David Norfolk, the Editor of the Bloor MiniMag TRUST edition says: - trust in me

Written By:
Published:
Content Copyright © 2017 Bloor. All Rights Reserved.
Also posted on: The Norfolk Punt

Bloor sees TRUST in terms of the emerging “Mutable Enterprise”, the Enterprise that is in a constant state of change because it recognizes that evolution is essential to its success (and, ultimately, its survival) in a constantly evolving business environment. Trust therefore encompasses aspects of:

  • Identity;
  • Governance;
  • Quality;
  • Security; and,
  • Resilience.

When employees, business partners, regulators and customers are operating in a mutable (changing) environment, it is essential that they can TRUST this environment not to give them unpleasant surprises and to operate generally in a way that makes sense to the business, its customers, and its regulators, at any point (obviously, the semantics of “making sense” will change as the business evolves).

This implies that TRUST is not primarily about Technology, it is more a People and Process thing, although well-chosen technology is an enabler for TRUST. TRUST is a characteristic of an effective, well-governed, mutable culture and isn’t an end in itself but an enabler of the effective Mutable Enterprise. TRUST certainly isn’t primarily “Governance, Risk and Compliance” although good process and data governance, resilient business-continuity capabilities, effective risk management and achievable compliance are by-products of building a TRUST culture in the Mutable Enterprise.

The first stage of achieving TRUST is for the top management to promulgate ethical business standards, transparency, and avoidance of “blame culture” throughout the organisation. The organisation will need a quality culture, promoting “fitness for purpose”, not just for its business systems but also for its reporting and management systems, if it is to survive and prosper as a Mutable Enterprise.

The second stage is to use technology to provide effective governance of resources. In essence, if you don’t know what is essential to delivering your business services (not just IT but also data, manuals, contracts, SLAs, key people and so on); where this stuff is, who is responsible for it, how it is configured; the relationships between this stuff and the business services it supports; and how it is changing (or going to change) in, potentially, near real time; then it is hard to see how you’ll operate with a culture of TRUST (see my further thoughts around this here).

The Mutable Enterprise has lakes of data, many apps, visualisations for predictive analytics and decision support, agile teams, and so on, all (in the end) contributing to managing constant change so as to deliver desirable business outcomes. The stakeholders in this Mutable Enterprise have to be able to TRUST their infrastructure and the data in it, even as things change – which means that there is a need for Configuration Management (in the true, business, sense, as in the book I co-authored here, not in the crude “version control for code” sense) and effective “data science” governance of the data and metadata used in the organisation. And, of course, you need to be sure of the identities of the people accessing your systems in real-time; of the security of your systems and data; and confident that your systems will be available (resilient) when people need them, regardless of any contingencies that arise.

Finally, you may notice that GDPR (the General Data Protection Regulation) features in many of the articles in this issue. GDPR is an exemplar of the sort of issue that is quite manageable if you achieve effective TRUST – and a potential disaster if you don’t. GDPR features partly because our magazine reflects what Bloor analysts (and their customers) are finding interesting now and partly because GDPR is about data subjects giving consent for the use of their PII (Personally Identifiable Information) for well-defined purposes – and that implies a good degree of TRUST. But don’t go away thinking “I need my customers to trust me, I’d better address GDPR pronto”. Build a TRUST framework, for all your stakeholders, in the context of your Mutable business, first; and then you’ll find it easier to get informed consent for the use of PII for specific analytics purposes. You’ll find it easier to demonstrate that you’re in control of GDPR, for the regulators, too. And you’ll find a similar situation around all governance-related initiatives.

TRUST is a holistic support for the Mutable Enterprise as a whole; yes, it helps with addressing GDPR (and security generally, amongst other things) but GDPR compliance, for instance, is just one welcome side benefit from the TRUST endemic to an effective Mutable Enterprise.