Chapter 3. Testing the Consumer (1/3)

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

3Chapter

Testing the Consumer

If you want to be creative in your company, your career, your life, all it takes is one easy

step…the extra one. When you encounter a familiar plan, you just ask one question,

What ELSE could we do?

Dale Dauten

Introduction

Security strategic plans impact every aspect of an organization

because every business process and every person in the organi-

zation is subject to the security policies and practices (standards)

adopted by the business.  is includes employees, contracted

staﬀ , partners, and suppliers, and extends to customers and shareholders as well. Understanding

how security applies to each of these entities is essential to the formulation of an eﬀ ective security

strategy. Without the input and support of these consumers, the plan is doomed to failure before

the ﬁ rst page is written.

Getting a handle on who are consumers of security services and products can be a bit daunt-

ing, especially when sorting through huge organizations that may have multiple sectors or business

units spread around the globe. At the same time, new business realities require a more systemic

look at the extended enterprise, the associated value systems, and the services and information

being accessed. As business processes are streamlined, new security requirements emerge from

internal customers, as well as external suppliers within the value system.

Other interesting challenges arise for security as both enterprise employees and customers

accept more responsibility for security. An article published by Javelin Strategy and Research

titled “Consumer Willingness to Share Responsibility for Security Allows Financial Institutions

to Cut Losses and Increase Proﬁ tability” discusses a 2009 report titled “Understanding Consumer

Willingness to Fight Fraud.”  e report states that consumers are not only willing to be involved

in security, but also are actually eager to partner with banks and credit unions to protect them-

selves from fraudulent transactions. Mary Monahan, managing partner and research director at

A satisﬁ ed customer is the best business strat-

egy of all.

Michael Leboeuf

TAF-K11348-10-0301-C003.indd 41TAF-K11348-10-0301-C003.indd 41 8/18/10 3:03:08 PM8/18/10 3:03:08 PM

42 ◾ Security Strategy: From Requirements to Reality

Javelin, states, “Eight in ten consumers view security as a shared responsibility, and since more

than half of all consumers choose a payment company based on safety from fraud, banks and ven-

dors can use this to determine how to market their products more eﬀ ectively.” As we have stated in

earlier chapters, security is now part of many businesses’ organizational brand and requires careful

management. In this chapter we will discuss how security groups can clarify, deﬁ ne, and prioritize

consumer segments to better understand how to satisfy the multitude within an extended enter-

prise that interacts with the governance and service functions provided by security.

Deﬁ nition of Consumer. In this book, we use the terms consumer and customer in a general

sense.  e terms refer to those external entities that purchase products or use services from the

organization as a whole, as well as those external or internal entities that use the services of a

business unit within the organization. Examples are business units that use security services and/

or products and are subject to security governance.

In the context of this chapter, we regard any party directly impacted by security strategy as

a consumer of the security strategic plan. Parties that are not within the organization’s security

management purview are not customers but may be indirectly impacted by strategic plan require-

ments. For example, a service provider may be required to have a certain certiﬁ cation.

Deﬁ ning the Consumer Buckets

Deﬁ ning and prioritizing the consumer groups you are serving will help deﬁ ne the initial frame-

work for the customer input portion of the security group’s strategic plan. Security leadership

can improve overall strategic decision making by including key consumer data in the analysis

portion of strategic planning. By clearly deﬁ ning your customer base, collecting key customer

information, and analyzing it, the security group can incorporate quality customer input into their

strategic planning eﬀ orts. Evaluating the extended enterprise to identify who will consume what

part of the security’s services, products, and governance helps create a clear understanding of who

your customers are. Security’s planning for creating customer value and satisfaction depends on

a clear understanding of how the operational reality of security will apply to each element of the

extended enterprise entity (i.e., operations, procurement, IT, enterprise customers, and suppliers).

In this chapter, we will look at several enterprisewide approaches to capturing and analyzing cus-

tomer data and the role that security may play in those enterprise eﬀ orts. We will also look at more

immediate techniques for gathering customer information speciﬁ cally for security.

We will also review the philosophies and tools of customer data analysis, discuss the challenges

in utilizing that data, and examine some of the processes and methods that can be used to incor-

porate quality customer information into your strategic planning. We will also consider some of

the questions that arise for the security practitioner engaged in customer data creation.

What Historic Issues Are We Trying to Resolve or Avoid?

By better understanding the enterprise-level approach to customer data and how a security group

can utilize it to better understand the requirements of its own customers internal and external to

the enterprise, security can help itself and the enterprise move toward a more successful future.

Too often the security group makes assumptions about its compliance role in an organization

without taking into consideration the impact of its actions.  e result is often unintended con-

sequences in other parts of the system that greatly aﬀ ect eﬃ ciency, productivity, and satisfaction

with the overall system.  e compliance role of security can become exceedingly egregious to

TAF-K11348-10-0301-C003.indd 42TAF-K11348-10-0301-C003.indd 42 8/18/10 3:03:08 PM8/18/10 3:03:08 PM

Testing the Consumer ◾ 43

other organizations without good communication between security and internal as well as exter-

nal customer groups.

What Are the Challenges?

One thing is certain: Customer groups want security to do a better job of making the security

management function transparent to the business processes it supports and to better control oper-

ational costs.  is wish poses some signiﬁ cant challenges for any security group trying to maintain

the safety and security of the enterprise, especially in light of the massive supply chain integration

taking place as a result of a true global economy.

There are many approaches to acquiring and analyzing customer data, as well as recently

developing trends. We will review two recent enterprise trends for achieving a better under-

standing of customers: Customer Value Management (CVM) and Customer Relationship

Management (CRM) practices. CRM is the broader of the two approaches and is used by

many enterprises that are involved in business-to-business (B2B) types of tranactions. On

the one hand, CRM helps organizations better target a message to broad groups of people.

CVM, on the other hand, creates tools that attempt to model the psychology of value to help

an organization better understand why their clients buy from them. Both of these approaches

to consumers at an enterprise level will have an impact on security domains for several rea-

sons; first, much of the information generated in any of these domains must be kept secure;

second, security is often a consideration in the customer-facing aspects of relations manage-

ment; and third, IT functions are at the heart of creating and maintaining these systems.

While CRM and CVM are actually processes, they are driven by the technology and soft-

ware applications that allow them to be integrated into many different types of companies.

As companies employ these practices, they impose additional demands and requirements on

IT functions for implementation, maintenance, and security. Protecting the customer data

generated and the overall business is crucial to the success of these applications.

Customer service is not a department, it’s an attitude.

Unknown

Customer Relationship Management (CRM)

Another buzzword, especially in the information technology industry, has been Customer

Relationship Management or CRM. CRM is a form of or subset of Enterprise Relationship

Management (ERM). In TQM magazine in an article titled “Success in the Relationship Age:

Building Quality Relationship Assets for Market Value Creation,” Jeremy Galbreath (2002)

describes ERM as a process or approach designed to harmonize and synergize the diﬀ erent types

of relationships that a ﬁ rm engages in so that the ﬁ rm may better realize signiﬁ cant targeted busi-

ness beneﬁ ts. Lots of companies have built quite sophisticated CRM systems in the last decade

or so, ranging from Starbucks, IBM, American Airlines, Blue Cross Health Care, and others. In

addition, start-up companies are quickly adopting, adapting, and integrating CRM into their

strategies.

Companies are now looking at how CRM can help make them more successful by providing

an extensive customer information database that Sales, Marketing, Service, and other depart-

ments can use in a variety of ways to better serve the customer. CRM starts with a basic business

TAF-K11348-10-0301-C003.indd 43TAF-K11348-10-0301-C003.indd 43 8/18/10 3:03:08 PM8/18/10 3:03:08 PM

44 ◾ Security Strategy: From Requirements to Reality

policy focused on the customer and then redeﬁ nes company policies, processes, and procedures

based on understanding its current customer base, what satisﬁ es them, and what it will take to

attract new customers.

 e theory is that changing your business model to a customer-centric one will help your

company become more proﬁ table by gathering customer data that helps you satisfy their needs.

 e security function is an important aspect of an enterprise that is moving in this direction. For

instance, as company processes become more customer-centric, security can help a company avoid

costly mistakes by providing security policies, processes, and control measures designed to ensure

the conﬁ dentiality of customer data, including document-shredding requirements, clean desk/

locked cabinet policy, and customer data accountability for terminated employees.

Although CRM originally started as a category of software tools, this discipline has grown to

include a companywide business strategy approach, including all customer-facing sectors of the

greater enterprise. Implementation of CRM can dramatically impact the revenues and success of a

company. A CRM approach changes the way marketing, sales forces, and customer service sectors

do business through analytical capabilities integrated throughout these organizational groups.

Software vendors such as Oracle, Microsoft, SAP, Amdocs, and Salesforce.com are designing

CRM software and systems for the marketplace. A most notable trend has been the recent growth

of tools delivered via the Web, particularly the development of cloud computing, which drastically

reduces the costs of utilizing a CRM approach in small and medium companies. Companies like

Google, Signals, Zoho, Dropbox, and MailBigFile are rapidly developing cloud services that allow

business to save time and money in CRM applications.

In companies that are utilizing CRM data, it is important to have security policies in place

before CRM is made fully functional. It is also important to create security policies for the

customer that are clear, respectful, and nontechnical and provide easy access to help informa-

tion. In a holistic approach to CRM, security will want to work with the entire value chain from

subcontractors to the customer to ensure secure processes and seamless policies throughout the

value chain.

In a recent Enterprise Security Today article titled “Protecting CRM Customer Data Requires

Vigilance,” Sanjeet Mall, a CRM architect at SAP, is quoted as saying, “Companies should con-

sider the issue of CRM and customer data security critically important, and this is true for com-

panies of all sizes…. Considering the regulations around customer information plus the value of

keeping it secure, companies really need to think about security as part of a holistic IT governance

strategy…. CRM is just one application, but customer data lives in many parts of an organization,

typically connecting to ERP or ﬁ nancial systems, supplier management systems, or even living

outside the company if in a CRM on-demand solution, and so on.”

 e lessons learned so far in companies that have begun to implement CRM are the need for a

clear strategy, risk assessments, beneﬁ ts analysis, and cost quantiﬁ cations in these areas: processes,

people, and technology. Poor planning, adoption, implementation, integration, and lack of a solu-

tion focus can create disappointing results.

Customer Value Management (CVM)

Many groups have been looking at Customer Value Management (CVM) as the next strategic

step in better utilizing customer data. Companies are looking at how CVM can help their orga-

nization make better use of their CRM strategies and programs.  e premise of CVM is that a

company must develop the right strategy for attracting and keeping the right customers by pro-

viding better value for them than competitors can.  is requires the entire company to focus on

TAF-K11348-10-0301-C003.indd 44TAF-K11348-10-0301-C003.indd 44 8/18/10 3:03:08 PM8/18/10 3:03:08 PM

Testing the Consumer ◾ 45

how it contributes to the market’s perception of the value it creates for the customer. Companies

also determine which customers have the highest value for them so that they can better manage the

value they receive. It is important to remember that an organization has to create value in order to

take value.  is requires an understanding of the “Value Proposition” your organization is making

to its customers. A Value Proposition is a clear summary of why a customer should use a product

or service you oﬀ er. It is a tangible description of the business results you oﬀ er. When companies

adopt a CVM approach, customer service becomes a portfolio rather than a ubiquitous and stan-

dardized service or product approach.  is helps companies better manage the assets they have at

their disposal to bring the greatest value to the organization. Metrics regarding CVM typically

come from three sources:

1. Short-term cash ﬂ ow

2. Long-term growth options

3. Risk management

To be useful, customer value data must be segmented by customer group, especially if the

organization supports very diﬀ erent types of customers. Customer value has become a primary

input for strategic planning, and is tied to operational plans and performance measures. Some

best-practice organizations have also begun to tie customer value data to employee satisfaction,

market share, revenue growth, and proﬁ ts.

Recently, customer data collection and analysis has trended away from customer satisfac-

tion-based metrics to customer value metrics. Customer satisfaction metrics are now a subset of

customer value. Customer value data point to what customers value about your organization’s

products and services such as price, responsiveness, ease of use, and customer service.

Regardless of the methodology currently utilized by your security group, it is important to

systematically evaluate who are your consumers, stakeholders, or customer groups. What value do

you provide for them? How do you know what they value about your organization? What infor-

mation do you have about them? How are you integrating that information into your strategic

planning? How do you plan to get better information?

You can see that a CVM approach makes data a strategic company resource that helps them

make better and more informed decisions. As customer data is accurately identiﬁ ed and ranked

around customer characteristics and behaviors that have the highest impact, a company can lever-

age that data across the entire enterprise to decrease risk and increase proﬁ tability and customer

value received.

When Should You Collect Consumer Data?

 ere are several critical junctures in the strategic planning cycle when customer input needs to be

gathered and integrated into the overall strategic planning processes for a security group.  e ﬁ rst

critical juncture includes the following data points:

1. An analysis of the industry and market forces

2. A risk analysis of current and emerging risks

3. An analysis of the organization (i.e., a SWOT—Strengths, Weaknesses, Opportunities, and

 reats—analysis)

4. Integration of feedback from stakeholder groups and program evaluations (customer groups

are key stakeholders)

TAF-K11348-10-0301-C003.indd 45TAF-K11348-10-0301-C003.indd 45 8/18/10 3:03:08 PM8/18/10 3:03:08 PM

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Chapter 3. Testing the Consumer (1/3)

Create new playlist

Sign In

Sign Up

Table of Contents for
Chapter 3. Testing the Consumer (1/3)