Posted on

Alin Kalam: Nurturing Growth and Innovation Through Data, AI, and Sustainability

The IT industry continues to grow and shift rapidly due to the pandemic and CIOs are constantly on the lookout for ways to foster and adopt new technologies into their organization. Whether it is sustainable transformations or implementing AI, change is necessary.

As the Head of International Market Intelligence & Data Strategy for UNIQA international, Alin Kalam shares with us his insights on the need for agility through AI, achieving business competence, and nurturing innovation.

 
Be part of Aurora Live, an exclusive members-only platform that’s tailored for CxOs seekng the latest industry insights, high-level networking opportunties, and more.
 

Finding Agility in Artificial Intelligence and Overcoming Disruptions

Businesses and IT leaders today need to be quicker to respond to the ever-changing landscape of their industry and overcome disruptions. Whether it’s to implement hybrid workplace models or to incorporate new technologies such as artificial intelligence and data analytics, there is a definite need for CIOs to strategize.

Kalam shares his insights on the key challenges that CIOs need to be aware of when incorporating new technology and how to effectively transition towards data-driven business models.

 

What are the key challenges for CIOs who are trying to adopt new technologies especially in the AI field?

 

Surely one of the major challenges of establishing AI technologies in companies is lack of trust and also limited knowledge existing. On the technical side, I see the IT productionizing & operational issues arising since 2019. 

Often it is not the number of best practices, that lack but the ability to align market circumstances with existing technologies with own true business needs. Therefore, I see the cultivation of AI-driven innovation much more as a strategic challenge nowadays than only a technological one.

 

What should CIOs be aware of in the transition towards data-driven business models that serve dehumanization of critical business fields?

 

On the one hand, dehumanization must be done quickly to address short-term issues e.g. through the implementation of RPA or AI products to combat challenges caused by Covid, and on the other hand, CIOs must balance strategically what and where they are automatizing/dehumanizing. I already have seen examples of cost reduction projects through dehumanization that are creating huge strategic risks for companies in the long run. 

For sure there will be someday an “after Covid” and using the current crisis as scapegoat for cost-cutting only without putting the focus on the product portfolio, customer needs, and above all operational risks of IT systems, can become a huge source of risk. 

Here I rather appeal to strategic long-term aspects than short-termed gains only and to address this concern CIOs must become business-driven more than ever!

 

The Need For Sustainability and Competent Business Intelligence

Companies were forced to change their policies, behaviors, and business strategy due to the prolonged coronavirus pandemic. The recent COP26 climate conference showed that companies are committed to making sustainable-focused organizational changes.

For Kalam, the need for sustainability in IT is clear highlights the challenges that many are still facing, in addition to incorporating competent business intelligence to ensure sustainable growth. 

 

Sustainable transformation in the IT & innovation field has become a key topic for upcoming years. What are the specific areas of action for CIOs in this field?

 

For sure sustainability as a topic is here to stay! Not only do we have the macro aspects of it addressing the major concerns of our time, but it has become also a business driver in so many sectors. 

With my initiated project Sustainista I, therefore, have tried to interconnect companies with the scientific community ensuring exchanging of data, know-how, best practices, and transparency. The biggest challenge in this field is the lack of market and scientific standards at the same time. ESGs might be known to many of us but breaking down its info business actions according to standard approaches/processes is the biggest challenge!

In an ideal world, CIOs and related roles are taking ownership of this topic and driving it to doable tasks, otherwise, I am afraid to see sustainability just as a cosmetic and marketing label without a true impact on business and how we do things.

A particular starting point is to understand macro goals as an organization and break them down to a very data level in organizations delivering measures and related actions with the help of existing data. Many companies I know from various sectors have started with external data sets 1st to deliver quick success that can feed this long-term topic.

 

How would you advise companies who are still struggling to incorporate Business Intelligence?

 

Here I clearly follow the storyline of failing fast succeed sooner. Instead of propagating a piece of technology IT must build a bridge with business and deliver quick wins. Even now I am often devastated whenever I see only PDFs and Excel Sheets with numbers/KPIs that do not reflect the fast reality of our businesses and data-driven decision-making across borders! 

Major issues companies face are data quality, integrity, and security issues. CIOs are hereby in the role of process enablers. Instead of being only technology-driven often the implementation of BI must be done in a joint-venture manner.

 

Ensuring Growth Through Data and Overcoming Legacy Challenges

One of the biggest hurdles for digital transformation efforts still stems from legacy systems that are often outdated and not integrated with modern solutions for business uses. Despite the fact that modernizing legacy IT systems is required for businesses to ensure growth, IT leaders are still faced with roadblocks and challenges.

For Kalam, however, legacy systems are not necessarily the main roadblock as it once was. Instead, the focus now for CIOs should be to apply best practices during data-driven business transformation and simplify their approach to nurturing experimentation.

 

With regards to data-driven business models, what are the best practices that CIOs and IT leaders need to keep in mind? 

 

In a matter of fact, the approach of data-driven business transformation is everything but only data-centric! It covers the end-to-end processes of entire product lines and the strategic setup of a company. After many years of data harmonization/migration projects, companies often find out their undone homework regarding “creating true business values to the company itself and its customers”. 

I myself often propagate the term “no business value without data, no data without a business case”. Between this symbiotic relationship lies the true success of transformation efforts. 

Aside from this core topic I often miss the foresight of wisdom! It means seeing the potential of data not only in core businesses but its extensions and added capacities. In my objective point of view, this foresight of wisdom and true added potential is often the key success factor to many.

 

One of the main challenges for organizations is to overcome legacy infrastructure. How can CIOs overcome the legacy obstacle? What are the skills and mindset needed to promote modernization for an organization?

 

To be honest I really do not see legacy infrastructure as the biggest road-blocker anymore. Especially throughout the last decade, there have been so many progressions in simplifications of legacy systems, that I have become more optimistic on that end out of my own experiences! 

I can´t remember when I have seen companies e.g. migrating legacy data systems into new all-in-one and all-ruling superior DWH, Data Lake, etc. Instead of searching for the holy grail, we have become more realistic about using data where they are at their best and being created. 

This Data Mesh approach has become a blueprint for software solutions as well just as agility was cultivated from the IT/Software world into day-to-day business & project management. But this process has just begun a couple of years ago, the community yet does not have a buzzword, but hey, never say never…!

 

Innovation and experimentation are at the heart of data-driven business models. How does one nurture an environment that promotes experimentation within their organization?

 

I rigorously follow the principle of K.I.S.S (Keep it simple, stupid) in the incubation phase of innovation projects. Instead of talking only and selling in this phase, organizations should apply these principles, aside from a minimum set-up of governance, risk mitigation process regarding GDPR, privacy, organizational risks, etc., and allow experimentation. 

Here the old wisdom of “too many rules & regulations kill true innovation & creativity” should be applied. 

If the internal challenges are too big, often I have guided companies and leading bodies into the world of entrepreneurship. 

The most successful CIOs & IT managers are those who run new innovation ideas or projects as a starting business operating from day 1. This can be a guarantee of nursing the true nature of innovation when nothing else is working.

Posted on

600Minutes Executive IT: How IT Leaders Develop Agility In Times Of Crisis

The recent 600Minutes Executive IT held by Management Events revealed in-depth insights from over 300 top-level IT executives and solution providers from leading organizations in Sweden. 

In group discussions during the virtual event, CIOs across the industries lent their thoughts and opinions on leading in the virtual landscape and through times of crisis.


 

Virtual Leadership

As known the world over, the coronavirus outbreak has brought unprecedented circumstances to the business world, from urgent business continuity planning to lengthy operational disruptions.

As C-suites sought to keep their business operations running, remote working was widely established throughout organizations. But for many IT leaders, managing and leading a remote workforce is a novel experience, and they are faced with different levels of difficulties.

 

Obstacles and Challenges

There were multiple concerns expressed by the event attendees during the group discussions.

One IT executive mentioned that it’s a challenge to keep track of how employees are doing while another stated that it’s harder to pick up on what’s going on when they, as the leader, are working away from the team. Yet another participant expressed worry on the flow of information not reaching the teams.

But among the many hurdles, face-to-face communication and socialization seem to be the most worrying aspects of remote work. Participants were concerned on how to keep the teams together when they’re no longer physically meeting or interacting with each other.

This is especially the case for new hires, whereby organizations need to ensure proper onboarding of the employees and help in building relationships with the current teams. As an IT leader aptly explained, “Now, we are riding on the current company culture from the physical office, but for new hires, there’s a challenge to transfer the silent knowledge and culture that ‘sits in the walls’.”

Stagnancy is another worrying issue among leading IT directors and C-levels as teams don’t share as many ideas or brainstorm as much as before.

As one IT leader commented, “New ideas get lost as most meetings are within the same function. It’s important to keep in contact with decision makers in other functions in order to develop new ideas.”

Other worries and issues presented during the discussions were:

  • Investing more 1-to-1 time for the same output;
  • Difficulty in following up with their teams and getting concrete actions;
  • Lack of boundaries between work and non-work, resulting in potential burnout;
  • Struggles in starting new projects; and
  • Micromanagement.
 

Positive Outlook and Solutions

Even though there are concerns with coordinating a remote workforce, a number of participants are positive that working offsite, or telecommuting, can bring good results. As one attendee stated, “[Remote work] should not be seen as a cost, but an opportunity.”


 

For instance, a decision maker participating in the group discussions claimed that due to the outbreak and subsequent remote working situation, there’s now a stronger focus on innovation, which can help companies to discover business opportunities that were once neglected.

Others corroborated with his statement, saying that the coronavirus inadvertently led to the organization gaining momentum in digitalization, and they should use the ‘new normal’ as a chance to initiate strategic changes.

One example given is the use of iPads for the company’s operators for communication and training purposes, which in the past would have taken a very long time. Others mentioned how their organization now works more digitally and has increased efficiency in some areas, and how people are more innovative without so many contradictions.

 

As an IT director said, “Productivity increases during periods where we are forced to be more innovative.”

 

Additionally, it was a general agreement among the IT leaders that working remotely led to more efficient online meetings as staff seems more prepared, with specific agendas and smooth subsequent information flow and discussions.

Even though a number of attendees voiced out the challenges they’re facing in creating a successful digitalized workforce, they also suggested solutions to overcome the hurdles.

Some of the solutions for effective and progressive remote workforce management given by the participants include:

  • Developing policies and reinforcing them;
  • Raising morale through interactive and non-work-related activities, such as music quizzes;
  • Connecting more often with peers, teams and others from the company to gain different perspectives;
  • Having more dialogues with the workforce on handling the crisis and other work issues; and
  • Scheduling fun meetings and engaging sessions, such as a virtual coffee break, to replace physical socializing.

However, given the pros and cons of working remotely, quite a few of the top executives are looking to develop a hybrid solution of working from home and office.

 

Towards A Hybrid Landscape

“Remotely, productivity remains the same, or is even better, But for some cooperation and creative process work, there’s a need for physical meetings.”


“Virtual hiring is possible. However, physical meetup is still needed to hand over computers and phones, and to provide basic training on how to perform the job.”

 

The above statements are just a few comments from IT leaders who believe in having the best of both offsite and onsite worlds, and were discussing how to maximize value and efficacy in a hybrid office landscape.

Aside from providing possible solutions to the difficulties of building team relations and maintaining the innovation and development arenas, the hybrid solution also addresses the issue of trust.

As a participant mentioned, “If you don’t see your teammates and staff every day, more trust is required,” while another explained that, “In the past, it wasn’t part of leadership to ensure that their groups do their jobs from home.”

An IT executive in the discussion suggested a day or two per week working from home with the rest of the days in the office. Such a solution not only provides the flexibility for employees needing time to take care of family and personal business, but also answers the needs for department heads to have their teams for certain face-to-face tasks.

“A flexible workforce can lead to higher productivity,” a participant asserted.

 

Moving Forward

 As a top IT executive observed, “People react differently to the changing environment and working conditions.” However, overall, it seems that employees, and even customers, have adapted to the ‘new normal’ relatively fast, and companies are witnessing faster digital transformation and innovation than before.

Perhaps it’s true what a decision maker from the IT function said during the discussion – “We need more crises to develop further.”

Posted on

No Business without IT

Wanting to implement innovations quickly, companies often develop digital process inside the different departments without the adequate involvement of IT. This leads to isolated solutions within the organization. But solutions can only deliver true added value for the entire company if they can be scaled and integrated with each other.

The digital transformation has reached the company. However, departments often introduce SaaS-based applications on their own, or they develop their own solutions. This leads to the uncontrolled growth of incompatible systems.

 

Examples of isolated solutions in a production operation

  1. The purchasing department has a platform for supplier management that enables digital purchase orders. The specifications and volumes, on the other hand, are e-mailed to the production department and must then be entered manually.
  2. The sales department uses an independently developed web portal that provides customers with 3D models of products, which can then be customized. However, the product information is manually entered into the tool since the interface to the product information management system does not work properly.
  3. Production uses a manufacturing execution system that digitally displays the various production steps. But forecasts about production capacity, the finishing of individual products and defective products must be determined manually by analysis and provided to other departments as Excel reports.
  4. The development department uses a CAD system that sends drawings directly to the various machines. But the department is missing the experience data for cost-effective and reliable materials from production and purchasing.

This means that manual interfaces are required to exchange data, but they also represent a potential source of error. Therefore the systems should be integrated across the departments to warrant complete data integrity and availability.

In the case of a production company, this would allow customers to modify their product during the production process, actually see the progress and track the shipment in the web portal. The supplier management tool automatically receives data on current purchase orders and inventories. Supplier orders are automatically adjusted based on forecasts for product demand. And the development department always has access to current prices and production experience. The result: the cost-effective and efficient series production of individual products.

The role of IT in the digitization process: from service provider and enabler to driver

As a result, digitization requires a holistic approach for companies, their value chains and in particular their IT organizations. But IT must also accept and be allowed to practice this new role. In practice, it often finds itself trying to balance the requirements for rapid, efficient, agile, scalable and innovative digitization in the company with the growing IT independence of the various departments. These often view the IT organization as a hindrance, inflexible or old-fashioned. And so they go ahead and do their own thing – using Cloud services or external developers.

But it is exactly these types of isolated solutions that frequently lead to rising administrative expenses, more complexity and not least increased security risks since the existing governance requirements and guidelines do not cover these cases. The result:

Therefore the IT department (whether the other departments like or not) must strictly control the use of customized solutions and approaches during the digitization process. But by doing so, it cannot act primarily as a hindrance, but rather as the keeper and enabler of new business models. The IT department has several trump cards over its colleagues in the other departments: It focuses on what is good for the entire company and it has the flexibility to pro-actively find the required service providers. In addition, it can organize or manage tenders to negotiate the best terms with external providers.

The new IT organization: DevOps, agility and business partnering

To complete this transformation, IT departments must develop and pave the way for the future particularly with regard to the IT organization, business centricity and technology. They must assume responsibility for the scalability of the new digital solutions. In addition, they must ensure that processes are fully thought through, developed and automated, and that they can be integrated into the overall organization in a flexible and (if needed) agile manner.

This means: The processes in the IT department are increasingly changing in the direction of an agile collaboration with departments. Moreover, the IT team increasingly assumes advisory and managing functions. To this end, it must push for the following:

  1. recruit employees with the right skills, who understand agile methods and carry them into the company
  2. make data-based decisions on the basis of Data Analytics and prevent incorrect decisions due to a lack of skill or information
  3. despite higher levels of security, reduce the complexity in the operation while remaining flexible to reduce the required amount of time and resources
  4. lower IT costs with transparent IT controlling and service management to remain competitive
  5. develop and implement an IT sourcing strategy to speed up the process of finding the right service providers and concentrate on processes that differentiate the company from the competition

In addition, interdisciplinary DevOps Teams in the IT department also help to increase software quality and availability and therefore customer satisfaction. Business Centricity must also be improved (or introduced), and a detailed understanding must be created for the company’s business processes and value creation. To this end, the IT department must develop joint solutions with the other departments.

This can be done with:

1. Professional Partner/Business Centricity: IT developments are often based on the viewpoint of management. Therefore IT must see itself as a partner in the development of joint ideas and solutions to ensure rapid and flexible compliance with business requirements and to guarantee competitiveness.

2. Co-Innovation: Co-Innovation: Innovations are led and promoted jointly by IT and the departments. Particularly in agile environments, this means that IT experts work in teams with staff from other departments so that the steadily changing requirements can be met as much as possible and the investment expenditures are fairly distributed over the participating departments.

3. IT Service Management: The coordination between the service provider and the service recipient is intensified. Here too, it is all about promoting and practicing small and flexible partnerships between IT and its internal clients, so that technological changes and opportunities can be tailored to the requirements of the business. This provides a high degree of automation for standard business processes.  amirite?!

On the whole, it means that the existing employees in the IT department must increase their knowledge and skills for supporting business processes because company-wide innovations require IT departments to take a close look at the new requirements and the associated fundamental technological developments, which promise a lot of added value for all departments today.

They primarily include:

1. Cloud Computing such as IaaS, PaaS or SaaS to address the need for flexibility, efficiency, productivity and scalability, and to facilitate the collaboration of the teams.

2. Platforms for improving and accelerating processes to reduce manual error sources.

3. Analyses of Big Data (Analytics), so that relevant information from customer data, deliveries, orders, transactions, product details or manufacturer information can be extracted in a very short time (e.g. to improve the pricing process).

4. The IT-Security, which must always be scrutinized so that the required security concepts can be developed for the current company-specific structures and requirements, which also provide the requisite protection for critical business data in the digitization age.

It is only by including these issues that IT has the flexibility to meet the requirements of the departments, while also guaranteeing the company’s security and efficiency.

Conclusion

The idea of aligning the IT department to the digital transformation of the entire company sounds pretty simple in theory: It “only” has to make its own organization agile, maintain a strong connection to the business, focus on the main technological trends and actively promote these to management and the various departments.

However, this fundamentally changes the conduct of IT as a service provider and requires significant restructuring of the IT organization and its resources. In practice, the IT department must also become an enabler for employees.

At the same time, it must manage on-going operations and provide sufficient resources for modernization and the introduction of new approaches and technologies.

Therefore, in order to achieve an optimum and successful digitization process, IT departments should be considerably strengthened with regard to their skills and impact – or they should take the initiative in this regard. An IT transformation is not possible without a mature and enabled IT department that is viewed as a partner by the business. And without an IT transformation, there can be no long-term and sustainable company-wide digital transformation.

Posted on

Blocks Instead of Lines: A Tale of Fast ROI in IT Projects

craftwares_block_and_lines

Craftware, Salesforce Platinum Partner and UIPath Gold Partner are implementing projects for clients in Europe and the USA. It works directly with business and IT, in both areas ensuring the ultimate value of implementation for organizations and end-users.

Jacek Zawłocki, co-founder and CEO of Craftware, the architect of IT solutions. He took part in numerous projects, including the fintech, retail and telecom industries. Based on project experience, he explains how to smoothly implement IT systems in a company and quickly achieve a Return of Investment thanks to the agile approach and flexibility of Salesforce technology.

Do you know the YouTube blockbuster — a funny video about seven red lines? Yes, it’s the one about a project for seven red lines some of which are to be drawn with green, and some with transparent ink. And all of them must be perpendicular — according to the absurd vision of tenacious customers and the supporting project manager. Everyone insists on completing this awkward order despite the objections of an expert who from the very beginning tries to prove that the task is unfeasible.
Do you want to achieve ROI from an IT project fast? Don’t go down that road!

Business and IT — instead of going to war, we can sit down and talk

Although the video is a clever parody, the business reality is full of such missed ideas, and some of them are made real — this is well known to, for example, employees of advertising agencies. However, the issue is not specific to this industry only. Similar situations are not uncommon in other large organizations, especially in those were business meets (or rather collides with) IT.

“We would like to have a new system to automate and optimize some of our processes” — what happens when sales or marketing departments turn to “their” IT department with such an idea? How is the project carried out? It’s a topic for another article — you can read it here. There, you will learn why projects usually fail, and if they are completed somehow, the budget is exceeded or they are much delayed.

Fortunately, you can do it another way. There are more and more companies that decide to use modern technology platforms… Interest is growing not only in CRM systems but also in RPA platforms, such as UiPath – Craftware is its Gold Partner.

The era of cumbersome IT implementation is slowly coming to an end, giving up its place to the Agile approach and positive scenarios which prove that business and IT do not have to fight each other, but team up in a smart manner. Then, it is possible to successfully complete a project, and… win a bet for a crate of beer by the way — just as Craftware did on one occasion. We were given this gift by our satisfied client — a known and large online business that faced a challenge due to its rapid growth.

Start with MVP

The company decided to sell advertising space on its website. The idea hit the bull’s eye, but the massively increasing number of advertisement reservations and equally rising number of errors, for example, related to advertising space quotations, turned out to be a challenge. The employees were simply falling behind with orders. After a series of consultations with the client, we suggested them to implement a reservation system to eliminate this bottleneck.

“We will provide you with the first version of the system in six weeks,” we declared to the client. “Six weeks? We bet a crate of beer that you won’t be able to do that. This is a project for one and a half years.” As we learned later, this had been the deadline proposed to our client by another vendor.

According to our deal, we implemented MVP at the client after six weeks of starting the work on the project. This first step already brought some visible benefits: the sales of advertising campaigns accelerated by half, and the reservation of a single advertising space by 10%. The risk of errors that happened to the department employees was reduced by one fourth. Of course, the won bet gave us satisfaction, but above all, we were proud of our client’s success. The high level of adoption of the tool was rated “four” by the users, on a five-point scale.

Small steps towards your business goal

The key to success was the Agile approach and our client’s willingness to carry out the project according to this methodology. We agreed that we would work in small steps focusing on business goals.

But let’s imagine that a client — this very specific one (or another one interested in cooperation) — comes to us with an idea of seven red lines and stubbornly sticks to it. They vaguely explain what they want to use the lines for, or do not explain that at all — just like in the video described before. They do not accept our suggestions. How would such a project proceed? Would there be a chance to complete it?

Working on business goals requires the client to take responsibility for the project. It means a willingness to talk to the implementation partner: to give up forcing your own project visions and trust the suggested solutions. However, this responsibility must be also at the other side which means that the partner is reliable, proved, and experienced knows project patterns and how to translate them into business needs, because they put this into practice many, many times. What’s more, they can schedule work properly in time.

Small steps methodology, which means dividing implementation into intervals, enables the business to achieve ROI much faster. Costs are necessary at each stage but — starting from MVP implementation — each and every part of a project brings about visible benefits. As the implemented system grows, the pace at which it starts to turn a profit increases — it is best illustrated by the chart below: the cost and income curves cross very quickly.

Craftware_graph

Figure — drafted by Craftware

Build on modules

There is also one more element without which the Agile approach would be difficult: access to technology. To implement tools that quickly bring business value and generate the income needed to pay for other functionalities, not only do you have to know them very well, but you also need to have such tools, you need to have the proper technology, such as Salesforce, at hand. Flexibility is one of the greatest advantages of this solution: it allows you to react immediately and extend the range of solutions as the project is carried out.

Executing a project based on Salesforce, which we are the Platinum Partner, is like building a structure using Lego blocks. In both cases, we have a catalog of available solutions, but we also have generic blocks with which we can change, enhance, and enrich the basic products.

Getting back to the seven red lines for the last time: get rid of them and choose… blocks! Think outside the box — software can be built in modules!

I invite you to watch the recording of my speech during the first edition of the MIT Sloan congress, organized by the prestigious MIT Sloan Management Review Polska magazine.

Posted on

Vulnerability Magnitude, Exploitation Velocity, Blast Radius… No, Not Rocket Science

Qualys_IoT

One of the tangible effects of digital transformation is the impact on security teams, processes, and roadmap.

Organizations are realizing that the technology landscape is rich in a very varied digital biodiversity – with species living in the cloud or in containers, in mobility or in the IoT/IIoT parallel universes, and in space-temporal tunnels called CI/CD pipelines.

And this digital biodiversity should be continuously qualified, assessed, and remediated in case anything is too anomalous… all these being responsibilities of Security teams.

The complexity that these actions imply is remarkable, often requiring augmentation of capabilities to avoid a devastating impact on specialized resources.

But capabilities need to be grounded on solid processes, and here is where an issue often surfaces: lack of operational efficiency.

Swiveling chairs, multiple consoles, poorly implemented APIs, manual operations are still common causes of long processes, human errors, and repetitive operations. Some solutions started to appear, to try automating the steps and accelerating the process.

Data about discovered assets are made available to other platforms, which try to transform these data into more refined information that can be processed by algorithms to understand the vulnerabilities detected; then the data about the vulnerable surface is propagated to other solutions which overlay other data to detect the exploitability, to enrich the context provided and enable prioritization; eventually, reports are produced for the infrastructure team to proceed with patching or remediation.

Again, this orchestration does little to improve the operational efficiency, because all the phases are processed by different platforms and different teams with varying objectives; hence these data lack consistency, normalization, and require adaptation to be properly ingested and processed by the subsequent consumer.

In short, there is a lack of a unified workflow.

Qualys invented VMDR, acronym for Vulnerability Management – Detection and Response.

A new app running within the Qualys Cloud Platform, processing the same consistent source of data across the products that implement the entire process through a single and integrated workflow:

  • asset discovery, categorization, and dynamic tagging;
  • detection of the vulnerable surface by identifying OS, network vulnerabilities and configuration errors
  • cyber threat intel based context enrichment, augmented by a machine learning engine to help prioritization
  • refined prioritization based on exposure, business impact and other unique distinctive traits of the digital landscape where the solution is deployed
  • Vulnerability-patch correlation, tailored on the assets and perimeters for the considered tags and for the prioritized vulnerable surfaces to be remediated
  • support the remediation with patch deployment
  • continuous validation of the security posture according to CIS benchmarks

All this without limits to the sensors you may need to properly observe your IT estate and collect data: software agents conceived to minimize the footprint on the servers/workstations/mobile devices where they are installed, virtual scanners to actively probe the networks, passive sensor listening to traffic and exposing every device visible, cloud APIs to have instant visibility on PaaS/IaaS deployments, container sensors to monitor images in registries or hosts and running containers.

All this in a unified application, where data are collected once and processed efficiently to support the whole workflow. All this with customizable dashboards and reports to keeping critical KPIs under control, and with an API to flow the refined information to other workflows – such as CI/CD pipelines. Besides the operational efficiency, the quality and accuracy of the information produced by this unified workflow using Qualys VMDR effectively support the risk mitigation.

From a more pragmatic standpoint, this boils down to have a clear perception of three important things.

First, the Vulnerability magnitude: this is the synthesis of your vulnerable surface enriched with important contextual information such as the patch availability for a given perimeter, considering supersedence and severity information, and the ability to summarize this information based on the observational needs.

Second, the exploitation velocity: crucially relevant to prioritize and plan the remediation, this data concerning the availability of an exploit. Including details about the ease of exploitation, the potential collateral damages coming from a wormable weaponization of vulnerability or from the potential lateral movement following the possible compromise of a system.

Third, the blast radius: the combination of the network context enriched with the business criticality of assets, the automatic validation of CIS benchmarks, and the ML-assisted risk scoring of the vulnerable and exploitable surface provide a tangible help to estimate the potential harm of a security incident, providing the needed refined information to measure and track the Time To Remediate.