Craig Ruurds, CTIO of South Africa’s leading streaming service delivery company KwikTec, explores innovation processes that ensure secure delivery of IT infrastructure and application solutions
As enterprise demand for product marketing and service delivery digital content continues to rise, IT execs in the media and entertainment sector are also raising the bar to keep up with the changing patterns in content consumption. For CIOs, managing experimental business models and deploying systems that can ensure content can be targeted at different devices while enabling secure and compliant tracking of consumer behaviour is key. This may involve responding to shifts in market trends, security threats and fostering sustainable growth by addressing evolving architecture through automation, transitioning to the cloud, and technical debt reduction.
Craig Ruurds is a senior IT leader with more than 20 years of experience in supporting film, television, and other media companies with IT strategy and integration. His focus is on developing high-performance teams, IT infrastructure, and application solutions that are realistic and cost-effective. Ruurds’ expertise cover areas such as development of enterprise video workflows, DVB and stack architectures, B2B and B2C applications, web applications, client/server systems, and other n-tiered distributed applications on UNIX and mobile.
In this Q&A, Ruurds talks to Heath Muchena about data encryption & cyber security, Cloud and helping businesses maintain technological competence while ensuring that the correct technology solutions are leveraged to provide a competitive edge. Ruurds’ know-how and experience has shaped his leadership approach to business and innovation implementation. In the process, he has developed proficiencies in various technology and business applications including server- and client-side scripting, web content management, modelling tools, version control systems, development tools, image manipulation, production software, operating systems, and programming languages.
How crucial is data in times of global crisis and how can data be harnessed effectively to help organizations formulate and execute responsive data strategies?
The COVID-19 pandemic has certainly drawn attention to the critical nature of data. We saw a significant shift from the importance of data security to data availability. It isn't that security is suddenly not important. The need to protect our data will not change anytime soon. However, with the inherent disruption of a global crisis, companies were suddenly scrambling to access their data efficiently. As we are certainly aware, there is a massive migration to cloud and hybrid cloud solutions. However, many organizations protect their data by limiting access to it from outside the confines of their physical locations. That is certainly one way to restrict access. However, it is a way that can cause serious issues when your entire workforce is suddenly forced to operate remotely. I think this crisis may be an opportunity for a fresh evaluation of how we will handle data during any future global disruptions. Loss of access to data brings operations to a standstill. The question will be, how can we maintain the highest level of security while ensuring data is always available no matter what the crisis.
Is your organization encrypting cloud data? How can companies get the most out of their data?
Yes. We encrypt everything in the cloud and recommend the same to everyone. As a company that helps other people engage technology, it is easy to forget to get the most out of our own. At KwikTec, we use our data to improve marketing, track social media, find new customers, increase customer retention, improve customer service, better manage our procedures, and predict sales trends.
In general, data helps us make better decisions and has the potential to impact even our core processes. I think organizations can get the most out of their data when they are data-driven from the outset. It can be done, but it is a harder transition to move from some other decision-making methodology to one that makes the most of collecting and analyzing data.
However, the more data you have, the more possibilities present themselves and the more likely it can be to become overwhelmed. Companies can hit their own point of decision paralysis when they consider the possibilities of what data can tell them. We just need to remember that we are still human organizations. The core values of the business should always guide the decision-making process with data offering us key insights we might otherwise miss.
How are you approaching cybersecurity at an enterprise level? What do you see as the biggest cyber threat facing organizations in Africa?
We need to be aware of the threats and take basic steps like limiting employee access to data and information to avoid creating unnecessary risks. Preventing access to business computers by unauthorised personnel, backing everything up and doing it regularly and automatically is also important.
Every organization should establish basic security practices that protect sensitive business data. But merely writing it down isn't enough. We need to communicate them to employees, and we need to reinforce them regularly. With the critical nature of data now, there need to be clear rules of behaviour that cover how we protect business and customer information and there need to be clear penalties spelt out and enforced for violating policies.
On a deeper level, we make security an essential part of the development pipeline, so we are thinking about it from the onset of any project. Vulnerabilities can't wait. Teams need to address them as they are detected. We embrace "API-driven security.” By removing the human element, we establish a continuous integration methodology, which provides a consistency of delivery. We insist on a balanced security strategy. We do things once and remove any irregularities in the system or unnecessary outages. This includes surveying the structure dependent on external intelligence. As we continue to gain new knowledge, we take these bits of information and change our strategies accordingly.
What factors do you consider when reviewing requests for system modifications?
This is a critical concern for companies like KwikTec, as we need to balance innovation, flexibility, cost, and plain common sense. Of course, we follow some standard best practices by using a formal, defined approval process. We are always going to look at ROI. Still, we are also going to examine human usability, codebase, underlying systems, network components, complexity, virtualization, mobility, peak usage, communication, monitoring, testing, and of course our team's skill set.
It is essential to always take a thorough critical look at these requests. With systems as complex and interconnected as ours, something that might seem like a huge step forward may end up causing endless problems.
How do you measure and communicate the ROI of IT investments and what metrics do you personally value most with regards to measuring the success of an innovation strategy?
That can be a tricky question. For those of us pushing the boundaries of information technology, ROI metrics get complicated. There are so many variables that can impact the outcome, and we are still discovering many of them as we go. So, first, we have to figure out what financial benefits we have to gain. From there, I will focus on five areas: cost avoidance, cost reductions, capital reduction, capital avoidance, and revenue enhancements, such as up-sells. From there, it is about the standard equation where ROI = (Gains - Cost)/Cost.
Since we work in agile methodologies, we also need to consider factors like project velocity. With agile projects following a different life cycle compared to waterfall, requirements are redefined as the project progresses.
Making things even more complicated is the fact that concrete ROI numbers will reflect only measurable gains. Difficulties come up with a lack of numbers for the non-quantifiables like the soft benefits of better customer support, improved customer satisfaction, enhanced usability, forecasting and analysis, and others. But it is still essential to recognize and evaluate these non-quantifiables, especially when communicating costs to the folks paying the bills.
What's your advice to IT leaders trying to implement advanced technologies in developing and emerging markets particularly in Africa?
In simplest terms, don't stop learning. It is crucial to pay attention to your knowledge and assumptions, especially as you undertake work in an emerging market. It is too easy to believe that development is geographically neutral. After all, technology should, in theory, work the same no matter where it is running. That may be true on a purely technical level, but nothing really works on a strictly technical level. Software and systems need to be developed in the context of where they are being developed, who will be operating them, and who the final consumer will be. So, we need to keep learning about the advances and best practices in our area of technology, in development, and in the culture within which we are working. It doesn't matter what country or continent you are working in, you must make an effort to learn as much as you can about context.
Originally published on CIO Online
Please also check out Tech in Africa: Implementing Advanced Technologies in Emerging Markets
Available on Amazon and Download.