Kevin: Hi everyone. Welcome to The Vault – Crown Records Management’s digital transformation podcast series. My name is Kevin Widdop, I’m one of the digital transformation consultants within Crown’s consultancy division. On today’s show is Ian Dudley, IT Director of DriveTech, UK. The UK’s largest provider of driver offender retraining courses. Welcome to the show, Ian.
Ian: Hi, Kevin.
The changes automation has brought to the market
Kevin: Ian boasts a 20-year record of team leadership delivering technology change, IT and digital strategies. Ian, in your role as Head of IT at DriveTech UK, the world leader of fleet risk and safety management, what’s keeping you up at night?
Ian: Well, I’ve only been at Drive Tech for a couple of months so I’m still in discovery mode but every IT director worries about whether the service will be on, whether the services will go down, KPIs, SLAs and all that kind of stuff but you get used to that, that’s the job, so that doesn’t keep me awake.
When I think about stuff that would actually give me more concern, it’s about how the market is changing because of new technologies and digital. So new startups that are automating things and delivering things more cheaply, to be blunt. They’re putting automated solutions in so what used to be resource-heavy solutions are now becoming automated solutions and that drives the price down.
At the same time, customer expectations are rising constantly. Everybody’s used to having very rich experiences on their smartphones in their personal life and that’s driving expectations of what you as a company and you as an IT function need to deliver.
In many areas, you’re seeing the money that you can charge for a service going down but the expectations of what you deliver going up.
There’s a big crunch there that if you can’t get ahead of means there’ll be trouble down the road. So that’s what worries me about almost any business. How’s that crunch going to affect us in the coming years?
Presenting the business case for any new technology
Kevin: I saw on your LinkedIn profile last night that you talk a lot about how IT drives competitive advantage. There must be many an IT director out there who is requesting budget only to be told by the business they can’t have it, there’s no clear business case.
How have you harnessed IT to drive competitive advantage and really get IT transformation projects over the line within the business?
Ian: I think actually the question contains the answer. When an IT director is being told you can’t have budget because you don’t have a business case, that’s right. We shouldn’t have money if we don’t have a business case.
Something that a lot of people in IT lose sight of is the reason we exist is to support the business, to allow the business to sell more, to earn more revenue, to earn more profit, to be a successful business. That’s why everybody is in business. Businesses that don’t make money, don’t survive. Everything that everybody does in a company should in some way feed into that objective.
So if you’re trying to get budget to do something in your IT function, it has to have a business reason, it has to deliver benefits, it has to reduce risk and it has to make operations more effective. And you need to understand that.
That’s how you can really deliver change by understanding not what the technology can do but what the technology will allow the business to do.
That’s where you can go and talk to an MD or an FD or anybody else and say, “If you give me half a million pounds to put these systems in, I will deliver a solution to you that will make you cost savings or allow you to access new markets or allow you to release new products or make you more profitable.”
It becomes a return on investment question which every MD and FD will understand. They’ll say, “Oh OK, that system pays for itself in three years. Yes, we’ll have some of that, thank you very much and here’s the investment.”
Or they’ll say, “Actually, it’s a nice idea but the ROI isn’t quite high enough so we’re not going to give you the budget but thanks for coming to us.”
And they won’t then expect you to deliver those things so you won’t get into that horrible crunch that many IT departments get into of being asked to deliver all the stuff without any of the money.
You either have both or you have neither. The advice is absolutely to understand what it is that your technology is going to do.
You don’t do projects because of technology, you do projects because of what the technology will do for the business.
Practical examples of justifying the technology
Kevin: Are there any anecdotes, Ian, that you can give us that can tease that out for our audience of IT practitioners, records managers and everyone in between?
Ian: Almost every project because this is the essence of what makes projects work. Interestingly, it’s also a great way of seeing which projects you shouldn’t do. The example that I come to many times are CRM systems.
There’s been many a time when I’ve had a salesman come to me and say,
“We need a CRM system, we’ve got to have a CRM system.”
I reply, “OK yes, we can deliver a CRM system. What’s it going to deliver for you?”
“Oh well, we’ve just got to have one. Every company’s got a CRM system. You can’t sell without having a CRM system.”
“OK, so what’s it going to do to increase our sales? Will you do a 10% increase in your sales next year?
“Oh well, I’m not sure I’d want to sign up for that.”
“Well, are you going to make more profit on each of your sales next year?
“Well, I wouldn’t want that in my budget targets.”
“So what you’re saying is, “We’re going to spend a lot of money to give you a CRM system and you’re going to sell the same amount for the same profit? “Why would we do it? It doesn’t make any difference.”
They get a bit uncomfortable at that point but then you can get into a structured conversation.
So you can start talking about in the following way,
“OK, if you’ve got a field sales fleet who are going around visiting customers and you’re going to put in a good CRM tool that’s going to look at their patch, look at all their customers and give them route planning and give them the most efficient way to do a routine visit to all their customers.
Well, because you’re now travelling more efficiently, instead of seeing five customers a day, you’re now going to see six customers a day so for the same amount of resource you’re going to get 20% uplift in the number of customers that you see. Well, that should feed through to more sales, shouldn’t it?”
That’s where it makes sense.
And that’s when you then say, “Well, if we’re going to see a 20% uplift in sales, the return on investment on the CRM system is x months or years.”
It’s very, very easy to sell a system that way but when you’re selling a system on the “Well, we’ve just got to do it because…” those are the cases that are much harder to sell.
Understanding what digital transformation means for your business
Kevin: Thanks very much for that overview. To some extent that leads into my next question which is all about digital transformation. On a previous episode, one guest described any organisation where IT reports into the Finance Director as not being ready for digital transformation. First of all, what’s your view of digital transformation readiness?
Ian: I think part of the problem with digital transformation and the whole digital subject is that it’s such an immensely broad topic.
It’s not one singular technology, it’s not one thing that is happening, that is transforming businesses. It is a multitude of things that are happening and in fact, in most cases, it’s the combination of two or three of those things that are really making the difference. So it’s mobile internet connectivity, the Internet of Things, drones and a bit of machine learning.
If you put all these things together you get some really cool autonomous system that can go and do warehouse stock checks but if you’re not in the warehousing business that’s not what digital transformation is for you.
If you’re in a data company and it’s all about your data and your records, maybe cloud-based, Big Data, DLP is your digital transformation. A completely different set of technologies but they all come under this umbrella of digital transformation.
So a big part of being ready for digital transformation is actually having an understanding of what it means to your business.
There are a million salespeople out there trying to sell you digital solutions and every single one is trying to sell their digital solution. Of course, they are!
You have to understand what’s the one that’s right for you and it comes back again to what matters to your business, how you deliver benefit to your business and then finding technologies, particularly innovative technologies that could really feed into that.
Using the technology to drive a competitive advantage
Kevin: Excellent, fascinating stuff. And what does successful digital transformation look like from your point of view?
Ian: In my view, successful digital transformation and success overall for an IT dept. is that you become a competitive advantage to your business.
Your business will grow faster, sell more, make more profit, and be more successful than your competitors because of your technology. In a very great many businesses, their IT actually holds them back.
I hear a very common message when I talk to companies. They would love to do more but their systems can’t scale or they can’t expand in the way they need to do or they can’t get the efficiencies in their systems so their IT is actually holding back their ability to grow and sell and break into new markets.
As an IT director that’s the worst place you can ever be because you’re the reason the company can’t make all that profit. You need to turn that around. Your salespeople are out there saying we’re better than the competition and we’re better because of our technology.
To me, that’s what success means, particularly in this day and age when every business is infused with technology. There’s so much capability and capacity out there, and things that you could do if you can just tap into that.
There are very few businesses that can’t make themselves more competitive by the use of technology.
As an IT leader that’s your job, to find that and deliver it.
The changes post GDPR
Kevin: Thanks for elaborating on that and painting that really vivid picture. So just over a year on from GDPR now, what’s really changed?
Ian: We’ve just seen Google hit with a massive fine for a GDPR breach so I think in terms of the follow-through changes that’s just starting. They’ve just gone out with their hunting rifle and they’ve got their first couple of heads so it will be interesting to see how that flows through down the years.
But to be honest, the biggest change that GDPR was driving has already happened which is that so many companies have become compliant.
The big story for me with GDPR is not that it is a whole load of new rules and regulations or a whole load of new targets that you have to meet. If you really look at it, the majority of the things that GDPR makes you do aren’t actually any different from what the old DPA legislation made you do.
There are actually very few differences except that the size of the hammer they hit you round the head with when you don’t do it, is much, much bigger.
The reality in the old pre-GDPR days was that there were a lot of companies, especially in the SME sector that were just ignoring DPA. They were completely ignoring it because it was unlikely they were going to be found out and if they were, the fines were lower than the cost of compliance. So they just weren’t bothering.
The big thing that GDPR has done has scared the pants off Chief Executives everywhere when they see the size of the fine that they could be hit with so suddenly they’re invested in making these things happen.
So I think most of the benefit of GDPR is for companies that weren’t compliant to get themselves up to a basic level rather than people moving to some new target that’s been set. I don’t think that’s been the big story here.
The balance between security and usability
Kevin: It’s interesting, GDPR and compliance really speak to this unstructured data headache that is an IT director’s worst nightmare, in my opinion. That unstructured data piece is now a route for hackers, cybercriminals to get into the prize, i.e. the personal data estate of any one organisation, according to Forbes magazine.
On the big unstructured data problem, how worrying is that for a digital leader such as yourself?
Ian: It’s always worrying. Increasingly these days, you have got to have good data control, good data protection, and good security and not just for GDPR reasons.
I spend a fair chunk of my life these days with new customers sending me security compliance questionnaires that we have to fill out before they’ll do business with us. It is becoming part of the language of business that you have to do these things and do them well. That’s before you even think of the impact if you actually have a breach.
Looking specifically at this issue around structured data, I think one of the things that often gets lost in the mix in this security question, is that there is usually a reason why people are taking that structured data and putting it into a Word document or an email or something like that.
Data exists so that the business can use it and the business has to use it.
Too many times in security, people want to lock everything into a safe, bury it in the ground and cover it in concrete so it’s totally secure. That’s great but no one can use it anymore. So you’ve actually lost all the point and value of that data and indeed you’ve probably stopped your business from working.
What’s necessary is to find the compromise between these two things, because there’s always a compromise.
Maximum security means minimum usability and vice versa.
What I think is fascinating are some of the things that are going on in the DLP space, where instead of having a security perimeter around your entire organisation, you start putting the security perimeter on the particular document.
This is particularly true in cloud-based document storage solutions. You say this particular document has got personal sensitive information, this particular document cannot leave the United Kingdom, this particular document can never be emailed or any other rules you want to put around it. Then your systems enforce those rules on that particular document.
So if someone tries to email a document that’s not allowed to be emailed, you send it instead as a SharePoint link or some other cloud storage solution. Then, when someone tries to access it they’ve got to go and authenticate and you check the rules and see whether they’re allowed to look at that document. If they’re not, they don’t. Rather than it being something that is ferrying around from server to server on an email system. That means you’ve now got the absolutely tight control you need over that document but it means that all the other documents that aren’t perhaps quite so important, aren’t controlled so well.
You make the data useable. You allow people to get on with their work and get on with their lives.
This is essential because if you make the security too oppressive if you make it too hard, people will just circumvent it. They’ll go and print the document and they’ll carry a paper copy out. They’ll print the document, take it home, scan it and then email it from their home email address. There are a million ways people will circumvent overly tight security, usually in ways that are far less secure than if they’d just used the basic systems.
So you’ve got to find that balance point betw0een usability and security and technology is a great way of bridging that gap.
Avoiding a jigsaw pattern of security
Kevin: Excellent. So what’s your take on the measures that a well-oiled machine should be taking out there to avoid a data breach?
Ian: The key thing with security is to be proactive and be secure by design.
I actually did a survey of small businesses a few years ago as part of my Masters’ dissertation, looking into what their view of security was and what the reality of their security was and what I expected to find was that they were all completely oblivious.
Actually, most companies were very aware of the security requirements and they were doing quite a bit of work to meet what they thought it was but what they were doing was following the questions that were being asked of them. So they were following customer audit requirement questions and following certification audit requirement questions and very specifically putting security in to answer those questions which meant it was reactive.
What you ended up with was a jigsaw pattern of security which was being driven by what question they’d last been asked and in certain patches, it was really, really high. But then you could go ten feet to the right, where no one had ever asked about that thing before and it could be wide open.
That’s not how you have to do it. What people should be doing instead is saying, “Let’s design all of our systems to be secure because security is an end of itself.” Then, audit requirements and certification requirements and customer requirements are easy. They just flow straight out. It’s a paperwork experience so you turn the whole equation around.
The objective is to be secure and once you are secure all of your audits should be much easier rather than allowing your audits to drive your security processes.
Kevin: Ian, thanks so much.