Friday, April 22, 2016

Cloud vs corporate IT: Insights into how the share-economy will play out?

When thinking about disruption we often attempt to look to the past for how it will affect our future. However, we can also explore how disruptive tech is impacting our world today.

Consider a recent WSJ article that gave us insights in to how cloud and mobile is disrupting "classic tech":
  • EMC, Intel and IBM are being disrupted. The move to cloud and mobile is impacting the ability of these companies to meet earnings expectations. For example, EMC's sales of storage products declined by 10%, while Intel has seen an overall decline in PC Market sales.
  • Companies are slashing their workforce in response to such trends. The shift to cloud & mobile is resulting has resulted in the hemorrhaging of 12,000 jobs, or 11% of the workforce, at Intel alone. 
  • Overall decline in revenues/profits despite strategic shifts in product mix. IBM's cloud computing business grew 34%, while Intel's data centre business, serving cloud providers grew 9% (for more on this "corporatification trend" see here). However, IBM's total revenue fell almost 5%. Intel had a tough time keeping up with rivals like ARM who posted revenue gains of 22%. This compares to 7% of which the WSJ attributes a chunk of that rise to an acquisition Intel made. 
Reflecting on these trends, is it fair to think of cloud as the original use case for the share economy? 

When we think of Uber, Airbnb, etc., we see how users can use these platforms to monetize their excess or underutilized asset by renting it to others.

However, isn't that also the story of the cloud?

Amazon, Intuit, and other cloud computing companies decided to "share" their excess computing capacity to others. In a sense, we are talking about servers instead of houses, but the concept is really the same.

And this goes to my initial point. We are living through the disruptive impacts of cloud and mobile on legacy-tech and we can quantify, analyze and understand its impact.

Given this premise what does this above tell us about the share-economy?

Firstly, better utilization of assets leads to the sale of less assets.  This should be expected as there is a more efficient use of assets leads to  (servers, car, house, etc) less market size as demand remains constant. As I had noted in the post a few months ago, Uberization of the taxicab industry would ultimately lead to a fleet of cars that are owned by a company like Google - leading to a net reduction of cars used by society. GM probably understands this concept as they have invested $500 million into Lyft; a competitor to Uber.

Secondly, it illustrates how the share-economy is subject to concentration of wealth: the cloud computing landscape is dominated by large players, including Amazon, Google and Microsoft. As noted by Douglas Rushkoff in the following video, since these innovations emerge out of the "operating system of capitalism", they inevitably result in the formation of a handful of platforms dominate the industry and capture the lion's share of the profits.

(Also check out his book that discusses this in more depth)

Thirdly, its difficult for behemoths to adjust to these types of shifts. Despite Intel and IBM investing in the disruptive technologies, it's hard for them to adjust to the dynamics of the new economy. This illustrates how much more challenging it will be for those disrupted by such platforms to re-tool and compete in the landscape.

For accountants and auditors, one such platform to watch out for is Gigwalk. As per their website, their value proposition is that by leveraging the 350,000 “professional services” workers (see graphic below) the manufacturer or other upstream supplier can get visibility into the actual retail outlet. For example, Whirlpool wanted to “Audit the presence of its Swash product on showroom floors, communicating back to corporate compliance gaps in real-time”.

And the "starter Store Audit Package" begins at $10.

Creative destruction is not inevitable, but we should learn from the lessons of these tech giants and plan prudently to meet such challenges head on.

Friday, April 8, 2016

Hacking law firms: A shift in trends? A closer look at the data.

Before the infamous, Panama Papers breach Wall Street Journal reported in late March on cyber security incidents that occurred at two major law firms. As WSJ noted,  that "[h]ackers broke into the computer networks at some of the country’s most prestigious law firms, and federal investigators are exploring whether they stole confidential information for the purpose of insider trading, according to people familiar with the matter. The firms include Cravath Swaine & Moore LLP and Weil Gotshal & Manges LLP, which represent Wall Street banks and Fortune 500 companies in everything from lawsuits to multibillion-dollar merger negotiations."
The attack is a shift in the traditional targets of hackers, which has largely been focused on stealing personal data. Based on UWCISA's review of public news sources from , we recently analyzed data from cyber attacks  based on a review of public new sources from 2010 to 2016 (unless otherwise stated) we found the following:
  • Personal data stolen at higher rate than financial data: Of the breaches analyzed, about 33% of attacks related to stealing financial data. In contrast, approximately 53.5% pertained to stealing personal data. 
  • What does the data say? Hackers want to go phishing: When analyzing the different data elements (from 2010 to 2014), 35% of elements stolen  could be potentially used by hackers to conduct further phishing and spear-phishing attacks. Of these, 13% relate to user credentials (username + password), while the balance fields includes things such as email, name, address, and social security numbers. This is not to say hackers don't want financial data - approximately 11% of the data elements related to things such as debit/credit cards and even intellectual property.  
  • Malware is attack vector of choice: Malware represented 21% of the attack vectors used, while SQL injection was the next favourite at 11% and phishing and spear -phishing was third at 6%. 
  • Industry trends: In terms of industry, software publishers (8%), hotels (5%) and AV equipment manufacturers (~4%) and limited service restaurants (3.5%) were the top of the list . However, this compares to an average attack of 1% by industry (when excluding attacks that were not attributed to an industry). 
The move by hackers to target law firms illustrates how the infamous risk formula, likelihood X impact, needs to go beyond  financial assets, like credit cards or bitcoins. As noted in the data analysis above, firms also need to protect intellectual property or anything that can be converted to cash. Consequently, organizations need to be astute as the perpetrators in assessing how information - such as that held by law firms - can be used for financial gains.