According to global IT consulting services company Avanade, organisations will increasingly move from on-premises to cloud over the next three years. Infrastructure as a Service (IaaS) will increase from its current rate of 14% of all enterprise cloud solutions to 30% while Platform as a Service (PaaS) will increase from 8% to 25%. At this point, migration to the cloud is so popular that Amazon's cloud business is now the fifth-largest business software provider in the world.
But for enterprises and organisations in highly regulated industries such as banking, the benefits and costs combined with the immense pressure by the industry to jump on the cloud bandwagon are outweighed by the security challenges involved in migrating their customer's private data to the cloud.
Another less-talked about but much greater challenge exists in my opinion, however, of mindset. Organisations migrating to the cloud have a tendency to focus on the technical with complete disregard for the culture of the organisation.
The Dark Side of the Cloud
Let's take a step back and review the traditional advantages of migration to the cloud: easy access to updates, scalability, significant reduction in time and cost, automatic downloads, and process optimisation. Not to mention the consequences involved if enterprises choose to remain 'on premise': higher cost, lack of agility, and being perceived as lacking innovation.
Then there’s the double-edged sword: in highly regulated industries, customers don’t trust organisations which move their data to the cloud. At the same time, agile customers demand fast and innovative services and don’t care if their data sits in the cloud or not.
How can the migration to the cloud satisfy both types of customer?
To answer this question, I would first pose the question: What do we mean when we talk about the importance of culture of an organisation? From my experience working with enterprises and startups, I would describe it as the human factor, a dynamic process created and recreated by interactions amongst and between employees and leaders and, specifically the trust between the different parties. Migrating to the cloud involves trust not only in interfacing data and employees but also trust between all of the employees within an organisation.
For example, the challenges related to trust in the journey to the cloud might include:
Beyond the listed challenges, neglecting the necessary organisational transformation by not taking into consideration the mindset of the employees and management can cause massive delays, which in turn, result in an increase in cost and a huge risk to the reputation of the decision-makers.
Ensuring a Successful Journey with Change Enablement
How do you ensure your organisation's successful journey to the cloud? The answer lies in change enablement, which essentially, is enabling your enterprise, its employees and management, to adapt their work behaviour in order to adopt new ways of working.
Many bank employees have privately lamented to me: "But we aren't allowed to migrate to the cloud." The reason for this is a lack of change enablement within the organisation which starts well before adopting new technology to your enterprise. Change enablement continuously assists your organisation by constantly defining more efficient ways of working and in proving the value the migration will bring to your team.
For instance, if an organisation wanted to encourage the adoption of a new cloud service, it might first communicate the purpose and benefits of the cloud service to its employees and management through internal project marketing. It might then pursue training and further education with the people development team and only then develop an external communication strategy with the assistance of its marketing team. On the technical side, it would develop a Proof of Concept (PoC) which would outline the advantages of the migration to the technical team and gain buy-in from decision-makers.
To ensure success in adoption of any new cloud project, decision-makers must be organised and communicate their needs effectively with their team. Here is a quick preparation list for decision-makers to keep in mind when collaborating with the change specialist:
You can read more about how change management was an essential part of the journey to the cloud at Amazon Web Services.
Understanding the Impact of Cloudification on Processes
Remember that at the end of the day, the technical IT project is merely the vehicle of your digitalisation journey. Before delving into the technical details needed to pursue the migration, you should develop a Proof of Concept (PoC). PoCs are typically implemented in one business unit or in one geographic region to illustrate the advantages of the journey in a low-risk way, to learn from the experience, and to gain the necessary buy-in from decision-makers as well as disseminate the message across the organisation.
Think of it as a way to harvest low-hanging fruits after the implementation of the project.
Here are two examples of PoCs:
Migration of documents and records management
The documents and records management landscape currently has multiple on-site implementations due to high latency, limited bandwidth and scaling issues. As a result, it limits the cross-company information-sharing and communication and creates issues with data synchronisations and application integration. The goal of migration is the reduction of on-site implementations (in other words, they want to "go server-less") and to improve business continuity provided through hosting across geographies. The PoC would illustrate how this is accomplished by leveraging the Microsoft Azure cloud platform and its services.
Migration of the CRM database
A strategic business unit of a bank wants to improve the customer relationship management through better customer care to increase customer retention and improve performance. The PoC includes research, examination, selection and implementation of a database solution. The selection of the cloud must comply with the regulatory body applicable for the financial service industry.
The PoC should include documentation on the impact of current processes and tools, describe the interfaces between IT functions, the impact on operations, governance and sourcing, and define the billing and cost distribution model. Providers must also present documentation that meets the industry standards. In contrast, most providers' platform-driven business models only offer high-level hyperlinked pieces of information on compliance required by the decision-makers in the legal departments of enterprises for a thumb-up to migrate to the cloud. In the highly regulated financial services industry FSI, for example, the fragmented style of presentation of much needed legal details is insufficient.
Cybersecurity + Privacy = Cybercapacity
Chief Information Security Officers, or CISOs, have often disclosed to me that many employees are even unaware if the software they use is hosted in the cloud or on premise. That’s a concern that spans issues involved in cybersecurity and privacy.
Although cybersecurity does interface, integrate and eventually overlap with other areas, it is important to understand that these blurred lines often lead to misunderstandings and end up reducing the attention cybersecurity requires. For example, the raised attention of the GDPR coming into effect at the time of this writing coincides with people working on becoming GDPR-compliant. Many times, organisations assign the cybersecurity method of multi-factor authentication to the GDPR. We must keep in mind that cybersecurity isn’t the same as data protection, which is more concerned with privacy and how data is being used.
Migrating to the cloud requires that enterprises build capabilities to mitigate cyberrisk caused by human behaviour, as well as reducing opportunities for cybercriminals to exploit human weaknesses. Raised awareness of our own behaviours as well as our own superior cybersecurity and privacy should be an integral element of the workplace culture.
This includes a change in mindset on cybersecurity and on privacy – in essence the development of your organisation’s cybercapacity. You’ll need to analyse the skill gap, develop an employee training plan to meet this gap, and identify relevant skills for becoming cybercapable.
Transforming into a Cybercapable Organisation
Transformation of the workplace culture is vital for a successful journey to the cloud. It all starts with change enablement and empowering your employees to adopt new ways of working. Gaining buy-in from decision-makers through internal communications and a PoC is key. When your organisation is successful in empowering change in the culture, you’ll be able to enjoy the many benefits of cloud migration while minimising – if not fully eliminating – its dark side.
Image: Pixabay CC0 Creative Commons by Atlantios
Learn from a tech startup the steps you need to take to protect your customers’ privacy and your brand reputation. Understand how you, too, can exceed customer expectations beyond the tick-box compliance.
Any organisation required to implement General Data Protection Regulation (GDPR) is presented with a number of duties and obligations they must fulfil for compliance.
Here are the selected key duties:
For practical relevance, I share my hands-on expertise from Leftshift One, a tech start-up specialising in the development and implementation of digital assistants. I had the distinct pleasure of working with Leftshift One in implementing the GDPR measures, and in this post, I share some of the insights I gained via an interview with Leftshift One.
Leftshift's technology, among other technologies on the Gartner Hype Cycle for Emerging Technologies 2017, enjoys an unprecedented popularity, particularly, in customer engagement (first level customer support). This is especially true when the use cases can be monetised, quality of the language recognition is high, and the user experience is positive.
Leftshift One’s unique approach features a rule-based language model for speech recognition, which allows them to operate in an ecosystem (on premise or private cloud). Most impressively, they managed to develop this for the German language, whose syntax is much more complex than English.
To gain more insight about the company and its approach to GDPR compliance, I asked Leftshift One for their insights.
Priya: What are Leftshift One's primary focus?
Leftshift One: Our primary focus is on linguistic dependency analysis; machine learning is secondary. I would add that we also focus on the business value for the client or use case. For example, a digital tourism assistant should not be used for processing pizza orders. Our Generic Artificial Intelligence Application (G.A.I.A.) can be employed instead on the internal system of the customer, i.e. on-premise, to create digital assistants. These digital assistants are customisable to meet the specific needs of the customer.
The advantage in G.A.I.A. is not only savings of energy and resources, but also in the software or the Smart Digital Ecosystem. At Leftshift One, we refrain from using external service providers such as Google, Microsoft, Facebook, etc., (i.e. NLP, NLG or Build-a-Bot service providers). As a result, we can guarantee data security even in a private cloud operation. This combination of data security and our own NLP service (what we call ATLAS) allows us to offer the customer an on-premise solution, which by default is GDPR-compliant.
Priya: Obviously, this is a great starting point to leverage Article 25 Data protection by design and default as the startup simply does not rely on the use of big data.
Leftshift One: Yes, exactly.
Ensuring Data Protection by Design and Default
Priya: Let's talk about privacy by design, the guiding principle of the GDPR. Data privacy for individuals should be the default action and should be designed into all organisational and technology processes from the ground up.
How have Leftshift One implemented Data protection by design and default?
Leftshift One: We were already preoccupied with this topic before development of the solution. The principles of the GDPR are not new; they have too often been ignored. We knew that a GDPR-compliant solution was urgently needed in this area for the European market. That's why we decided to provide our customers with a solution that complies with these principles. Our clients are both software integrators who create digital assistants for their clients as well as customers who need a digital assistant directly from us.
Since the machine-learning approach requires a lot of data (what many refer to as big data) to deliver a high-quality result, we are now working on finding an alternative solution. We knew there had to be a solution that did not need endless amounts of customer data. By combining our machine learning approach with an artificial neural network and linguistic dependency analysis, we were able to achieve high-quality results for our clients and customers. This smart approach to technology is cost and energy efficient, affordable and customisable.
In addition, we encrypt any communication between assistant and customer or save data encrypted, without exception. The data is used exclusively by the algorithms - we ourselves have no knowledge of the content.
Since we have committed ourselves to data protection even before the development of our software solution, we are pursuing the concept of Data Protection by Design and Default.
Providing for the Security of Personal Data
Priya: Arguably, the biggest change to the regulatory landscape of data privacy comes with the extended jurisdiction of the GDPR. Especially since it applies to all companies processing the personal data of data subjects residing in the Union, regardless of whether the company’s location is in the European Union. For this reason, it is essential that organisations must understand the concept of personal data. If you collect, store, or use any of the following: name address, localisation, online identifier, health information, income, or cultural information, then you have to abide by the rules.
The GDPR requires you to maintain records of the type of data you hold, where it came from and with whom you share it, all of which requires documentation.
How do Leftshift One provide for the security of personal data?
Leftshift One: Again, we chose the Data Protection by Design and by Default approach. As we already mentioned, we encrypt our data and have no knowledge of its content. Only the algorithm of our Cognitive Language Understanding Service, ATLAS, knows the content. However, a categorisation of the collected data must be made and documented. The Cognitive Language Understanding Service, ATLAS, processes the text even after the conversion of Speech2Text and categorises it automatically.
The integration code shows which data is processed and to which category it belongs. This means that we automatically know with each conversation what data is processed without knowing the content.
Of course, this is only possible if you both rely on a rule-based translation concept and make this connection.
Guarding the Rights of EU Customers
Priya: The GDPR enhances the rights of data subjects in the EU. The GDPR includes individual rights: to be informed; to have the right of access; to have the right to rectification; to have the right to erasure; to have the right to restrict processing; to have the right to data portability; and the right to object; and the right not to be subject to automated decision-making including profiling.
This means that your EU customers have the right to request access to and erasure of their information. In addition, you need to provide them with easier access to personal data, with clear and easily understandable information on processing. Making this information available gives your customers insight into how their information is used.
You will have to report data breaches to regulatory authorities within 72 hours, and in high-risk scenarios, to follow this reporting by notifying the individuals whose data may have been compromised. All data must have appropriate technical and procedural measures to ensure a level of security appropriate to the risk that it carries.
The conditions for consent have been strengthened. Under the GDPR the request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent, using clear and plain language. It must be as easy to withdraw consent as it is to give it. Consent has strict requirements, including the fact that it can be withdrawn at any time.
How do Leftshift One guard the rights of EU customers?
Leftshift One: We need to differentiate between two types of personal data. The ATLAS service stores the data in an encrypted form and after each conversation the personal data of the session are deleted or are deemed irrelevant, i.e. the result of the digital assistant. Data is discarded or not stored. We do not store personal data in the system. Leftshift One are not interested in the data since we do not need it for processing.
Certain business cases, however, may require encrypted personal data to be stored. Let's take recommendation marketing, for example. In this case, the digital assistant asks the end user for permission.
Here's an example: The customer orders a pizza. ATLAS only translates the instructions. ATLAS now informs the service provider, who organises the order of the pizza, (i.e. the customer's request). The service provider himself has the personal data to initiate an order. John Doe, with his place of residence, credit card information, etc., is not necessary for the service fulfilment in the ecosystem.
However, if there is an explicit need to store personal data in order to automatically make recommendations, for example, the data will be stored in an encrypted form after the end user has given their consent. This personal data stored can be requested, corrected or deleted by the end user. Storing data, encrypting it and ensuring it is accessible requires a lot of effort but we do it because we value data security.
For both partners and customers who use our digital ecosystem, we rely on an established partner or expert for knowledge management, process management and CRM: Atlassian Confluence and Jira. Our solution is GDPR-ready by default and in compliance with the standards.
Demonstrating Compliance and Accountability
Priya: As entrepreneurs, you should expect regulators to potentially exercise their powers to access data and premises. They should also be able to demonstrate compliance with the GDPR principles relating to personal data. Mechanisms to assist with providing this proof include carrying out Data Protection Impact Assessments (DPIAs) and adhering to codes of conduct.
As explained earlier, the GDPR makes privacy by design and default an express legal requirement. It makes DPIAs (formerly known as Privacy Impact Assessment or PIAs) mandatory in certain circumstances. A DPIA is required in situations where data processing is likely to result in high risk to individuals, for example:
How do Leftshift One demonstrate accountability and compliance?
Leftshift One: The HG3 startup hub, where Leftshift One is located, includes diverse experts from the tax, business consulting, legal and other industries. This startup hub has been Leftshift One's partner since its inception and also supports the company in matters of data protection.
In addition to checklists of data protection, we have implemented another proof already in the development process. These are user stories which contain not only the description of the functionality but also acceptance criteria, test cases or non-functional criteria. We now have an area for specifying data protection criteria for each user story. These criteria are reviewed twice in total.
The first review will take place as part of the "Definition of Ready (DoR) Review" before a user story is implemented. This is when the development team examines whether it can be implemented in compliance with data protection or what is necessary to ensure data privacy compliance during implementation.
The second review will be done as part of the "Definition of Done (DoD) Review" after the functionality has already been implemented. It ensures compliance with data protection requirements.
As a result, the risks related to the GDPR have already been identified and mitigated during the development phase.
Success Factors at a Glance
Leftshift One successfully leverage a holistic approach to creating a culture of privacy that goes far beyond the compliance requirements that many companies pursue. This approach is an integral part of a network of specialists essential to the creation and establishment of a culture of privacy. Together, we have developed an innovative, GDPR-compliant technology and have applied continuous feedback loops along the entire value chain beyond agile software development. In addition, we have voluntarily appointed a Data Protection Officer to represent them on privacy issues.
Leftshift One have seized the golden opportunity to build valuable and trust-based relationships with their clients through increased privacy, during this challenging growth phase.
Digital transformation and privacy are inextricably linked. The former encompasses much more than technology; it's a process and mindset, where the right mindset affects our business outcome. For example, in the minds of many businesses, implementing data privacy regulations – in particular the General Data Protection Regulation (GDPR) set to take effect as of May 25, 2018 – simply consists of boxes their customers must check before using their services. These same businesses are compelled to spend $7.8 billion in the next year on GDPR compliance, and many view the new EU regulation as a hostile threat to European business prosperity.
"We're all going to have to change how we think about data protection."
Elizabeth Denham, UK Information Commissioner at the ICO
But these same businesses have an opportunity to do so much more than simply meet GDPR compliance. It is an opportunity to become a leader in embracing a new culture and mindset by adopting new practices that pave the road to greater innovation. At the same time, these new innovative practices will allow for greater security and resilience. Those who originally feared the GDPR will soon realise that the regulations will drive more growth in the digital economy, rather than less.
Moving Beyond the Tick-Box Compliance
To embrace this mindset, organisations must move beyond tick-box compliance with regards to data privacy and replace it with a culture of understanding and accountability. This new culture puts the protection and proper handling of information – specifically personal data – at the heart of their business processes.
That means fostering environments where employees actively protect customer data and rights to privacy at every point in the value chain. Although the strengthening of data privacy and information security throughout your organisation will require more effort, the results will be seen in new business opportunities and reduced security risks.
When examining the GDPR from a broader perspective, its essence lies in understanding and improving business and management practices and core business processes. Along with this is the ability to identify the assets of an organisation and its risk posture, closely linking it with other good business practices such as quality management, risk management or information (security) management.
A Holistic Approach to Privacy
What is the best way to establish this new type of business culture that is conducive to both cybersecurity and privacy?
Privacy is one integral element of an enterprise’s cybercapacity. Establishing a culture of privacy requires the fundamental renewal of the whole organisation rather than just offering GDPR training to employees. It is the difference between adding a sugar-coated layer of compliance versus change enablement, which promotes real change from within.
Change enablement lays a foundation for the enterprise and its people to implement new approaches in digitalisation and understand their ramifications, effectively enhancing performance and delivering better business results across the entire value chain. Only then can a true culture of privacy evolve within an organisation.
The real goal of GDPR is not to add a layer of compliance. As Elizabeth Denham put it, it's getting people in organisations to start thinking differently. But she doesn't come up with a plan of how this change in mindset will take place. The way to get people to change is by enabling organisations and their workforce within them to adapt their work behaviour and their innovation capabilities at every point in the value chain. Depending on the digital maturity of the organisation I offer two approaches below.
Fostering a Culture of Privacy through Change Enablement
Change enablement requires setting up an organisation to support it from a much earlier point than in compliance. Depending on the digital maturity of the enterprise, change enablement has different functions:
A start-up working on a Minimum Viable Product (MVP), for example, is in a privileged position. It can build the necessary privacy measures from scratch (data protection by design and by default), and by that establish this mindset as early as the seed phase. Change enablement then serves to ensure continuity in data protection by design and default (e.g. when a new technology is deployed or a when there is large-scale processing of special categories of data). The startup establishes the necessary awareness to start building a culture of privacy, which will be strengthened further in the post-seed phase.
Traditional businesses, on the other hand, that had only casually complied with the Data Protection Directive 95/46/EC, now need to pull up their socks to meet the necessary measures of the GDPR. The brutal truth is that the GDPR disrupts some of their value chains, organisational structures, operational processes, revenue models and the way people work and collaborate. They will have to make use of the full potential of change enablement – from needs analysis to continuous renewal to establish a privacy culture.
The rewards for using change enablement are tremendous: Not only will employees be able to realise the full potential of the new regulation, but all organisations, both startups and established enterprises, will have a golden opportunity to build trusted relationships with their customers and by doing so, further shape innovation, realising the full potential of the new gold of the digital age. Change enablement is what makes the GDPR a blessing in disguise.
To see how this works, visit our next blog post for a real life example.
Image: Pixabay CC0 Creative Commons by StockSnap
Change enablement is key to successful digital transformation. The Crazy Mind interviewed Dr. Priya E. Abraham, author of 'Cyberconnecting. The Three Lenses of Diversity' how leaders can establish effective work-based relationships across technological, cultural and social boundaries to drive digital transformation.
What are the key challenges for business leaders?
Leaders can lay a good foundation for Digital Transformation by focusing on the human element. Digitisation is more than just the implementation of technology or a change of tools. It comprises the transformation of daily practices, workplace structures, reporting relationships, performance information systems, information sharing, and customer interaction. Even competitor relationships are thereby transformed.
Becoming a true digital organisation is not just about becoming tech-savvy. It means embracing a new culture and mindset, where hierarchy fades and innovation happens through networks. Business leaders need to develop this mindset first in order to enable the organisation to adopt the practices. In large organisations, the biggest challenge for leaders presents the departmental disconnect they are facing on a daily basis. They need to build cross-boundary relationships themselves and enable their people to do the same.
Read the full interview on The Crazy Mind
Organisational silence is a phenomenon that could be holding back transforming organisations. Believing that employees only speak up when they have something to say is a misconception. There are many reasons why employees remain silent, even when they have ideas that could help. In our blog Agile is a Mindset we put forward concepts for people to bring their full selves to their work in order to deliver excellence and shape innovation. Those who can
This blog specifically looks at organisational silence, which is defined as the withholding of information that would improve a situation. There are positive reasons for not speaking up, such as confidentiality or withholding proprietary knowledge, but we are looking at situations that could be improved with ideas. If speaking up and bringing ideas forward are central to creating innovative organisational culture, then a closer look at why people choose silence needs to be considered as well as some practical approaches to overcome these.
To clarify, at an individual level, employee silence is a notion which suggests that employees have something to say, rather than being silent because they do not have anything to contribute or that they consent to a situation, as it is most commonly believed. More concerning perhaps is organisational silence, a pervasive climate of silence. At an organisational level this indicates that culture and structure, in particular how managers respond to information, prevents the bringing forward of ideas. Organisational silence is a multi-dimensional outwardly passive choice. It comes about by collective sensemaking of specific conditions.
When we consider the culture of an organisation, which at Cyberconnecting we define as a dynamic process created and recreated by interactions amongst and between employees, the creation of a climate of silence is easy to comprehend.
Some of the reasons why silence may be prompted is personal preservation, such as a belief that speaking up is dangerous, or that the situation will not change even if something is said. For example, suggesting ideas for improvement may be met as a criticism of current practice or of the manager.
Collective sensemaking, usually through observation and peer discussions, will generalise and reinforce this belief with the upshot that no one attempts to put forward ideas, thus creating a climate of silence. Other reasons include structure and processes, such as the lack of forums or hierarchical communication channels. Even if the opportunity to use voice is available it does not necessarily mean it will be used.
When employees are experiencing transformational change within their organisation or even across their sector, new challenges, often unexpected, arise. Adding to this complexity is that many employees are dispersed and working through digital channels. How to raise issues or whether issues are raised at all may be harder to establish.
Voice is not the opposite of silence
New ways of working may not overcome silence
Fad or fashion, teams and some organisations are increasingly working with some form of Agile framework. Agile is based on small cross-functional self organising teams. At first glance the principles of Agile team work should overcome some of the issues related to silence as they focus on:
The most well known Agile application is Scrum, yet doing Scrum as it is actually defined can conflict with existing habits at established non-Agile organisations. For example, if we consider the objective of Scrum against the time allocated then raising organisational issues may not be given priority, thus resulting in a procedural silence. For dispersed teams, using valuable meeting time, virtual or face to face may not be conducive to offering ideas. Here perhaps is where the skills attributed to the ScrumMaster as coach, mentor, facilitator, champion, and cheerleader can best overcome some of the antecedents to silence.
Listening to silence
Conceptualising silence as multi-dimensional is an opportunity to create a culture that takes notice of silence. In turn, this enables managers to take a close look at processes, from how meetings are conducted which includes time to consider new ideas and is not simply a forum for leaders to dominate; to responses to ideas which can lead to better practice and the bringing forward of ideas.
New ways of working, using an Agile philosophy and social collaboration tools offer processes that may increase opportunities for employees to speak up. How they are implemented are crucial in building the psychological trust necessary for employees to want to speak up.
This is difficult work. As discussed, silence is a passive choice so only by listening out and noticing the response will managers know if their actions are working.
Finally, culture is dynamic, processes and procedures can aid the type of culture that is created, but it is essentially the interactions between employees that will enable innovation.
Abraham, P.E. 2015. Cyberconnecting. The Three Lenses of Diversity. Surrey, UK: Gower/Ashgate.
Agile Scrum roles and responsibilities. PM Documents. http://www.pmdocuments.com/agile-scrum-roles-and-responsibilities/ (Accessed 24 March 2017).
Aris, N. 2012. An exploration of motives and impacts of downward silence in a professional service organisation. MSc dissertation, Birkbeck, University of London.
Dowding, K., John, P., Mergoupis, T. and Van Vugt, M. 2000. Exit, voice and loyalty: analytic and empirical developments. European Journal of Political Research, 37, 469-495.
Hirschman, A. 1970. Exit, voice, and loyalty. Cambridge. Harvard University Press.
Morrison, E. and Milliken F. 2003. Speaking up, remaining silent: the dynamics of voice and silence in organisations. Journal of Management Studies, 40 (6) 1354-8.
Tangirala, S. and Ramanujam, R. 2008. Employee silence on critical work issues: the cross level effects of procedural justice climate. Personnel Psychology, 61: 37-68.
The Agile Methodology. The Agile Movement. http://agilemethodology.org (Accessed March 2017).
Image: Tipping, R. 1998. Sounding Silence, located Zig Zag Reserve, Launceston, Tasmania.
The psychological aspects of identity management
Many thanks for participating in the Cyberconnecting webinar on The Role of Identity in Excellence and Innovation in Digital Transformation. We specifically appreciate your considered comments and engagement. We had too many questions to cover them all during the session hosted by Rob Llewellyn of CXO Transform, so are now sharing the answers to all of the questions. We organised the Q&A in two parts:
Part 1 covers the application of behaviour-centric identity management for the benefit of successful digital transformation. See recent blog post: Practical tips on how to build a culture of excellence and innovation.
Part 2 covers the psychological aspects of behaviour-centric identity management.
Question: Is there a significant difference between "disengaged" and "demotivated"?
Disengaged and demotivated have become interdependent concepts. Employees become disengaged in relation to specific circumstances such as incompetent leaders, the lack of opportunities, not being listened to, too much work, not having the tools or training to do their job well. Hence the growth in staff surveys to seek out areas that lead to disengaged employees and a preponderance to address these specific areas. Demotivation is a state that results when no change happens. The good news is that both are reversible. If unaddressed both disengagement and demotivation have a negative effect on organisational culture.
Without a focus on organisational culture it is difficult to address individual areas of disengagement. That is why the cyberIDT™ offers such an advantage in defining the identities of individuals, teams and even the organisation so that the particular strengths can be brought into the consciousness and appreciated.
Question: What is the impact of individual or organisational fear on identity management?
An initial fear is introducing such a new concept into the organisation by the decision-makers. We have found that if new concepts are not known well enough, digital leaders, innovation strategists or L&D folk feel unable to support its use internally. For this purpose we have created the Decision-Maker Pack which takes the person selling into the organisation through the process and also offers an implementation strategy through coaching.
From a user point of view, the use of identity management as a practice gives the user a deep understanding of their own identity and what they activate in particular contexts. This awareness raising helps individuals to consider whether they should activate alternative elements to build collaboration.
Facilitating whole-person growth and helping build effective work-based relationships are key to high engagement and positive outcomes. In that respect, behaviour-centric identity management is a game changer from a culture of fear to a culture of trust, wellbeing, and prosperity.
Question: According to you, what is the biggest challenge in building community/collaboration teams when having to deal with multigenerational groups, ie. millenials and baby boomers?
There is a plethora of research into the challenges of managing an intergenerational workforce. Professor Lynda Gratton from LBS provides a comprehensive view in her book The Shift, The Future of Work is Already Here, (Gratton, 2011).
Generation is one of the elements covered in the cyberIDT™. What we consider is the generational stereotypes and how they show up whether that be in a visible element of appearance through to an intangible adaptability to digital literacy. For further information see Cyberconnecting. The Three Lenses of Diversity (Abraham 2015:124-126).
Some key insights Gen Baby boomers:
Some key insights Gen X:
Some key insights Gen Y:
Some key insights Gen Z:
In response to your question, we see two big challenges:
Question: We make assumptions about colleagues need for inclusion maybe? What can we do to find our colleagues need for inclusion ... is it as simple as extraversion vs introversion but both types may have a need to be included?
Inclusion is a multidimensional concept. As a psychological concept we understand introversion and extraversion as a preference of where an individual gains energy to carry out a particular task. For an introvert this may be more often seeking quiet thinking time and for extroverts this is likely to be seeking an audience to brainstorm. It is important to highlight that this is a preference. Individuals approach tasks using a range of introvert/extrovert thinking. On the other hand, inclusion and exclusion are concepts that concern well-being.
To address inclusion in the workplace we need to consider the purpose, the method as well as the psychological impact. A good reference on all types of inclusion in the workplace, including digital inclusion and flow of information can be found in Cyberconnecting. The Three Lenses of Diversity (Abraham 2015:14-155)
Practical tips on how to build a culture of excellence and innovation
This blog covers some practical tips on how to build a culture of excellence and innovation. Specifically, it covers the questions on the application of behaviour-centric identity management you asked during the Cyberconnecting webinar hosted by Rob Llewellyn of CXO Transform. In addition, we respond to the questions that remained unanswered in the live session. Please feel free to use the Comment section below for further questions and comments.
Question: Do you have any examples where identity management was used to improve project work team performance? How was it set up?
Yes, this example takes the concept of behaviour-centric identity from initial enquiry through to improved business outcome.
The inquiry came from a tech startup (post venture capital investment stage). At the time of the inquiry team members already used agile methodologies. However, a conversation with one of the investors showed a high level of dissatisfaction with the team performance. The initial needs analysis with the team members was conducted through virtual semi-structured interviews. A ‘before – after’ evaluation illustrated the changes to all stakeholders.
We used a staged approach:
Overall, there was an improvement of transferable skills such as the introduction of coaching methodologies, use of feedback loops, the adoption of active listening skills, all necessary for improved future project performance.
Question: These are brilliant concepts for large companies and projects. Is there a lower limit on how small a company or project can be and still benefit from them?
There is no lower limit - sole entrepreneurs and small teams can immediately benefit from behaviour-centric identity management. Specifically, for the benefit of:
In larger organisations we typically start with a pilot project consisting of a:
Introducing new concepts can be challenging. Whilst the need for behaviour-centric management is clearly understood for successful digital transformation, its implementation is often delayed for reasons of lack of experience, fear of failure, and siloed setups, hence our introductory decision-maker package.
With individuals and teams as ambassadors and with a clear action plan in place, it is feasible to successfully embed these practices as part of your digital transformation programme.
Question: How to persuade senior managers to adopt agile across the organisation?
Scaling agile across the organisation is an iterative process well beyond the IT function. In more traditional organisational settings, the buy-in of senior management happens by the display of excellence and innovation at team level. This in turn, is shown by observable behaviours, delivered through behaviour-centric identity management.
The understanding of personal identity provided through feedback, scaled to team level helps teams develop a strong team identity necessary in a network of culture. The sum of the team cultures results in an agile company culture.
The measurement of the ROI for pilot projects help deliver the message needed for senior management: reduced delivery time, and the measurable increase of customer satisfaction.
Question: Should a business hire a psychologist for identity management?
Question: How to avoid stealing your idea which has Patent Potential during teamwork?
Your question on 'How to avoid stealing your idea which has Patent Potential during teamwork' is of particular interest:
If you have any specific questions, please contact us or use comment box. The next blog will cover the psychological aspects from the list of questions.
Challenges to build a culture of excellence and innovation are many for entrepreneurs and business leaders alike in our fast-moving environment. Across relentlessly shifting social, technological, and cultural boundaries nothing seems to stick and barriers often appear insurmountable. Some of the barriers are external, many are internal.
External barriers are often political or macro-economic and can materialise in, for example, currency volatility and regulations. Nevertheless, the biggest threat to excellence and innovation is often self-inflicted: fear of failure, micromanagement and internal politics, lack of a shared vision. Let us look at the most pressing internal challenges, hampering enterprises and organisations become more agile.
Imagine a global knowledge worker, 32 years old, a Spanish national, originally from Morocco -
let’s call him Imad. Imad is currently based between two locations, Barcelona and London
working as a frontend developer on different teams face-to-face and virtually.
In this dynamic world of work, feedback one year in arrear would be meaningless to him.
Imad could simply not do his job. Instead, he seeks an agile culture, in which he can
connect, interact, and by that receive timely feedback.
What are the challenges for the leaders?
In order to be able to foster an agile mindset across the entire organisation, leaders need to take a fresh look at culture.
Commonly, culture is being understood as values and norms, Often, these values and norms are negotiated in the boardroom and disseminated through senior management across the organisation. It is known as corporate culture. The list of failures of organisations who have used this approach is long. Yahoo among many. Why is that?
Culture is not manufactured in an isolated room. Quite reversely, it is the texture that people bring to the organisation, the physical organisation and the virtual organisation alike. Culture breathes. Culture changes all the time. Culture is negotiated in social interactions at the coffee machine, in the canteen or in chats on collaboration tools such as Slack.
So, its meaning is defined by the people of an organisation. They shape what an organisation “is”. They create and recreate organisational culture based on who they are and which bits of their identity they bring to the organisation. And this is exactly where we need to anchor excellence and innovation.
Only people who bring their full selves, their full identity - not just a fabricated copy of a self, desired by the organisation can deliver excellence and shape innovation. Those who can
So in brief, the leader’s responsibility is to give people the opportunity bring their full selves to the workplace. Leaders need to move from corporate culture to organisation culture, both mind and body. Practices such as opening the floor and letting go are difficult issues for many leaders - after all, unlocking excellence and innovation is a grassroot approach.
Watch the Cyberconnecting Webinar Replay.
In the ‘Future of Work’ the ‘team’ has become the heart of innovation and excellence within successful organisations. The ‘agile’ way, having reached beyond the software development bench, emphasises team self-management, collaboration, quick and early stage functioning results, and an immense adaptability to emerging business realities.
The importance of agile methodologies for the benefit of excellence and innovation is by now well understood. Nevertheless, with a steadily growing number of global knowledge workers – an anticipated 1 billion digital nomads by 2035 – agile methodologies need updating. Behaviour-centric identity management is the secret sauce to adding value to modern agile in an increasingly diverse marketplace.
“High frequency quality interactions get everyone
on the same page and working in sync”.
Collaboration is enacted through interaction, which in turn is enacted through identity. Through raised levels of identity awareness, the workforce is able to build robust work-based relationships across generations, geographies, functional, and organisational boundaries. By that, internal and external teams can put customers at the centre of community collaboration in order to deliver value to customers faster.
It is essential that all people in the organisation understand the value of human connections as well as their own role in shaping their organisational culture. The focus has to be on the role of identity as the key ingredient to achieving excellence, from individual innovation, through to innovative practice at team and organisational level.
Scaling agile across the organisation is an iterative process well beyond the IT function. With individuals and teams as ambassadors and a with a clear action plan in place, it is feasible to successfully embed these practices as part of your digital transformation programme.
Part 1: Innovating through identity-based collaboration
In the first part of the webinar, we provide an overview of the complexity inherent in innovation and discuss how maximum innovation comes from agile, self-managed teams.
Part 2: Understanding the importance of profiling yourself, groups, and end user/customers to create social impact
In part 2, we look at how workforce identity and corporate brand shape the foundation for organisational innovation – why is it so important to create belonging within and across teams.
Part 3: Achieving innovation excellence and what really works
In the final part of the webinar, we give examples of application and best practice in innovating for success in the agile market-place realities.
Mobility, cloud-based platforms, Internet of Things, Virtual Reality – the tech-induced, global outlook of doing things has become an integral part of our work and private lives. With increasingly fluid boundaries, old ways of working have become obsolete; digital technologies force organisations to transform. Nevertheless, digital transformation is not about technology; it is much more, it is a mindset – a thirst for innovation that needs to be reflected in workplace culture.
Clearly, with new digital business models and new ways of collaborating, insular thinking and behaviour no longer add value to a globally, often geographically dispersed workforce operating in a tech-driven world. So, business leaders and change agents need to lead the conversation on strength-based identity management to prepare for today and tomorrow.
So, why talk about identity?
At the heart of successful digital transformation is people. People act through their identities in the interactions inherent to the change process. Their performance will make or break the transformation process. The change agent’s understanding of own and other identities has a key role in this success. The digital value chain holds three major domains for changing the conversation to strength-based identity:
Business leaders – Be ahead
Business leaders need to be at the forefront of moving the conversation to behaviour-driven identity management. Despite knowing that the world of work is changing some still struggle, and continue with the use of traditional concepts, such as personality profiling and staff surveys. Either this only predicts individual performance or is too general to affect outcomes.
“Yes, but it’s dangerous to speak about identity”. In our organisation we can’t do this”.
HR Business Partner, Financial service organisation, UK 2016
For leaders behaviour-driven identity management must include three essential steps:
Cyber capacity for the individual
As mentioned above, people adopt a number of different personas across different platforms. For example, wellbeing might be an integral part of your identity. You may want to share sports activities with colleagues and friends for different purposes, perhaps to arrange meeting points or display your performance on different platforms, such as Meetup or Facebook. Sharing information can be a double-edged sword. Whilst winning a valuable network of like-minded people, it also puts you at risk, in both the cyberspace, e.g. identity theft and potentially in the physical space, e.g. burglary when away from home.
Which of the identities carefully selected from overall identity profile to put on display? There is a need for raised awareness as to how to portray yourself safely. Moreover, there is a need for alignment. What opportunities are there and what are the connected risks? Build capabilities that help mitigate cyber risk caused by human behaviour, reducing opportunities for cybercriminals to exploit human weaknesses. Both, raised awareness of own behaviours and superior security awareness, should be an integral element of the workplace culture.
Power collaboration for measurable results
As the organisational structures of ‘networked teams’ become more popular, switching between face-to-face and cyber interactions, and even switching between platforms becomes an ever more critical capability.
High frequency quality interactions get everyone on
the same page and working in sync.
Collaboration is enacted through interaction, which in turn is enacted through identity. Through raised levels of identity awareness, the workforce is able to build robust work-based relationships across generations, geographies, functional, and organisational boundaries. By that, internal and external teams can put customers at the centre of community collaboration. From important virtual etiquette for initial contacts through to achieving measurable team results by working on cloud-based platforms, identity and its awareness and skills unlocks workforce collaboration skills.
Culture is king
In addition to team collaboration, organisations need to consider that working with a digital response strategy without the right culture is a random act of digitization. With the many different identities people bring to the virtual capability, - multi-faceted, often overlapping and contradictory, all under one roof - there is need for a culture of technology use, to provide a foundation for the company’s digital strategy. A workplace culture that people not only accept, but genuinely believe in and value – one that empowers them to implement the company’s digital strategy. However, how to create “their” culture?
Unlock people’s identity first, scale it to team level, to then
create your organisation’s identity.
Moving from identity to culture works best when you marry workforce engagement and data. People simply love exploring more about their identity and the strength that comes with it. The sum of workforce identity profiles results in a powerful map that can be further negotiated among people and leaders to finally result in a shared culture that people genuinely believe in and value – simply “theirs”.
Culture is an organisation’s identity. It is developmental and sometimes contradictory, getting it right is not only achievable but crucial to the success of any business.
If you wish to speak about making identity work in your organisation, contact us.
Abraham, P.E. 2015. Cyberconnecting. The Three Lenses of Diversity. Surrey, UK: Gower/Ashgate
Agrafiotis, I.; Bada, M.; Cornish, P.; Creese, S.; Goldsmith, M.; Ignatuschtschenko, E.; Roberts, T.; Upton, D.M. 2016. Cyber Harm: Concepts, Taxonomy and Measurement (August 1, 2016). Saïd Business School WP 2016-23. Available at SSRN: https://ssrn.com/abstract=2828646 or http://dx.doi.org/10.2139/ssrn.2828646
Kane, G.C.; Palmer, D.; Philips, A.N.; Buckley, N. 2016. Deloitte University Press: Aligning the organization for its digital future: http://dupress.deloitte.com/dup-us-en/topics/emerging-technologies/mit-smr-deloitte-digital-transformation-strategy.html?id=us:2sm:3tw:4dup2985:5eng:6DUPress:20160926:mitsmr2016:du_press&linkId=29139511, accessed May 2016
Smircich, L. 1983. Concepts of Culture and Organizational analysis. Administrative Science Quarterly, 28 (3), 339–358.
Pixabay Public Domain: Free for commercial use
Digital transformation strategist | Privacy advisor | Cyber anthropologist | Author