Now we're into a world where asking companies to pay you millions for a massive PPT slide deck that says, "This is your company now and this is what your company should look like tomorrow," is simply a non-starter. So while the tech-heavy firms like Accenture and Cap Gemini do well at the bottom and the high-end starts like the Monitor Group do well at the top of the pyramid, a lot of mid-range, standard cookie-cutter management consulting firms are seeing their market decline. Everyone wants the super-integrated solution now that combines compliance, security, systems-integration, performance metrics—and they want it delivered in a service-oriented architecture that frees companies up to evolve in ways commensurate with globalization's many demands and opportunities.

I see efforts in all the compliance, security, systems-integration, performance metrics, and SOA rabbit holes. I don't see very much unification. In my swamp - SOA security. I do see a lot of starter efforts where companies build out services, but forget the security -  and then either an auditor comes asks "so how are you doing authN and authZ for your web services" or a security event happens, or a diligent director comes along and asks variant of the auditor question. Then some things start to happen, usually a purchase of a XML gateway, but Data Power, Vordel and Cisco can't help you if its just shelfware.

Integration is inherently difficult and messy. Information security groups need to get good at engaging with development and architecture in a proactive way to deiver these security services to the system. I call it "playing offense", infosec spends most of its time defending against bad guys, and that is ok, it is a huge part of infosec's job, but sometimes you need to go on offense and raise the bar. Make the bad guys' job harder, build security in.

In a tale rich with incongruities, the Communist-run government of West Bengal State invited the Tata Group, a symbol of Indian capitalism, to set up its plant in an area called Singur. It acquired 1,000 acres from farmers on the company’s behalf.
As the project advanced, some farmers who had sold their land demanded it back. The main state-level opposition party, the Trinamool Congress, led protests demanding that the land be returned. Most people sympathetic to Tata accused the opposition of inducing the farmers to protest, while Tata’s critics said the farmers had legitimate grievances.

The issue simmered for months. But in recent days, protesters began surrounding the plant, blocking roads and preventing Tata workers from reaching the plant. “The existing environment of obstruction, intimidation and confrontation has begun to impact the ability of the company to convince several of its experienced managers to relocate and work in the plant,” Tata said in a statement on Tuesday.

The halt to the plant has caused many Indian business people to warn of a chilling effect on investment in the country. It is also unclear how Tata will be able to keep the Nano’s cost so low, since part of the affordable price reflects the company’s savings on the land in Singur.

There is a fundamental asymmetry between state and markets. It is easier to create markets than it is to create state capacity or to prevent its deterioration. Creating markets is a lot about letting go, establishing a reasonable policy framework, and allowing the natural hustling instinct to take over. In other words, hustling is the natural state. Building state capacity, on the other hand, is quite different. It involves overcoming collective action problems, mediating conflict, creating accountability mechanisms where outputs are multiple and fuzzy and links between inputs and outputs murky, and contending with the deep imprints of history. In Weber’s memorable words, building public institutions is like the “slow boring of hard boards”.

In that light, China’s task of improving its private sector seems easier to accomplish than India’s task of arresting institutional decline. So, while China and India can probably both count on more years of high growth, the odds still favour China pulling off that feat than India. That, and not just the meagre medal tally, should be what India mulls over after the Beijing Olympics.

It's easier to liberalise a functional state than it is to functionalise a dysfunctional one, of any ideological stripe.

Complicating factors is the impact (or lack thereof) of incidents on stock price.  Many researchers who identify themselves with the New School of Information Security (yours truly included) want to immediately look at stock price as a bell-weather metric for incident impact.  I think this stems from our days of slinging FUD, back when we could scream “Buy a firewall or we’ll have an incident and you’ll be on the front page of the paper and the stock price will go down!”  But these days notable incidents seem to suggest that the impact on stock price for an incident is short lived.  With qualifications, of course.

So what would/should we make of this from Money.co.uk?

£12million ($24m) Wiped off Helphire Stock after Malicious Email Sent to Clients

Car hire firm Helphire have taken Google to court after a malicious email sent from a Gmail account saw their shares plummet £12million in a single day.

The Bath-based business who specialise in providing replacement cars to ‘no-fault’ drivers involved in accidents on behalf of car insurance companies, initiated legal proceedings against the search engine giant as part of their attempt to find out who is responsible for sending the defamatory mailing.

Google are now known to have complied with the court order and have controversially supplied details of the email account and ISP used by the meddler.

Written under the psudoname Peter Franks, the 1200 word email is know to have been sent from a gmail account that was opened specifically for this purpose and closed a few minutes after the damage had been done…

…The misdemeanour couldn’t have come at a worse time for the struggling firm who have undergone a £45million rights issue and seen a 75% drop in the value of their stock already this year.

That last paragraph, for me, explains some of the difficulty in tying reputation damage to stock decreases.  It’s like when you read the headlines from Bloomberg about why the days stocks (or commodity) prices are up or down.  You know, the “Oil closes $3 higher on news that a notable South American dictator has a rather unpleasant boil in a very uncomfortable area” type of headlines.  You really do have to question the causality and correlation.  So in the Helphire case above - is this new drop in stock really because of the email sent?  If so, should we view that $24mil number as an independent data point to describe this sort of attack on reputation, or is the magnitude aggravated due to the long-term trend of stock price?

Even when we have “Objective Data” (an in-joke for Adam S.) like this decline in stock price, it is really difficult to provide any sort of precise estimate or measurement - about the future, present or past.  The best we can do is use ranges, distributions, that are reasonable based on evidence and observation.

So it’s worth filing away this sort of datum for future use - while dutifully acknowledging the qualifiers we might place around it.

So the questions I ask here - what should we make of this new information, and how should we view the $24million drop - they’re not rhetorical.  I am very interested in your views and welcome your comments!

In their eyes, we were not earning money for the bank. Worse, we had the power to say no and therefore prevent business from being done. Traders saw us as obstructive and a hindrance to their ability to earn higher bonuses. They did not take kindly to this. Sometimes the relationship between the risk department and the business lines ended in arguments. . . .

Tactfully explaining why we said no was not our forte. Traders were often exasperated as much by how they were told as by what they were told.

At the root of it all, however, was—and still is—a deeply ingrained flaw in the decision-making process. In contrast to the law, where two sides make an equal-and-opposite argument that is fairly judged, in banks there is always a bias towards one side of the argument. The business line was more focused on getting a transaction approved than on identifying the risks in what it was proposing. The risk factors were a small part of the presentation and always “mitigated”. This made it hard to discourage transactions. If a risk manager said no, he was immediately on a collision course with the business line. The risk thinking therefore leaned towards giving the benefit of the doubt to the risk-takers.

Collective common sense suffered as a result. Often in meetings, our gut reactions as risk managers were negative. But it was difficult to come up with hard-and-fast arguments for why you should decline a transaction, especially when you were sitting opposite a team that had worked for weeks on a proposal, which you had received an hour before the meeting started. In the end, with pressure for earnings and a calm market environment, we reluctantly agreed to marginal transactions.

• Would You Know a Good decision if You Saw One?
• Decision Making Under Uncertainty

My reply is that I don’t care must about reported dollar sales because these numbers are, for the most part, meaningless and mythical at this point in time. Large companies sell enterprise licenses and make up allocated numbers for the CEP/EP share of the pie based on a subjective formulation. They can sell an enterprise site license for $2,000,000 USD that includes CEP/EP software and claim 20% is CEP revenue, regardless of if the software is used or not.

Small companies nearly give software away with the hope of developing a strong public reference client, which are few and far between in 2008. Soon, I will start a Google spreadsheet, similar to what we did last year on this topic. Some folks don’t seem to like this initiative because, unfortunately, we will see that for this half of 2008, this year has been very lean for CEP/EP. Some would prefer I blog as a cheerleading evangelist versus an objective analyst. Go Fight Win! Rah Rah Rah!

Much of the current gloomy situation, of course, is because the entire market has fallen and IT spending is down. Financial companies announce record losses. Bankruptcies and restructuring are in the daily news.

In this depressed market, some companies have tried to tie the subprime crash to CEP, somehow implying that CEP would have helped, but that positioning is mostly fantasy. I work in the field of risk management at the corporate level and the current problems are not caused by a lack of technology, it is simply corporate greed - corporations taking high risks to stay competitive in a bull market and then they experience a frighteningly negative reversal during a market free fall.

Of course, the US Federal Reserve did not help matters when they decided to poke a gaping hole in the real estate bubble by dramatically raising interest rates without thinking about how they would manage the consequences, but that is another story! After all, the current top government executives in Washington DC are so politically, scientifically and economically incompetent that all we can do is hold our breath and count the days.

One risk management colleague often says,

“When then tide is high, you can’t see that the swimmers are naked.”

….and so it is in business. The current problems in the global market are based on human, social, and political errors and incompetence; nothing that technology can cure at this point in the game. So, the entire market is in decline, and folks are overhyping all software to keep the buzz going, as if CEP or SOA or BPM would have helped stopped the current global meltdown. Yes, CEP can stop global warming! Buy one today, save a cute polar bear!

Then again, maybe we only need a CEP engine in Washington; even a simple rules-based one would be good. Naturally, some would suggest that we need Neural Nets and Bayesian analytics; but I think just a simple rules-engine looking out the window that can process if-then-else conditions would be a great improvement over the mind-numbing leadership in Washington today.