Friday, August 17, 2018

Why IT leaders need to meet the needs of the hourly worker

This post was also published in

Hourly employees are frequently overlooked in IT strategy — but often present the highest case for return on investment.

In IT decision making, the core stakeholder of a business system is typically the business function. The finance department selects the finance system, the human resources department selects the HR system, and so on. Downstream from these decisions, regular employees are then frequently confronted with Byzantine systems.

This issue is particularly pronounced for hourly workers, who are rarely considered when building and investing in work systems. At many large and midsize companies, hourly workers use a variety of non-intuitive legacy systems to perform functions like submitting timesheets, scheduling shifts, and looking up inventory.

The business challenge of integrating hourly workers

Hourly employees are usually the most underfunded in terms of IT spend, but often present the highest case for IT return on investment. It typically takes over a week to train an hourly employee in the systems and processes for their job, which quickly adds up when you factor in seasonal employment and typically high turnover. Once an hourly employee is on board, retention quickly becomes an issue, too: A recent study by Unisys of 12,000 workers showed that workers at companies considered to be technology laggards were 450% more likely to want to work at a different company.

Finding, training, and retaining hourly workers can quickly add up in costs that far outweigh the cost of modernizing systems. To solve this challenge, and increase retention while reducing onboarding and training time, IT can look to improve the specific tools that hourly employees use from each system.

For example, one of the biggest pain points for hourly employees is being burdened with using legacy applications, often from character-based terminals, in order to do their jobs. While it used to be incredibly expensive to upgrade those systems, a new wave of application modernization tools offer specific workflows with single-function micro apps. Reviewing the common tasks performed by hourly workers and partnering with the line of business on how an IT investment is optimizing each specific workflow can result in increased efficiency which can unleash profound results in both hourly employee satisfaction and productivity.

Let’s look at the challenges that hourly workers face and specific areas that IT can focus on to give these employees the work tools they need to succeed.

Scheduling and time sheets

The most popular mobile applications for hourly workers are those that provide shift planning and time management. Many businesses still require hourly employees to call into a help desk to change shifts and even use paper to submit timesheets. Time sheets can be particularly onerous especially for remote workforces that are out in the field.

Providing mobile apps so that hourly employees can easily perform these simple tasks is a huge step forward for both hourly employee satisfaction and business efficiency.

Device access and compliance

Hourly workers have very unique compliance requirements that vary significantly by jurisdiction. Although providing mobile access to IT systems from personal devices seems like an obvious and simple solution given the popularity of BYOD (Bring Your Own Device) for salaried workers, many jurisdictions have restrictions on the types of information that can be accessed by hourly workers depending on the situation.

For example, oftentimes it is critical that access to certain systems be limited by whether or not an employee is on the clock. Other apps, like those that enable workers to change a shift or request time off, are not giving employees the ability to do actual work on their devices while they are off the clock and thus can be made available anytime. In addition, many jurisdictions require businesses to provide alternative devices such as a company-owned desktop computer so that using a personal device is optional. No matter the requirements, investing the time and effort to ensure hourly workers have access to the tools they need to be successful will help them become better integrated into their organizations.

Application access based on identity

Many companies use separate identity systems for hourly employees rather than the same Active Directory or LDAP used by salaried employees. Hourly employees are typically provisioned in a separate database with an obscure username and password based on name, birthday, and parts of their Social Security number. This separation took place years ago, when maintaining identity systems like Active Directory and LDAP was expensive and cumbersome, and had many associated help desk costs like employees calling in to reset a password.

Today, however, modern identity servers are far cheaper to run and there is no longer a need to maintain a separate, complicated system for hourly employees. Consolidating onto a common system saves IT money and provides hourly employees with a login similar to the full-time employees.

Once hourly employees have a company-standard login, they can access common business functions like email and corporate portals. This helps hourly employees become a part of the team and better enjoy the corporate culture.

Providing access to portals enables hourly employees to access information about the company and benefits like any other employee. It also helps HR publish content specific to hourly employees the way they publish content for other employees, directly into the content portal.

What’s next? Rip and replace vs. embrace and extend

With a better understanding of how to cater work systems for hourly workers, the question is: Should you rip and replace your current work systems? Or should you embrace and extend? It’s an age old question in IT. At this point, many systems are so sedimented and intertwined with other systems that it is incredibly expensive to replace them.

To improve the digital lives of hourly workers, IT should instead have a flexible approach. Some tasks such as shift scheduling can be fully replaced with apps like Humanity or Kronos that can then export back into your existing systems. Other tasks that are more specific to internal applications can be extended with micro apps. Regardless of the approach, it’s important to keep an open mind and evaluate which method provides the best time to value and return on investment.

Friday, June 08, 2018

Seven tech trends that will destroy globalization

This post was also published in CNBC.

Over the past few decades, globalization has bound countries together into a global supply chain encompassing finished products, parts, agricultural products, food products and energy.

But a commingling of seven well-known tech trends will soon make it inconceivable to manufacture a product in China, ship it 7,000 miles to Long Beach, and then truck it 700 miles to Salt Lake City to be placed onto a Walmart shelf. With projected continual improvement in each of these seven tech trends, a large majority of global trade could cease very shortly.

1. Automated manufacturing

A fundamental basis of outsourcing manufacturing is that decreased labor costs outweigh the shipping cost. But thanks to more automated assembly lines, we are very close to the tipping point in employee productivity where the shipping cost will outweigh the labor savings of offshore manufacturing.

It's not a coincidence that multinational companies are suddenly pulling manufacturing back into the U.S. Rather it's the culmination of years of acceleration in manufacturing automation, ranging from textiles to factory lines. As Tesla found out the hard way, we are not quite at the point of fully automated manufacturing – but the rate of automation is accelerating.

2. 3D printing

The global supply chain prides itself on shipping just-in-time parts as needed, using airplanes instead of warehouses. But that's no longer necessary if it's cheaper and easier to manufacture parts locally.

3D printing has long been a hobbyist fascination, but the technology can now print metal and is increasingly capable of producing parts such as Ford car parts and Airbus plane parts. Today 3D printing can print entire products such as Adidas sneakers or backpacks, and are being mass printed with equipment from companies like Carbon. Even complicated products like rocket engines are being 3D-printed.

3. Vertical farming

The current technology behind global agriculture was driven by the fear that overpopulation would lead to mass starvation, culminating in genetically modified foods and an escalating war between pesticides and pests. Food has also been globalized — in the past few months, I have purchased California pistachios in both Saigon and Prague.

Companies like Plenty and Infarm are building full-scale local vertical farms that can grow a variety of produce locally, regardless of weather conditions or season. Vertically farmed produce can be either exotic varietals or local favorites, does not need to be engineered to reduce spoilage during transport and is incredibly water efficient.

4. Lab-grown meat

Meat products constitute a large portion of global trade, ranging from Australian lamb imported to the U.S., to U.S. pigs being exported to China. Factory farming is incredibly efficient economically, but it is wasteful environmentally and disease prone.

Lab-grown meat is still in its early days, and is very expensive (although the price is dropping fast). I had the pleasure of sampling "beef" tacos made by Impossible Foods. When cooked and seasoned correctly, Impossible Foods' meat — impossible as it is to imagine — is indistinguishable from real meat and is available today.

5. Clean energy

The infrastructure for large electrical grids that span countries is expensive and power is degraded when it is transmitted.

Meanwhile, energy produced by solar and wind is fast becoming a large part of new energy production. Solar density is increasing at a pace similar to Moore's law and wind turbines and batteries to store the capacity are also becoming increasingly cheap. Combined with local battery storage, the need to transport electricity across long distances is beginning to diminish.

6. Fracking

Hydraulic fracturing can be considered an environmental nightmare, however it is helping to make the U.S. energy-independent. There are over 250 million passenger cars and trucks in the U.S. which are not going to be replaced by electric vehicles overnight, and in the meantime will need gas. The plastics industry relies on petrochemicals that now no longer need to be imported. Natural gas is a very clean byproduct of fracking.

So while fracking is not a long-term technology, it is a short- and mid-term technology that is sharply reducing oil imports for countries that are willing to sacrifice a localized section of their environment.

7. Internet firewalls and filter bubbles

The internet, once a great unifier, is being increasingly fragmented across countries. It is no longer certain that users can access anything from anywhere or that internet companies can have global reach.

China has strict firewalls that block out large swaths of content and services, Russia blocked Telegram and threw out LinkedIn, and Egypt is blocking YouTube for a month. The European Union's GDPR rules have gone into effect and some U.S. websites have gone dark in the EU. The EU may soon add a link tax that will darken even more sites. People in developing countries can get free, but super limited internet courtesy of Facebook. In the U.S., net neutrality rules have been weakened, potentially allowing transmission providers to block or slow access to certain content, and users are inceasingly isolated into "filter bubbles" where they only choose to see and believe news that already reinforces their beliefs. New blockchain-based companies like Orchid and Newbound Network are attempting to address this but it will be challenging to overcome.

A trade-free world?

So what's going to be left to trade?

Handcrafted specialty goods will always find a market. It is still incredibly difficult to produce microprocessors and memory, and there are only a few good chip fabricators in the world. Ironically, some commodities such as cobalt and phosphorous may become more valuable than finished goods, especially for countries not willing to extract rare elements. Companies like Apple claim they will one day no longer need rare earth minerals, but are still guaranteeing their own supply of elements such as cobalt direct at the source.

One global industry that is clearly not ending is tourism. Citizens of newly developed countries are eager to visit other countries, and cheap airfares are encouraging more and more people to travel. Last year, four billion passengers flew on scheduled air service. Perhaps the future will hold far more cultural exchange than goods exchange. Think global and buy local!

Thursday, May 24, 2018

From federated identity to consolidated identity: a look at the past, present and future

This post was also published in

It’s time for a better way to maintain identity in the enterprise. Let’s explore a new identity model, Consolidated Identity, that will simplify how employees authenticate into systems, access data and complete workflows.

Today, it is common to use your Google, LinkedIn, or Facebook identity to log into a website. However, in the first generation of the commercial Internet, this was not the standard experience. Virtually every internet service required users to create an account with a username and password. For services that were only used occasionally, having to create this account and remember all the associated passwords often created friction for new users.

The invention of federated identity for the consumer Internet

I worked for Sun Microsystems in the early 2000s and was fortunate enough to be the technical lead for a new concept called federated identity, which presented a way for separate online entities to share identity across any number of websites. In order to build it, Sun formed the Liberty Alliance, a consortium of large companies from a variety of sectors, ranging from telecom to travel to banking.

With federated identity, we separated two important concepts:

  • Logging into a website
  • Using a service from a website

Using a standard protocol, a user could, for example, log into and then go rent a car from without having to log into their Hertz account. Federated identity allowed distinct websites to enter a business relationship with each other. Using a standard protocol, a website, such as, could operate as an identity provider where users had an account with login credentials, while another website, such as, could operate as a service provider where users could then rent a car. As a result, users benefitted from simplified access to services using their pre-existing accounts.

User identity on the consumer internet

Federated identity was built on a loose trust model, which placed a firewall between users’ account information and their service history across providers. In other words, there was no need for AOL to know anything about your rental car history or for Hertz to know your AOL preferences. With the Liberty Alliance, we created extensions to the protocol that enabled services, such as user information transfer and payment processing, to be exchanged between providers.

The adoption of federated identity in the enterprise

The protocols of the Liberty Alliance became the basis of SAML 2.0 when they were transferred to the OASIS standards organization. Accelerated by the prevalence of identity servers and identity access managers that supported the SAML standard from vendors, such as Sun, Oracle, and CA, enterprises embraced the SAML 2.0 protocol as a standard way to perform single sign-on (SSO) across enterprise systems.

However, SSO is only the first step for a successful enterprise identity model since, unlike consumer internet and service providers, enterprise systems have a tight trust model. Many enterprise identity and service providers are hosted by the enterprise itself, and external service providers are subject to intense security controls and compliance to ensure that employee data remains secure.

A direct consequence of federated identity is that all of the data related to an identity is also federated across countless systems. Employee data, for example, is hosted in numerous systems, including payroll, human resources management, and financial and ticketing systems.

Consolidated identity is an evolution of federated identity, specifically for the enterprise. In an organization, there is no need for the firewall between the identity provider and the service provider. The enterprise itself is the primary identity provider and the service providers that provide services, such as payroll and time off requests, do not hold any data that should not be accessible to the enterprise.

In the enterprise, each employee has data spread across dozens of systems, and unfortunately with federated identity, there is no way for the employee to cross those silos – the employee has to log into each system and use its interface to access the data they need. That’s where consolidated identity comes in, providing employees with the same simplified access to their business services that federated identity delivers to consumers.

Here are the five steps to consolidating identity in the enterprise:

  1. Determine which authentication systems are in use and chain an employee’s identity across those systems. A typical enterprise uses one or more directories, such as Active Directory or LDAP, and enterprise mobility management systems.
  2. Consolidate the data associated with an employee. While it is considered incredibly difficult to integrate widespread data, it is much more efficient when the use case is narrowed. Typically, it is only necessary to consolidate the “active data” related to an employee. For example, the requests of the consolidated identity system could be only for open time off requests, rather than every time off request ever made for both active and inactive employees.
  3. Control how data can be accessed. A consolidated identity framework must also include a copy of the rules for how any cached data can be accessed. Most systems use declarative access rules and groups that can be copied along with data to ensure that data is only viewed by appropriate parties. Combining the rules that control how data is accessed with the data itself is a much more efficient mechanism than using mechanisms like data warehouse slices.
  4. Control access to functions, such as micro apps, with identity provider and application groups. In a typical enterprise, there are Active Directory groups, such as “Management”, as well as groups defined within applications like “ServiceNow Administrators”. A consolidated identity system needs the capability to validate a user’s membership in an application’s security groups.
  5. Facilitate writebacks to source systems. This can be performed using an application API with a service account and delegated authentication or a record notation of who performed an action. Another option is to leverage SSO to either deep link into a target application, so a user can perform an action within it, or have the user bounce to an application login page and login via SSO in order to get a user token to pass to an API.

Consolidated identity and the identity graph

A consolidated identity system evolves federated identity by creating an aggregated store of each employee and their entitlements across both identity providers and applications. This “identity graph” enables a new wave of applications that are both employee-centered and secure in authentication, authorization, and data governance.

For more, check out this whitepaper on consolidated identity that I wrote.

Monday, January 22, 2018

Why disrupting government pot policy is so much harder than the taxi commission

This post was also published in VentureBeat.

The recent legalization of recreational marijuana in California and other states now totals to 45 states that have legalized some form of marijuana. However, the federal government has never endorsed even medical marijuana. The Obama administration created rules known as the Cole memo where they decided not to enforce federal marijuana laws if states legalized it. Recently, Attorney General Jeff Sessions reversed this course and stated that marijuana laws would be enforced.

A raft of startups are operating in this tenuous legal gray area, including Eaze, Baker, and Pax Labs. Much like Uber and Lyft flouted taxi commission regulations, these startups are betting that public sentiment and user traction will overcome the existing legal and regulatory environment. Indeed, all of the state legalization efforts were passed by millennial-driven voter ballot initiatives in both red and blue states rather than by entrenched legislators. The citizens want their cannabis, just like they wanted their Uber.

Name brand Silicon Valley investors have been much more reticent to jump into the fray, which is understandable given the legal uncertainty. The void is being filled by seed investors like Snoop Dogg, AngelList cannabis syndicates, smaller institutional investors like The Arcview Group, and foreign firms like Merida.

The big question is, why is there such government resistance to legalizing marijuana? The answer is quite simple, and actually quite similar to the reason for the resistance to ride sharing. Just as the taxi commission and taxi companies were protecting the $3 billion taxi market, the war on drugs is a $76 billion annual business that decidedly does not want to be disrupted.

The government can credibly spend $76 billion a year on a very big problem with 44 million criminals. If marijuana is decriminalized, that subtracts 35 million people from the user count. It’s also hard to justify a war against the 15 million prescription drug abusers in the United States, because the drugs come from large pharmaceutical companies, not across the border from drug cartels.

Without marijuana users and prescription drug abusers, the annual $76 billion war on drugs becomes about just the seven million serious drug abusers who are consuming cocaine, heroin, hallucinogens, and other hard core drugs. That’s just not enough people to justify the huge investment and would constitute an incredibly excessive spend of about $11,000 per user.

Much as certain jurisdictions arrested Uber drivers and regional managers, it is very likely the federal government will actively bring its weight to bear on cannabis startups. Unfortunately for the nascent cannabis startups, the federal government is much more powerful than the taxi commission and regional police forces. Cannabis startups are already forced to avoid the federal banking system, and it is likely the government will use aggressive tools like asset forfeiture to seize profits.

An array of businesses, citizens groups, and legislators from both sides of the political spectrum are aligning to attempt to convince the federal government to change its mind. Both cannabis startups and investors thought they had a clear quasi-legal path to success with state initiatives, but the recent about-turn in federal government policy is definitely going to put a pause on the nascent industry. Disrupting the government is never easy, especially when $76 billion per year of spend is at stake. From that perspective, Uber had it easy.

The author last smoked pot at the tender age of 18.