The role of the finance team in organisations is changing. The finance team has become ever more responsible for creation of competitive advantage within the organisation; through driving insight and innovation quickly and responsively across the business.

The key concerns of finance have always been the streamlining of processes, the reduction of costs, and achieving rapid ROI and substantial IRR on investments. This has traditionally lead to a focus on efficiency and cost reduction at the expense of innovation and growth.

There is now a shift in focus from just being an efficient operation to a focus on engagement with customers, taking an outside-in view. This shift in focus requires a change in mindset and culture, both inside and outside finance. Further, it requires new ways of working and new technologies.

The CFO needs to get a clear understanding of the business needs and drive a can-do attitude to innovation. New ways of working combined with new technologies such as Serverless Cloud are key facilitators in this change. The business should be designed around what the customer wants, and it is not always the case that the business has a good understanding of what this is, particularly as it changes over time; these changes are becoming more frequent and unpredictable and can often catch the business out.

The drive for customer centric innovation is further hampered by legacy systems and inefficient technology practices that are a cost burden and barrier to innovation. Legacy technology processes are slow and expensive, a recent IDC report identified that 2/3 of delivered solutions are never or rarely used. This high level of waste in IT spend results in a poor ROI and IRR.

The CFO is looking for low risk, low cost outcomes that will deliver a high IRR and rapid ROI. Taking an outcomes based approach to delivering solutions, along with leveraging lean ways of working and Serverless Cloud Technologies driven by the CFO, is the key to successful Digital Transformation.

 

In a previous article we asked the question ‘Mobile App vs Mobile Website – What’s Best for your Business?’ and the answer ultimately depends on your business objectives and potentially a two-pronged approach could be the solution. However, if you have decided that your company needs a mobile app, then this opens a whole new debate on whether to go down the native or hybrid route (and if hybrid is the preferred option, which development framework do you use? But we’ll come to that later!).

 

Native or hybrid – what’s the difference?

Native apps are designed and coded for their specific platform (e.g. iOS, Android, Windows Phone etc.) and consider the differing needs of the appropriate range of devices. This requires more effort because each platform has its own software language (typically Objective-C or Swift for iOS, and Java for Android), development tools, user interface elements and Software Development Kits (SDKs). A native app written for one OS won’t run on any of the others, so if you’re looking to release your app, you’ll need to write separate versions for each platform.

Conversely, a hybrid app is a mobile app that contains a web view (essentially an isolated browser instance) to run a web application inside of a native app, using a wrapper that can communicate with the native device platform and the web view. This means web applications can run on a mobile device and have access to the device, such as camera or GPS features. Hybrid apps are possible because of tools that have been created that facilitate the communication between the web view and the native platform. When a hybrid app is built, it will be compiled, transforming your web application into a native app.

 

Which is the best route to take?

This decision comes down to your own individual circumstances. When launching a hybrid application, one of the main appeals is that you build it once, and then release it across multiple platforms. One UI – nice and simple. That means hybrid apps are 1) easier to build, 2) take less time to market, and 3) maintain one code base.

The trade-off is the user experience. The downside with a hybrid app is that even the most brilliant user experience architect cannot truly build an app that caters to the two dominant user types: iPhone and Android. Their style guidelines are simply too different, and from a design perspective any decision becomes a compromise which, on a case-by-case basis, must be weighed against all other strategic/tactical factors. Native apps are also generally faster, more reliable and more responsive than the alternatives because there are fewer layers in between the app code and device hardware. This also means that they have access to the full range of device capabilities (e.g. camera, microphone, GPS, accelerometer, battery level, and other onboard sensors) as well as OS-level apps and features (e.g. contacts, calendar, tasks/reminders and health data etc.).

However, despite native being seen as the premium option, there’s recently been a big shift to cross platform development to hybrid. Maintaining one source code is very appealing because new features are also easier to develop and deploy. Conversely, bug fixes are platform agnostic and can be done and released easily to production. Lastly, hybrid apps are distributed through the app store like all other apps which means the user will not see any immediate difference between a hybrid and a native app.

So, if a company follows the philosophy of “falling forward fast” and learns from user analytics while potentially reaching out to 90% of all users (that’s the combined market share of iOS and Android users), then a hybrid application could be the right approach. However, how important is the trade off in user experience? If your app is internally focused (for your employees) then simply having the appropriate functionality will probably suffice. However, if it’s customer facing then can you risk a poor user experience? While 79% of consumers would retry a mobile app only once or twice if it failed to work the first time, only 16% would give it more than two attempts. Poor mobile app experience is likely to discourage users from using an app again. You might get one chance to get it right. But you almost certainly won’t get a second.

 

The final debate – which hybrid development framework?

If you have chosen the hybrid as your preferred option, the final decision to make is which development framework to use. To reduce the line of difference between native and cross-platform mobile apps, the app development communities are striving hard to develop new frameworks and tools that can not only compete with native apps, but also have the potential to win the game. Xamarin, React Native, Ionic and Flutter are popular examples of such tools.

Below is a comparison of these tools to highlight the qualities that make them different from one another, and hopefully highlight the best one that you should choose.

 

Attribute
Programming Language	C# with .net environment		JavaScript + Swfit, Objective-C or Java	HTML%, CSS and JavaScript + Typescript	Dart
Performance	Xamarin iOS/Android	Xamarin Forms	Close-to-native	Moderate	Amazing
	Close-to-native	Moderate
GUI	Use Native UI Controllers		Use Native UI Controllers	HTML, CSS	Use Proprietary Widgets and deliver amazing UI
Market and Community Support	Strong		Strong	Strong	Not very popular
Code Reusability	96% of code is reusable		90% of code is reusable	98% of code is reusable	50-90% (approx.) is reusable
Pricing	Open-source + paid as well		Open-source	Open-source + paid as well	Open-source

 

For cross-platform development, all four frameworks have gained reliability among organisations aiming to decrease the time and expenses of app development. And depending upon your priorities and business needs, they can all be useful.

With growing mobile internet usage, implementing a mobile strategy is crucial for modern businesses. However, when you look at the mobile market today, with its many operating platforms and devices, it’s easy to get confused and can be difficult to decide what exactly your strategy should look like, as well as what kind of application do you need. The most important thing to focus on is to be specific about your goals. Do you want to attract a particular demographic to your brand via your app? Increase customer retention? Or brand awareness? How important is the trade off in user experience? Each of these requires different approaches and considerations. Of course, you could want it all, and it is possible to achieve it, but the more realistic you are about your mobile goals, the more likely you are to meet them.

There’s no hiding the fact that mobile has revolutionised the business world. With the advances in mobile technology, it’s provided opportunities for organisations to connect more people into enterprise-wide applications. Faster wireless networks, broader coverage, increasingly powerful devices, different input technologies, and state-of-the-art development tools have all contributed to the mobile revolution currently in progress. Combined with the rise in the number of remote workers and field workers, who potentially don’t have access to a desktop or laptop, mobile enables constant connectivity with an organisation.

Not only has the number of mobile-only internet users overtaken desktop-only, but app usage has also surpassed desktop usage. As a result of this shift, companies are re-thinking their mobile strategies. The major question that they have been grappling with however, is whether a mobile app or a mobile website is the right way to go?

Many argue that you don’t need a mobile app, you just need a website that looks good on mobile devices. Others say that mobile apps have benefits that a website cannot provide. However, when digging a little deeper, there are a myriad of factors that need to be considered before deciding. When it comes to different mobile mediums, it can be difficult to determine where to focus your efforts. Each offers its own benefits, and one isn’t necessarily better than the other, depending on your business needs.

 

Mobile App vs Mobile Web – So, what’s the difference?

Both apps and mobile websites are accessed via a mobile device such as a phone or tablet. A mobile website is exactly as it sounds. It’s a website that consists of browser-based HTML pages that are linked together. Responsive websites are designed for different platforms and adjust to different screen sizes and layouts and are becoming increasingly standard. Like traditional websites, mobile websites can display text content, data, images, and video. They can also access mobile-specific features such as click-to-call or location-based mapping.

Mobile apps, on the other hand, are applications that are downloaded and installed on a user’s mobile device. An app can pull content and data from the internet, like a website, or it can download the content so that it can be accessed without an internet connection.

In doubt about which one to choose? Read on to understand how a mobile responsive website and a mobile app can benefit your business in terms of audience reach, activity type, functionality as well as maintenance complexity.

 

Do you want to reach a broader audience?

Typically, mobile websites are seen as being more suited as an acquisition channel and may be the first time people are experiencing the company. If someone comes across an unfamiliar brand or are researching potential suppliers, they would normally use a search engine like Google. While both apps and mobile websites can appear in search results, individuals generally explore a company via their website first. The rationale for this is that the user doesn’t have to download or install anything for a company they know nothing or very little about. Another advantage of a mobile website is that it can be accessed via any device regardless of the OS it’s based on. Therefore, mobile websites are a good choice for establishing initial awareness and engagement.

However, once a user has a strong relationship with a brand, apps come to the fore as they can create more of a personalised experience, customer-user interactions and retention. For example, many food and drink outlets apps (Starbucks, Greggs, KFC etc) enable users to receive loyalty stars for purchases that can be redeemed for free food and drinks later. Users also spend a substantial amount of their time on their mobile devices and so encounter the apps they’ve installed on their devices, almost every day. Even when users are not actively using a mobile app, they are still reminded of the brand associated with the app. The icon of the app acts like a mini-advertisement for the brand.

 

What activity will your users be engaging in?

A user’s decision on which way to access the internet largely depends on the type of activity they want to engage in. For instance, although responsive design is much better than having to ‘pinch-and-zoom’, it isn’t an optimised experience for mobile visitors. At its core, responsive design makes the desktop experience look good on mobile, but it doesn’t address the specific needs of mobile visitors. Mobile websites are preferred for reading content through articles or blogs and searching for information, however when you are needing to have a more intricate engagement then apps start to take over.

Mobile apps run with their own interface environment which enables users to become more immersed in the mobile experience. They’re built with a purpose, for example, more convenient banking, or to be able to provide availability and booking of work shifts. They address user pain points and make it easier for users to achieve a goal. Therefore, in order to determine the best approach, careful consideration needs to be made around ‘why’ the users will be accessing and ‘what’ they’ll be doing when they get there.

 

Do you need mobile native features?

Mobile devices earned their popularity not just because they fit in the pocket, but also because they’re filled with features such as Bluetooth, camera, GPS, contact list, speech recognition and much more.

Since native mobile apps are designed specifically for each target platform, they can immediately access all device-specific features. It’s also feasible to leverage required mobile functionality in hybrid apps with the help of PhoneGap or Cordova. Cross-platform React Native apps can also access native functionality using native modules.

Mobile internet browsers are helping to bridge the gap between an app and a website. However, user experience may depend on the OS and browser one chooses. Not all functionality is currently available e.g. while both iOS Safari and Android Chrome can support geolocation, they still lack geofencing functionality. A responsive website can also strip you of access to contacts, SMS sharing, task scheduling and wake lock.

 

How often will you be updating?

In general, a website requires less effort and cost for its maintenance compared to mobile apps. For example, you only have to edit your website once and the changes will be immediately active across all kinds of devices. However, editing a native mobile app is a more complicated procedure. After an upgraded version for each OS type is prepared, it should be approved by the marketplaces.

On average, it takes from 24 hours for 50% of apps and 48 hours for over 90% of apps to be reviewed on App Store. While Google Play suggests waiting for at least 24 hours for an update to appear before contacting its support team if it still hasn’t gone live. The end-user also has the option to set automatic updates on or upgrade an app manually after each update to get the changes, so even though you have updated your app the end-user may still be on an old version.

Since hybrid apps leverage HTML5, you get the ability to update an app without asking a user to upgrade it on their device. It allows for easier app management by enabling developers to implement updates and fix bugs as needed. In addition, there is no waiting time to get the update approved. Cross-platform apps built with React Native can also benefit from the Over-the-Air update feature.

However, for some significant upgrades like adding new features, it is recommended to send out an app to an app store for review.

 

Do you want your users to be able to work offline?

Responsive websites require a constant Internet connection. Of course, you can save a certain webpage for offline reading both on iOS and Android, but for anything else you need to stay online.

However, apps have greater flexibility to work both online and offline. While it may not be such an issue for the “first world” countries with increased internet accessibility, it makes a difference for developing states. If your users will be using their own phones and data tariffs, they’d probably prefer to have access to an app’s data anytime and anywhere at no cost to them, and so it would be better go with an app. Let’s take the example of a banking app again, the app can provide features like tax calculation, instalment calculation, and determination of loan limit and allowing these features to work even without the help of an internet connection, it can increase a company’s productivity greatly.

 

 

You can’t ignore cost, speed of production and maintenance

Depending on complexity, a responsive mobile site can be more cost-effective than mobile app development. This holds true if you want your app to have a presence on more than one platform. The main reason is that instead of one responsive website you have to develop at least two apps from scratch (one for Android and one for iOS). This, in turn, entails twice as much work and resources, in addition to bug fixing and adding new features. It also makes maintenance cost higher.

Yet, as we have already covered responsive websites can’t provide a full-scale mobile experience and you still have to pay for domain and hosting. However, if you still want an app, but do not have the time and budget for native apps development, you may consider going hybrid or cross-platform. Both approaches require building only one app for all platforms, which means shorter development time (including later updates and new features integration) and efficient maintenance. For example, Ionic 2 code is nearly 100% reusable. Such apps will run seamlessly regardless of the OS. Though some UI components still need to be adjusted to the target platform requirements.

 

So, which is the better option?

When it comes to deciding whether to build a mobile app or a mobile website, the right choice simply depends on your business objectives and ultimately, budget. If your goal is to offer mobile-friendly content to a wide range of people, then a mobile website is probably the way to go. However, if you want to better engage, interact with, and communicate with your customers to drive customer loyalty, a mobile app is an excellent choice. In many cases, you may decide you need both a mobile website and a mobile app. If done correctly, both can be a strategic and a valuable choice. So, when it comes to your brand’s mobile strategy, it’s not a question of a mobile website or a mobile app, but perhaps a two-pronged approach could be the answer.

 

To discover how Arrk can help you with your mobile application development, find out more here.

Having recently talked to several companies about their CRM systems, I’ve been astonished by the amount of people who said that their CRM wasn’t helping them to do their job better – and some even admitted having to come up with ways to work around it. And the one element of commonality about all these discussions was, that in their opinion, the blame lay entirely with the system.

Working in marketing for more years than I care to remember, I have used several different CRM systems. And while some were better than others, I’ve always found that they improved the way the marketing team operated with the insight it gave us to what was working and what wasn’t, being invaluable. Which got me thinking – have I just been lucky or is there a recipe for CRM success?

Now, I am not a CRM expert as I stated earlier, but I have been an end user for many years. Having moved to my current employer, Arrk, just over 6 months ago (who among other things develop CRMs for companies), it’s only now that I’ve seen the power that a CRM can bring to the whole company – for example I didn’t know that CRMs such as Microsoft Dynamics have Case Management modules! And even though I was already an advocate, I have found out that I haven’t been using it to its full potential.

There are several blogs/articles out there about the benefits a CRM can bring to a company. So, I thought I would take a slightly different approach, and because of the war stories that are out there, address a few of the reasons that I’ve come across as to why companies are NOT looking to invest in a CRM.

 

Excuse 1 – ‘I have used a CRM before and it was rubbish’

A previous bad experience is probably the most quoted reason why CRMs are dismissed. This goes back to my initial observation, where the system was being blamed for poor performance and not how it had been configured and launched within the business. Yes, there are CRMs on the market that may not be fit for purpose, but many are. However, they are a piece of software and should not be expected to work straight out of the box. Implementing a CRM should be considered as introducing a customer centric strategy, not a software tool. It needs to be moulded around business processes and should be a cross-functional initiative, not just seen as a sales or marketing tool. If your business does not treat the CRM in this way, it is doomed to fail – but is that the system’s fault?

 

Excuse 2 – ‘We need results now and can’t wait for it to be implemented’

The decision to implement a CRM should be to improve your business and not a knee jerk reaction to under-performance. But in fact, the preparation you should undertake before you implement a CRM will have an instant positive impact on your business too. The fundamental principal of a CRM is that it should reflect your customer journey, and the business processes for each element of the journey should be established and replicated within the system. By reviewing your current ‘as is’ processes and challenging their validity with regards to delivering the optimum customer experience, you will identify how they can be improved and can then implement these changes straight away. As well as preventing individuals from doing their own thing, an effective business process also standardises best practice, which results in a consistent customer approach – giving an uplift in customer experience which will impact performance.

Excuse 3 – ‘The sales team won’t use it as they think it’s just there to manage their performance’

This could actually refer to any user as a lack of adoption is probably the main reason why CRM projects fail. People can be suspicious of technology and systems, resulting in a ‘big brother is watching us’ mentality. This could be because employees see it as a way for management to use CRM stats solely as a performance ‘metric’ (again not the system’s fault), but also because end users have not been involved in the project from the start and the system has been delivered to them with minimal training and support. The focus then becomes what the system does and not why the system was introduced. If you take sales as an example, the CRM should enable individuals to be much more effective with elements such as lead scoring and next steps prompts supporting the sales process and increasing conversion rates. Gaining an understanding of what types of leads convert the best also opens conversations with marketing colleagues, as you start to work more closely together in refining your target audience. Including influential people in the project team that get to see the bigger picture and have some input into the design structure, will often prompt them to champion the CRM within their own team and help drive adoption across their peer group.

 

Excuse 4 – ‘We have people all around the country and out on the road, so it won’t get updated’

This is actually one of the major benefits of having a centralised CRM system, as it’s accessible through whatever device a user wants to use e.g. a desktop, laptop, mobile etc. Not having everyone under one roof is often the excuse given as to why multiple different systems, spreadsheets, scraps of paper etc are used to store customer data. This results in a load of duplication and customers complaining that people in the company don’t know what each other is doing. Worse of all it runs the risk of a sales person leaving and other team members not knowing what leads they were working on, where an opportunity is up to, or even who they were speaking to! People can now sit in their car, on a train, at home or in an office and have real-time access to every individual customer interaction and update the information there and then. Emails can be automatically synced against contacts and workflows can be introduced that alert people in multiple departments based on the outcome of meeting/call etc. Managed effectively, CRMs bring people together regardless of where they are on a daily basis, which can only be a good thing.

 

I am not trying to belittle the investment a company needs to make (both financially and resource wise) to deliver a successful CRM strategy, quite the contrary! I believe that like a dog, a CRM is for life and not just for Christmas. However, I have experienced first hand the benefits a CRM can deliver and am now aware that there is far more potential still to unlock. It would be great to hear your own experiences, the good, the bad and the ugly, and if you are interested, we have a free online CRM maturity assessment and other CRM related insights on our website that you may find interesting.

 

Richard Leech

Head of Marketing

The insurance industry has remained much the same for decades and, due to a risk-averse culture, particularly resistant to change. Before the advent of new technologies, it wasn’t a competitive market where new players could easily enter. That’s all changing.

Insurance has now become ripe for disruption by insurtech in much the same way as banking has by fintech. In fact, UK insurtech is thriving, and attracted $1.7 billion in investment in 2018. And startups are beginning to move in on the territory of insurance giants, who are themselves beginning to change their service models.

What is Insurtech?

Insurtech is a subset of fintech. It’s the technology that lies behind the creation, distribution and administration of insurance business. Smartphone apps, wearables, claims processing tools, online policy handling and automated processing are all insurtech. Insurtech is useful for collecting and analysing customer data to provide a better service.

If a woman is setting off on a backpacking trip to South East Asia, she wants her insurance in a few clicks on her iPhone, instead of having to trawl through lots of online forms or, even worse, ordering over the phone.
Someone travelling a short distance for two days deserves much cheaper insurance than someone on a week-long skydiving trip in South America. Startups can begin to offer insurance for just one hour for someone borrowing a friend’s car.

Big Data, Artificial Intelligence (AI) and the Internet of Things (IoT) are the current focus of insurtech, with the majority of invested capital going into these areas.

Impacts on the insurance industry

Insurtech will force the insurance industry to step up its game in terms of customer service and offerings. It’s no longer going to be a case of doing things how they’ve always been done.
The challenge is making sure that insurtech is attractive to consumers. This means delivering tailored products, rather than one-size-fits-all. Consumers also want their insurance products to be delivered through mobile.

There is a polarisation in insurtech between use of technology by incumbents to adapt their existing service offering to a changing market, and disruptive startups angling for market share. The common link is the consumer, who will choose between established players and challengers, or use a mixture of both.

Insurance companies are investing in startups to help them drive the innovation they seek, seeing this as an opportunity rather than a threat.

Advantages

Rather than settling for costly products that don’t really fit their needs, insurtech empowers customers to take control of their insurance. They can demand the products that really benefit them.

Insurtech can better reflect the nuanced reality of a consumer’s everyday life, rather than force them to fit in an industry’s narrow definition of their needs. Insurtech can also make the process of obtaining insurance much easier, as insurtech startup Digital Fineprint show with their software that fills out your insurance form based on social data.

AI technology can be used to provide a tailored service for consumers. It can quickly summarise and present the most relevant and useful products far faster than a human could. Insurify is an insurtech startup that uses artificial intelligence and natural language processing to make it easier for consumers to buy their car insurance online.

The IoT can provide insurers with detailed data about customers to help them develop and offer the right products at the right time. For example, tailored insurance for motorists can be based on data sent to insurers from their car. The most responsible drivers can benefit from a discount to their insurance.

Challenges

In the past and now, innovation has been partly stifled by the complexity of products and services, which few outside the industry understand, and consumers often find confusing.

Insurance is also not as exciting for consumers as other products which technology has already disrupted, and the insurance industry suffers from an image problem.

It’s difficult to market products in a way that lots of consumers find appealing, especially for the younger generation. It can be tough for people to think about some typical products such as life insurance.
Regulations will be a barrier for startups looking to disrupt the industry. The culture of the insurance business is notoriously risk averse, at odds with the agile and disruptive methods of startups.
On the other hand, companies must remain vigilant to ensure that data collected to determine insurance policies doesn’t discriminate against certain groups, and also maintain the privacy of users.

Wrap up

Despite the UK’s decision to leave the European Union, a recent report by Accenture reveals that investment in insurtech has doubled in the past year. Once market confidence recovers, insurtech will be back on its way to an estimated growth of £253 billion by 2021.

London is still the capital for fintech in Europe and major innovations will be happening there. We can look forward to a future where the needs of consumers determine the insurance products on offer, and technology makes the whole process easier. Even fun.

 

Working with insurance companies, we look to further the spread of insurtech that’s out there. Why not find out how we can help you by reading one of our finance industry case studies – Premium Digital Solution Accelerates Loan Applications.

Digitalisation is sweeping every area of modern life, and any business that fails to keep up with this trend will be left behind. Companies need to adapt and utilise digital technology in all areas. But whose responsibility is it to take charge of digital transformation?

Until recently, CDOs (Chief Digital Officers) were primed to take on this new challenge, but change is upon us yet again.

The digital transformation just won’t stand still.

 

The need for a CDO

Long gone are the days when digital technology was an outside-the-box innovation. It’s essential to how modern businesses are run. Those who don’t get on board are essentially sailing against the tide, while competitors sail off into the sunset.

That said, with so many different types of technology and areas of implementation, managing a digital transformation is no mean feat. That’s why, in recent years, the role of CDO became increasingly common among businesses.

In 2017, PwC found that 19% of companies have a CDO or equivalent, up from 6% in 2015. The numbers varied by country, with a digital leader at 62% of French companies, 39% and 35% in Germany and the UK respectively, and an average of 38% across Europe.

 

The problem with a CDO

Much like digital technology itself, modern business is dynamic. Already we’re seeing a new trend on the horizon, with CEOs (Chief Executive Officers) taking on the responsibility of the CDO. Why? In short, digital transformation is quickly becoming the top priority for businesses.

Typically, CDOs report to the CEO of a business, freeing up their time to focus on other aspects of the company. The CDO themselves don’t have the authority to commit resources – financial and staff – where it’s needed. Or at least not with the immediacy that’s required.

 

Shifting responsibilities

That’s exactly why firms are fast realising that the digital transformation is exactly where the CEO’s focus is needed. They have that authority, along with the position and ability to get the board on side. So, when firms are hiring a new CEO, they are typically looking for someone capable of taking on the CDO role themselves – rather than someone who will delegate such a crucial responsibility.

MIT’s Sloan Review found that a massive 41% of digitally mature companies – those who are closer to an ideally transformed organisation – put the responsibility of digital transformation with the CEO. Similar figures are true for digitally developing companies with 31%.

It’s only those early on in their digital transformation where things differ. Most commonly for these companies, it’s the IT department and CDO (23%) who take charge of digital technology. Clearly, there’s something to be said for the pattern on businesses shifting responsibility as the digital transformation moves further down the line.

 

Why the shift?

While an IT-centric approach is useful in the early stages of digital transformation, it isn’t the sole concern. In fact, as organisations mature digitally, the IT department typically has less control over the digitalisation process.

Why? Digital transformation isn’t just about technology. Far from it, people and process are just as, if not more important than the technology being used.

With a CDO focussed solely on technology and its applications, rather than the people and business more broadly, there’s only so far they can take the transformation. The result, in some cases, is a technology-led transformation with sophisticated technology that doesn’t meet the requirements or get the buy in it needs from the business to be a success.

CEOs on the other hand know all about a business. They know the culture, the workforce and the objectives both overall and in various departments. Or at least they should. If this can be combined with digital competence, effective management and the vision to apply the right digital tools where required, we can certainly expect to see more CEOs managing digital transformation moving forward.

 

If you want to find out how far along the digital transformation journey your company is, why not take our Digital Maturity Assessment? 

In my interview for Arrk, I was asked what I wanted to get out of this job. If I remember rightly my response was something like: “I’d like to learn all about the computer systems that are increasingly pervading every aspect of modern life.” I am now in my 8^th month.

When I started there was no predefined role for me. I am a physics masters graduate with interests in what sometimes feels like too many things. At the interview I was asked “What area would you like to specialise in?”

I replied: “Anything really – I’d probably be more competent at backend programming due to the scientific nature of it. Data science is something I would find my feet in with some speed, can I learn about machine learning? Hang on, I’m also really interested in Human-Computer-Interaction and information design so maybe I’d like to try my hand at UX (I was a little concerned that this would show me up as being jack-of-all-master-of-nothing – Maybe I should show them the bajillion and one ideas in my notebook?)”

In my first week, another new employee, Jake (a BA from IBM) and I were given a project: design and build a tool to assist with the “alignment and propagation of goals throughout Arrk”.  We spent the next four months working with a team across Mumbai and Manchester, researching, designing and building. The whole team was open and supportive, which as a newcomer was really reassuring.

Along the way I tried my hand at the following…

 

Design Thinking

The first few weeks of the project was all about research and design. We conducted some internal Design Thinking sessions. Design Thinking is a creative strategy for solving problems. It takes you from discovery and specification of a problem, through design, iteration and then a proposal of prioritised work ready to be designed. It was also a great way to get to know other employees – interesting to see how other staff members reacted to how a newcomer might go about such a task. It did feel as if my mistakes were valuable. I even feel like we made a ‘mArrk’ on their methodologies.

UX Design

With guidance from an experienced designer, Jake and I designed the interface for the first release of our product. We crafted paper prototypes, tested and improved them. We then built digital simulations, conducted user tests and iterated. My main lesson from this has been ‘build for the user, not the machine’.

Programming

Studying for a physics masters taught me computing methods for solving equations, data analysis, lab work, microcontroller programming and more. After four years of scientific computing, I thought I understood programming. How wrong I was! Building software with a distributed team is very different. New areas for me included front-end development, databases and working with frameworks.

 

It feels quite unique to be working in an organisation with such a flat structure and open culture where failing (fast) is encouraged and ideas are never shot down. To see a project through from its inception in your first week of a new job, through development and into delivery is an extremely valuable experience to have. When an exciting customer facing project came along next, we were now ready to jump straight in!

 

Do you have what it takes to join our rapidly expanding team? Visit our careers page to see some of the exciting and extremely rewarding vacancies we have to offer.

First adopted in April 2016, the General Data Protection Regulation (GDPR), which becomes enforceable on May 25, 2018, has been met with widespread controversy. Many of its elements – including the need for many organisations to have a Data Protection Officer (DPO) – have been seen as burdensome; while others have accused it of not being thorough enough, highlighting its focus on cloud providers and social networks rather than the handling of employee data.

Yet wherever you sit on the “positives” and “negatives” of GDPR, the reality is that it’s coming and it’s going to change the way most of us do business. So now perhaps is the time to look on the bright side and see how you can make it work for your organisation.

So, what are the changes?

The changes under GDPR are quite extensive, but here is a brief breakdown:

Accountability

Organisations will now be more accountable for personal data protection. They will need to have security measures to protect against data breaches and make sure they quickly notify individuals if a breach does take place. In addition, depending on your processing activities, you might need to have a Data Protection Officer who will firmly understand data privacy as well as the ability to apply it to law.

Privacy

Firms will need to examine their data and the way they handle it much more effectively so that it is secure right along the chain. Known as privacy by design, there should also be increased transparency in terms of both data and data transfers.

Enforcement

Enforcing data protection will now be stronger than it has ever been with data protection authorities having more power than ever before. Fines can be as much as four per cent of your revenues globally.

 

So, how does this benefit your organisation?

There are actually a host of potential benefits that come along with GDPR. Here are just a few:

Enhancing security is never a bad thing

In a year in which we’ve seen such notable cyber hacks as Wannacry and Petya, not to mention seeing giant firms like Yahoo and Uber breached impacting millions of users, should we really complain about something that is designed to ensure we take data security seriously? The impact of a cyber breach can be massively significant – not just the potential ransom that might be attached to ransomware, the downtime that your firm may suffer, but also the harm to its reputation. The measures introduced by GDPR are designed to minimise the impact of a breach and help to limit the chances of them taking place in the first place. That should be embraced.

Getting to know your customers

While compliance may be complex there are many benefits to be gained because the individual is front and centre of the requirements. GDPR establishes regulations for companies to adhere to around personally identifiable information – and to do that, they must first identify that data, determine how to process and store it, and then make decisions about its usage. By organising data you could gain valuable insights about your customers and then leverage this into your customer service as well as your marketing and sales campaigns. Do it right and what seems like a headache could quickly turn into a money spinner.

It may not be as hard as you think

Compliance doesn’t have to be a tumultuous task. A number of banks have already turned to operational data hubs that are built on a NoSQL database – this automates a lot of processes and reduces the risks of not finding data or not being able to carry out certain actions within a set timeframe. This in turn should help you avoid those dreaded fines.

Improving your reputation

Given the present climate, customers are actively looking for assurances that their data is safe. By not only meeting the regulations of GDPR, but potentially surpassing them, your business can stand on a stronger footing. Indeed taking steps to go beyond the norm could differentiate you from competitors – think of a bank that lets customers store their own data, or an online retailer that offers incentives to customers to supply data rather than simply using a third party for targeted marketing. With many organisations looking to just hit the bare minimum in terms of GDPR compliance, you can stand out from the crowd.

Taking advantage of change

Many firms are already seeing the positives of GDPR. Broker Network, the UK’s largest network of insurance brokers, recently told Insurance Business that GDPR is an “opportunity for them (brokers) to go out and speak to their customers.” It noted that a breach occurring is actually a much higher risk than a flood or a fire – and so by brokers helping businesses to apply GDPR and mitigate this risk, there are savings to be made for client and broker alike.

Indeed that applies to a variety of businesses – you now have the chance to get to know your customers on a new level, apply that to your marketing and sales, offer a cleaner service and also protect your reputation. GDPR compliance is going to take some work – but when that finishing line is passed you’ll feel like your business is the real winner.

 

Why not come along to our GDPR morning briefing on 6th December at Shakespeare’s Globe, London. View the full agenda and register for the event here.

Empowered customers are shaping and redefining the way business operate, they demand consistency and excellence, be that in-person or increasingly across a complex web of digital environments.

Thus the term “Age of the Customer” was coined, an acknowledgement that the customer is now firmly in the box seat, with the collective power to shift business strategy, lay waste to decades of shareholder value, or present a golden opportunity for forward-thinking and fast-acting organisations.

So, what does the Age of the Customer have to do with a winning membership engagement strategy? Simply put, your members (and future members) are also empowered customers, expecting the same levels of personalisation, innovation, consistency and communication channels as they would if they were making a purchase. Therefore, in the same way the customer-led market has shifted towards innovative use of technology and integrated messaging, so too the membership association must follow suit.

A satisfied and active ecosystem is the core ingredient of any successful association. A robust and affluent association is one that keeps its members engaged by consistently participating and engaging with its members in a personalised experience manner.

Therefore, forward thinking associations need to execute on the following strategy plays:

Change management

Strategic and operationally the association needs to operate a top-down, organisational wide member-obsessed model.

Experience

The association needs to proactively capture and understand what its membership values most dearly, and act on the findings accordingly. And this exercise must happen again and again for the association to remain relevant.

Technology

To enable this the association needs to adopt a modern digital platform which provides the foundation for all its digital experiences. These experiences need to be simple, consistent and accessible. The best digital experiences drive membership engagement and inform the wider ecosystem, while the worst can drive the most active community apart. Apathy (and legacy siloes) should be no friend of the membership association.

A working digital strategy should involve the analysis of data entered by individuals, such data holds the key to driving customer engagement and appealing to a wider community and range of demographics.

Breaking the 1% rule

A common challenge shared by associations is how to cultivate and grow member engagement; the 1% rule is often cited (or in the case of Wikipedia the 90-9-1 rule) where only this tiny percentage of the whole member base can be considered truly active and engaged.

By taking on and using the best practices from the Age of the Customer, by employing the right technology and by putting the membership at the heart of the movement, the 1% rule can be cracked.

For over twenty years it’s been possible to protect interaction with websites using encryption. The majority services we interact with daily such as online banking, major online retailers and social media giants such as Facebook, Google, Twitter etc use this technology by default. Website developers and infrastructure engineers have long known the value of web site encryption, but the message had not been given significance to the public.

Now Google, and other browser vendors, are taking steps to explicitly inform users sites are not secure. Organisations need to respond to this challenge by ensuring that their websites are appropriately protected.

HTTP

Hypertext Transfer Protocol, the mechanism that is used to send content to and from web sites.

HTTPS

HTTP extended with TLS to encrypt communication between browsers and web sites.

SSL

Secure Sockets Layer, deprecated technology to implement website encryption.

TLS

Transport Layer Security, replacement for SSL. Confusingly, some use SSL to mean both TLS and SSL.

Certificate

During a browser connection to a website it offers a certificate that guarantees the website is authentic. The data associated with a certificate is used as the basis for TLS encryption.

What are encrypted websites?

There are two ways to give access to a website. HTTP – where data is sent unencrypted between the browser and the web site, and HTTPS – where that data is encrypted using TLS.

With unencrypted HTTP sites, anyone can see the interaction “in transit” between the browser and the web server. For example, if you log in to a site anyone on the same network can, in principle, view your password with simple tools. Likewise, an ISP or other entity could intercept and record everything you do.

With encrypted HTTPS, this interception is far costlier and time consuming, the mathematics behind HTTPS ensures that while it is very “cheap” for browsers and web servers to secure the network traffic sent to and from a site, it requires a practically unreasonable investment in time, money, expertise and equipment to break this encryption.

An additional advantage of HTTPS encrypted sites is a guarantee (using a certificate) that you are looking at the real site, and not a copy designed to collect your data, such as passwords for online banking.

Why aren’t all websites encrypted?

Historically there was a non-trivial investment required to enable HTTPS on a site – in terms of cost, expertise and computing power.

Today HTTPS can be obtained at a very low cost (sometimes for free), tools and automation simplify deployment, and as computing power increases, it’s estimated that the overhead of HTTPS accounts for less than 1% of processing power for a typical website.

In short, unless you have overriding reasons to do so, your website traffic should be protected with HTTPS, and insecure HTTP should not be used.

What is Google doing and why?

Google is leading the way on encouraging adoption of HTTPS:Google is leading the way on encouraging adoption of HTTPS:

• In successive releases, they have slowly changed the behaviour of the Chrome browser to display an explicit warning when people browse to a HTTP website.
• Prioritising results for secure sites in search results.

In the October 2017 release of Chrome, non-HTTPS pages where a user can enter data will be very clearly marked as not secure:

Google has stated that in future its plans to show the ‘not secure’ message for all websites that are HTTP and not HTTPS, even if data isn’t being entered:

Websites that use HTTPS will continue to be marked as secure.

Even if a site uses HTTPS it doesn’t mean it is fully secure. Ensuring that your site is HTTPS-only is an essential step in making your site secure, but that’s only part of the security picture. Your application may still have insecure behaviours that can afford leaking of user credentials and data, and other attacks. Reviewing the list at https://www.owasp.org/index.php/Top_10_2013 is a good starting point.

What you need to do?

You need a plan to ensure that HTTPS is the only way to access your site(s). However, before we take the plunge, we must be aware that:

• All non-sensitive pages should be automatically redirected to the HTTPS site. This ensures that results from Search engines (such as Google) and entries in user bookmarks and history continue to work.
• Some level of testing is required, not only to ensure the website works, but to ensure that some sensitive functions such as login pages, can’t be accessed indirectly via HTTP. Note that significant rework of a site for HTTPS is a potential indicator of poor software architecture or quality of implementation.
• You may need to inform your users of the change as they may need to change their bookmarks.
• Certificates associated with HTTPS are designed to expire, typically after a year or two, and if they are not renewed, you will be in the potentially embarrassing situation of a site being marked “not secure” due to the expiry. Therefore, ownership of certificate renewal must be clearly defined.
• Web services and APIs require different considerations, for security reasons we should generally avoid redirection of HTTP to HTTPS for APIs, so the migration requires careful planning and clear communication to API consumers.
• Ensure that other detailed technical concerns are considered, e.g. ensuring that your user session cookies are set to “secure”, the use of HSTS and that the site security configuration follows industry guidelines e.g. https://wiki.mozilla.org/Security/Server_Side_TLS.

Managing the migration on modern Cloud infrastructure

All modern cloud platforms offer tools and services to simplify HTTPS configuration. For example, both Google Cloud and AWS have low, or zero, cost “certificate” services and load-balancing infrastructure that essentially abstracts configuration away from your site.

Managing the migration of legacy websites

In older/more traditional architectures, you may need more careful planning and testing around configuration of applications, web servers and other infrastructure. In principle this is straightforward, but in practice an experienced infrastructure architect may be required to ensure HTTPS is implemented correctly and securely. Tools such as https://letsencrypt.org/ help, but are not a substitute for planning, testing and understanding.

Lessons for leaders

• All new sites must be HTTPS-only
• All existing sites should be reviewed
• Making a site HTTPS-only isn’t a silver bullet for security – your application could still have insecure behaviours
• If a site is migrated we must take care that testing is done, including checking that existing links still work
• Web services/APIs migration requires careful planning and communication
• Modern cloud infrastructure makes migration easier
• Legacy sites require more detailed and skilled work

How Arrk can help

Google is taking steps to notify users when they access insecure HTTP websites using the Chrome browser, we need to respond to this challenge by ensuring that our sites are encrypted using HTTPS.

Arrk has a wide range of skills in bespoke software development, infrastructure and application security, cloud management, testing services, HTTPS migration strategies and low-level HTTPS build and configuration, to offer these related services:

• HTTPS Migration
• Cloud management
• Infrastructure optimisation
• Full-Stack Security Review
• TechmArrk™ Software Architecture Review
• Software Testing
• API Design
• Architecture modernisation