Israeli Software

A recent post by Kevin Conway on LinkedIn drew over 500 responses to his somewhat dramatic statement that Social Media for Business is CRAP -

Maybe because my feeling for the hyped-up benefits of social media was recently confirmed by a top millionaire online guru. If you follow the most successful gurus his name is always at the top of the list. As a matter of fact, he was the first online entrepreneur to make a MILLION $$ in a day. That said, recently he published a PDF where he said “I think social media Su-ks”. When I read that I felt a sigh of relief, “maybe I am not off the tracks after all”. You see when you don’t “follow the pack” you tend to sometimes feel like you are going down the wrong path or at least missing an opportunity. Now, I must admit I use all the major social media outlets including Twitter, Facebook, Squidoo, etc, etc. However, not for direct marketing. And, even though I publish new product releases on Twitter, analytics tells me no convertible traffic comes from that source or Facebook. My primary use of social sites is for building backlinks, but that is for SEO purposes. And, of course the added exposure. i.e. “branding” doesn’t hurt.

I believe that there are several fundamental principles that Kevin and over 500 responses ignored:

ONE – “The media must fit the product”
If you are pitching 6 figure enterprise rights management systems on Facebook – then, yes – social media is crap. But if you are pitching consumer/personal oriented products – like fitness, fashion and self-improvement – you are in the right channel. And even though they are at the long tail – do not forgot that even the geekiest IT managers are on Facebook and they are always in buying decision mode.

TWO – “Social software is not Social media”
It is a common misconception to confuse open undifferentiated/uncontrolled social media like Twitter and Facebook with social networking software which is used for the most serious and professional applications from catching terrorists to helping medical sales professionals interact with their doctor customers.

Social network software can be used in serious B2B domains leveraging the network effect to generate 10x customer contacts – since it works in parallel – not in serial.

THREE – “Better to market to targeted people than to undifferentiated keywords”
My own experimentation using Twitter to build B2B communities in a particular niche showed me dramatically that social media is 3 orders of magnitude more effective at generating leads than google adwords.

The reason is simple – people with well defined interests are much better targets than content keywords.

For my Israeli readers – הדבר היחיד שיותר גרוע מלהיות לא רציני זה לצאת פרייר.

I’m collecting data for a couple of articles on data security in social networks and ad-hoc mobile networks so I’ve been a little slow on blogging lately – so I’m down to general management and risk management stuff.

I think that cutting and running as soon as possible from unreliable business partners is an exercise in sound risk management.  Let me know if you agree after reading the following story.

I have an acquaintance, Eran Lasser who is co-founder and joint GM of John Bryce Training.  Back when I ran Bynet Software (a Microsoft distributor and ACS – Authorized Support Center), we did some training projects with Eran as we were launching Windows NT and later Microsoft Backoffice.

I reached out to Eran last week with some ideas for management level training courses in areas where I have some personal expertise – data security and more recently using social software for B2B sales. He asked their VP Business development, Ori Lapid to meet with me – and within a day or two a secretary made an appointment.  The morning of the appointment – the secretary called to confirm – I came in a few minutes early and waited patiently for Ori to start the meeting.

After 5, 10 and 15 minutes went by with the secretary giving me the usual disclaimer of “he will be with you in a few minutes” – I told the secretary that Ori’s 15 minute academic grace period had expired and I left.  I thought it was significant and also a vindication of my decision to walk out that neither the secretary nor Ori Lapid bothered to contact me and apologize for wasting my time.

This is  the epitome of what Israelis call “not being serious” or as they say in Israel.

הדבר היחיד שיותר גרוע מלהיות לא רציני זה לצאת פרייר.

After a discussion with a client today about privacy and data security in social networking, I started looking at physician portals and came across a fascinating post from Dr. Scott Shreve – Knowledge Prostitution enabling Aggregated Voyeurism: Is this a Business Model?

Voyeurism (voi-yûr’ ĭz‘əm) n.

1. The practice in which an individual derives pleasure from surreptitiously observing people.

2. Derives from the French verb voir (to see); literal translation is “seer” but with pejorative connotations.

The client told me that they were considering using a closed physicians’ portal to help market their products.  The business model used by closed, advertising-free, doctors portals (Sermo.com in the US or Konsylium24.pl in Poland) involves paying for market intelligence data collected from the “user generated content” in the community.   The tacit assumption is that physicians will talk freely inside a gated, advertising-free community.

Sermo.com kicks some of the revenue back to the users but the precision and recall of this market intelligence is not clear to me, considering the amount of noise in vertical social communities like Sermo and Konsylium24.pl and open social media like Facebook, Twitter and LinkedIn.

What is clear to me – is that there are data security and privacy implications when the community operator data-mines user-generated content for profit.  As a concrete example – a recent thread on Konsylium24.pl went something like this:

Doctor Number 1:

You know – Professor X is the KOL (key opinion leader) for company Y’s drug Z.  He says that drug Z is extremely effective for treating the indications of infectious disease Alpha.

Doctor Number 2:

Of course – Professor X is an acknowledged expert on infectious diseases, but he is also an expert on cash and knows how to do the math and add up the numbers…

I asked my client – “and for this kind of data, your parents sent you to medical school?

This took me back to the days of Firefly, Alexa, Hotbar and use of personal information as currency – collected with “collaborative filtering” and “automated inference” from people browsing the web.

Web 2.0 and social media seems to be going through a similar evolution as Web 1.0 – trying to monetize content by  data aggregation and analysis using “collaborative filtering” techniques.  This may have been a sexy looking business model for Venture Capitalists during the dot.com era, but in 2009 (5 years after Sermo.com launched) and a few months after their well-publicized breakup with the AMA; automated inference, knowledge prostitution and aggregated voyeurism may be  yielding to direct communications between people in B2B communities, social and professional networks.

Why peep through a window when you can just knock on the front door and ask?

My research article on “Social software – Reconstructing the market boundaries of pharmaceutical sales” was published on the rapidly growing UK healthcare site PharmaPhorum yesterday -  one of my first forays outside the data security space in a long time but a direction with a potential to make a big change in the way pharmas sell drugs:

Pharmaceuticals and Kirby vacuums: The last bastions of door-to-door sales?

A medical representative operates in the center of a “cluster”¹ of doctors that they personally know and meet with face-to-face. The power of social networking relative to conventional on-line marketing, stems from a social view of learning, where understanding is socially constructed, and the message we get is actually less important than whom we get it from.

Social and medical may be a perfect fit, but how will social influence medical sales?

Read more here

I think fragmentation of knowledge is a root cause of data breaches.

It’s almost a cliche to say that the  security and compliance industry has done a poor job in preventing data breaches of over 245 million personal records in the past 5 years.

It is apparent that government regulation is  ineffective in preventing identity theft and major data loss events.

Given: direct data security countermeasures go a long way;  data loss prevention and network surveillance work well inside a  feedback loop to improve security of systems, increase employee awareness and support management accountability.

However: I believe that even if every business deployed Fidelis XPS Extrusion Prevention system or Verdays Digital Guardian or Websense Data Security suite – we would still have major data loss events.

This is because a major data loss event has three characteristics:

1.Appears as a complete surprise to the organization
2.Has a major impact to the point of maiming or destroying the company
3.Event, after it has appeared, is ‘explained’ by human hindsight.

The root cause of the surprise is, in most cases, a lack of knowledge – not knowing what is the current range of data security threat scenarios in the wild or not even knowing what are the top 10 in your type of business.

The root cause of the lack of knowledge is fragmentation of knowledge.

Every business from SME to Global 2000 deals with security issues and amass their own best practices and knowledge base of how to protect their information.  But, the knowledge is fragmented, since business organizations don’t share their loss data, and the dozens or maybe hundreds of vendor web sites that do disclose and categorize attacks don’t provide the business context of a loss event.

Fragmentation leads to waste and duplication, as well as frustrating, expensive and sometimes dangerous experiences for companies facing a data loss event.

So what’s the solution?

With our clients, we see growing evidence that the more organized a company is with their security operation – having a single security organization responsible for digital assets, physical security, permissions management and compliance – the better security they deliver. What’s more, they may be able to reduce value at risk at lower costs due to higher levels of competence, knowledge and economy of scale.

The concept of sharing best practices  and  aggregating support so that companies of all sizes can access knowledge and support resources is not new, it’s a common theme in  industrial safety and Free Open Source worlds – to name two. I imagine that there are a few more examples I am not familiar with.

But what’s in it for security professionals? In addition to the satisfaction and prestige in helping colleagues, how about learning from the biggest and best practioners in the world; having access to resources to improve your own systems and procedures and having the ability to analyze the history of a data loss event from disclosure to analysis to remediation? How about having peers with a common goal of providing the best security for customers?

It’s time for policymakers and large commercial organizations to support organized security knowledge sharing systems, starting with compensation to employees and independent consultants that rewards high-quality, coordinated, customer-centric security  across the full continuum of security, not just point technology solutions or professional regulatory services. And it’s time for firms to recognize that sharing some data may be worth the benefits to them and their customers.

That’s my opinion. I’m Danny Lieberman.

Don’t ask me why, but I was invited (and joined) the Pakistan Networkers group on LinkedIn.  I see all kinds of cool job opportunities in the Emirates which I can’t really take but the traffic is interesting.

I saw this picture in a post today from the Pakistan Networkers group. It graphically describes the complexity of ObamaCare:  the Obama health care reform bill.   I then sat down and started to learn more about this proposed solution to the US health care system that will cost over a trillion dollars in the next 10 years.

The Obama Health plan and the problems the administration is currently facing getting it through Congress is second page news here in Israel (front pages this weekend in Israeli papers are how Obama and Rahm are throwing their weight around and dictating to the Jews where they can live and not live….)

I started reading about the House Tri-committee Health Care bill and my eyes started popping at the cost and complexity of the proposal. I then read the response of the Mayo Clinic – Mayo Clinic’s reaction to House Tri-Committee bill and I finally realized that just like in Cyber Security and data loss prevention – the Obama administration is more interested in compliance and big government than customers and health, safety and security.

I’ve been arguing for basing data security product purchasing decisions on value at risk and cost-effectiveness of the DLP product in reducing the value at risk of a data breach. Therefore, it is  obvious to me that the notion of a value-based decision is an important cornerstone in redefining health care – see a discussion on pay for value in health care in the open letter to congress

I first got wind that age as a marketing segmentation parameter was becoming much less relevant about 3 years ago when I paid a sales call to Castro Model ( a big Israeli fashion house with a chain of retail stores)  to try and sell them a data loss prevention solution from Fidelis Security Systems.  The sales pitch had something to do with protecting fashion designs and was based on common knowledge that there is a lot of design theft in the fashion industry.

I reported back to a female colleague at the office and I commented that the dresses I saw in the showroom seemed to be cut for young girls and would probably not fit her (she is nice looking, in great shape and 40 something…).  Very Bad Idea.

Mary told me – “never tell a woman that a dress is too small for her”.

Read more…

It’s the 9th Jahrzeit (annual anniversary) of my Mom’s passing away at age 76 from MSA (multiple system atrophy). There is a lot I can and probably should write about this but there’s no way back once you get MSA. My Mom was clear of mind but almost unable to speak properly towards the end and that was the hardest part I guess.  A year later, in 2001,  I  was kicking around an idea, with Dr. Nir Giladi at the Movement Disorder Clinic at Ichilov, of creating a community for care givers, patients and doctors in order to provide a support system that would integrate the transitions of care between the different specialists.  As Tim Rothwell from Sanofi-Aventis speaking about transition of care issues – candidly observed:

For those who have family members or friends who have experienced repeated encounters with the healthcare system, the only consistent thing they believe it delivers is confusion and, sometimes, flawed outcomes.’

We actually got as far as submitting a NIH-style grant proposal to the Michael J Fox Foundation for Parkinsons Research for a networked Palm-based device for sharing data collected by care-givers in order to provide a single source of data for the multiple doctors involved in care of MSA patients.  We thought it might be a good way to get past the ego and technical challenges in transition of care.  After we didn’t get funding – I moved on – by that time it was the previous hi-tech downturn and my mind was on other things I guess.

Therefore – it was gratifying (frustrating? for me to recently discover Patients Like Me which is precisely the community for care-givers, doctors and patients we needed 9 years ago. Great work guys!

It seems that the GFC is creating a movement of migratory hi-tech workers from Silicon Valley to the Beltway. I’m not sure that an unemployed IT security analyst turned hacker is the best choice for a defense contractor – the really good guys and gals are always in demand – and those DC summers are the pits. The weather in Mountain View is a lot nicer.

Daniel D. Allen, who works for Northrop Grumman, claims that federal spending on computer security now totals USD 10 billion annually, including classified programs. So there is a lot of lard in the pork barrel for cyberninjas who don’t mind the 95% humidity.  And with the recently publicized data breach of sensitive design and electronic systems data  from the $300BN F-35 Lightning II fighter project – there’s plenty of asses to be covered. Then again – with peace in our time looking to arrive by end of year from President Obama, we will not need all that hardware – I hear the beer is pretty good in Munich.

Here is the article on Presstv -

Military giants including Northrop Grumman, General Dynamics, Lockheed Martin and Raytheon are now busy with recruiting “hacker soldiers” to address the new demand for an unconventional cyberwar and in a way to blend the new capabilities into the nation’s war planning.

In my previous post I attempted to build an argument that “classical” consumer social media like Facebook is not a good fit for a pharmaceutical company due to the way they market innovative drugs.

Read more…