SAS Corner Office bloggers have moved

We have consolidated the Corner Office blog with the SAS Voices blog.  All future posts from Corner Office bloggers will be published on the SAS Voices blog, including content from:

Please update your bookmarks and your rss feeds with these links to make sure you don’t miss future posts:

Stay tuned for more exciting changes and content from the SAS blogs!

Post a Comment

60 students and everyone is learning? Only with the Hour of Code

What would it take for you to keep 60 students interested and on task in a classroom for an entire hour? Some kind of magic or trickery? Maybe a bribe?

Nope, all you need is an Hour of Code lesson plan, and you’ll be teaching computer programming to a classroom of engaged students who love every minute of the class.

You don’t even need computers. The Hour of Code web resources include lesson plans for classrooms with or without technology.

I was lucky enough to volunteer in a large media center classroom at the Panther Creek High School in Cary, NC, and I had at least as much fun as the students.

Half of the students in my session were part of a Computer Programming I class that had experience with lesson plans. The other half were part of a Microsoft Excel Class that had never tried lessons before. All of the students were great and eager to learn. They were very adept at programming, and those who hadn’t done before caught on very quickly.

I was only one of the more than 100 SAS employee volunteers who spread out to schools in the area to teach an Hour of Code for Computer Science Education Week. Check out the tweets below to see what some of my colleagues had to say about the event:

One of my colleagues, Brandy Mann, shared this quote, paraphrased from a fifth grade teacher who now plans to look for creative ways to incorporate coding into her class every day:

You see those two students right there sitting beside each other? They have sat there all year. This is the most they have ever talked to each other. And they are helping and encouraging each other.

In the media center at Panther Creek High School, when my class was done with the lesson, I challenged the students to teach their own teachers how to do the lesson now that they had learned it. And I challenge you, our blog readers, to try the lessons yourselves, or teach them to a few children in your life. The Hour of Code movement may only last a week, but the materials are available all year long.

Post a Comment

Best practices in cybersecurity

Cybersecurity“Give us 50K in bitcoin or you'll never access any of your data again.”

Cybercriminals have many ways to hijack your data, and ransom schemes like the one above are just one trick of many. These “geeks gone wrong” are a real threat to customers and brands, and everyone knows we need a plan to fight them. But what’s the right way to safeguard your data?

In my role, I’m fortunate to have a front-row seat at analytics implementations around the world. And from that vantage point, the biggest shocker for me has been the number of organizations that still don’t have much of a plan for cybersecurity. Here are some other trends I’ve observed.

Size doesn’t matter
You might expect that the ability to ward off crooks is dependent upon the resources of the company in question, but that’s not what I’m seeing. The level of preparedness ranges. I’ve seen everything from full-on security centers that would make the NSA proud to a lone person taking on this type of work as a part-time job. Too many multibillion dollar organizations still don’t have fully staffed cybersecurity teams with the requisite skills, while some smaller companies are doing fine.

Either way, it’s a fallacy to believe that only the big-name companies get hacked. Cybercrime is a money-making industry, so hackers have segmented their prey into market categories, with enough approaches and objectives to cover the bases. Everyone’s at risk. Now it is true that the bigger the organization, the more tools you’ve probably acquired. Big companies are facing board-level pressure to get protected, fast. But making that investment is a double-edged sword because more tools can mean you’re drowning in alerts, forcing you to plow through reams of false positives to find the needle in the haystack.

Know your assets
Hackers love this. An avalanche of false positives creates their perfect cover, so that’s why I suggest that buying software shouldn’t be your first step. The first thing that needs to happen is to get your house in order by focusing on what’s far more important than technology: your people.

It isn’t fair to assume that the CIO you’ve had for 15 years will also be an expert cyberwarrior. Fighting cybercriminals is a whole new skill set with ninja moves, like the blocks and tackles that stop thieves from getting in, and the silent sleuthing that ferrets them out once they’re there. You have to invest in building those skills, or bring them in. As we all adapt to the new normal of inevitable breaches, education, certification and accreditation will be key in preparing us to fight.

If you don’t start with the people side of your cyber strategy, you can waste a whole lot of money real quick. That’s because the first thing a new security apparatus tends to do is expose your lack of knowledge about your own infrastructure. Think about it: What really is on that network of yours? This can be surprisingly difficult to answer, especially in our ultramobile society, with employees signing in from 50 different locations.

To know how thieves can break in, it’s essential to know what your assets are and where they reside. You start by considering why someone would want to hack you. Different types of assets require different protection strategies, so know your valuables, isolate the important things, and don’t try to do everything at once. When it comes to a cyber strategy, you’re looking for bespoke, not ready-to-wear.

Design a custom solution
Once you have a good handle on your assets, then you can go buy the best technologies. But keep in mind that there will never be one technology to fix everything. One technology may build a wall around your organization. Another hunts down people once they are inside. The best strategies layer approaches together rather than relying on just one solution. And that makes sense – the threat is broad, so the solution should be multilevel, too.

The crucial thing is to get the best “first page” of alerts. Let’s face it – if you’re given a ream of paper with trouble spots, you’re only ever going to work the first page. So that first page better contain the most serious of threats.

Make it better, not worse
As I said upfront, I’ve been surprised by how many organizations lack a plan to adequately protect and fight back. Some seem to accept defeat up front, and they rely on insurance to reimburse their losses – when what they should be doing is inventorying assets, compiling a plan, and designing a solution. And this is where SAS can help.

The main thing to remember is don’t wait. Security projects are complex, so as with diets and home improvement projects, there’s always a reason not to do it. But don’t wait for the time to be right to kick off a monster project. Break it into smaller pieces, and move quickly. And don’t just go out and buy a solution without thinking it through. If you do, you’ll make the problem much worse by giving yourself an exponentially bigger haystack to comb for threats.

For more on cybersecurity, read:

Post a Comment

Giving back with data and analytics

We spend a lot of time talking about analytics and data management and how we can solve some really tough business problems. But analytics can make a big difference in other areas of the world too, particularly in solving humanitarian efforts.

Last month, I introduced you to three examples of analytics being used for good in New York City, Florida and New Zealand. Today, I want to tell you about another recent effort in Nepal.

I’m sure you’ve seen the devastating effects of the earthquakes that struck Nepal this spring. In one of the hardest-hit municipalities, 66,000 families were still living in makeshift shelters as the monsoon season was fast approaching.

Using analytics, we were able to assist with the recovery efforts there by helping to identify the greatest needs and assisting relief organizations in their rebuilding efforts.

Recently, we sent a film crew to Nepal to tell that story, and to take a look at what analytics can do to help people recover from such devastating events.

As you watch the video, take a minute to think about what you do, and how you can contribute to humanitarian efforts around the world. What is your business all about? And have you thought about how to apply what you do to improve humankind?

We are in the business of solving problems. Spreading the use of analytics is great, and it feels good to solve the problems of organizations around the world. But what really feels good is when you can apply your core competencies to bettering the world around you. In our case, it involved analyzing trade data and locating corrugated roofing materials to help a community rebuild. In your case, it will be something completely different but equally helpful.

Post a Comment

You can’t prevent cybercrime – but you can stop it with network anomaly detection

Network anomaly detection is an analytical technique for identifying and stopping cyberattacks before your data has been compromised. Since it’s getting harder and harder to stop the network breaches, your best option is to catch the hackers before they can do any harm.

But let’s back up.

Network wiresWho’s at risk of a cyberattack? Hollywood studios. National retailers. Federal agencies. Large-scale insurers. Global banks. Mobile providers. To name a few.

The list of major organizations struck by cybercrime in the last year alone is astounding. When you stop to think about how many reputable organizations have had their networks breached recently, it becomes clear that even our best methods for preventing cyberattacks aren’t working.

The computer networks at most large organizations are so big and so wide reaching, it’s becoming harder and harder to put up walls to keep the cybercriminals out. There are just too many possible points of entry.

How to identify hackers with network anomaly detection

So what can you do? If stronger firewalls aren’t enough, should you simply raise your hands in resignation and admit that dealing with cybercrime is the price we pay in a modern, data-filled world?

Of course not. But you should admit that preventive methods aren’t enough, and start making plans now for catching the hackers once they’re inside your networks.

In fact, you have to assume they have already breached your network. This isn’t hyperbole, and it’s not meant to scare you. It’s simply true. But here’s the good news: It can work to your advantage to know they are in there.

So what does a network breach look like? Well, it’s hard to see because it can happen slowly and steadily over a period of months as the hackers are learning their way around your network and making steady progress to infiltrate deeper into your systems where the most secure data lives.

In fact, many of the compromises you’ve heard about in the news involved hackers who were in the network for months before being detected. You can think of the first few months of activity as a quiet, fact-finding mission.

We describe this as low-and-slow reconnaissance activity because the hackers are working so quietly and methodically that their movements inside your network often go undetected. The only way to know it’s happening is to have a system in place that tracks normal network behavior and compares it to current activity, searching continuously for new and unusual patterns. This is network anomaly detection.

Why analytics are key for network anomaly detection

Here’s the challenge, though: The computer networks of most large organizations are processing hundreds of thousands of events per second during normal business hours. It’s not unusual to see tens of billions of machine-to-machine records daily on an average network. Monitoring that activity, processing it in flight and identifying unusual patterns takes a lot of analytical power.

Network anomaly detection can do that and more. The method uses event stream processing to understand network activity within the appropriate business context. In other words, the system learns what abnormal activity looks like in your networks. For example, it might mean a series of IP addresses that are never active at night suddenly are. Or it might mean computers from the sales department that never transmit information to the HR organization suddenly are. These types of behaviors could be happening in the background without you ever knowing.

What else could you be missing, and how can you detect it? Find out in our latest cybersecurity news announcement, and watch the live coverage from The Premier Business Leadership Series now.

Post a Comment

What makes your corporate culture global?

As the borders of commerce disappear, some economists have argued that the global economy makes us all global companies. But how do you become a truly global organization? Does selling products overseas make you global? Does opening offices around the globe make you global? I think it’s more than that.

Happy employees in building QLike many technology companies, SAS has devoted itself to becoming a truly global organization. To us, this means more than simply opening up offices and selling software in multiple locations around the globe. It means extending the SAS culture and SAS values into each of those offices, from Argentina to Australia, Singapore to South Africa and everywhere in between.

Our corporate values have been well documented through many great workplace awards over the years. SAS has been ranked as one of the best places to work in the US since 1998, and this year SAS also ranked as a best place to work in Italy, Portugal, Spain, Greece, Germany, Brazil, the Netherlands, Ireland, China and Australia.

As a culmination to all these achievements, the world's best multinational workplace award was announced this week, and SAS is No. 2 for the third year in a row. Why does this matter? Because we have succeeded in replicating our corporate values around the globe, and it means that our employees, our partners and our customers throughout the world are benefiting from those values.

Let me be clear: Our corporate culture is not just for employees and their families. The culture here translates into value for partners and customers too. How? It means our employees can concentrate on work, because many of their day-to-day distractions are already resolved, and that results in stronger, quicker innovation for customers.

Spending money on a great place to work is a lot more gratifying than spending money on recruiting and onboarding, but it’s more than that.

Think about the disruption that turnover can cause in an organization. You lose a large part of your corporate memory when key employees leave, and you lose time having to retrain new employees. Not to mention the obvious morale issues when co-workers depart, and the instability that customers and partners feel when their company contact changes. The global turnover rate at SAS is around 5 percent, in an industry that consistently has about a 16 percent turnover rate.

In our business, where we help customers solve their toughest problems, success is not just about the technology we sell but also about the relationships we build over time. It’s our corporate culture – and all that comes with it – that allows us to build and maintain those relationships.

When we extend our culture around the globe, we are not only valuing our employees, we are also supporting innovation and helping to build and maintain stronger relationships with other companies around the globe.

Post a Comment

Securing the Internet of Things with analytics at the edge

The Internet of Things, that glorious futurescape in which billions of connected devices take much of the work and tedium out of daily living.

As human beings, we’re addicted to our stuff and what it does for us. So a world in which most of our cell phones and other devices are smart enough to make decisions on their own can’t help but be a better one. Right?

IoT3Well, partly. Our ability to use huge amounts of data from all sorts of gadgets will give us the ability to improve many areas of life, from commerce to medicine, and from transportation to government.

But as I wrote in my last blog, the world isn’t all sweetness and light, and plenty of people want to do us harm. Hackers can break into anything with an IP address, and recent news stories show it’s already happening. Wired magazine’s intentional hack of a Jeep Cherokee demonstrated just how easy it is to do.

So if you’re only considering the time-saving benefits of the IoT era, you might also ponder the flipside. What happens when your car gets hijacked? When your fridge or your air conditioning goes rogue? When your insulin pump turns on you?

As the IoT becomes a reality, and moves from industrial to consumer applications that reach deep into our daily lives, the time is right to ask these kinds of questions. Connecting devices just because we can is not a good enough reason to start bestowing them with intelligence. It’s imperative to pause, weigh the benefits against the risks and create security plans up front. It’s our responsibility to think a few moves ahead.

The tools to do so are already there. Thanks to analytics, we can fight all kinds of cybercrime. We can stream, collect and store data in low-cost environments. Advances in highly scalable in-memory analytics allow us to produce insights and predictions in near real time.

This ability to detect variances from the norm allows us to spot and catch the bad guys, from terrorists engaging in bank fraud schemes to someone trying to tamper with your Fitbit.

So that part is set. What I see missing, however, is a greater sense of foresight. Why didn’t the carmakers design their digital systems to be more secure? It’s a shame that we’re thinking of this after the fact.

So I call on all those who are designing for the IoT era to remember the need to future-proof. Because we know the hacker challenge is out there, it’s not acceptable to bring products to market unless they’ve been cyber-proofed. In our rush to achieve the noble goals of convenience and progress, we cannot leave the consumer open to harm or attack.

The way forward is by building in something called “analytics at the edge.” By the edge, we mean on or near the device as opposed to in some central storage location. Doing analysis at the edge makes sense when the flow of data is very fast, very dense or largely unchanging. In those cases, you don’t want to waste bandwidth sending it over the network for analysis, so you place the analytics “at the edge” of the device. Putting analytics on or near the device will help protect them, and us, by allowing us to spot abnormalities faster.

And as human beings, that is definitely our responsibility to do. They’re just devices, after all. Let’s use our superior brains to make them smart enough to know when something dumb is happening.

Post a Comment

Customers for life

Do you ever stop and think about why it’s so hard to get really great customer service? As consumers, most of us are making transactions all day long, but it’s rare that someone actually surprises or delights us. More often, we rack up negative experiences. Think of what it’s like to fly a US airline or wait for your telco company to come fix your cable, and you’ll be channeling the kind of pain I mean.

It’s funny that customer alienation happens so often, given that most organizations are sincerely trying to build a good brand and want nothing more than to create customers who stay for life. So why is there a disconnect? Where do they go astray?

I’d argue that’s because most organizations lack sufficient knowledge. To wow someone, you have to know them. And knowing customers is hard. Understanding what drives them is even harder.

Fortunately we have analytics, the sure-fire way for organizations to uncover insights that make for happy customers. If you want to turn your customer data to business advantage, there’s no better way than applying analytics to make data-based decisions. But building an analytics culture doesn’t just happen naturally. It takes time, persuasion and investment.

How exactly to get there is the subject of my upcoming talk at EMEA Analytics 2015 in Rome. You’ll have to wait for my presentation to hear my complete six-step checklist for building an analytics culture, but I can share one key point with you now, and that is that you have to make a distinction between analyzing your customers and engaging your customers.


Let me give you an example. Say you want to work on customer retention. You build a model to tell you which people are most at risk of leaving. You generate a list of those at risk and send it over to marketing. And then marketing targets those customers with an offer to retain them. That’s analyzing your customers. Engaging your customers involves a different approach.

Engagement means taking a step back and saying, “I’ve built this model and it tells me who’s at risk. But I want to know more. Why do we even have customers at risk in the first place? What are the underlying causes that are putting them there? And instead of accepting their departure as inevitable, what could we do differently to eliminate the things that make them want to leave?”

Under this approach, at the same time you send out an offer to the customers at risk of leaving, you also take a step back and consider how to improve your CRM process. Because looking at that bigger picture is the only way you’re going to delight the customer. And that’s the kind of mental shift you have to make if you want to create customers for life.

But that’s just the beginning of the discussion. I can’t wait to see you in Rome to describe more.

Post a Comment

Doing good with data and analytics

You don’t have to look any further than your smartphone to know you can use data and analytics for some pretty frivolous things. Consider something as simple as your socks. The Sock Sorter app uses sensors in your socks to help you find matches for every sock. Likewise, helps identify when your black socks are faded and ready to replace. Then, of course, you can sign up for a sockscription to have new replacement socks delivered every three months.

Child and grandfather holding handsOn the other end of the spectrum are the humanitarian uses of data that prove how much good analytics can do in the world. Socks are important, but I’d much rather hear about analytics helping provide shelter and water for earthquake victims.

At SAS, we get to hear stories of data doing good almost every day. I’ve told you about some of these heartwarming stories before – from the disaster recovery efforts mentioned above to the data-sharing projects that could help cure cancer.

For every one of these stories, there’s a technology angle and there’s the people angle. The people who are helped, and the people who are helping. The stories of these people are always interesting to me, and recently I’ve read three stories with a common theme: how can analytics be used to help assist society’s most vulnerable populations – and make sure that help is going where it is needed most? The three examples:

  • Foster youth in New York City are receiving the services they need to become functioning adults, partly due to a study showing that support programs for young adults can reduce homelessness and jail time.
  • Children in abusive homes in Florida are becoming easier to identify and assist, thanks to new research and assessment tools being used by the Department of Children and Families to reduce childhood deaths.
  • Young adults on public assistance are getting special attention in New Zealand, where research shows that investing in support at a young age can reduce the occurrence of lifelong welfare dependence.

From Florida to New Zealand, these programs show how analytics can make a difference in the world – and in the lives of many young people. But these are just three examples. Open data initiatives and data sharing platforms are making it easier than ever before to get involved with do-good analytics projects.

If you’re an analyst or data scientist with an interest in using analytics to improve the quality of our lives, consider volunteering your skills for organizations like DataKind and DataLook. Or seek out humanitarian projects on sites like Kaggle.

You can also follow the Twitter hashtags #dataforgood to find opportunities for citizen data scientists.

Many of you are using analytics at work to prevent fraud, assess risk or improve marketing programs. These are worthy efforts, but if you want to do more, there are many options available for giving back.

Post a Comment

Creating customer experience, one contact at a time

FBlog3I’m still old school enough to enjoy reading the local News & Observer on weekends. I even like flipping through pages that leave my fingers smudged from newsprint. I was reading an editorial piece a while back, and a phrase leapt out at me. A correspondent wrote, “We are in the next phase of consumer demand called the experience economy.”

The experience economy. I’ve heard the term before, but this time something clicked. In my job, I get to do some pretty cool things, like think about ways we can make our customers happier. Or how to get better at how we support them. That’s why the words “experience economy” caught my attention. Because you can have an outstanding product and efficient service, but to really make customers happy, to give them a great experience, it takes people. People either make or break the experience.

A friend of mine flew on Southwest Airlines recently. She told me about waiting in long check-in lines where the mood was almost jovial. People chatted with each other and were basically good sports about the whole waiting thing. She noticed that the five or so Southwest employees set the upbeat tone, doing their best to make it a pleasant experience, talking with the travelers and connecting with them in small but human ways.

Across the room, a rival airline had the same long lines, but the employees looked miserable, frustrated and harried, and so did the line of passengers. Through that experience, her respect for Southwest went up a few notches. That’s the difference people make. It’s not just about eliminating lines, although that would be nice too. It’s about making the experience okay despite the lines.

Impact of one

Here’s the thing: We’re connected to each other more today than we’ve ever been. Our actions influence, impact and even change the experience of those we come in contact with. The attitude of those five airline employees mattered. How they treated Southwest customers that day influenced and maybe even changed their customers’ perception of the entire company.

So, if I’m running a company, an important question I have to ask is, what is the frame of mind of my employees? When someone answers a phone call, sends an email or ships a product, what do their actions say about the company? It’s on me to make sure the workplace supports employees and gives them the leeway to delight my customers. Otherwise, they will pass their frustration through to customers. In the experience economy, that’s bad business.

As employees, we need to remember that we are a physical representation of the company. We might as well wear a T-shirt every day proclaiming, “I am Company X.” The daily contact we have with a customer, no matter how small, could be pivotal. One action by one person could be the very thing that causes a customer to think that the company is either great to work with or one to avoid.

I’m still smarting from an encounter I had with one person. I’m a “diamond member” at a hotel chain that shall go unnamed, racking up 50 to 60 stays a year. I had a stay booked, but my travel plans changed on the day of my arrival. When I called to ask about cancelling, the hotel reservationist read me the policy: “No cancellations within 24 hours.” It didn’t matter how I pleaded my case or that I had 50 stays on record. And that diamond status? Worthless. I gave the employee every chance, even asked if a supervisor or manager might be able to help. The unapologetic answer was: no cancellations, no exceptions. Period.

I paid the hotel bill for that night. But that one employee lost the hotel chain the 50 stays I would have booked in the future – and my referrals.

Golden rule

The scary thing is, you might have that kind of impact and not even know it. Most companies have several streams of business going on at all times, and those streams touch customers. The unreasonable customer you are dealing with today in contracts might be the ideal customer that product development needs for a beta project tomorrow. It’s the old golden rule, to treat a person the way you would like to be treated. Try to do right by the customer, and you’ll never be wrong.

It’s a mindset. Our customers are human beings, and we need to keep them at the center of what we do. After all, they’re buying more than our products. They can buy similar products from other vendors in many cases. Today, they are buying the whole experience. The good news is that technology plus people is a winning combination for creating an experience to be proud of. If you want to find out more about how technology can help make the right connections between people, we’ve got customer experience management info about that, too.

Thank you

It only seems fitting to wrap this up by expressing my gratitude to and for SAS’ customers. The Temkin Group 2015 report is out, and our customers gave SAS top marks for customer experience, scores I don’t take lightly.

To SAS customers: Thank you for your confidence in us. You have my commitment that we will do all we can to continue to earn your trust and to give you the experience you want and deserve.

Post a Comment
  • About this blog

    Welcome to The Corner Office blog, where SAS executives post their thoughts on global business, analytics and technology.

  • Subscribe to this blog

    Enter your email address:

    Other subscription options

  • Archives