FORGOT YOUR DETAILS?

Energy, Technology & Finance are the most mature industries when it comes to Privileged Access Management (PAM) adoption and uses, outscoring peer industries by a wide margin.
58% of organizations do not use Multi-Factor Authentication (MFA) for privileged administrative access to servers, leaving their IT systems and infrastructure exposed to hacking attempts, including unchallenged privileged access abuse.
52% of organizations are using shared accounts for controlling privileged access, increasing the probability of privileged credential abuse.

These and many other fascinating insights are from the recently published Centrify 2019 Zero Trust Privilege Maturity Model Report created in partnership with Techvangelism. You can download a copy of the study here (PDF, 22 pp., no opt-in). Over 1,300 organizations participated in the survey from 11 industries with Technology, Finance, and Healthcare, comprising 50% of all organizations participating. Please see page 4 of the study for additional details regarding the methodology.
What makes this study noteworthy is that it’s the first of its kind to create a Zero Trust Privilege Maturity Model designed to help organizations better understand and define their ability to discover, protect, secure, manage, and provide privileged access. Also, this model can be used to help mature existing security implementations towards one that provides the greatest level of protection of identity, privileged access, and its use.
Key takeaways from the study include the following:

The top 21% of enterprises who excel at thwarting privileged credential breaches share a common set of attributes that differentiate them from their peers. Enterprises who most succeed at stopping security breaches have progressed beyond vault- and identity-centric techniques by hardening their environments through the use of centralized management of service and application accounts and enforcing host-based session, file, and process auditing. In short, the most secure organizations globally have reached a level of Privileged Access Management (PAM) maturity that reduces the probability of a breach successfully occurring due to privileged credential abuse.

Energy, Technology & Finance are the most mature industries adopting Privileged Access Management (PAM), outscoring peer industries by a wide margin. Government, Education, and Manufacturing are the industries most lagging in their adoption of Zero Trust Privilege (ZTP), making them the most vulnerable to breaches caused by privileged credential abuse. Education and Manufacturing are the most vulnerable industries of all, where it’s common for multiple manufacturing sites to use shared accounts for controlling privileged access. The study found shared accounts for controlling privileged access is commonplace, with 52% of all organizations reporting this occurring often. Presented below are the relative levels of Zero Trust Privilege Maturity by demographics, with the largest organizations having the most mature approaches to ZTP, which is expected given the size and scale of their IT and cybersecurity departments.

51% of organizations do not control access to transformational technologies with privileged access, including modern attack surfaces such as cloud workloads (38%), Big Data projects (65%), and containers (50%). Artificial Intelligence (AI)/Bots and Internet of Things (IoT) are two of the most vulnerable threat surfaces according to the 1,300 organizations surveyed. Just 16% of organizations have implemented a ZTP strategy to protect their AI/Bots technologies, and just 25% have implemented them for IoT. The graphic below compares usage or plans by transformational technologies.

58% of organizations aren’t using MFA for server login, and 25% have no plans for a password vault, two areas that are the first steps to defining a Privileged Access Management (PAM) strategy. Surprisingly, 26% do not use and do not plan to use MFA for server login, while approximately 32% do plan to use MFA for server logins. Organizations are missing out on opportunities to significantly harden their security posture by adopting password vaults and implementing MFA across all server logins. These two areas are essential for implementing a ZTP framework.

Conclusion
To minimize threats – both external and internal – Privileged Access Management needs to go beyond the fundamental gateway-based model and look to encompass host-enforced privileged access that addresses every means by which the organization leverages privileged credentials. With just 21% of organizations succeeding with mature Zero Trust Privilege deployments, 79% are vulnerable to privileged credential abuse-based breaches that are challenging to stop. Privileged credentials are the most trusted in an organization, allowing internal and external hackers the freedom to move throughout networks undetected. That’s why understanding where an organization is on the spectrum of ZTP maturity is so important, and why the findings from the Centrify and Techvangelism 2019 Zero Trust Privilege Maturity Model Report are worth noting and taking action on.

Tagged under:

A well-crafted Business Intelligence strategy can bring clarity to your operations and improve decision-making. Learn how to create this strategy in this post.
Can you answer these questions without a moment’s hesitation?
What are your most profitable clients? What are your highest margin projects? How did your sales team perform in the last quarter?
If you’re like most agencies, you’d probably say “no”.
The Big Data revolution has transformed entire industries. The agency business, however, seems to be curiously unaffected by it. Scroll through any agency-focused publication and you’ll see article after article talking about creative skills. Data and analytics remain mostly a footnote, if at all.
You can blame this partly on the nature of the agency business itself. When your primary “product” is creativity, it’s tough to get people excited about something as objective as data.
It doesn’t help that wrangling useful data out of the systems agencies use isn’t always easy. Throw in a lack of executive buy-in and talent shortage and you have the present situation.
I’ll show you how to solve this data problem in this article. You’ll learn how to develop a sound business intelligence strategy, build a team, and get real insight from data.
Understanding Business Intelligence (BI)
Every business produces some data. It doesn’t matter whether you’re a two-person freelance team or a 500-person agency, if you are selling something, you’re also accumulating data related to it.
Think of a content marketing agency. In the course of its operations, this agency produces a lot of data, such as:

Marketing data related to its social media, website, and other marketing endeavors
Operational data related to its projects, resources, and day-to-day executive functions
Sales data related to the activities of its sales team, such as outbound calls, the opportunity to win ratio, etc.

Without a sound BI strategy, all this data would remain siloed. You might have traffic data from Google Analytics, but there would be no way for you to connect it to your operations or sales efforts. Worse, minus strong data intelligence, you can’t really track whether your performance matches your strategic vision.
The purpose of business intelligence is to turn this data into actionable insight.
In Gartner’s most recent survey of CIOs, BI/data analysis emerged as the number one concern for all respondents, significantly edging out more “buzzwordy” initiatives such as automation.

Before we proceed, you should know the difference between BI and Big Data. Though they sound similar, they differ greatly in impact, scope, and implementation.
Business intelligence differs from Big Data in that it is structured and repeatable. It draws in data regularly from pre-defined sources and makes it accessible and actionable.
Big Data, on the other hand, is where you use different processes to draw insight from large volumes of data. It is unstructured and non-repeatable. Two different data analysts can draw entirely different insight from the same data set.
Your Google Analytics dashboard is an example of business intelligence. It takes in data from pre-defined sources (such as your website) and turns it into actionable insight in real-time.

If you were to store all this raw visitor data as a CSV file and run a bunch of Excel formulas on it, you’d be doing ‘Big Data’.
The question now is: how do you go about creating a business intelligence strategy?
This is a four-step process, as I’ll show you below.
Creating a Business Intelligence Strategy
Although they might differ from business to business, the fundamentals of any business intelligence strategy remain the same.
Namely:

Develop a vision and define your data requirements
Gather and store your data in a structured manner
Turn this data into an easily accessible visual data dashboard

As we’ll show you below, this is a multi-step process.
Step #1: Chart a BI Roadmap
You’re not going to get far with a BI initiative if you don’t have a clear agreement between stakeholders and a unified vision. In particular, there should be clear alignment between your BI strategy and corporate strategy.
Your first step, therefore, is to chart a BI roadmap. This is your overall strategy document outlining your vision, goals, and the path you’ll take to get there. It explains what’s in scope, what’s not, and the overall hierarchy of responsibility.
The BI roadmap should focus on the following:
1. Your corporate strategy
The purpose of any BI initiative is to give you insight into your business’ operations. For this to be successful, you have to first know what direction the business is moving into. Else, you might end up tracking metrics that have no real impact on the business’ long-term goals.
For instance, you might build a detailed marketing intelligence dashboard. But corporate might move to a direct sales and partnerships-focused model, rendering your marketing dashboard useless.
So the first order of business is to align the BI initiative with your corporate strategy. This isn’t easy, especially in larger organizations where executives don’t always like to share their long-term strategy.
Having a high-level stakeholder champion your cause can be effective. Get buy-in from someone on the board so you know what’s happening in the long-term and can change your BI focus accordingly.
2. Scope analysis
The final shape of your BI initiative will depend a lot on its scope. You’ll need a very different setup for gathering organization-wide operational metrics than say, just the marketing performance.
A scope analysis should be able to tell you what’s covered within the BI initiative and what’s not. Take the business apart and place everything into four categories:

Out-of-scope: Parts of the agency that are completely out-of-scope (for instance, HR and legal).
In-scope: Parts of the agency that are completely in-scope. These would be the core metrics for your BI dashboard.
Marginally in-scope: Parts of the agency that might be in-scope in the future, should circumstances change or the BI initiative pays off.
Temporarily in-scope: Parts that might be temporarily in-scope for short projects or reports.

3. KPIs and metrics
You can have great data, stunning visualizations, and substantial buy-in from stakeholders. But if you’re measuring the wrong metrics, your BI initiative will still be a failure.
This is particularly challenging for agencies where you might have countless seemingly similar metrics. For instance, it’s not always easy to tell whether you should measure overhead rate by % of the total bill or overhead rate by labor cost.

Having a tool that can quickly give you access to these related metrics can make your job much easier
Look at your data sources and divide everything into three categories:

Tracked metrics – Data that you will track regularly, but won’t use as a measure of performance.
Untracked metrics – Data that you won’t track. However, this data should be available for future analysis.
KPIs (Key Performance Indicators) – The metrics you will use to measure your performance. This would be a subset of your tracked metrics.

For instance, you might track average time on site, the number of pageviews per session, and bounce rate. But of these, you might choose only bounce rate as a KPI.
In addition to your own data, you might also want to keep track of industry-wide metrics to benchmark your performance.
4. Vision document
Finally, roll everything you’ve discovered so far into a vision document. This should be a short document outlining:

The broad goals of the BI initiative – what it aims to achieve, who all will be involved in it (more on this later), and what are its expected benefits
The long-term and short-term goals of the business and how a BI initiative can help you meet them
What’s in-scope and what’s not
What metrics you’ll track and how will you measure your performance

Get key stakeholders to sign-off on this document. Use it to evaluate the success or failure of your BI strategy.
This brings us to the next step in crafting a Business Intelligence strategy – managing stakeholders and BI teams.
Step #2: Assemble Your Team
BI initiatives are tough work. You need someone to provide data, someone to manage it, and someone to make sure that it shows what stakeholders want to see.
A lot of this depends on man-management and interpersonal relationships. But having a solid plan in place doesn’t hurt.
Here’s how you can go about assembling your own BI Avengers.
1. Understand stakeholder requirements
BI dashboards exist primarily for one reason: to help executives make better decisions. In fact, executive management remains the top driving force behind BI initiatives.

What if the dashboard isn’t even tracking the metrics executives care about? Or what if your data visualization and presentation just leave your stakeholders confused?
Understanding your stakeholder requirements, thus, is a crucial part of any BI strategy.
Zero in on the top stakeholders who will consume the data. For each of these stakeholders, figure out the following:

Visual preferences – How do they like to see their data (detailed vs broad overview, graphs vs hard numbers, etc.)
Priority metrics – What metrics do they care about the most? What metrics are most relevant to their department or area of expertise?
Business metrics – Outside of their core metrics, what metrics should they have priority access to for better decision-making? These should be from across the entire business, not just their concerned department.

2. Get access to data
To build your BI dashboard, you’ll need data from each department, and you’ll need it in an accessible format.
Getting access to this data isn’t always easy, especially in large agencies. Some departments might not have clear reporting standards. Others might not be willing to sign-off on their data to other departments. And some others will have concerns about the security of their data.
Your goal is to:

Convince stakeholders (especially department leaders) that their data will be safe. Using a tool like Workamajig that is certified can assuage a lot of concerns.
Persuade departments to adopt uniform reporting standards to make data analysis easier.
Get department heads to invest in reporting and data entry (something few people are interested in)

3. Build your BI team
How big (or small) your BI team is will depend on the scope of your BI initiative. Need a simple dashboard that shows you your marketing performance? You can probably saddle someone with this additional responsibility.
Need to gather data from across the organization? You’ll have multiple managers, developers, and analysts.
A full-fledged Business Intelligence team has the following roles:

Head of Business Intelligence: The person responsible for executing your BI strategy. Since she has to work closely with senior stakeholders, someone with strong personal relationships with them will thrive in this role. This is usually a VP-level position.
Business Analyst: The person responsible for acquiring data and turning it into insight. This is a core role in any BI team. A business analyst usually has a strong background in research and analysis, especially statistical analysis.
Developer: The developer builds integrations to put together data from multiple dashboards. While there are plenty of BYOD BI dashboards available, you might still need a full-time developer to make sure that all data is in the right format.

Outside of these roles, you might also have data scientists, especially if you deal with a ton of data and want to move towards Big Data, not just BI.
Of course, an easier alternative is to just use software like Workamajig that brings together data from across your agency in a single dashboard. This eliminates the need to reformat data or make sure that everyone is tracking the right metrics.
Once you have your team, what’s the next step?
Putting together your data, of course.
Step #3: Gather and Organize Your Data
Data is the fuel for any business intelligence strategy. You have to figure out a way to capture data, store it, and turn it into insight.
A sound data plan should be a core part of your BI strategy. Here’s what it should include:
1. Identify data sources
As an agency, you’ll have data from countless sources – clients, projects, sales, marketing, finance, etc.
The first step in your data plan, thus, is to identify all these data sources, their importance, and your integration plan for them.
There is no fixed process for how you organize your data. You can segregate them by department (finance, sales, etc.), by function (client acquisition, operations, etc.), or by business impact.
At the very least, you want to identify the most important metrics to your business (see the section above) and figure out how you will track them. For an agency, these might be client profitability, core marketing metrics, utilization rate, etc.
Given that building a dashboard is a top priority for most BI initiatives, it is crucial that you also start thinking of how your data sources will integrate into your dashboard.

An integration plan can make this process smoother, as we’ll see below.
2. Develop an integration plan
Once you’ve identified your data, you need a way to integrate it into a dashboard.
Depending on what tools you use, this might be one of the easiest parts of the process or the toughest. For instance, if you use modern SaaS tools almost exclusively, you’ll find that a lot of them integrate with popular BI tools such as Domo or Sisense.
On the other hand, if you use proprietary systems, on-premise software, or custom solutions, you’ll have to figure out how you’ll integrate your data with your BI dashboard. This might require creating a custom integration or even developing your own dashboard.
An easier solution is to use software like Workamajig to get ready access to all your data, from sales to accounting, is a ready-to-use dashboard.
3. Create a visualization strategy
Data isn’t useful if it isn’t presented in the right format. Your data plan, thus, should include a visualization strategy as well. This strategy should focus on:

What metrics you’ll prioritize in your dashboard, and
How you will visualize them

The answers to these questions will depend on your overall vision and stakeholder preferences. You might want to create multiple dashboards for different stakeholders. One stakeholder might prefer scatter graphs, while another might favor textual data.
I recommend working with a designer to make sure that your visualization strategy is easy to follow. Include specific details such as the types of graphs, colors, fonts, etc. you’ll use in the final dashboard.
Of course, make sure that your BI tool supports your visualization choices.
Over to You
Better data makes for better decision-making. A sound Business Intelligence strategy can make it much easier to gather your data and make it accessible to your agency’s decision-makers. Follow this three-step process to chart your BI strategy and bring clarity to your agency’s operations.

Tagged under: , ,
TOP