This Week in Enterprise Tech 568
Please be advised this transcript is AI-generated and may not be word for word. Time codes refer to the approximate times in the ad-supported version of the show.
00:00 - Curt Franklin (Host)
This week at Enterprise Tech talks about new attacks, new regulations for AI and how TCO is the real expense for your software. Quiet on the set.
00:22 - Jonathan Bennett (Other)
Podcasts you love.
00:24 - Brian Chee (Host)
From people you trust. This is TWiT.
00:36 - Curt Franklin (Host)
This is TWiET this week in Enterprise Tech, episode 568. Recorded November 3rd 2023. Find the gap before you spend.
00:50 - Lou Maresca (Other)
This episode of this week Enterprise Tech is brought to you by Nareva. It's a first. Nareva's new pro series the HCL 310 for large rooms and the HCL 410 for extra large rooms Gives you uncompromised audio and systems that are incredibly simple to set up, manage and deploy at scale. Learn more at narevacom. Slash, tweet and buy at Wharton. Get the open source password manager that can help you stay safe online. Get started with a free trial of a Teams or Enterprise plan, or get started for free across all devices as an individual user at bitworncom. Slash, tweet and buy Pal Alto Networks. Pal Alto Networks Zero Trust for OT security solution can achieve 351% ROI over five years. To learn more, find the link in the show description or visit palaltonetworkscom.
01:46 - Curt Franklin (Host)
Welcome to Twyette, your weekly dose of all of the news that's important in enterprise technology. I'm your host for this episode, kurt Franklin, and it's great to see you. As you will have noticed, our usual host, luma Reska, is not here. He's off on an important assignment that I'm sure we'll hear about at a later date, but in the meantime, I'm here with my co-host, brian Chi, and we have an important conversation and a great guest. So buckle up, it's going to be a great show. Speaking of great shows, I couldn't do it by myself, brian. What on earth have you been doing the last few days?
02:33 - Brian Chee (Host)
I've been putting in lots and lots and lots of steps and you know, the fall alert on my Apple Watch works really well. I tripped over a garden hose today and it goes. Do I need to call for help? No, no, siri, that's all right. Fine, but anyway, just like Curtis, we've been both working very, very hard on the Orlando Maker Faire and I've been putting in some really really long hours and I'm really sleep deprived.
03:03 - Curt Franklin (Host)
You know I wish I could say that I have no idea what you're talking about, but Brian and I have been running past one another out at the fairgrounds getting ready for Maker Faire Orlando. It is really exciting to see all of the cool things going on. It's amazing to see all of the creative makers setting up their displays and it's utterly exhausting getting things set up for all this to take place so well, actually kind of enjoying having a chance to sit down in one place and talk tech for the next hour. Well, to start that conversation of tech, it's time for the blips. In our first piece of news today, octa customer support breach. It exposed data on 134 of their customers. So here's a story from dark reading that wraps up a bunch of dangerous trends and activities in one neat, malicious little package.
Identity management company Octa has confirmed that threat actors were able to breach its customer support system and steal files related to 134 of its customers. Out of those, octa says that the cyber attackers went on to target five specific customers with the stolen data. Those five include, beyond trust, one password and cloudflip. According to Octa's Chief Security Officer, david Bradbury, the stolen customer support files were HR files containing session tokens. Now here's where we should stop to review the large strokes of what went on. An identity management company trusted by thousands of other companies was targeted when it was breached. The criminals then went after other targets that had trusted connections to thousands of other companies. It's the entire third party risk issue wrapped up in a snug little malicious blanket.
And to extend the series of lessons a little further, an investigation into the hack revealed that an Octa employees credentials were compromised on a personal device was the likely source of the initial breach. Now Octa has responded to the attack. All affected session tokens embedded in the compromised HR files have been revoked. Octa has also taken the step of blocking any future Google Chrome sign-ins on Octa managed laptops using a personal Google account, and the company added a feature tying Octa admin tokens to network location data. This detailed explanation from Octa of both the breach and their response comes after a series of brutal cybersecurity incidents that have plagued the company. The foremost and most visible of these lately was the MGM resorts breach, which came about through you guessed it Octa. Most recently, octa's employee data was compromised through wait for it a third party healthcare vendor. What's the lesson here? No matter how much you trust them. Don't let your third party partners, vendors or suppliers get past your event perimeter without the same sort of scrutiny You'd give any organization asking to trip lightly through the fields of your data.
06:44 - Brian Chee (Host)
A big thank you to the folks at Light Reading for this particular article. Now, this is going to be one of those double-edged sword stories. A lot of people are going to love it because it's going to give them a great excuse to do a forklift upgrade. But some people are going to say but we already did the upgrade. Well, the Biden request is for $6 billion and is for the Affordable Connectivity Program and it's going to go through 2024, and $3.1 billion for removing of insecure equipment and software from communications networks. It'll head to Congress next.
The Biden administration on this last Wednesday submitted a formal request to Congress for nearly $56 billion in supplemental funding for domestic priorities, including $6 billion for the Affordable Connectivity Program and $3.1 billion for the FCC's quote Rip and Replace Program. The funding request follows last week's letter from the Office of Management and Budget, omb, requesting $105 billion in emergency supplemental funding for fiscal year 2024 for quote key national security priorities. That letter signaled the administration's intent to request additional funding for the ACP in coming days. Now, keep in mind this is not something that's going to affect you if you're a private company. It is only for federal agencies.
Now, what a lot of this is going to be, then it's not really being said too loudly is for the agencies that are running equipment that have been shown to be less than secure. So you know from the Biden administration hit list, you know ZTE, huawei and so forth. If you were cutting corners and tried to put in some of those brands, the administration wants you off them as soon as possible. So this is, in many ways, a shot across the ball for Chinese manufacturers, and so if you're a private company, you ought to be interesting and, especially considering what I used to do for a living, this is going to be a very large upgrade, and for those of you that don't care, there's going to be a lot of used equipment coming onto the market.
09:16 - Curt Franklin (Host)
Well, according to another article from my good friends and former colleagues over at Dark Reading, kaspersky researchers have discovered that attackers are distributing spyware that doesn't have private data from what's app users on Android devices. Now the hackers are a little lazy and a lot smart, because they're doing it with the same sort of application mods earlier used to grab data from telegram users on the same devices. Now, this isn't a simple little operation. In a bulletin posted on November 2nd, kaspersky counted 340,000 attempts at distributing the spyware via the what's app modification. Now, this is a very targeted attack. While the attack reached users worldwide, 46% of the victims were in Azerbaijan. Other countries with a large percentage of victims included Yemen, saudi Arabia, egypt and Turkey, which have the common feature of having a lot of citizens who speak Arabic.
Now, the attacks have features in common with other devastating campaigns what's app modifications. Legitimate third party applications designed to give the messaging app enhanced capabilities have become a haven for malware. Now this is the same story that we see over and over. Given a relatively secure platform, it's the channels for modification that end up providing the most opportunities for malicious activity. You can think of your favorite web hosting and design application, for an example. The lesson if you can get by without a particular plugin or add on, you really should try to keep your app as stock as possible. More often than not, the additional functionality isn't worth the danger of those bright, shiny new features.
11:22 - Brian Chee (Host)
So this does come from. Oh geez, I don't even see which which company this was anymore. This is decryptco article and AI and ICE US immigration scan social media before approving visas. I'm going to rant just a little bit here. So the article goes on to say artificial intelligence, ai, is seeping into every sector, and that now includes border control. The US immigration and customs enforcement, ice, ice agency is leveraging an AI powered tool giant oak search technology, gost to scan social media posts for content deemed derogatory to the US. The revelation, first reported by 404 media, has ignited concerns about privacy and the ethical implications of such surveillance.
Read the article. It's worth doing Now. I strongly suggest you actually read the article. But I want to share a message that I've been giving to my students for the last decade Shut the heck up on social media. I can no longer count how many young professionals have been denied security clearances, bonding and even jobs because they keep treating social media like a sounding board with no ramifications. The advice I keep giving is that you must be willing to shout your message at the top of your voice at the busiest street corner in the biggest city, if what you want to say can't be said there. Shut the heck up.
13:05 - Curt Franklin (Host)
Sound advice, as always, and a great end to a bunch of well good stories about bad news. We've got more great news coming up, but before we get there, it's time to hear a little bit about a sponsor of this week in enterprise tech, and for that we go to a land far, far away another time entirely to our fearless leader, lou Morreska.
13:36 - Lou Maresca (Other)
Well, thank you guys. I'll get you back to your enterprise in IT News in just a moment, but before we do, we do have to thank a really great sponsor of this week in enterprise tech, and that's Nareva. Nareva meaning room audio technology has a history of wowing IT pros. Duquesne University has a hundred Nareva devices installed and one of their senior technologists recently said I can't say enough about how impressed I am. Audio has been my life's work for 30 years and I'm amazed at what Nareva Mike and Speaker Bar will do.
Nareva has made another leap forward with their introduction of their pro series, featuring the HDL 310 for large rooms and the HDL 410 for extra large rooms. For the first time, you can get pro audio performance and plug and play simplicity in the same system. Before, the Nareva Pro series, multi-component Pro AV systems were the only way to get pro audio performance in large and extra large rooms. Nareva continues to amaze IT pros with the Pro series. Their online demo highlights the Nareva audio expert being clearly heard from under a table or behind a pillar or any other obstruction. It's pickup performance that many conventional systems can't match. Let's talk about coverage. The HDL 410 covers rooms up to 35 feet by 55 feet with just two mics and speaker bars. Imagine equipping an extra large meeting room or even a lecture hall with just two discrete wall-mounted devices. You can even use them in individually in a divisible room. The HDL 410 also features a unified coverage map which processes mic pickup from the two devices simultaneously, creating one giant single mic array. The HDL 310 covers spaces up to 30 feet by 30 feet with just one mic and speaker bar.
Nareva is all about simplicity. That's right. The HDL 310 takes about 30 minutes to install and the 410 takes about 60 minutes. With continuous audio calibration, nareva audio automatically and continuously adapts to the changes in the room's acoustic profile. And with Nareva console, their cloud-based device management platform, it takes the pain out of tasks like firmware updates, checking device status, changing settings and much more. Bottom line, with the Pro Series, Nareva makes it simple to quickly and cost-effectively equip more of your spaces for remote collaboration. Learn more at narevacom. Slash twitch that's N-U-R-E-V-A dot com. Slash T-W-I-T. And we thank Nareva for their support of this weekend Enterprise Tech. Now back to you guys.
16:13 - Curt Franklin (Host)
Lou. We appreciate it. We'll hear more from Lou later on, but before we do, we've got to talk about some technology that we've talked about before here on this weekend Enterprise Tech and you can guarantee we're going to talk about it again, but today we're actually talking about what could be some good news, and it's such a rarity to have really good news to talk about in one of our bits of news that we're inviting our guest to join us. Chris Hurd, who you'll hear much more from about later, will be joining us to talk about this one, because Genrity of AI has finally gotten the attention of enough people in government that they're starting to do things about it.
In the United States, president Biden is signing a wide-ranging, comprehensive executive order that will govern federal agencies use of artificial intelligence. Now, this is a draft copy that went to 111 pages and, looking at this, there are a whole bunch of things that are covered, including things like what is required of companies when they test AI and what they must do with the results of that. It covers issues like privacy and security and safety for AI, and this focuses on a lot of the risks that people see as possible or, in some cases, even inherent in the technology. Among other things, this executive order, which directly has an impact on federal agencies, says that they are responsible for making sure that their use of artificial intelligence doesn't lead to discrimination. This is an issue that, in many cases, we have seen problems with, so I want to start with my co-host, brian. Brian, this is just an executive order. Does that mean that it is nothing but window dressing, or is this something that could be the beginning of a real set of impacts on how we use and think about artificial intelligence?
19:15 - Brian Chee (Host)
Executive orders don't have the same overall impact, but that's not to say that they don't have an impact. During the Clinton administration, I served with the federal government, and executive orders were something we had to take very, very seriously. To put my attitude about this into the right context, especially for our friends in the chat room, my bottom line is someone just doesn't want Skynet to happen. I have to say that because you've got to be thinking that, but a lot of the things that people are, shall we say, upset about with AI is how it's trained. Is someone going to do something that is going to use a large language model training procedure that could possibly slant it in a direction that could be detrimental to the American public?
Now, I do stress this is for federal agencies and federal contractors only, and obviously it won't have much effect directly upon people outside America. What I will say, though, is our guest today, chris Herd, has an opinion from outside America. We want to try and bring in non-American opinions as much as possible, because we've had this American-centric attitude, especially in our industry. That's just not the way of the world anymore. So I'm going to toss this at Chris, and then we can sweep up what's going on.
But, AI has some really interesting ramifications. So what are you seeing from your side of the pond?
21:24 - Chris Heard (Host)
So I am firmly on your side of the pond these days when I'm in Canada. So I'm on the side of the pond but the other side of the wall. I guess One thing I think really positive about this is that the general public, I think, are more concerned about this than they have been with most technology innovation in the past, or at least in my lifetime. There is a lot of fear as to what AI could do for the public and I think even at the very least what this does I think can at least allay some fear for the general public to understand that it's being taken seriously and that this isn't just the governments aren't just going to let AI go run rampant and do whatever. So I think, on a very basic level, even just having an executive order from America is globally pretty. It is a good thing for the public to hear across both sides of the pond and north and south of the borders.
That being said, I think if we actually dive into what can actually be done here, I have less confidence in regulations' ability to slow down this kind of innovation. I think innovation always will outpace regulation and when we look at AI, the computing power I think has doubled every six months for the last 10 years. That's just not slowing down. It may be we may be at a point here where, if we don't put our arms around it and really get in this very, very quickly, ai does have an opportunity to kind of get out of the bag pretty quickly. So while I think this is a great first step, I may have a little skepticism as to how much government regulation can do to truly control AI's impact.
23:24 - Curt Franklin (Host)
Chris, I wanted to ask because you, based solely on your accent, have a rather more international outlook than many of us here in the States do. Around the same time that the Biden administration was putting out this executive order, we had a large group meeting in England and the signing of the Bletchley Declaration which, if I read it closely, says essentially AI is really important and someone ought to do something about it. My question is you know, as the CEO of a company, when you see all of these governments and in the case of the Bletchley Declaration it was literally countries from around the world, including China, signing this do you start to get the sense that there might be regulation that companies will have to deal with in the future? Do you retain high confidence that it's going to be more press releases and less substantive action ahead?
24:49 - Chris Heard (Host)
I think that's a great question. I think companies are interesting too, because some companies deal with company data and some companies deal with private, personal data, and I think there really should be more of a distinction between those two, because it's obviously you know, there's a certain element of risk with personal, private information and company information. But yeah, I think that we've seen this before and Europe you know as much as a lot of North American companies struggle with GDPR, for example. I think the GDPR has been relative success in Europe. I mean, there's been incredible fines I forget what matters was, but it was over a billion, I think and so there will be regulation. There will be 100%. I think I can say with confidence that companies will not be able to develop AI in the sort of unrestricted way that they have to date.
That being said, this has happened before and we see this kind of adoption curve in technology regularly, the most recent one being cloud right. If we looked at cloud adoption, that everybody went let's take everything into the cloud, and then there was a big security concern and there was a big pullback in adoption that took a few years to come back and then it exploded again. I would fully expect that AI is going to go on a very similar trajectory, but maybe faster. I think the risks are higher. I think that the pace of innovation is faster. So, where cloud maybe took a year or two, everyone was excited about it, then it disappeared and it took a good seven, eight years before people were comfortable.
I think we'll see a much more condensed rather than maybe 10, 11 years, maybe a five year timeline, but there'll definitely be a pullback. What that pullback will be, and whether that will be split up between B2C companies and B2B companies, split up by different countries, I think that can also be challenging when we look at okay, is this going to be across the board, globally? How do you enforce that? Are some countries going to get a leg up because they don't have the regulation? There's a lot to figure out. But, to answer your question, I think yeah, there's definitely going to be some restrictions put in place.
27:04 - Curt Franklin (Host)
Well, Brian, I know you know we've just heard a lot of if this happens, this is possible. The other thing, and that's entirely reasonable given the state of where we are right now, that's, I think, all anyone could say with any confidence. But, given all of that uncertainty, do you see that very uncertainty having an impact on the way companies will develop around AI and the way it will be used?
27:39 - Brian Chee (Host)
I think I'm going to answer that just by saying I think this is a fud speed bump. It's a warm and fuzzy. From what I've been able to read of it in the press, press release and so forth, there's not a lot of do this or do that. It's not written like a law. It's kind of more along the lines of let's slow down and look at things and look at the ramifications before you blindly implement. So in this case I think it's more of a strong wish from the Biden administration for federal agencies and federal contractors to slow down and look at the ramifications. So we shall see. This is right now. My opinion is a warm and fuzzy and we'll see whether or not the warm and fuzzy actually has an impact.
28:35 - Curt Franklin (Host)
Well, it's just about to get time to get on with the rest of the show, but before we do, I've got a very simple question I want to ask each of my partners on this question, and the question is this all of this assumes that AI is somehow dramatically different than any of the other technologies we've seen introduced in the past 30 years. You know, all of a sudden, this is one governments feel they need to sort of get in front of. My question, you is, this is generative AI, and let's admit that generative AI is what's got everyone's boot. Is it truly that different, or is it just another technology that will be ultimately used just like all the other technologies? Brian, how about you first?
29:31 - Brian Chee (Host)
I think it's people feeling like they got burned. I think the web is the closest similar technology that I can draw upon and people. I think a lot of people are afraid of the generative AI to start spewing out answers to questions, maybe questions that we haven't even really asked yet. But, depending on the training, models might start being believed even though they might be wrong. We covered the story about how some lawyers use generative AI and it actually started making up precedents that didn't exist. Those are the kinds of things that I'm reasonably sure the Biden administration is deathly afraid of, and a lot of people are thinking generative AI has the potential of having a similar impact to when the web first started appearing and having been burned once. I think people are saying let's get ahead of this so that we have a better chance of not making the same mistakes we did with the web.
30:52 - Curt Franklin (Host)
Chris, what about you? Yeah?
30:55 - Chris Heard (Host)
I tend to agree with Brian. I think maybe this is a case where governments were caught a bit off guard with the web and social media in particular. You know, social media came out with the intent of connecting the world and I think we've seen it do some positive and some pretty negative things, and if we ever watched the Zuckerberg trials, the Zuckerberg interviews, you could see that the government was behind on the technology right. It was clear, and so I think they don't want to be there with AI. So, while, yeah, I think it's similar to the web, social media, the scary takes jobs.
Changes the world can have negative impacts. It's the same in many ways. I think maybe one major difference with AI is the type of job that AI will be potentially replacing. In certain places, Historically, automation and technology has replaced relatively low paid, lower skilled jobs, whereas generative AI has the potential to replace very high paid, much more brain work, and so I think that maybe is slightly different where. That is something that maybe is raising a few more alarm bells than some of the previous ones.
32:10 - Curt Franklin (Host)
Very good. Well, as I said, I think we can pretty much guarantee that we're going to keep talking about AI in all of its various forms for a long time to come, but really appreciate the opportunity to have this conversation. It's going to be interesting, as both my partners have said, to see what governments actually do around formulating regulations and laws about a technology that isn't fully baked yet. Stay tuned. Well, that's going to do it for the news sections of this week in enterprise tech, which means that it's time for more time with our guest, chris heard, but before we get there, it's time to hear from Lumoresca to tell us about another sponsor this week in enterprise tech.
33:09 - Lou Maresca (Other)
Well, thank you guys. I'll get you back to your enterprise in IT News in just a moment, but before we do, we do have to thank another great sponsor of this week in enterprise tech, and that's Bitwarden, the only open source cross-platform password manager that you can trust. Security now, steve Gibson has even switched over. Now, with Bitwarden, all of the data in your vault is end-to-end encrypted, not just your passwords. Bitwarden protects you by creating unique usernames and adding strong, randomly generated passwords for your account and each account, plus use any of their six integrated alias services. You can log into Bitwarden and decrypt your vault after using SSO on a registered, trusted device. No master password is needed. This new solution makes it even easier for enterprise users to stay safe and secure. With Bitwarden, you can even transparently view all of your Bitwarden's code. It's all available on GitHub and, on top of being public to the world, bitwarden also has professional third-party audits performed yearly, and the results actually get published on their website. Share private data securely with coworkers across departments or the entire company with fully customizable and adaptive plans. Bitwarden's team's organization option is $3 per month per user, while their enterprise organization plan is just $5 per month per user. Individuals get Bitwarden's basic free account with unlimited passwords, now including hardware security keys or pass keys as a form of two-factor authentication Fantastic. Get a premium account for less than a dollar a month, or bring the entire family with their family organization option to give up to six users premium features for only $3.33 a month.
Bitwarden's 2024 developer survey pulled more than 600 developers to understand how they perceive and implement security best practices. This poll actually revealed a ton of stuff. In fact, 60% of developers manage 100 plus secrets, 65% practice hard coding secrets and source code, and 55% keeps secrets in clear text. Prevail 30% of sensitive data in a generative AI platform potentially risks involving developer secrets, 24% risk-privileged credentials and 28% actually risk customer information. And more 91% of developers undergo security training annually. Yet over a fifth engage in risky behavior such as using public computers to access work data and networks. At Twitter, we're fans of password managers. Get started with Bitwarden's free trial of a Teams or Enterprise plan, or get started for free across all devices as an individual user at bitwardencom slash Twitter. That's bitwardencom slash Twitter, and we thank Bitwarden for their support of this week in Enterprise Tech. Back to you guys.
36:04 - Curt Franklin (Host)
Thanks, Lou, and now it's time for what is consistently the best part of Twiot, and that is our guest. Well, you've already gotten a sneak peek at our guest. Chris Hurd is CEO of Olive Technologies and he is currently basking in the warmth that is Canada, but we're glad to have him on because we're going to be talking about something that is mentioned a great deal during sales cycles but tends to get skipped over by a lot of people, and that is the total cost of ownership. Now, don't go rolling your eyes. This isn't one of those boring, drab kind of accounting topics. This is something that's critical because, as anyone who buys technology will tell you, the purchase price only gets you in the game, and that's where your real expenditures start. Add up all of those expenditures and you get to the total cost of ownership. It's going to be a good discussion, Chris. Welcome back to Twiot. This isn't your first time with us.
37:18 - Chris Heard (Host)
It's actually my first time being on listener, but my first time being on a show I mean, I was speaking earlier about AI, if that counts but first time being fully on interview by you guys. So we're really excited to be on with you.
37:32 - Curt Franklin (Host)
Well, we are very excited to have you and, as with all of our guests, one of the things that we want to know is what your path has been in the industry. I mean, you're currently sitting in that mythical corner office. Was that your first job out of university? What did you do to arrive as CEO?
38:04 - Chris Heard (Host)
Oh, wow, that's a lot. And also I'm not sure I can carry on the trend of best section. I'll try my best, but this may be your first one to break it, but we'll try. Okay, so I won't go all the way back, but I've done a lot of things. I've been a professional poker player. I was a stand-up comedian. I studied marine biology at school. That was always my dream. And then one of my mates said oh, you'll make a bunch of money selling stuff. So I was like I'll try that out. And then started selling technology and she went and first moved over here.
I was in Vancouver, canada, and started selling mobile web software and started as a BDR cold calling. I had experienced cold calling for life insurance, so that seemed to work and sort of worked my way up the pole to a director of sales level. One of the things that I noticed as I started to sell bigger ticket items to companies there was a lot of bias. My job was essentially to bias people into buying whatever I had, because I only had one thing to solve. There's a load of solutions for any given business challenge, but as a salesperson you only have one. So you're really trained in how to convince people that your solution is the best. It didn't feel great. It wasn't ideal. There were some relationships that went really well, some that didn't go so well.
When you incorporate third parties in there as well, there's a lot of third parties that will help CIOs make decisions, and sometimes those third parties have other interests which can also help sway things. And really what I noticed was that the sales side of the house is equipped with millions of dollars of training in how to sell huge sales teams Super Bowl tickets, you name it. But then also, from a software perspective, sales automation I mean the sales enablement market is a huge market on the buy side of the house. Outside of procurement, buying really isn't many people's job. It's something that they do as a side gig within the company. There's very little training to IT teams, technical business leaders in how to evaluate and select technology, and also there's a dearth of software. Like we people are on spreadsheets today, even if you hire the big four to manage some sort of technology evaluation or decision, you're going to end up with a big spreadsheet and a big PowerPoint, and so just that complete imbalance to me stood out as a problem we can solve here.
Let's jump in and jump into it. The first thing we looked at was sourcing, where RFPs and sourcing seem to be the biggest pain. So that's where we kicked off building a platform that can help companies manage RFPs and sourcing. We've moved on an expanded past there, but that's all the core of the business. And, of course, we've got AI. So I'm panicking about all this legislation. We have AI that helps out now. I think that's pretty standard, but yeah, that's it. I mean from a business standpoint. I tell you talked your hours about the personal reasons why I'm in Vancouver, canada, but that's a story for another day, maybe.
41:09 - Curt Franklin (Host)
Well, you know, it's interesting that you talked about being in sales so often, because that really does begin to get into the TCO question. Because in sales, on the one hand, you're driving to get people to write you a check. You know, these days what you really want is a subscription, but it's essentially a point solution and some people will talk about all of the training, all of the deployment costs, all of the configuration costs, all of the cost of not having other solutions in place and others won't. So when you were talking to people, when you're talking to people now, do you find that during the sale cycle, are most buyers looking at the transaction cost or the total cost of ownership when they're trying to make a decision on this vast spreadsheet they will have put together?
42:25 - Chris Heard (Host)
You know, I think it's really, it's difficult and there's a mixed bag, depending on the people. Some people will overthink it right. Some people will overthink it and they'll do, you know, analysis, paralysis and never end up making decisions. Some people will say what's top right of the quadrant or who does my mate think is great. So you know there's a mixed bag in terms of how much of the TCO is being considered in these decisions.
What I think is really interesting about total cost of ownership and us having to do it is if you think about hiring somebody when you have a business problem, you can solve them by hiring people, by adding software. There's multiple ways to solve problems, but when you're hiring somebody, you set the rules right. You know what you're getting in terms of cost. You say I'm going to pay this much, maybe I've got some you know plus benefits and maybe some bonuses, etc. But you can package that and you're in control of that. It's the other way around when you're looking at software. It's still something that's providing a service for you, it's going to help move your business forward, but the thing that you're hiring is controlling that price and can obfuscate as much as they want to. I think it becomes really really difficult for decision makers and businesses to understand the TCO, because if you're buying certain software, it's going to be significantly different. If you're buying an ERP, for example, it's going to be a very different calculation to if you're even buying an HCM system, which is also large, but the management and implementation costs are not quite as big. And so are people doing it Well.
I think it's a mixed bag.
One thing I can say that gives me confidence in people spending more time on this we actually have a TCO module within the application, which is actually one of our highest used portions of our application since we launched it, which is really interesting.
But also what we've seen over the last 18 months is that not only are sales cycles getting longer in actual fact, the negotiation phase of an enterprise deal is now almost twice as long as the legal review, from the data that we've worked with. So seeing that is one area you can see People are really really negotiating a lot longer than they were previously but also in the last 18 months, we've seen a vast increase in the number of requirements in any decision and also the number of vendors available that has evaluated in any given decision. So what that says to me is that while, yes, it's a mixed bag of whether people are evaluating TCO, I think people are getting more wise to it and, at the very least, they are slowing down and not jumping to buy something based on just, oh, that's how much cost, let's go for it. It seems like there is a bit more scrutiny happening today than there was 12, 18 months ago.
45:15 - Curt Franklin (Host)
When you're looking at that scrutiny, when you're talking to companies about that. You've been doing this for a couple of years, and so has the move to the cloud and to software as a service, all of these things where your company doesn't own the hardware platform and, frankly, may not own the maintenance of the software. Is that complicating these TCO um calculations or does it, as many people hope, remove them. You know my I don't have anything beyond the cost of the software or service itself. It's, it's absolutely free. Past that, um what, what are you seeing in terms of of these different models of sourcing the functions of software?
46:29 - Chris Heard (Host)
Yeah, it's a. I mean, comparing on-prem to cloud is is actually a really interesting one because it does take away certain elements that you have to evaluate. Right, how much is my team going to have to spend managing this and maintaining this, updates, et cetera, et cetera? Some of that is now shifted over to a price increase. I'm sure a lot of people on that are listening in here have experienced an annual price increase from almost every vendor Um, actually this year, I'm sure, a lot more um than historically. So these, these things didn't happen before. Right, you may have updates that you could incorporate, your team would manage it, but the the price increase would be would be less dramatic. So I think that's one thing that's changed with um with the advent of cloud. But there's a lot more intangibles now.
So we talked earlier about data and risk and um, the, the octa breach, for example. There's a lot of cost associated to those kinds of events to a company that you were able to control that security a lot more previously. Right, you were able to control your data a lot more Um, and so that's a kind of intangible piece that you have to incorporate when you're ever looking at TCO is not just okay, what's the actual money I'm going to spend here. But then you also have to incorporate what is the risk, right. So it's, we're talking about security risk. Okay, if it's a data breach, I need to now include that as a potential, the likelihood of that happening, how much that would impact. And now, okay, that's needs to really go in there as a as a hedge. Okay, this may cost me something.
Um, in the future there's there's risk of of low adoption, right, that people don't really think about, where a lot of the times you it may not deliver the value that you initially wanted it to. That might not be because you chose the wrong software. That might be because you did not train your team well enough on any given application. Then we've got to consider external extra training costs. So I think the the there's definitely been a shift in the total cost of ownership discussion, but it hasn't necessarily it's not taken things off the table. It's taken one away and added more to it. Very good.
48:35 - Curt Franklin (Host)
Well, we've got a lot more to discuss on this. Looking forward to it, looking forward to having Brian part of the conversation. But before we do that, we have one more ad, one more conversation about a great sponsor for this week in enterprise tech, and for that we go back to Mr Lou Morresco.
48:55 - Lou Maresca (Other)
Well, thank you guys, we'll get you back to your enterprise and IT news and just just to moment. But before we do, we do have to thank another great sponsor of this week in enterprise tech. That's pal alto networks. How to networks offer ZT for OT without the trauma?
Keeping operational technology secure and running smoothly is a tall order. It's enough to make even the coolest operations director wake up with night sweats. How you can have peace of mind with zero trust OT security. Zero trust OT security delivers comprehensive visibility and security For all of OT assets, networks and remote operations. The pal alto network solution provides exceptional OT protection with more than 1100 app IDs for OT protocols, 500 plus profiles for critical OT assets and more than 650 OT specific threat signatures supported. It provides best in class security while simplifying OT security management. It sees and protects everything in the network and it automates threat detection While implementing zero trust across all operations. Sleep better with the most comprehensive platform to detect, manage and secure OT assets. Learn how the pal alto network zero trust for OT security solution can achieve 351% ROI over five years. To learn more, find the link in the show description or visit pal alto networkscom. That's pal alto networkscom, and we thank pal alto networks for their support of this week and enterprise tech Back to you guys.
50:32 - Curt Franklin (Host)
Thanks, lou, it's time to continue our conversation and, brian, I know you've got some questions you've been dying to ask.
50:44 - Brian Chee (Host)
I'm asking Chris to go and take a little bit of a historical view. Just about everyone we've ever had on the show has all said the pandemic made a monstrous change in their industry. And then AI is doing big, big changes of its own. But we're we're seeing all these different C changes, but are we forgetting things? You know what are the things that people most forget when calculating TCO and what are the things that people most forget when calculating TCO, and what kinds of things can we do about making sure that doesn't get missed?
51:27 - Chris Heard (Host)
That's a great question and it's interesting we're talking about AI again. I think that's one of the worst culprits for this, which is ROI. It's not just when you're looking at TCO now, you're looking at it from a purely financial perspective, which is how much is this thing going to cost me? Really, tco has to. It doesn't exist without ROI. You wouldn't buy something without any value, and I think, as much as you can dive into the different elements of the, the ownership costs, the value that is going to drive is much less quantifiable, or at least people quantify it a lot less, and so a lot of decisions can be made on. I feel like this should have this impact and that's where the salesperson comes in right.
Salespeople are trained to paint these beautiful pictures of what the ROI potentially could do, but very few people really analyze it, and I think maybe that's a mentality issue where a lot of people who are evaluating total cost of ownership come from a finance background or maybe an IT background, but mostly a finance background. So they're very analytical and they want to see every, every number. A lot of people who are looking at the ROI and trying to position what can this do for the business are looking at it from a business perspective and it's all about let's go fast, let's go fast, let's go fast. I personally feel that I think during COVID, certain industries like restaurants, for example, actually reacted in a very smart way and there was a lot of really easily accessible ROI from your delivery, even QR menus, et cetera. It was really easy to see.
Ai is the opposite, I think. Ai it's almost impossible to understand what the true value of this is going to be to your company until we've figured it out. It seems cool, chatgpt seems to help a lot, but I think it's way too early to understand the true ROI of that. So I think people that are we all should be taking AI and trying to figure out what it can do for our business, but jumping in and making major, large investments today before we can actually truly analyze the ROI of it, I think it could be a little bit risky. Well, depending on who you talk to.
53:34 - Brian Chee (Host)
I've asked TCO questions ever since my career at the federal government and, no matter what, everybody gave me a different answer. Well, my question here is we have become obsessed with TCO the entire world, but are we forgetting the human factor? Do you dive into that question a little bit more for me, Brian?
54:05 - Chris Heard (Host)
What specifically you're referring to?
54:09 - Brian Chee (Host)
Well, let's use the restaurant industry as an example. If you ask the servers that got laid off and the printers that lost the business to the QR code, it makes good sense. But are we forgetting that when you, those printers have payrolls and those servers have kids that they need to send to school? So I guess it's when we start talking TCO. Is the industry also looking at the human factors behind those decisions?
54:54 - Chris Heard (Host)
Sadly, I think the answer is no, but I think also, in a weird way, they are really listening to people For the restaurant industry to stick with the same thing. It wasn't McDonald's or Wendy's that decided that they should have food delivered to people's apartment buildings. People wanted it. That's what the customer asked for. People decided that they wanted to spend less time communicating. As soon as they put up something where people can order without talking to a human. They did, and I think that people it's important that businesses consider the human element, but they really have to listen to their customers and that you know a lot of the automation that's been driven in most industries the removal of just general social interaction to being everything digital. There is definitely there's a responsibility on businesses to make sure they are considering how that impacts society, but there's also an impact on there's a responsibility, I feel, on the public as well to push these businesses into building the world that they want. And if the world they want is automatic robot coffee shops, people are going to build automatic robot coffee shops, thanks.
56:13 - Brian Chee (Host)
You know I will be one of the first to admit that was kind of a touchy question for a lot of industries, but it is a question that a lot of people have been asking. Now why don't we go in and say, if I'm a CTO, cio, doesn't matter, I'm a decision maker. And I've watched this episode and it looks kind of interesting. What kinds of things should I sweep up? What kinds of things should I do my homework on before they ring you up?
56:53 - Chris Heard (Host)
So for as in looking at your technology stack and figuring out okay, where am I, what should I clean up first?
57:00 - Brian Chee (Host)
Am I? I'm getting ready to go and call you folks up and say hey, you got some interesting stuff, tell me more about it. It doesn't do anyone any good if they haven't at least done some introspection first. What kinds of introspection should they be doing before they give you a ring?
57:21 - Chris Heard (Host)
Before they give Oliver ring. Yeah, yeah, I think the most important thing that companies don't do very well they need to do well is combining and aligning IT and business. It's been such a challenge. There's been a rise in the CTO and the CIO as a business leader and they definitely got a seat at the table, which I think is fantastic. That being said, from my experience, it is still seen as order takers from business in many cases.
When we look down to sort of the IT PMO level and you have the BAs who are there to translate those business needs, I think the number one thing that any company can do before they reach out to Olive or before they embark on any major digital transformation initiative is truly understands all of the current business challenges that the company is facing. Rank them, prioritize them. Understand those. Use IT to help identify if you already have a solution for those things. That's the number one, because so many companies will go out and buy a new XYZ tool to solve a problem that one of their existing vendors already does. So, number one figure that out. Do we have something that can solve it? And if you don't, then put that as a gap. Okay, now we need to solve that technology gap, rank those gaps and then go out and look for new solutions.
What happens too often is people go to conferences. They get excited, they're like, oh, I've got to get this new thing. And then they end up doing a big evaluation. It either goes nowhere and they waste months or years evaluating something or, even worse, they end up buying something that fails and every year this stat comes out 70% of IT implementation fail. It's like PCG does it, deloitte does it, gartner says it. It happens across the board. They fail for multiple reasons. One of the biggest reasons they fail is because you never needed that thing in the first place.
59:17 - Brian Chee (Host)
I just make a comment. I like that answer. Having been a so-called trusted consultant within the federal government, that's actually one of the first questions I asked what are you going to use it for? Do you really need this? And when you're saying that to a two or three star admiral, you get some really dirty looks.
59:41 - Chris Heard (Host)
Luckily I'm about to say it to an admiral Thanks buddy.
59:45 - Brian Chee (Host)
Anyway, hey, it's been a great conversation and I think our viewers ought to go and check out your offerings at oliveapp. I think that's the one I was given, and it was great having you on the show.
01:00:03 - Chris Heard (Host)
Thanks, Jen. It was really good to be here. Oliveapp APP. We actually have a blog on TCO for Enterprise Software. That was out pretty recent, so you can read through that. It's on oliveappforwardsblog. It's been great. I really enjoyed it. Jen, Thanks for being on.
01:00:21 - Curt Franklin (Host)
Well, thanks to Chris for being our guest and thanks to all of you for being our listeners. As we say so often, we could not and would not do this without you, our listeners. Of course, there are some other people we could not do this without. One of them is my co-host, Mr Brian Chee Brian. So what are you going to be doing for the next few days?
01:00:44 - Brian Chee (Host)
Obviously I'm going to be playing at Maker Faire and getting digital signage ready and troubleshooting the network We've got. It's interesting. You know we've got Knights of Old doing battle on the field but yet they want to live stream the event. So old technology with new technology going to be fun and I'm really looking forward to the penny stretcher that's will imprint Maki on a penny. Ought to be the last.
01:01:20 - Curt Franklin (Host)
Well, I think it's great that they are live streaming the joust, just like they did in Camelot, so that that'll be a great thing. Lots of good stuff going on. Before we go, though, we also have to thank Mr Ant Pruitt, who's been our technical director today, keeping us on track and online. And what's going on with you these days?
01:01:43 - Ant Pruitt (Host)
Well, mr Kurt, thank you for hosting this week and keeping the boat afloat, as you always do, as well as you, mr Chee, this week I had I've been out of the studio for a little bit, and so I'm trying to catch up on production stuff this week and Google coming up next week and some club twit stuff coming up soon too the it's our book club, so if you're not a club twit member, you might want to sign up and join our book club. It's pretty good stuff. Twit TV slash club twit.
01:02:16 - Curt Franklin (Host)
Very good and thanks as always. And again a quick thanks to our producer, who, coincidentally, is Mr Brian Chee Brian. Anything that we should know about coming up on twit.
01:02:31 - Brian Chee (Host)
We're just trying to go sort through all the different threads and topics that people have thrown at us. You know we, I, I listen. You know you folks have been saying you want this, that and the other thing, and I'm going to try really hard. One of the things you folks have been saying over and over again is that you would like us to really dig into a topic, and so we're going to try a deep dive pretty soon and it's going to be multiple episodes going and digging deep into some key internet technology. So if you want to make your opinion known, you're welcome to hit me on. X used to be called Twitter. I'm ADV NET LAB, advanced Net Lab. You're also welcome to throw an email at me. I'm Cheebert, spelled C-H-E-E-B-E-R-T at twittv. We're also welcome to throw the email at twittv and that'll hit all the hosts. Thanks for watching.
01:03:37 - Curt Franklin (Host)
Thanks, brian, and should you want to reach me, easiest place to do it is on LinkedIn. I'm Curtis Franklin. You can also find me on mastodonkg4gwa at mastodonsdforg. I'm on plenty of other social media. Look me up, hit me up, let me know your opinion. Always happy to hear from the twiat riot and for all of us here at this week in enterprise tech, remember, if you want to know the latest and most important news about enterprise technology, just keep quiet.
01:04:19 - Jonathan Bennett (Other)
Hey, we should talk Linux. It's the operating system that runs the internet, but your game console, cell phones and maybe even the machine on your desk. You already knew all that. What you may not know is that Twitter now has a show dedicated to it, the Untitled Linux Show. Whether you're a Linux pro, a burgeoning system, or just curious what the big deal is, you should join us on the ClubTwit Discord every Saturday afternoon for news analysis and tips to sharpen your Linux skills, and then make sure you subscribe to the ClubTwit exclusive Untitled Linux Show. Wait, you're not a ClubTwit member yet. We'll go to twittv slash club twit and sign up. Hope to see you there.