Daily Tech Digest - November 28, 2022

5 ways to avoid IT purchasing regrets

When it comes to technology purchases, another regret can be not moving fast enough. Merim Becirovic, managing director of global IT and enterprise architecture at Accenture, says his clients often wonder whether they’re falling behind. “With the level of technology maturity today, it’s a lot easier to make good decisions and not regret them. But what I do hear are questions around how to get things done faster,” he says. “We’re getting more capabilities all the time, but it’s all moving so quickly that it’s getting harder to keep up.” A lag can mean missed opportunities, Becirovic says, which can produce a should-have-done-better reproach. “It’s ‘I wish I had known, I wish I had done,’” he adds. Becirovic advises CIOs on how to avoid such scenarios, saying they should make technology decisions based on what will add value; shift to the public cloud to create the agility needed to keep pace with and benefit from the quickening pace of IT innovation; and update IT governance practices tailored to overseeing a cloud environment with its consumption-based fees.

5 digital transformation metrics to measure success in 2023

If money (whether earned or saved) is the first pillar of most business metrics, then time is another. That could be time spent or saved (more on that in a moment), but it’s also in the sense of pure speed. "Time to market should be one of the most critical digital transformation metrics right now for enterprises across industries,” says Skye Chalmers, CEO of Image Relay. “The market impact of a digital transformation project is all about its speed: If you don’t cross the finish line first with compelling new customer [or] employee experiences or other digital modernization initiatives, your competitors will.” So while an overall digital transformation strategy may not have an endpoint, per se, the goals or milestones that comprise that strategy should have some time-based measurement. And from Chalmers’ point of view, the speed with which you can deliver should be a key factor in decision-making and measurement. Focusing on the time-to-market metric “will directly improve an enterprise’s competitive position and standing with customers,” Chalmers says.

More Organizations Are Being Rejected for Cyber Insurance — What Can Leaders Do?

Before soliciting cyber insurance quotes, examine several areas of your network security to understand what vulnerabilities exist. Insurers will do just that, so anticipating gaps in your infrastructure, software, and systems will provide you with a clearer idea of what your company needs. Start with your enterprise network. Who has access and to what degree? Every person who has access to your network provides an attack vector, increasing the possibility of an attacker accessing more data through lateral movement. If an outside agent can gain entry to your network, that person or bot can harvest the most privileged credentials and move between servers and throughout the storage infrastructure while continually exploiting valuable sensitive data. That’s why most insurance audits consider privilege sprawl to be among the top risks. It happens when special rights to a system have been granted to too many people. It impacts the cost of premiums and could even lead to a loss of coverage. Public cloud assets also present an opportunity for a strike. Is access to that information secure? 

Retirees Must Have These Four Key Components To Make A Winning Side Hustle

Since when does everything always go as planned? Spoiler Alert: It never does. There’s even a saying for this: “Into each life, a little rain must fall.” And when those rain clouds do appear, what do successful entrepreneurs do? They don’t pack up their gear and head for shelter. No, they plant their feet firmly into the (muddy) ground and start selling umbrellas. “When you study success and read extensively about entrepreneurs, you realize that successful people come from a variety of backgrounds and circumstances, but they have one thing in common—they consistently do the work,” says Case Lane, Founder of Ready Entrepreneur in Los Angeles. “The only talent needed is knowing you can make that commitment to keep working to ensure business success.” Entrepreneurs don’t fear change (see above); they see it as an opportunity. “I knew how to solve a problem that many people were experiencing, and I knew I could help those people,” says Chane Steiner, CEO of Crediful in Scottsdale, Arizona. 

Top 6 security risks associated with industrial IoT

Device hijacking is one of the common security challenges of IIoT. It can occur when the IoT sensor or endpoint is hijacked. This can lead to serious data breaches depending on the intelligence of the sensors as well as the number of devices the sensors are connected to. Sensor breaches or hijacks can easily expose your sensors to malware, enabling the hacker to have control of the endpoint device. With this level of control, hackers can run the manufacturing processes as they wish. ... IIoT deals with many physical endpoint devices that can be stolen if not protected from prying eyes. This situation can pose a security risk to any organization if these devices are used to store sensitive information. Organizations with endpoint devices in great use can make arrangements to ensure that these devices are protected, but storing critical data in them can still raise safety concerns due to the growing number of endpoint attacks. For organizations to minimize the risk associated with device theft, it’s expedient to avoid storing sensitive information on endpoint devices. Instead, they should use cloud-based infrastructure to store critical information.

Cloud security starts with zero trust

Generally speaking, the best way for an organization to approach zero trust is for security teams to take the mindset that the network is already compromised and develop security protocols from there. With this in mind, when implementing zero trust into a cloud environment, organizations must first perform a threat assessment to see where their biggest vulnerabilities lie. Zero trust strategy requires an inventory of every single item in a company’s portfolio, including a list of who and what should and should not be trusted. Additionally, organizations must develop a strong understanding of their current workflows and create a well-maintained inventory of all the company’s assets. After conducting a thorough threat assessment and developing an inventory of key company information, security controls must be specifically designed to address any threats identified during the threat assessment to tailor the zero trust strategy around them. The nature of zero trust is inherently complex due to the significant steps that a company has to take to achieve a true zero trust atmosphere, and this is something that more businesses should take into account.

How to Not Screw Up Your Product Strategy

Creating the strategy also requires influencing and collaborating with many people. All of these interactions require time to get people on the same page, discuss disagreements, and incorporate improvements or changes. Finally, your market can change quickly. New competitors can emerge, technologies change, and customer feedback can shift. These all can result in changes in perspective or emphasis, which can further slow down putting together a product strategy. And finally, even after you’ve done all the hard work putting the strategy together, you have a lot of work to do communicating that strategy and getting people to understand it. This also takes a lot of time. The end result of all these steps is that a common failure mode is “the product strategy is coming." My recommendation is to always have a working product strategy. Because strategy work takes time, you shouldn’t make people wait for it. If you don’t have a real strategy, start with a temporary, short-term strategy, based on your best thinking at the moment. 

Why Microsegmentation is Critical for Securing CI/CD

While cloud-native application development has many benefits, traditional network architectures and security practices cannot keep up with DevOps practices like CI/CD. Microsegmentation reduces network risk and prevents lateral movement by isolating environments and applications. However, it can be a challenge to implement segmentation in a cloud-native environment. Typical network security teams use a centralized approach with one SecOps team responsible for all security management. For example, some networks have ticket-based approval systems where the central team reviews each request based on access policies. However, this system is slow and prone to human error. Teams can use DevOps methods to operationalize microsegmentation, implementing policy as code. You can also leverage a microsegmentation solution that helps automate and secure the process. The security team enforces basic segmentation policies, while application owners create more granular policies. This decentralized security approach preserves the agility of DevOps.

Data Strategy: Synthetic Data and Other Tech for AI's Next Phase

Synthetic data is one of several AI technologies identified by Forrester as less well known but having the power to unlock significant new capabilities. Others on the list are transformer networks, reinforcement learning, federated learning and causal inference. Curran explains that transformer networks use deep learning to accurately summarize large corpuses of text. “They allow for folks like myself to basically create a pretty concise slide based off of a piece of research I’ve written,” he says. “I already use AI-generated images in probably 90% of my presentations at this point in time.” The same base technology of transformer networks and large language models can be used to generate code for enterprise applications, Curran says. Reinforcement learning allows tests of many actions in simulated environments, enabling a large number of micro-experiments that can then be used for constructing models to optimize objectives or constraints, according to Forrester. ... Such a simulation would let you account for your big order, the cost of shutting down at peak season, and other factors in your decision of whether to take that piece of equipment down for maintenance.

Smart office trends to watch

A growing number of office buildings now have an effective Building Management System (BMS). Ideally this will be combined with energy generation and storage and water management systems, which can deliver huge cost, resource and emissions savings, but a good BMS is a good start. It can optimise energy use through smart lighting and temperature systems, controlled by software which draws information from Internet of Things (IoT) or Radio Frequency Identification (RFID) sensors throughout the building. Energy and cost savings are also improved by smart LED lighting, controlled by sensors that ensure it is only used as and when needed. Providers of BMS and related solutions include Smarter Technologies, which uses RFID sensors to monitor energy and water use, temperature, humidity, air quality, room or desk occupancy and even whether bins need emptying. SP Digital’s GET Control system offers IoT and AI-based temperature control, dividing open plan offices into microzones, through which air flow is regulated based on occupancy and both conditions inside and ambient weather conditions outside the building. 

---

Quote for the day:

"In simplest terms, a leader is one who knows where he wants to go, and gets up, and goes." -- John Erksine

---

Daily Tech Digest - June 16, 2018

Data Lake – the evolution of data processing

Two things emerge from this - structuring and transforming data on ingestion incurs a performance hit, and potential data loss. If we try to do complex computations on a large amount of incoming data, we will most likely have serious performance issues. If we try to structure data on ingestion, we might realize later on that we need pieces of data discarded during structuring. The thing is, with vast and complex data, it is most likely that we won’t know what insights you can extract from it. We don’t know what value, if any, collected data will bring to our business. If we try to guess, there is a fair chance of guessing wrong. What do we do then? We store raw data. Now, we don’t want to just throw it in there, as that will lead to a data swamp - a pool of stale data, without any information on what it represents. Data should be enriched with metadata, describing its origin, ingestion time, etc. We can also partition data on ingestion, which makes processing more efficient later on. If we don’t get the right partitioning on the first try, we’ll still have all of it, and can re-partition it without any data loss.

The Menace and the Promise of Autonomous Vehicles

The Drive.ai program lacks the ambition of, say, Waymo’s Phoenix-area AV service, which ferries passengers around without a human driver ready to take the wheel, but the project—publicly announced, small in scope, conducted in partnership with city officials—seems to take a more measured approach to AV testing than exists elsewhere. Bamonte described Frisco’s AV program as “kind of crawl, walk, run.” “We don’t want developers to just plop down unannounced and start doing a service,” Bamonte told me. He compared the Drive.ai testing favorably to Tesla’s, whose roadster has ambitious autopilot features that have already been deployed in thousands of commercial vehicles, wherever drivers take them. So far, Tesla’s autopilot mode has caused several high-profile crashes on public roads, including fatal accidents in Florida and California. The Uber crash has “added note of caution,” Bamonte said, but “it’s our responsibility to continue to explore and test this technology in a responsible way.” For him, that means closed tracks and computer simulations; after conducting a public education campaign and soliciting feedback, deployment on public streets will inevitably follow.

Cyber threat intelligence versus business risk intelligence

"Alongside the convergence of activities and systems, with IoT there's all sorts of expansion, the perimeter also disappears," says Gartner's Contu. With this, business risk is fast becoming the responsibility of the whole organisation, not just a small dedicated section of the organisation. "Organisations need to take a business-driven security approach, which encourages all stakeholders to be engaged in the risk conversation, identifying what matters most to them, so threats can be tackled in a way that safeguards what's most important -- whether that's customer data, intellectual property or another business-critical asset," said Knowles. IT, security, application builders, developers, DevOps operations and more: all of these parts of the organisation need to be thinking about business risk on a day-to-day basis -- and what they need to think about is constantly changing. "That's a critical part of thinking about a risk-based model: it's not static, it's not something you have consultants looking at; it should be instrumented and refined over time and changing depending on what you see," said Toubba, who adds how information on cyber threats should also be continually updated in this way.

What to expect from tomorrow’s smart spaces

Privacy concerns remain; employees will want to avoid mingling their personal lives with their private lives, but this concern isn’t new. Still, it will be up to employees and perhaps unions to ensure an individual’s right to privacy remains intact, a task that can become more challenging as more employees find themselves constantly connected to the office. Airports can rely on facial recognition technology tied with other smart technologies to detect potential security risks. Smart features can lead to better convenience as well; smart technology combined with artificial intelligence can provide useful metrics on airport crowds, which can be used to ease the process of traveling through airports. Airports and other high-risk security areas aren’t the only space that can benefit from this enhanced security; sports stadiums, for example, might be able to provide a safer experience with smart technology. These technologies, however, can easily encroach on an individual’s privacy by attaching activities in these spaces with a name and other identifying information. People might be willing to trade in some privacy for easier check-ins, but having information stored indefinitely might cause concerns.

Insurance on the Blockchain

Blockchain technology should be leveraged in the reinsurance process to increase interoperability. With a shared digital ledger, no longer can there be the discrepancy in data format, process, and standards that currently plague the industry. A permissioned blockchain ledger can be used to streamline communication, flow of information, and data sharing between insurers and reinsurers as an available and trusted repository of contract information. This becomes a faster, more efficient, and less-risky process as data related to loss records, asset ownership, or transaction histories is recorded on a blockchain that is trusted to be authentic and up-to-date. Access to this information can be heavily permissioned with granular access controls, with exhaustive rules governing read and write capabilities per user. Reinsurers can query a blockchain to retrieve updated, real-time, and trusted information rather than rely on a centralized insurance institution to report on data relevant to items (i.e. losses or transfer of ownership). This can massively expedite underwriting times.

Unbreakable smart lock devastated to discover screwdrivers exist

Well, it turns out the lock broadcast its own Bluetooth MAC address over the airwaves, and uses that MAC address to calculate a key used to lock and unlock the device. Tierney cracked the system disturbingly quickly: "It upper cases the BLE MAC address and takes an MD5 hash. The 0-7 characters are key1, and the 16-23 are the serial number." The upshot? He was able to write a script, port it to an Android app, and open any nearby Tapplock wirelessly using his phone and Bluetooth, taking less than two seconds each time. "This level of security is completely unacceptable," he complained. "Consumers deserve better, and treating your customers like this is hugely disrespectful. To be honest, I am lost for words." The problem was so bad that Tierney informed the manufacturer, and gave it seven days before he went public with the fundamental flaw. Just hours before the deadline was up, Tapplock put out a security advisory warning that everyone needed to upgrade their lock's firmware "to get the latest protection." "This patch addresses several Bluetooth/communication vulnerabilities that may allow unauthorised users to illegal gain access," the company noted.

We’re Worrying About the Wrong Kind of AI

Technology that unthinkingly tramples over moral boundaries risks public rejection. Hence, researchers are openly discussing the ethical challenges likely to arise. Almost no one thinks a single cell is conscious, and today's organoids aren't either, but there's a continuous arc of increasing complexity that technology looks certain to traverse on the way to fully realistic human brains. What if a cherry-sized organoid of 10 million neural cells gains awareness of itself, or shows signs of distress? At what point does it become clear that organoids have crossed the boundary into beings deserving of rights, or warranting the appointment of a legal guardian? Right now, no one even knows how to reliably measure attributes of consciousness or thought in a piece of neural matter. We can do so in real brains, but what about things that are only partially like brains? Things may get weirder still with bits of artificial brain tissue implanted into the brains of other organisms, resulting in chimeras – organisms not fully of any one species, but part human and part mouse, pig or dog. Like AI based on computing, this research is racing ahead at alarming speed.

The fundamental elements of security in microservices

In a monolithic architecture, there can often be a single point of failure that could bring down an entire operation. In a microservices architecture, application components operate in isolation from one another, which means a security breach will not immediately affect the entire stack. Despite this architectural trait, you can still expect to face several complex security challenges. One challenge is that there is simply more attack surface to target. It's hard to keep an eye on everything within your stack when your application is made up of dozens of different microservices. A microservices-based app could use 10 containers, which translates to 10 times the number of instances to monitor. This challenge multiplies if those containers are regularly shut down and resurrected. The second issue involves the blurred perimeter of a microservices architecture. Unlike the clear-cut security perimeter that a firewall provides a monolithic app, there is no such definitive boundary with cloud-based microservices apps.

Modern Cybersecurity Demands a Different Corporate Mindset

Organizations may feel more confident about confronting the types of attacks that have become familiar in recent years, but they still lack the capability to deal with more-advanced, targeted assaults. Overall, 68% of respondents have some form of formal incident response capability, but only 8% describe their plan as robust and spanning third parties and law enforcement. To improve their chances of fighting back against cyberattackers, organizations will have to overcome the barriers that currently make it more difficult for cybersecurity operations to add value. For example, 59% of GISS respondents cite budget constraints, while a similar number lament a lack of skilled resources; 29% complain about a lack of executive awareness or support. The so-called disconnect between cybersecurity and the C-suite still persists, with a mere 36% of corporate boards having sufficient cybersecurity knowledge for effective oversights of risks, as highlighted in the EY report. Ultimately, organizations that fail to obtain executive support and devote the resources necessary for adequate cybersecurity will find it very difficult to manage the risks they face.

Don’t start the blockchain revolution without making security a top priority

The McAfee report details a 2017 cryptocurrency phishing scam in which a cybercriminal set up a fraudulent cryptocurrency “wallet” service. After collecting authentication information from the service’s users over the course of six months, the thief drained $4 million from unsuspecting customers’ accounts. Researchers provide examples of how cybercriminals using malware have been empowered by the proliferation of cryptocurrencies. The explosion of ransomware over the last few years has become operationally possible in large part due to the use of cryptocurrencies, which cloak cybercriminals’ identities associated with ransom payment transfers. The research illustrates the growing trends of malicious miners and cryptojacking, which create a vector for infection (via malware) and monetization (via mining). Recent McAfee Labs research in this cybercrime category found that total coin miner malware grew a stunning 629% in Q1 2018—from around 400,000 samples in Q4 2017 to more than 2.9 million samples in the first quarter of this year.

---

Quote for the day:

"Leadership is not about titles, positions or flowcharts. It is about one life influencing another." -- John C. Maxwell

---

Daily Tech Digest - March 23, 2018

Google is often its own worst enemy

There are countless other examples of Google acting as its own worst enemy and failing to follow through with a commendable initial vision. Look at the company's never-ending messaging mess, for instance, or the awkward implementation of Apple-like app shortcuts in Android 7.1. In the latter case, as I said at the time, "instead of thinking through what'd be the most sensible and user-friendly way for a feature like this to work, Google seemed to just emulate the way Apple did it." See the pattern? To a degree, a company being flexible and open to the evolution of its products — even when said transformation blatantly revolves around "borrowing" inspiration from other sources — can be an asset. But there's also something to be said for having the stones to stand by the value of your own ideas and remaining willing to recognize when you've got a good thing going, even if that thing requires a mix of refinement and promotion to reach its potential.

Blockchain to ‘radically’ transform anti-fraud, anti-money-laundering efforts

Starting in May, GDPR will force European banks to rethink how they store, manage, use and disseminate personally identifiable information, according to the report. "If they wish to partake in blockchain-based AML and EFM device, whitelist, and transactional data sharing, [financial institutions] must adapt their privacy policies and tools to be able to cope with this requirement," Forrester said. ... AML and EFM are harder than ever to enforce and need to rely on the most diverse data possible, Forrester said, adding that "verifying identities before allowing them to transact helps avoid fraud losses in a complex payment ecosystem." That's where blockchain can be useful. Because it is an immutable, auditable electronic record, blockchain ensures that transaction records contain artifacts and identifiers of previous transactions. "This allows authorized investigators to backtrack transactions on the blockchain more easily than with current AML and EFM systems," Forrester said.

Stay ahead of Java security issues like SQL and LDAP injections

Java security issues are real. Java was designed to be as secure as most other popular programming languages, and it offers features like SecurityManager to help improve security in certain contexts. However, Java applications are subject to a number of potential security vulnerabilities, including, but not limited to, various injection attacks. It's crucial for Java developers and administrators to keep common Java security vulnerabilities in mind as they write and deploy Java applications. Security-first programming is especially important in the case of Java because the cross-platform nature of Java code means that OS-level security frameworks can't always be trusted to keep applications secure. Nor should you expect end users to be able to manage Java security threats effectively. Sure, you can blame your users for running untrusted Java code or disabling automatic updates to their Java runtimes, but ultimately, the burden of writing secure Java applications and isolating code within a Java environment that might not be secure lies with developers.

The best way to adopt the cloud: Short sprints vs. big bang

When it comes to cloud adoption, large enterprises and government agencies focus on quick wins, using quick sprints, and are typically more successful than those companies that try to drive huge change over a longer period of time, aka the big-bang approach. ... The objectives of each may be exactly the same—to migrate most of the enterprise’s workloads—but the short-sprint approach is ten times more likely to demonstrate success and thus value than the big-bang approach.  The short-sprint approach also aligns with the typical corporate culture. People think in small tactical ways versus large and strategic, so expectations are for small, quick wins. The larger, longer strategic wins simply are not as valued by the executives and investors in the standard corporate culture. The big-bang approach can and does work—if the company can hold to its commitment that long and doesn’t need ROI along the way. 

4 best practices for automating mobile app testing

How can you test your mobile apps on a diversity of mobile devices, and in geographic locales that you're not even thinking of? This is the problem that BrowserStack, and other companies like it, set out to solve. These companies offer cloud-based test automation software and processes that enable you to test your app in virtually any simulated mobile device environment and in any test scenario. The test automation can eliminate steps for your QA staff, such as checking out app navigation, displays of data and images, and even data access, retrieval and update to a database. "Our goal was to develop tools that could automate as much of the diverse mobile app test process as possible, to save time, and to speed these apps to market," said Rao. "We were also aware of the mobile developer shortage in enterprises, and the fact that many companies can't secure the mobile app development talent that they need. Consequently, they have to find other ways to speed app development and test, like automating more of the process."

Intel To Release Most Powerful Mainstream Processor Ever To Beat AMD

Intel largely succeeded here, and thanks to higher clock speeds (and unfortunately a higher price too) on the CPU compared to AMD's equivalents price-wise, the Core i7-8700K was faster in many tests despite a two core deficit. However, where raw multi-threaded performance is concerned, especially in benchmarks that aren't otherwise Intel-optimised, AMD gained the upper hand meaning that Intel can't quite claim to be faster in everything. This is what it's looking to address with the new CPU, because even with better boosting algorithms, AMD's soon-expected Ryzen second generations CPUs, due next month, probably won't be able to match something akin to a Core i7-8700K, but with eight cores. Interestingly, AMD's 12-core Threadripper 1920X retails for $670, which means that there's a big gap for Intel to play with price-wise with its new eight-core CPU. The Core i7-8700K retails for around $350, so even if the new CPU costs $500, it's potentially going to blur the lines between both AMD and Intel's high-end desktop platforms.

How Microsoft and Databricks crafted a unique partnership for AI data processing

Using Azure Databricks, customers can take in data ingested through other services, prepare it, and process it using machine learning algorithms and other techniques. After that, it can be funneled out to other services like Cosmos DB and Power BI. Making a deep integration possible required a great deal of work on the part of both firms, however. Company representatives made many trips back and forth between Databricks’ office in San Francisco and Microsoft’s in Redmond. The partnership wasn’t without its challenges on either end, but both companies were committed to it for the sake of their joint customers. Andreessen Horowitz cofounder Ben Horowitz, who sits on Databricks’ board, has a close relationship with Microsoft CEO Satya Nadella and helped facilitate the two companies’ collaboration. Microsoft had to work through concerns about what it would mean for the company to deeply integrate Databricks with Azure systems, including those for incident management, handling support requests, and other functions. 

Why the Waterfall or Agile debate will be around forever

"What's wrong is to assume one or the other is always the answer," Raschke said. "When you look at a product and it needs flexibility [or] the client is not sure what they want, what the market needs or there is innovation required, Scrum is important. If it is embedded or mission-critical software, Waterfall might be a better choice." What phase the project is on also determines which methodology a team should use. Business case development, choice of infrastructure and decisions on deployment and maintenance are all aspects of the software development lifecycle that don't necessarily lend themselves to the Agile approach. When forced to align with either Waterfall or Agile, these business cases tend to fall more in line with Waterfall. Once those outlines are in place, the actual development might trend more toward either Waterfall or Agile, depending on the purpose and nature of the project. Raschke said to remember what is most important. "The question is: What do we need to do to get it to the customer? In that case, it usually ends up as hybrid."

CISCO, Verizon Take Information-Centric Networking For a Real World Spin

Cisco has developed what it calls Hybrid ICN (hICN), which enables the deployment of ICN within IP rather than as an overlay or replacement of IP. It preserves all features of ICN communication by encoding ICN names into IP addresses, according to Giovanna Carofiglio, a Cisco Distinguished Engineer.  “hICN supports IPv4- or IPv6-RFC compliant packet formats, and guarantees transparent interconnection with standard IP networking equipment, simplifying the insertion of ICN technology in existing IP infrastructure and enabling coexistence with legacy IP traffic,” Carofiglio said. Cisco and Verizon expect that hICN will become a strong technology for 5Genvironments in that ICN adoption may dramatically simplify next generation network architecture by offering a unified content-aware and access-agnostic network substrate for the integration of heterogeneous networks, Carofiglio said. It is the hICN technology Verizon tested in its lab recently.

Optimising the smart office: A marriage of technology and people

A strong digital culture is clearly a positive thing, but there's room for improvement: the percentages of employees in strong-digital-culture businesses who rate themselves highly on empowerment (47%), innovativeness (39%) and -- in particular -- productivity (22%) might be expected to be higher, for example. Management consultancy McKinsey has recently suggested that productivity benefits from digitisation have yet to materialise at scale for several reasons, including "lag effects due to the need to reach technological and business readiness" and "costs associated with the absorption of management's time and focus on digital transformation". Another KPI Microsoft examined was engagement, or 'flow' -- the ability for workers to focus on the task at hand and deliver a better end result more efficiently. Overall, just 20 percent of respondents felt highly engaged at work, but there was a fourfold difference between engagement levels in businesses with strong versus weak digital cultures.

---

Quote for the day:

"Rarely have I seen a situation where doing less than the other guy is a good strategy." -- Jimmy Spithill

---