Lifting the lid On Intrapreneurs

The three factors holding your organisation’s internal innovation back.

At Unico we are undergoing a transformation. Not the “digital transformation” you hear so many organisations undertaking – these are largely cost management measures that stand to deliver no incremental value in their own right. Nor is it just another cultural transformation. We are instead recognising the fuel inside our people, incredible ideas of better ways to work, or great businesses to be in, and providing the spark that will help ignite their passion to succeed.

New employees come to an organisation green and enthusiastic but soon the light starts to dim. As they are increasingly seen as creatures of one-dimensional value, all sorts of things start happening. They loose focus. Their productivity drops. And, worse, they start thinking the grass is greener on the other side. And as soon as they think this – for the very first time – you have lost the battle to keep your most valuable asset, your people.

Where and why they go is a subject for another day, but one of the key reasons is that they think the business won’t listen to their ideas that may add value. These are the Intrapreneurs – those in your flock who can see a better way to do something. Or a new customer to serve. Or maybe an entirely new market to serve with a different product.

What holds an Intrapreneur back?

There are many factors that stop people thinking they can or should innovate. Here are three that will easily override any words from management about how important innovation is.

1) KPI’s – Key Performance Inhibitors:

One of the key inhibitors of performance in real, meaningful terms, are KPIs. I don’t mean to say that measuring performance is not important, but I do think that the process of defining KPIs is fundamentally broken in many of the organisations I’ve observed. To the business the KPI tries to identify success criteria for a given employee. But that’s not what the employee sees. They see a leash – if something is not in the KPIs, then it is not allowed to be done. Certainly, there are individuals who manage to renegotiate their KPIs regularly to reflect what they have done, but are they really just gaming the system?

Another impact of KPIs is the punitive shadow they cast over the whole organisation. When they do stick to their KPIs, there is no incentive to fail, so why would they try something new? They are not rewarded for trying something new that might fail – failure ultimately means lower financial reward. This is one of the most powerful drivers of behaviour, and if your performance measurement does not make an allowance for failure, your organisation risks becoming stagnant in a sea of fast moving competitors doing everything they can to get and stay ahead of you.

It is hard to define valuable KPIs, and nearly impossible to define KPIs that might drive an intrapreneurial outcome, since the results probably will not fall within the typical 12-month measurement window. Einstein was quoted as saying “Not everything that can be counted counts, and not everything that counts can be counted”. This is very true in the case of KPIs.

“Not everything that can be counted counts, and not everything that counts can be counted ” – Albert Einstein

2) Business as Usual (BAU):

Many organisations tend to prioritise BAU work, which is natural. After all, BAU is what has successfully driven the business in the past, so anything that impacts that baseline must be bad for the business. I call this tactical value, and it may be necessary in sustaining the organisation for the coming year, but it is not sufficient for longer term success. Few realise that focusing on tactical value may be the very lid keeping your teams from contributing strategic value – value that could fuel the organisation for decades to come.

At least one organisation we work with are suffering this at the moment. With a key customer under their belt, BAU for them has become anything that keeps that customer happy. What they have realised is that this view of success has reduced the ability for them to progress their product roadmap beyond its original MVP, and that has limited their ability to be successful with other customers. Fortunately, that’s has now turned around in favour of generating strategic value.

3) Paralysed by a vision of success:

A great idea can get stuck at the gate when someone realises that they don’t know how to take them forward or lack the resources to do so. A logical place to seek help in many cases would be their employer, except that typical employment instruments make a clear claim on IP ownership once exposed. Why would you tell your employer that you have a great idea for the next biggest thing, if it’s just going to be taken away from you?

So instead of flourishing it sits in the back of its creator’s mind, niggling away at them and creating more and more dissatisfaction with their job – each day bringing them closer to leaving you.

Is there a better way?

At Unico we think there is, and it starts with support, funding and recognition of the value contributed outside of traditional productivity metrics. We have built processes, funding opportunities and recognition programs to encourage ideas to be brought out into the light and be explored. And we are recognising that innovators need to be explorers – they need to carry their knowledge into new conversations, where two separate ideas can smash together like particles in a physics experiment, combining to form a new idea and releasing an energy that wraps around the team and drives them forward with a new passion.

This exploration is an opening of our doors to the outside world and inviting other organisations in to experiment with their own ideas and finding common purpose as we collaborate to bring new innovations to life.

Introducing uSpark

uSpark is an organisation dedicated to pursuing innovation from all corners of industry. We have recognised through conversations with Unico’s customers that there are organisations all over our nation with great ideas bubbling up within their teams, but without the processes or the support to allow those ideas to develop.

We aim to help put innovation into the heart of all businesses without disrupting core activities, providing tools, processes and space to test new ideas and identify potential customers and markets. Our team has a broad range of innovation experience, from start-ups to large corporates, both local and from the heart of innovation, Silicon Valley.

For more information on our processes, people of how we can help bring your ideas to life, contact me by looking below.

Andrew Davison

Technology and Innovation Evangelist


Three ways Super Funds can drive customer engagement and strengthen governance practices

The Australian super industry is undergoing a period of unprecedented disruption as technology reshapes customer expectations and drives funds to redefine offerings and delivery capabilities.

Customer expectations are rising, forcing organisations – regardless of size or sector – to become increasingly customer centric and digitally enabled to not only gain competitive advantage, but even just to compete and survive.

Super is no different. A shift is occurring. What members consider the ‘norm’ has changed. They expect a tailored customer experience, not just to be shown their portfolio. They expect to be provided with transparent value and benefits, personalised recommendations and insights. They want great service, competitive returns and an understanding of what you, the super provider, is doing for them personally.

Coupled with this heightened expectation is a loss of consumer trust in Super funds. This industry and regulatory shift is forcing funds down the expensive path of restructuring organisational values and having to adhere to strict regulatory compliance which has been amplified by political and public scrutiny.

As the power shift to consumer increases, funds have been witnessing an increase in customers exercising their choice to leave in search of better alternatives. This trend is causing a flow on effect of voluntary and involuntary consolidation and mergers of funds.

As funds re-establish standards, technology can be leveraged to help drive customer engagement and strengthen governance practice through the following:

1) Data virtualisation platforms – a single source of truth for all your data:

Many funds run administration services across multiple disconnected systems with little to no integration. Most of these systems are slow, expensive to integrate and require a high level of manual processing that can result in technical debt costing time and money to maintain.

Having to rely on a range of disparate systems usually means there is limited capacity to effectively map out client behaviours and interactions across all channels, as data sets are isolated. This results in an incomplete customer profile that does not consider all aspects of a customer’s financial history and behaviour.

Funds also often lack the ability to accurately curate structured data and unstructured data (emails, texts, letters etc.) collected from customer journeys. Consequently, they are unable to comprehensively understand each customer’s experience and by extension how to best serve each customer.

Data virtualisation is a technology data management solution that allows an application to retrieve and integrate data from across an entire organisation regardless of where it is located and present it in a single place. Governance, control, data lineage and security can be managed and even enhanced using data virtulisation, over other data consolidation techniques. This allows customer and business insights to be gained quickly and often more cost effectively than building data warehouses and data lakes. Modern financial services challenges require solutions that facilitate a faster and cheaper time to insights, whilst managing governance requirements. Data virtulisation is one way funds and companies can meet the challenge.

2) Artificial Intelligence (AI) models for improved member engagement and customer experience:

Adopting AI offers a viable solution to member engagement by enabling funds to connect with clients via AI generated insights. Unprecedented amounts of data can be analysed to find patterns, trends and inflections to determine exactly when and how customer’s needs have changed.

Once established, AI algorithms can engage customers in automated interactions that previously wouldn’t have been cost effective, including customer queries and conflict resolution. Super is often perceived by customers as complex as they struggle to understand the benefits and the value the fund is providing. AI and automation has made first class customer service cost-effective, scalable and achievable for the super industry.

3) AI powered regulatory risk & compliance frameworks:

Compliance, risk and audit have traditionally been reliant on rule-based processes to assess and prevent compliance breaches. In addition, these systems often rely on data from a single platform for each risk assessment. However, without a holistic, enterprise view of the enterprise it is difficult for a fund to truly assess enterprise compliance and manage its whole-of-company risks.

AI paired with a data virtualisation platform can be used to build and train models to have secured views on all enterprise data. Data sources for each model can be tracked and managed for traceability, bias reduction and stop non-compliance from the source, through to model development and production. This combination provides lineage from source data to AI model to the final AI-powered decision; a vital component in good financial service governance.

Proactive risk management, governance and compliance tools and frameworks can anticipate, detect and manage AI-backed risk assessments and analytics – allowing funds to respond faster to threats and be nimble in responding to changing regulatory compliance demands.

Mark Hannon

Head of Sales


Four ways to protect your investment in IoT from cybersecurity threats

Four ways to protect your investment in IoT from cybersecurity threats

IT professionals are used to thinking about how to protect our information technology assets. Data loss, data theft, exposure, identity theft and ransom attacks are the menu du jour. As we move towards Industry 4.0 internet of things (IoT) is connecting operational technology (OT) to the network at breakneck speeds, raising the stakes for cyber-attacks to the levels of tales we see in dystopian fiction.

We have seen nation-state attacks against nuclear power plants (India, November 2019), as well as widespread attacks on IP connected surveillance cameras. Just today it was announced that  a major cyber security attack has been identified by the Australian government. However, threats like ransomware take on a new form: consider a farm with hundreds or thousands of IoT sensors being held ransom under the treat that their crop may be flooded just before harvest, sending them into financial ruin. 

Recent attacks have highlighted just how vulnerable Australian government and business are to malicious cyber attack.

OT security is no longer speculative; this week we have seen exposure of attack surfaces in the networking stacks of embedded devices. Nineteen vulnerabilities were discovered in the Treck TCP/IP library commonly in use in IoT devices, four of which are considered critical. Physical security used to be the primary concern for OT managers, but now we must consider a broader landscape. 

Physical security used to be the primary concern for OT managers, but now we must consider a broader landscape. 

How do OT cyber-attacks work? 

In addition to securing the back-office systems the devices talk to, OT security professionals now need to look at the devices themselves. The attack vectors can be broken into four key areas of concern. 

1) Device firmware: This is the software running the device and comprises the base operating system on the device and the application sitting on top of this. Both elements will make use of code which is either subject to unintentional vulnerability via defect, or introduction of malicious artefacts through open-source libraries in use. 

2) Device hardware: There are common protocols in use to communicate between the hardware elements of IoT devices which can be the subject of attack. The very common I2C and one-wire protocols connect sensors and actuators to a device and are prone to being sniffed if physical access is available. 

3) Device APIs: IoT devices are useless unless they are connected to a back end, and these interfaces or application program interfaces (APIs) are often vulnerable to attack. The same attack tools used to attack web servers can be used to attack IoT devices; most common weaknesses exploited are default usernames/passwords, weak passwords, and hard-coded passwords, but buffer overrun attacks are also a concern for the transport protocols in use (HTTPS in most instances) where the attacker uses carefully constructed URLs to attempt to break into the API. 

4) Radio networks: Wireless communications are a dream come true for an attacker, removing the need for physical access to carry out an attack. Open discovery protocols or weak network configuration can leave devices open to man-in-the-middle attacks which potentially expose user or API credentials,  allow actors to extract, inject or otherwise change device data or allow actors to alter the state of actuators by replaying or inserting commands on the device interface. 

“Physical security used to be the primary concern for OT managers, but now we must consider a broader landscape.”

So, What can you do?

We have found that there are four components to an effective protection strategy for IoT assets. 

1) URL filtering: This is the practice of recognising URLs that are known sources or destinations for cyber-attacks. In the case of IoT it is particularly important to manage this access to prevent BotNet attacks which can generate significant amounts of traffic or computational load. 

2) Behavioural assurance: IoT devices are typically low power, low data bandwidth devices so many will fit into one of a few behavioural patterns. Once a pattern is selected for a device, we watch traffic for patterns outside this behavioural definition. For example, a period of high data utilisation when the device has been classed as low bandwidth, or traffic generation during a period when the device should be dormant. 

3) Behavioural profiling: Patterns of behaviour can be established quickly for IoT devices. Artificial intelligence (AI) algorithms can be trained early in a device life cycle to understand the expected behavioural profile of a device, observing low traffic under normal circumstances, occasional high traffic due to an event, and seeing traffic to several legitimate destinations. Once established, the AI can continue to scan the traffic, watching for changes in this behavioural profile to understand when an attack is imminent, or under way. 

4) Global threat profiling: If you have access to enough devices, AI algorithms can begin to learn the patterns of the threat actors as well. This can be applied to the entire population of devices under protection, meaning that new threats can be identified and acted on more rapidly than would be otherwise possible. 

Choose the right protection and integrator  

Unico have extensive experience delivering tailored solutions that meet the specific needs of our customers. Alongside Allot, one of our strategic partners, we have a product that provides four comprehensive modes of protection for your IoT infrastructure: 

  • URL filtering 
  • Behavioural assurance 
  • Behavioural profiling 
  • Global threat profiling 

If you would like to find out more about protecting your business or your customers business please get in contact as I would be happy to show you how the Allot IoTSecure Service can provide affordable, multi-tenanted IoT protection solutions ready to ship to your customers out of the box. 

Andrew Davison

Technology and Innovation Evangelist

Business update Insights Media

Open for business COVID-19 update

Open for business COVID-19 update

27 March 2020

We are committed to servicing you and your business-critical IT infrastructure and remain fully operational. Early last week we activated our business continuity plan (BCP). Our BCP facilitates a rational, calm approach whilst acting in accordance with directives from the Australian Government.

Our team is set up with robust IT remote access infrastructure, enabling them to work remotely as required. Minimising disruption to our customers and partners is high priority, second only to the health and wellbeing of our people, customers and community.

If you have any concerns or questions about your interactions with our team during this time, please reach out to your Unico contact.

John Rowland, Managing Director

John Rowland

Managing Director