on the attraction of intagibles competences carried by people.
•Innovation attracts lot of labour with the creation of new professional figures: (web designer, web administrator,Chief Digital Officer….)
•R&D investments requires: i) high fixed costs ii) best practices/knowledge that allows to maintain what you project•l’accentramento geografico sembra caratterizzare i settori a più alta creatività e innovazione. L'interazioneconsente agli individui di imparare gli uni dagli altri rendendo complessivamente tutti più creativi e produttivi(Esternalità positive del Capitale Umano - Robert Lucas – Nobel 1988),
•le persone ad alto tasso di scolarità tendono sempre di più a stabilirsi nelle città e nei paesi dove l'incidenza deilaureati è maggiore. analogamente i lavoratori meno istruiti restano aggregati con i loro omologhi nelle aree menopromettenti e in progressiva decadenza (Enrico Moretti - La nuova geografia del lavoro).
70
Innovation changes production’s geography
Wealthier areas attract specialized and educatedlabour.
This changes radically areas where people leave:wealthier areas have more specialized workers (withan higher wage) then other areas.
The wages level affects lifestyle and behaviour ofthe population making it different from the rest of thecountry.
..in the USA
71
In the end...
Innovation must be kept in its traditional way (upgrating production processes and creating new products)and in its more conceptual way (changing the behaviour/best practices of a company to ensure that innovation
has it’s effects).
THANK YOU VERY MUCH
Codd&DateSuisse Sagl
Via Maggio 1CCH ‐ 6900 Lugano
Switzerland
+41 91 260 16 09
info@codd‐date.chwww.codd‐date.ch
Codd&DateSuisse Sagl
Bahnhofstrasse 100CH ‐ 8001 ZürichSwitzerland
+41 44 562 71 77
info@codd‐date.chwww.codd‐date.ch
top related