Category Archives: Consumer or Citizen

Three Business Models-Target State Service Architecture

Three Business Models

  • Innovation to Invent
  • Change to Improve
  • Operate to run the business


Sub-Account Code

  • 30 Innovation
  • 20 Change
  • 10 Run


Risk Management

  • High Risk – innovation
  • Medium Risk – change
  • Low Risk – run


Use Case Corporate Sales Tax – unique record

Lisa Martinez @copyright 2014 Wicked Design Solutions

Define the problem

The voice of the customer and laws which are not subject to organizations or agencies decision making has an adverse impact on public opinion and the safety of all citizen’s is at risk with a severe threat to women and children.
 Revenue or Benefits Transaction Capability

Voice of the Customer – Citizen or Consumer 

Privacy is not subjective it must be honored in all transactions 
Legal definition of a customer assume age, intent and understanding
  • An average person has little or no legal experience which would imply terms and conditions accepted by any users assume laws require mass agreement with regard to civil liberties and freedom’s offered a democratic society.
  • Good Faith rules must apply and all corporation decisions must operate in good faith.
  • An average user has far less chance of changing default settings; an indicator of the users adoption with technology and maturity would be considered very low
  • The browser used by a user when changed implies a general use of technology
  • Neither of the above “facts” suggest legal knowledge or wisdom several articles have circulated with the estimated time for a user to read all terms and conditions was a nightmare.  The article was clear on the fact the estimates were merely reading the terms.
  • Terms are a poor way to manage good faith interactions with users.
  • Higher quality records are a valued as an asset-when low quality the risk seems unimportant
  • Women are targeted far more often than men online
  • Children are targeted 43% of the time

Tax payments 

  • Prepaid to your organization
  • On behalf of the employee deduction
  • On behalf of the customer commerce transaction – based on customers location
  • Many companies are not using their chart of accounts in a way to do this systematically
  • ERP is designed to the work for you
  • If you are running offline EDW accounting you are unable to do this systematically.
Let’s not confuse our pass through payments on behalf of the employees and on behalf of what we collect or forget to charge customers.
Keep in mind, customers are not going appreciate an invoice for tax if you failed to include the tax in the original invoice.
  • Assume the invoice is sitting in the closed order pile, which translates into whether or not they open a new order for your inefficiency or do a change order on the original.
  • Either way you look like more work than a customer needs to have or hire resources for your ineffective practices.
  • Why should the customer pay two bank fees for card charges twice?
  • Why should the customer open a closed purchase for your disconnected process?
  • What ways might our customer lose confidence?
  • In scoring any supplier for strategic or maverick relationship positions a key definition would be the ability for the supplier to engage in low touch interactions.
  • The supplier follows our rules and doesn’t operate outside the law.

Corporation tax debt 

  • Do not avoid your corporation tax debt as
  • The results are lowering the opportunity to build or accommodate your foreign workers.
  • The concept of avoiding tax debt alone says you are not acting like an American
  • Degrading our economy while using our vital resources.
  • Why would anyone elect to tax a sale based on the server location
  •  The condition for tax debt payable to foreign countries, known the workers are moving here?
  • In some billion dollar companies we have them operating barges on International waters.
  • Where the tax debts are not even factored in the International development models?


Measure the rows in tables in storage writes to a file, get scripts and assume these are transactional applications for the purpose of threat assessments.  Ensure compliance and current threat assessment portfolio’s.
Every row represents a person represents a threat you and your company have elected to take without a person’s authorization.
  • Remember good faith suggest citizens are least likely to understand the terms you had them approve.
  • Measure the response time from a user from presentation of an update on terms alert
  • When presented time to accept
  • Most immediately accept without reading; an average user doesn’t have the legal expertise to understand the legal mumbo jumbo.
  • The users perception about the alert “an annoying flag” i don’t care about because I assume my entries and the application are controlled by my entry or choice.


Commerce event transactions
  • General rules from the consumer or person making a purchase online
  • Frightening to think congressional decisions can be made in direct conflict with the economic health of the nation.
  • Tax liability – online purchases – Legislation supporting location of your servers
Rationale from business stakeholders
  • Why should corporations pay taxes twice?
  • Internal View on tax liability
  • Likely a limited view on the tax payment system
  • unlikely  these people are aware of the way an employee deduction is an employee  earning payment collected and paid by the corporation on funds acquired  from an employee
  • unlikely these people are aware of the way a customer pays tax on the revenue
  • Both scenarios are paid by others with a corporate payment system
  • The taxable point in a transaction
  •  is always based on users location
  • The  fact most companies are unable to translate the way an ERP system works  by design, is a different problem and not one an American company  should have had a chance to negatively impact.
  • Financial Integrity Risk
  • Credit card disputes due to incorrect taxation
  • I will object to any tax charged beyond my local sales tax rate.
  • Brand Risk 
  • In no way would I purchase any item from a company in my community when the company ELECTS to pay taxes in another region.
  • Tax  evasion is a crime – Congressional leaders who authorize such practices should be removed from office.
  • Citizens  social responsibility – anyone would be offended and disturbed by any  company who has a headquarters  in  our community and they are not  paying taxes
  • Tax allows us to support the housing, roads, healthcare and justice systems for  their  employees.
  • Regulatory Risk
  • If these companies are not employing the workers locally and bringing in people outside the area
  • AND avoiding taxes we need to support the people who you will not employ.
  • AND  avoiding the taxes locally needed to build for all the foreign people  you will bring to the area – despite the overpopulation of unemployed  workers.


Re-engineer the process as the majority of the person’s information is collected about is not going to spend enough to justify the risk nor the return.
  • Create a single record for every person
  • Create a single party record for every company and apply the customer relationship and supplier relationship to each party.
  • allowing location to remain fixed while changes to the organization or agency are going to promote the new relationship at any physical location.
  •  change for a party without causing a new physical record.
  • Create guide for appropriate use of ERP for taxation which is a transaction calculation derived from the ship to and country with regional tax tables.
Discover ways to outsource work to local workers for the same lower rates with higher quality of service
  • Employment for younger students left behind will increase rather than push these students into pregnancy and criminal populations.
  • Employing long term unemployed

Equal Employment Opportunities

Fair Labor Practices

  • Any company whose employees are not an equal representation of the community where they have offices and manage their business may be at risk of not meeting social responsibility or the spirit of the equal employment opportunity laws.
  • The spirit of the law intends to ensure hiring within a community well before going elsewhere, especially in dense urban communities where the populations are typically spilling over at all edges.
  • Considering  the highest growth population will be forced into poverty, who would we  blame for the higher tax rates to care for the poorest population with  the highest growth states like California, Texas and
  • If you insist on college degrees, knowing you will eliminate the low income workforce opportunities  as we have the largest drop out populations in your companies backyard.
  • Lets assume I’m a 1st grader.  How are you using fair hiring practices?


  • Create an online cost and benefit model
  • Create an online expense and revenue model

Crisis Detection and Prevention – Grandparents Rights

Crisis Management Detection

Grandparents rights

  • Grandparents as a support and safety system for the children living in violence
  • Grandparents as the first consideration when children are proposed to be removed from the home.
    • There’s no excuse for removing children from their home to place the child with strangers.

First, let’s understand the cost of doing nothing.

A grandmother in Florida had a suspicion  “something was very wrong” with her daughter and her relationship.

Imagine for just a few moments.  Would you be very forgiving if you knew something was wrong and you had no rights no way to intervene? 

For any parent/grandparent – being helpless to save your child and her children. 

Many people immediately blame the woman being abused.  Sure, it’s easy to make judgements about things we don’t understand.  Please, open your mind to the FACT a woman with confidence and all “the will” on Earth can and does find herself “isolated”, then emotionally broken down by her abusive partner and eventually the emotional abuse and control turn violent.



Personally, it would simply break down all hope for me if I was helpless.  The nightmare no grandparent should ever face knowing their child is being harmed, then knowing our grandchildren are being harmed too?

Could you even imagine the horror?  

Nothing compares to being without anyway to respond nor any way to protect the innocent grandchildren. 

This grandmother in Florida lives her nightmare every day knowing she was helpless and because grandparents have no rights, she lost her daughter and her grandchildren.  The abuser killed her daughter and her grandchildren.

In any situation where domestic violence is concerned we must assume the children are harmed when they are forced to watch a parent abused by another parent.   The children must be allowed to go with their grandparents before strangers.


The opportunity in having “the Rights of a grandparent” forces the abuser to be much more subtle about the degree of abuse children witness.

A primary benefit of the concept of grandparent rights ensures the children are not removed and placed with strangers.   The foster care system must support the transition to grandparents just as it would support a stranger to care for the children.  The same issues will exist and often grandparents are not in a position to financially support the child(ren).

Legislation must be written and passed to support grandparent rights.

Grandparents Rights as an intervention

A grandparent rights approach allows the law to guide the inclusion of grandparents.

  • Having grandparent rights as a global law-ensures a certain safeguard in having no way to isolate the parent from their own parents.
    • An abuser must not have a way to isolate the victim or the children of the victim

Support systems for grandparents

Systems which allow grandparents an objective forum to warrant temporary placement away from the abuse

  • As the first response to any mandated report filed and justified to remove the children from the home.
    • Any victims parents would be eligible for placement of the children while the investigation occurs – unless a child specifically raises concerns about their safety.
    • Any accused parents family would not be a good choice as the parent would be likely to protect the victim at the expense of the children.

Preventing grandparents from abusing their rights must be considered and safeguards put in place to prevent such threats.

Big Data – Financial and Operational Type

Types of Big Data

Why Big Data isn’t about financial and operational data?

  • The blog intends to identify the different types of big data
  • In the post we advise the separation of concerns with regard to financial and operational data.
  • The material provides templates from the NIST work group for reference architecture although the templates changed after I prepared these.

Five Capability Model

Understand the value and purpose of the five capability model.  A way to segment and separate concerns moving what MUST be governed and segregation of duties applied with record retention and zero data loss.
Yes, the five capabilities has synthesized the corporate policies, the Board priorities, the legal and legislative landscape in addition to the United Nations requirements.

Financial, Reputation, and Regulatory Threats and Weakness


Horizontal Flow

The type used to run the business during transactional events used to report revenue or on expenses.  In the public sector we refer to this type of data as cost and benefits.

  • Record Retention, zero data loss and zero down time are all applicable for the operational scope.
  • The best approach for any organization or agency is to separate concerns and DO NOT mix your operational parts of the business with your fit for purpose or analytic decision support systems.
    • Choose to mix the two and you have a higher cost on every project.
    • You must govern all and assume every release has a potential to influence your key controls.
  • Segmenting the operational scope enables speed and agility and a smaller set of applications to invest in P1 support systems.
    • Governance around the key control systems has supporting corporate policies and buy-in has greater probability.
7 year retention is an average for all financial records-assume zero data loss and zero downtime

Financial Transactions by stakeholder dependency across the life of the activities.  Each output becomes the input to the next process stakeholder with a record as an output.  The record retention requirements for financial transactions typically is 7 years or more.

Transaction Capabilities – International and Generic

Today, we are trying very hard to not include these points to avoid this issue with compliance or another which sends up read flags with security.

What’s my cure for these types dilemma’s?  I eliminate or move the threats vectors to their rightful home.  Big Data isn’t the system of record for financial management capabilities, nor the home for the party or offer management capabilities.  For the same reason, a single copy of the expense and revenue transaction capability results are protected within a data store.

How does the suggestion help solve the problems with security, governance and compliance?  The 5 capabilities are operational and the foundation of any companies business management system.  The scope for Sarbanes Oxley and all regulatory reporting.   Record retention requirements with zero data loss and zero down time are all part of the scope.

IF we scale the operational and financial information back to their system of record, integrity of the financial records and retention is not going to hinder the objectives of a big data solution.  The technology and requirements are only a problem in regard to the financial and operational processing moving to a big data store.

A great example being records management outside the technology designed to retain records for an organization or agency.  The management of data derived from a record is not going to attain the right retention treatment when converted back to a data expert in a data store.

Requirements Capability Template

Gary Mazzaferro supplied this template to the Reference Architecture team in NIST Big Data Work Groups in the first phase of NIST development on the subject.  

Private Sector

A horizontal segmentation of inbound from source using 1 of 3 types of feeds over a network connection an API requires an ACL or similar connection.

The segmentation within the data mart section allows each functional group to own their connections and sharing with external parties based on the containment of the authorized users within the data mart for each function.  Rather than rely on offline tickets which are merely rubber stamps without the integrity of the segregation of duties requirement and intent continues to be lost in the translation between IT and Business.

Three types of inbound feeds ensures the proper management of data sources, encryption specifically

In the private sector we have an option to include the 2nd horizontal data as segmented by types and use in most organizations across the world.  Most businesses are not integrating their voice, video, and data and when they are we can assume streaming (real time) feeds or unstructured in column 1 or column 3.

Column 2 Operational (see above)

Column 4 Fit for purpose anything goes information we all know and most peoples desires are in their data marts.


The requirements we hear about are best segmented by the groupings identified as the grouping will manage access and allow containment when sharing beyond the organization in a shared cloud scenario.  Marketing allows other marketing stakeholders to access their information.

Business Function – Roles based access

We want to avoid situations where marketing grants access to operations data without operations having anything to do with the decision.


Public Sector

Vertical Processing

The concept in the vertical or horizontal flows are through an online protection framework.  The framework segments the grouping of people to ensure in and out of the big data store anyone operating a big data store solution has the ethical and socially responsible indicator in all service capabilities.

Transformation – Cloud Solutions a System Approach to the industry transformation

An experience based learning opportunity

A nationwide movement has formed dedicated to engaging those left behind towards computer science.   A wicked solution to a wicked problem in our country, mass populations without jobs, without hope and destined for low wage jobs.  A country without the domestic workforce seeking talent from under-developed countries where the skilled workforce is exceeding our countries ability to compete.

Cloud Solutions Applied

Solution Life cycle

The business model by customer audience versus unique organization or agency approaches – it is absurd to expect different results using the same approaches.

  • How does a company begin the journey into the clouds?
  • How does a small company understand the clouds?
    • Using APQC framework to plan the business model – Coarse grain business process
    • Using a generic framework to perform internal sensing and social media as a channel for external sensing.

A social media strategy for cloud adoption “as citizens”

  • Using tools in ways that enable all citizens.

A social media strategy for “any size organization or agency”.

  • Thinking about design differently – the experience

A social media strategy for “any government”.

  • Transitioning from pull to push based on citizens rights and freedoms or lack of either.

The Framework

A community support model explained

  • How to leverage platforms?
    • Digital Media Architecture

    • Business Alliance in response to security threats against children and victims
      • Bringing platforms together
        • Facebook
          • API’s
        • Google
          • Play Store
        • Grom Social
          • Parent Voices
        • LinkedIn
        • Yahoo
    • Cyber-Security

      • Motivations in system approach
        • Leveraging strengths
        • Allowing a person centered design
      • Opt in versus Opt Out
        • Free isn’t really free its an advertising trade-off
      • Integrating education providers who have proven success
        • Florida Virtual Learning
        • Khan Academy
      • Cloud, Mobility and Big Data integration
        • What executives need to know about the way the mobile strategy is being introduced and the risk associated with current practices?


      • Unknowns and known misconceptions
        • Machine to Machine threats
          • National Security
            • Remote Access Control
              • Man in the middle
              • Targeted Attacks
              • Prevent opt in as many of the wireless users are under age.
          • Quality – hardware misconceptions
            • Symptoms device owners assume they own the device and others are unable and unclear on why any company wants to monitor people’s activity.

Qualifying new Suppliers – Culture (human)

Just as we experience with any new innovation offer we must perform due diligence on any proposed supplier.  The innovation business model has the highest probability of a new relationship with a new supplier.  It is vitally important to manage confidentiality and intellectual property with Non-Disclosure agreements and secure process measurements.

Using consistent supply chain due diligence practices to begin on-boarding of any new suppliers.  In the innovation space the intellectual property threats and strong oversight of the supplier relationship is vital to all interactions throughout the first year and longer in cases where solutions are systems or solutions versus boxes.

scorecards tailored to a new supplier who’s value proposition would be measured by quality rather than quantity.  Ensuring a build order transfer model or twice removed model in small and medium customer scenarios requires a very strong negotiation team and consistent communications amongst the internal team especially in front of the supplier.

Identifying trusted cloud providers – Understanding the components and delivery options

  • PaaS-Platform as a Service

    • Social Media as a Cloud Service Provider
      • Telecom Service Providers
      • Cable Service Providers
  • IaaS-Infrastructure as a Service

    • Blade to Server configuration and cyber-security principles
    • Processing Information and Knowledge
    • Securing Cyber Space
  • SaaS-Software as a Service

    • Content providers
      • Play Store
      • iTunes
  • Big Data – Security and Privacy

    • Diverse Scenarios
      • China encryption exclusion
      • Native American Land
        • Native American People
        • Four States – A nation within a nation
      • Victims of Crime
        • Monitoring Criminals upon release
        • Victims forced into re-active and protect
          • Opt In versus prevent and detect
      • Minor Children
        • Forced into re-active and protect
          • Opt in versus prevent and detect
          • Restore rights of children by using  a platform approach to parental consent

New Jobs US Workforce – Use Case Tribal or Indigenous People delivery support model

  • Tribal Solutions
    • Community Support Model
    • Cradle to Career
      • Zero to Five – Pre-K
      • K-5 Elementary
      • Middle School
      • High School
      • Community College
      • University
      • Workforce Development
        • Technology adoption
          • Cyber-security
            • Exclusion of tribal land and information about Native American
            • Migration to bio-metric identification system
            • Master Data Management
              • Single Record for every person
                • Bio-metrics for single sign on
                  • R&R, Parent Voices
                  • Minute Menu
                  • Social service and TANF
          • Reverse Engineer from collectors to Content push
            • Records Management
          • eRate
          • Securing education solutions
          • Six Sigma champion model
        • Workforce Development
          • University
          • Community College
          • Leaving High school with Child Development Certification
          • Adult Education
    • A nation within a nation
      • Rebuilding the Lakota Nation
      • Reverse engineer the tribal authority across four states
  • Open source solutions

    • Universal Ionic Framework to enable rapid replication in any part of the world
      • Rapid Deployment using templates

Unknowns we MUST factor with our new Data Specific Roles

Data Experts or Gaps in other Business Roles

Very smart people “who simply are motivated by mass processing”  “the bigger the greater the accomplishment or assumption of meeting a higher level of expertise”.   Very smart people in business roles are still scratching their heads about how the audits continue to imply workarounds are being allowed in controlled applications.

The problem is conflicting objectives and motivations without accountable leaders to manage the corporate policies within an organization.

  • Add in two parts social media strategy where workers are encouraged to promote and support positions irrespective of the validity or integrity.

The limitations with this audience relates to the non-technical outcomes caused by big data concepts.

  • Personally, I am not as supportive of data expertise or segregated roles based on the threats the resources can influence and lack of transparency amongst the authorized and entitled stakeholders or exclusions which allow an offline threat even when informed the long standing opposition to process and records as controlled information that must be retained as records via an image versus returned to data from a record format.

I am much more the resource from the following roles;

  • Data people do not agree and have had a long standing opposition with business process stakeholders.
  • Data people also have a long standing opposition with Records Management stakeholders.
  • Data people don’t usually do well with Enterprise Architecture or have traditionally been an afterthought in EA.

If the above is true, who has commissioned the tons of data and for what purpose?

  • The use cases are very much niche or limited audience only
    • Information used to bill or invoice any customer is a protected data set with the highest confidentiality within an organization or agency
      • Few experts acknowledge this vital corporate policy

What does it mean when a data expert does a data type change or creates a new physical table?

  • The source system may not referential integrity with an offline shadow application

Changing a report, connecting or changing the source data in order to present insights has the greatest threat of being misused by the sponsoring business stakeholder. Far too often the business stakeholder is actually an IT team within a business unit who’s implementation failed adoption or was incorrectly implemented (irregardless of who failed) and the fastest way to mask the problem is to produce insights that say the implementation went well and nothings changed.

Software Assets – Investments

When an organization or agency plans a purchase of software from a 3rd party or an external software company as an example in transforming to cloud solutions, the purchase either includes a one time fee;

  • Public Cloud-An annual subscription by user, plus all cost to get your organization migrated over to the new solution and an annual maintenance fee.
  • Hybrid – An annual subscription by user, a partial in house solution with cost of any in-house servers and storage, migration and annual maintenance fee.

In the case of a cloud solution, the annual maintenance should cover all normal events.  If you find your organization being asked to pay for cost or hearing “performance issues” or customizations that prevent your organization from introducing updates on a regular basis. These are all symptoms of an operational, quality and governance situation.

In some situations;

  • the cloud provider may not be qualified to manage or host a cloud solution.

Your 3rd party software provider – has a list of exclusions and charges added fees due to implementation decisions

Cost Saving Projections

If you were supplied a proposal to purchase software for a business unit, you must ask questions about the return on investment or total cost of ownership.  Far too often business people assume software solves people, process or technology problems without performing the appropriate process benchmarking exercise with people who are unbiased.  People who are not going to be politically motivated, not to say these resources would not be sensitive to the stakeholder political points of influence, the most qualified resources being outsourced to an organization specializing in Benchmarking or a mature organizations Business Architect leading with Enterprise Architect validating.

Having an inventory of the capabilities and tools purchased with the same capabilities isn’t unusual, not all software tools are known for or specialize in all capabilities instead the vendors design a solution that a company can buy and use without any integration to meet small and medium customers needs and the large global customers need to rely on their IT Architecture teams and data architects to redirect the software to the source based on policy and procedures defined at the corporate policy level.

An example; Customer capabilities

Every software package I’ve evaluated in the past 20 years, has the ability to create a customer.

A party management capability ensures the appropriate controls are designed into an architecture with a segregation of duties by design.   The create, read, update and archive must be honored and monitored or proven to annual audit stakeholders and may force an organization to restate their performance in cases where an organization or agency fails to manage the due diligence scope prescribed in General Accounting Acceptable Principles.  Non-GAAP revenue outside the innovation or advanced technology risk typically reported in a footnote or excluded from GAAP performance.

If an Enterprise and Business Architecture team isn’t an invested resource supporting the organization or agency or if these resources are unaware of the risk and severity.  We have a large audience who’s perfectly aligned to their culture and the unfortunate risk for the company happens to be a WICKED problem.

Test my theory;

  • Has your organization agreed upon the definition of a customer?
  • Does the definition align to Business or was a decision made internally by consensus?

Define the Problem in measurable terms

The organization has operational waste that may has a high probability to impact both top and bottom line financial impacts, considering the stakeholders in an operational waste situation the probability is high for threats to reputation, competition and regulatory risk.

Measure the Problem

  • How many applications have the customer create capability?
    • Have the features been disabled?
    • Have the features been reduced to search from a trusted source (ERP not tables in an EDW)?
  • If the application answers “no” to either of the above ask the following;
    • How many of the features data points are prompting a user to enter without searching first?
    • How many of the data points are controlled to the ERP entry key controls.

Analyze the Problem

  • The results of application features not disabled must be considered people and process waste for the users in the application workflow.
  • The results of application features not disabled must assume forced rework, over-production, over processing, and lower quality in fact another back-end process may be in place to cleanse or match these forced entries.
    • Nearly all organizations outside the control super user  group have an incentive to use the capability.
      • Most employees are not expected to understand how these corporate policies and procedures translate into the span of the employees control.
        • Issue: Culture doesn’t promote the employees accountability
        • Issue; Leadership Gap or Management Deficiency
        • Issue; Employee Competency Gap

Containment transition to Improvement

Motivation Cost Effectiveness and Efficiency-Financial, Competitive, Reputation, and Regulatory

Physical Security – Executive Officers 404 assurances-The part of the risk that D&O insurance cannot cover for any executive officer.

  • Each of the types of offers on a revenue transaction which are advanced or innovation (emerging) offers should have not been billed and MUST be deferred until First Customer Ship, + all items in the offer have been delivered and system turned up and accepted by a customer.
    • Every transaction prevents the accuracy by not deferring all revenue instead the norms are to allow the billing internally which often fails to reference the revenue recognition rules to meet sales projections or marketing forecast without a true performance gain.
    • ability to accurately report financial statements-all exclusions must be deferred for up to a year or more in cases of innovation or advanced technology.
  • Each user in the application violates up to 15 key controls with all transactions and consuming processes considered operational efficiency opportunities.
    • Include all threats for each transaction – understated in most cases only a single threat is reported.
    • In cases of a customer, the top line and bottom line financial impacts are far more costly than reported.
  • Each users transactions must be reduced from revenue and reduced from cashflow;
    • Reporting is forcing manual tools or analytical solutions outside ERP.
      • Not having met the control or procedures defined in corporate policies and international standards would expect all transactions be excluded from revenue.
        • Only reported as Non-GAAP revenue.

In fairness, the above would be the worst case scenario and it certainly isn’t politically correct to take this to your executives.

  • Instead most executives will support a security and resilience transformation.
  • The most effective way to transform these oversights.


Imagine being in a role where the executive hands you a stack of papers and wants to know why the organization has more than 300 applications charged by IT each quarter?

If you are in charge of tools and just walked in after implementation of a host of new 3rd party applications were launched and users refuse to use the new investments.

Well, imagine you retire or submit the retirement plan and move to a new role where you can ensure and influence the retirement of the legacy out of scope or shadow applications.  What if you are unaware the new team you joined actually happens to be the reason these applications are being charged to your former group?

  • What if you tell your new manager who designed half the applications that feed the list or use the list?
  • What if he announces he’s leaving the company immediately after you influence him to the depth and severity of the issue?

We must acknowledge resource motivations and respond with a solution that contains the threats to an organization.

  • Data people rarely acknowledge the in house analytical applications as an APPLICATION when passing through the SDLC.
    • The result includes a work around to following the security requirements of an organization.
    • The checklist mentality is being practiced.

I can agree only in situations where party, offer and financial account codes are not included in the scope.

  • I’d agree, the analytical component MUST imply a separation of concerns.
    • This cannot be true the way we define Big Data today.

The analytical component changes to a transactional shadow application when “get” or “create” commands are in the code.

  • Transactional application (shadow) must be managed for all security components.

What if those applications are only considered an application because of a transformation done outside the system of record.

  1. What if you performed time and motion studies on all roles in this functional audience?
  2. What if less than 50 of the legacy applications were being used by stakeholders?
  3. What if waste was being forced into the workflow on average seven times?
  4. What if six times the need was overstated in forecast and manufacturing?
  5. What if six times the need was being purchased and cost overages included people and process?

Unfortunately, Big Data has proven to include the above behaviors

Big Data Unknowns

How to identify if your organization has assumed a risk by investing in Big Data?

If your organization happens to be investing in and promoting Big Data; especially following a security and resilience transformation you may have not gained the benefits you intended.

You are unlikely to be positioned well for the cyber=security requirements and need to spend some time understanding the severity of risk with a discreet assessment.

If your organization hasn’t defined the priority zero data loss and zero downtime scope or you have more than 15 applications in this class of your resilience response testing each release, I’d suggest a discreet security assessment.

Priority 1 – Probable applications and systems in the zero data loss and zero down time class

The ability to create master records, with the Enterprise Resource Planning, Opportunity Management, Application Tracking System, CMBD, Extranet/Intranet, Records Management, Project Accounting, Supply Chain and Service Management Modules.

These transactions are the leverage points for most privacy, compliance, and security classification with highest protection or need to know only.

The threats for these transactions are always going to have the highest probability for all four security principle risk types in any organization or agency;

Retirement of Legacy Systems

In cases of any of the above mentioned gaps in your Enterprise Architecture or hosted solution providers;

  • The results are reported in a variety of ways without any in house expertise nor anyone having the motivation to understand the issues across functional boundaries.
  • Symptoms include lower quality customer data, as these other application users are being forced to enter a field they are not qualified nor authorized to enter.
  • Symptoms include higher number of null values in party tables
  • Symptoms include higher number of duplicate indices
  • Symptoms include higher pricing disputes
  • Symptoms include higher tax issues or disputes
  • The projected savings suggested in the original business case, often doesn’t factor retirement and in many cases people are not informed that the legacy applications were designed into the new application and cannot be retired.
    • Proposed TCO/ROI must assume no benefits to cost before or no possible savings when the cost has likely doubled.
    • The issues are always faulting the legacy system, in fact reporting issues against the new systems are far more likely to be impossible.

Be cautious when noticing anomolies in the reporting around the subjects, as you will find a report was modified.  The changes were unlikely to be put in place.

  • You did not achieve the benefits.
  • You have a report that shows “what if” you invested in the effort and it looked attractive.
    • However, no one took ownership of retirement of legacy systems.
  • You may have paid for the effort, but honestly moving or simply adding to the chaos was the only solution for data people are rarely able to nor held accountable for the dependencies as they are operating outside the system of record.

Offline Reporting or Analytical Insights

Instead you are the proud owner of a report that reflects a subjective view of the organizations performance

Insightful People

Don’t be concerned, you are not alone.  Many leaders fall for the “we can do that for only a fraction of the cost”, we are agile unlike most of the stakeholders.

  • Higher performance is proposed but you end up with higher TCO
  • Higher ROI (returns on investment) and you are managing the technology out of specification

Performance Gap

To help us understand how many people fell into the same trap, try counting the duplicate indexes or null values in fields like the zip code or state.

Benchmark the Big Data Solution

Any person, organization or agency should be reviewed in this context.  You will find that the largest tables are customers.   Now segment the three sub-types.

  • Identify the customer
  • Identify the supplier
  • Identify the employee

Assume every table suggests a unique list of customers or a list that has the subjective rules applied by people who build custom shadow analytical solutions.

Let me share the difference between analytical applications and operational applications.  Today these lines are blurred.  An analytical application is not controlled at the application source; it acquires the information transforms and then reloads.

Hail Mary

The primary root cause of data quality failures “the ETL” process and even fewer records are maintained by the developers.

The primary tool used to modify records or connect unconnected data sets happens to be an integration or ETL solution.  Curated or processed information being the newest and most relative terms used to articulate offline shadow applications.

These people are doing their work in fire drills and even the best Architects are only as effective as their clients demand them to be.  These resources are Miracle workers.  The challenge is they are not the right people to solve the problems.