Capabilities are “Ability to…” statements that state the strategic requirements of an organization. I see them as existing within the organization’s strategy. Businesses require business capabilities such as the “Ability to protect client information”. These are supported by people, process and technology enablers. Enablers describe how the organization realizes these capabilities.
IT Capabilities are service capabilities within the IT group of the business. These are analogous to business capabilities, but are derived from strategic technologies. If a company needs an application scanning and testing technology to support the ability to protect client information, then they will also need people, processes and possibly even additional technology to support that technology.
IT capabilities are important to track as they must be built out as part of transformation projects.
Securing the enterprise is a broad capability that would map to business capabilities that represent broad strategic imperatives such as:
- Maintain a trusted brand
- Mitigate reputational risk from security incidents
- Mitigate the risk of financial loss from security incidents
- Protect the privacy of client data.
This capability can break down a couple of ways:
- Physical / digital
- Identities / endpoints such as devices / servers / data / network / applications / fraud / social media and email.
I have put this capability first because you need to design security into everything from the very beginning.
Developing Omni-channel systems of engagement requires a number of subordinate capabilities:
- Designing and developing engaging user experiences across devices and touch points
- End-to-end architectures linking systems of engagement to systems of record, including data flows
- Designing for usability, dependability and scalability
- Instrument for deep analytics, including customer experience management
- Designing for privacy, deployment, management and security
- Adopting an agile development methodology.
Agile application development and continuous delivery are IT capabilities that allow project teams to respond to changing requirements resulting from a changing environment and insights, and release functional enhancements in rapid succession, whether it be to a formal test organization or production. Agile development supports continuous delivery. When I think of agile development I think about SCRUM as a project approach and supporting extreme programming techniques such as continuous integration, refactoring, and test-first design.
Responsive design is the practice of designing mobile applications such that they are displayed appropriately on different form factors. Responsive designs have a layout based upon percentages as opposed to numbers of pixels, and leverages enabling technologies such as fluid grids (formatting into columns) and media queries (CSS selection based upon device and orientation).
Engaging customers on an exploding number of wearables, phones, phablets, tablets, pc’s, televisions…and who knows what is next…drives fragmentation and inefficiencies in the application development and maintenance process.
Write once, deploy anywhere is a technique to manage this complexity by writing applications in a common technology that can be deployed to many devices. So instead of developing for…
- Objective C for iOS
- Java for Android
- C# for Windows mobile
IBM Worklight is an example of a Mobile application development platform.
Control of which server applications are available, how client apps are provisioned, which users and devices can access server applications, etc. Wiping of enterprise data from devices when needed.
All systems of engagement need a security architecture, but this is particularly important for financial services.
Mobile apps need to have security designed into them directly to protect sensitive data that they are using or have persisted to the device.
The device also must be secured. Finding and/or wiping lost devices. Cleaning enterprise data from user-owned devices when the association between the user and the enterprise has been broken (as when an employee terminates employment) without affecting personal data.
Protecting transactions from malware, screen scrapers, key loggers, etc.
Key enablers of this capability are the security measures in mobile application platforms and vulnerability scanning software.
Both customer and employee mobile apps must be tested across numerous devices, operating systems, carriers, etc. This generally requires specialized tools.
The IT group is usually tasked with designing new applications. I am not sure I advocate that but that is what I have seen in practice at banks. Therefore, I categorize User Centered Design as an IT Capability.
The following diagram lifted from Modern Web Development with IBM WebSphere gives a feel for what User Centered Design involves:
What I will say about User Centered Design is that it should not be the first step. You must have some process that answers the question: “User Centered Design of what?”. You need innovation processes operating at both the strategy and organization design levels.