Search

What Is Ethical Hacking?

The internet brought with it the third revolution; a revolution that has interconnected the world like never before. There are currently 5 billion internet users in the world. And this number only increases day on day. From education to healthcare to communications to transport, the internet has permeated every industry to make our lives easier and more convenient. But is the internet a manna from the heavens? Sadly not. While it has brought with it immense opportunities and innovations, it has also brought with it, threat; threat of breach, fraud and attacks. And foremost among these threats is the threat from hackers.  Hackers are sophisticated criminals who can breach cyber security systems and cause loss of money, credibility and trust. In 2017 alone, hacking cost people $172 billion, while it is predicted that by the end of 2020, the average cost of data breaches will be about 150 million. Apart from the money that is lost, a company that is vulnerable to cyber-attacks also loses face with its customers, making it unreliable. Which is why, to counter these attacks, more and more organizations today are investing in sophisticated cyber security, to protect their data and reputation from hackers.  But how does one know if the security they have in place is fool proof and not susceptible to cyber-attacks? This is where ethical hackers come in. An ethical hacker is a security professional who assesses a system for vulnerabilities that can be exploited for a malicious attack.  Ethical hackers break and build the security for an organization.  They have become an indispensable resource in the security market. Right from ecommerce websites to banks, all organizations are investing in ethical hackers who can assess and put a security system in place.    So, how does one become an ethical/white hat hacker? And what’s the career path in this role? Understanding Ethical HackingEthical Hacking is a legitimate and structured way of hacking, performed to expose the vulnerabilities in the software, web application, or in the network, that can be accessed and exploited by an unauthorized person. Ethical hacking helps secure both your personal as well as an organization’s IT assets.  There are many threat vectors which attackers use to get the access to a website, software or network. Ethical hackers are trained to identify these and fix them before they are discovered by malicious hackers. In organizations, they are often given the role of a security analyst, security consultant security architect etc.  Some of the tasks of an ethical hacker include: Detecting loopholes in a database that can be exploited by any unauthorized person  Finding vulnerabilities in networks that can be exploited by any attacker Educating the employees on how to identify phishing mails and tackle them  Establishing proper security controls on all the devices. Securing your Web applications and websites Securing your organization's network  Regular patching of Infrastructure devices like routers, switches, firewall and servers. Establishing perimeter security to protect the organizational network. Ensuring User and Access based controls are setup and implemented.  Input validation on Websites. Security analyst, security consultant or security architect...these are some of the names given to ethical hackers in the corporate world.What Ethical Hackers Do In essence an ethical hacker uses the same tools and techniques that would be used by a malicious or black hat hacker to breach a system. The only difference is that what an ethical hacker does is legitimate, ethical and with the consent of the organization quite contrary to a malicious hacker who hacks a system’s security without user consent.An ethical hacker’s job involves identifying loopholes and developing and discussing their assessment methods and findings with various IT team and  the higher management.  Ethical hackers perform vulnerability assessment on the network, software, and servers. Later they fix those incompetencies so that no unauthorized user can compromise the system’s integrity. What qualifications does one need to become an Ethical Hacker?A Computer Science or Information Technology degree is not required to become an ethical hacker. There are many professionals who come from non-technical background and go on to become excellent ethical hackers. What you need is expertise on the latest hacking tools and techniques that you can use to test the system and identify its loopholes.   Some of the defensive approaches ethical hackers use to protect organizations include:  Regular patching of Infrastructure devices like routers, switches, firewall and servers. Establishing perimeter security to protect the organizational network. Ensuring User and Access based controls are setup and implemented.  Input validation on Websites.  And many more.History of Ethical Hacking:- The term ‘hacker’ was coined in 1960 at Massachusetts Institute of Technology where some great minds were trying to redevelop mainframe systems using FORTRAN programming. With the dawn of the digital age, hacking became one of the top methods of conducting cyber-attacks. Nation sponsored attacks are a new form of cyber terrorism that can bring countries to their knees.   One of the biggest examples is Stuxnet; a virus attack on the Nuclear program of Iran, which according to Wikipedia was carried out jointly by USA and Israel. Some of the other victims of hacking are organizations such as: Adobe hack: 2013 Yahoo Hack: 2013 eBay hack: 2014 Sony hack: 2014 Mariott hack: 2018 Dubsmash hack: 2019 Evolution of the Ethical Hacking role:Ethical hackers play an important role in securing us in this era, and can be said to be the unsung heroes of the IT industry.  Organizations have greatly expanded the investments made on cyber security after realizing that a breach could cost them more than their turnover. The digital demand in today’s world has ensured that the responsibilities of and the need for ethical hackers is on the rise.  How does Hacking become Ethical? Hacking can be legal or illegal depending on the intention of the act. If hackers use their knowledge for providing security and protection to any organization, it becomes legal or ethical. When a hacker has the user’s consent to check the security of their system by breaching the system, it is ethical hacking. However, if the security of a system is breached without the user’s consent to perform a malicious act such as stealing passwords, sending spam, damaging/stealing data, making unlawful transactions etc, then that makes it a cybercrime.   Recent Hacking Attacks:- What do hackers do? Perform a data breach Get details of the Server Get sensitive details from a database Crash a website Some of the more prominent attacks of data breach in recent years include In 2015, Barack Obama, Joe Biden, Jeff Bezos, Waren Buffet, Bill Gates, Mike Bloomberg, Elon Musk, Kanye West, and others were victims of hacking.  Myerscough College, in Billsborrow, Lancashire was attacked by an attacker on their result day. This compelled the staff to email each student about their grades, individually, Even their online enrolment system was affected by the attack.  A ransomware Wannacry, was used to derail thousands of computer systems including those of Government organizations and private organizations.  Ashley Madison is a website with the slogan 'Life Is Short, Have an Affair.' This website was attacked by attackers in July 2015, which resulted in the personal data of 37 million users being leaked on public websites. The results were catastrophic and it ruined the reputations and marriages of many. In June 2015, the records of 21.5 million people, including social security numbers, dates of birth, addresses, fingerprints, and security-clearance-related information, were stolen from the United States Office of Personnel Management (OPM). Most of the victims are employees of the United States government. This attack was also considered to be serious due to the leak of private information of the officials. The attackers used asymmetric cryptography, in which they encrypted the complete system using a public key and stored the private key on their own server. The owner of the system was blackmailed into giving money in exchange for the private key to decrypt that system.  According to McAfee "Rise in Cyber Attacks Amid Covid-19 Resulted in 375 Threats Per Minute in Q1 2020" What is Vulnerability: - Vulnerability is a loophole in the system which allows any unauthorized user to get access into the system.  Vulnerability is often a result of misconfiguration of the logic which is implemented for operation or security of the system. Any weakness in a system that can be used to exploit the organization's property is called vulnerability. A flaw in the system makes it vulnerable to attacks. A small configuration error can become a high-level vulnerability.  Generally, vulnerabilities are categorized according to the severity and frequency of occurrence. These are:  Critical  High Medium Low Below are some of the different types of vulnerability: If Database default credentials are used If Server is not properly patched  If Session time out is not properly configured If Server is executing data entered in input field as a command If handling of data is not properly implemented.What types of Systems do Hackers target?Hackers often want to hack those computers or networks from which they know that they will surely get some valuable/sensitive information. Government and Private organizations that store large amounts of sensitive data are especially vulnerable to hacking. Individual hacking is also on the rise were hackers attack individuals to steal money or passwords. In the times we live, knowledge of hacking and security is a must for every individual and organization to protect themselves.  Ethical hackers are the modern-day vigilantes who protect and serve organizations and individuals by fixing security issues of systems and keeping them safe from attacks. 

What Is Ethical Hacking?

7K
What Is Ethical Hacking?

The internet brought with it the third revolution; a revolution that has interconnected the world like never before. There are currently billion internet users in the world. And this number only increases day on day. From education to healthcare to communications to transport, the internet has permeated every industry to make our lives easier and more convenient. But is the internet a manna from the heavens? Sadly not. While it has brought with it immense opportunities and innovations, it has also brought with it, threat; threat of breach, fraud and attacks. And foremost among these threats is the threat from hackers.  

Hackers are sophisticated criminals who can breach cyber security systems and cause loss of money, credibility and trust. In 2017 alone, hacking cost people $172 billion, while it is predicted that by the end of 2020, the average cost of data breaches will be about 150 million. 

Apart from the money that is lost, a company that is vulnerable to cyber-attacks also loses face with its customers, making it unreliable. Which is why, to counter these attacks, more and more organizations today are investing in sophisticated cyber security, to protect their data and reputation from hackers.  

But how does one know if the security they have in place is fool proof and not susceptible to cyber-attacks? This is where ethical hackers come in. An ethical hacker is a security professional who assesses a system for vulnerabilities that can be exploited for a malicious attack.  

Ethical hackers break and build the security for an organization.  They have become an indispensable resource in the security market. Right from ecommerce websites to banks, all organizations are investing in ethical hackers who can assess and put a security system in place.    

So, how does one become an ethical/white hat hacker? And what’s the career path in this role? 

Understanding Ethical Hacking

Ethical Hacking is legitimate and structured way of hacking, performed to expose the vulnerabilities in the software, web application, or in the network, that can be accessed and exploited by an unauthorized person. 

Ethical hacking helps secure both your personal as well as an organization’s IT assets.  

There are many threat vectors which attackers use to get the access to a website, software or network. Ethical hackers are trained to identify these and fix them before they are discovered by malicious hackers. In organizations, they are often given the role of a security analyst, security consultant security architect etc.  

Some of the tasks of an ethical hacker include: 

  • Detecting loopholes in a database that can be exploited by any unauthorized person  
  • Finding vulnerabilities in networks that can be exploited by any attacker 
  • Educating the employees on how to identify phishing mails and tackle them  
  • Establishing proper security controls on all the devices. 
  • Securing your Web applications and websites 
  • Securing your organization's network  
  • Regular patching of Infrastructure devices like routers, switches, firewall and servers. 
  • Establishing perimeter security to protect the organizational network. 
  • Ensuring User and Access based controls are setup and implemented.  
  • Input validation on Websites. 

Security analyst, security consultant or security architect...these are some of the names given to ethical hackers in the corporate world.

What Ethical Hackers Do 

In essence an ethical hacker uses the same tools and techniques that would be used by a malicious or black hat hacker to breach a system. The only difference is that what an ethical hacker does is legitimate, ethical and with the consent of the organization quite contrary to a malicious hacker who hacks a system’s security without user consent.

An ethical hacker’s job involves identifying loopholes and developing and discussing their assessment methods and findings with various IT team and  the higher management.  

Ethical hackers perform vulnerability assessment on the network, software, and servers. Later they fix those incompetencies so that no unauthorized user can compromise the system’s integrity. 

What qualifications does one need to become an Ethical Hacker?

A Computer Science or Information Technology degree is not required to become an ethical hacker. There are many professionals who come from non-technical background and go on to become excellent ethical hackers. What you need is expertise on the latest hacking tools and techniques that you can use to test the system and identify its loopholes.   

Some of the defensive approaches ethical hackers use to protect organizations include:  

  • Regular patching of Infrastructure devices like routers, switches, firewall and servers. 
  • Establishing perimeter security to protect the organizational network. 
  • Ensuring User and Access based controls are setup and implemented.  
  • Input validation on Websites.  

And many more.

History of Ethical Hacking:- 

The term ‘hacker’ was coined in 1960 at Massachusetts Institute of Technology where some great minds were trying to redevelop mainframe systems using FORTRAN programming. With the dawn of the digital age, hacking became one of the top methods of conducting cyber-attacks. Nation sponsored attacks are a new form of cyber terrorism that can bring countries to their knees  

One of the biggest examples is Stuxnet; a virus attack on the Nuclear program of Iran, which according to Wikipedia was carried out jointly by USA and Israel. 

Some of the other victims of hacking are organizations such as: 

  • Adobe hack: 2013 
  • Yahoo Hack: 2013 
  • eBay hack: 2014 
  • Sony hack: 2014 
  • Mariott hack: 2018 
  • Dubsmash hack: 2019 

Evolution of the Ethical Hacking role:

Ethical hackers play an important role in securing us in this era, and can be said to be the unsung heroes of the IT industry 

Organizations have greatly expanded the investments made on cyber security after realizing that a breach could cost them more than their turnover. The digital demand in today’s world has ensured that the responsibilities of and the need for ethical hackers is on the rise.  

How does Hacking become Ethical? 

Hacking can be legal or illegal depending on the intention of the act. If hackers use their knowledge for providing security and protection to any organization, it becomes legal or ethical. When a hacker has the user’s consent to check the security of their system by breaching the system, it is ethical hacking. However, if the security of system is breached without the user’s consent to perform a malicious act such as stealing passwords, sending spam, damaging/stealing data, making unlawful transactions etc, then that makes it a cybercrime  

Recent Hacking Attacks:- 

What do hackers do? 

  • Perform data breach 
  • Get details of the Server 
  • Get sensitive details from database 
  • Crash a website 

Some of the more prominent attacks of data breach in recent years include 

  1. In 2015, Barack Obama, Joe Biden, Jeff Bezos, Waren Buffet, Bill Gates, Mike Bloomberg, Elon Musk, Kanye West, and others were victims of hacking.  
  2. Myerscough College, in Billsborrow, Lancashire was attacked by an attacker on their result day. This compelled the staff to email each student about their grades, individuallyEven their online enrolment system was affected by the attack.  
  3. A ransomware Wannacry, was used to derail thousands of computer systems including those of Government organizations and private organizations.  
  4. Ashley Madison is a website with the slogan 'Life Is Short, Have an Affair.' This website was attacked by attackers in July 2015, which resulted in the personal data of 37 million users being leaked on public websites. The results were catastrophic and it ruined the reputations and marriages of many. 
  5. In June 2015, the records of 21.5 million people, including social security numbers, dates of birth, addresses, fingerprints, and security-clearance-related information, were stolen from the United States Office of Personnel Management (OPM). Most of the victims are employees of the United States government. 
    This attack was also considered to be serious due to the leak of private information of the officials. 

The attackers used asymmetric cryptography, in which they encrypted the complete system using a public key and stored the private key on their own server. The owner of the system was blackmailed into giving money in exchange for the private key to decrypt that system.  

According to McAfee "Rise in Cyber Attacks Amid Covid-19 Resulted in 375 Threats Per Minute in Q1 2020" 

What is Vulnerability: - 

Vulnerability is a loophole in the system which allows any unauthorized user to get access into the system.  

Vulnerability is often a result of misconfiguration of the logic which is implemented for operation or security of the system. Any weakness in a system that can be used to exploit the organization's property is called vulnerability. A flaw in the system makes it vulnerable to attacks. A small configuration error can become a high-level vulnerability.  

Generally, vulnerabilities are categorized according to the severity and frequency of occurrence. These are:  

  • Critical  
  • High 
  • Medium 
  • Low 

Below are some of the different types of vulnerability: 

  • If Database default credentials are used 
  • If Server is not properly patched  
  • If Session time out is not properly configured 
  • If Server is executing data entered in input field as a command 
  • If handling of data is not properly implemented.

What types of Systems do Hackers target?

Hackers often want to hack those computers or networks from which they know that they will surely get some valuable/sensitive information. Government and Private organizations that store large amounts of sensitive data are especially vulnerable to hacking. Individual hacking is also on the rise were hackers attack individuals to steal money or passwords. 

In the times we live, knowledge of hacking and security is a must for every individual and organization to protect themselves.  

Ethical hackers are the modern-day vigilantes who protect and serve organizations and individuals by fixing security issues of systems and keeping them safe from attacks. 

KnowledgeHut

KnowledgeHut

Author

KnowledgeHut is an outcome-focused global ed-tech company. We help organizations and professionals unlock excellence through skills development. We offer training solutions under the people and process, data science, full-stack development, cybersecurity, future technologies and digital transformation verticals.
Website : https://www.knowledgehut.com

Join the Discussion

Your email address will not be published. Required fields are marked *

Suggested Blogs

INFOGRAPHIC: The Future of IT

Technology is rapidly changing at a staggering pace. The rapid change of technology has driven an increased demand for highly competent IT professionals to meet the needs of the future. Many people now wonder what exactly these professionals need to know to prepare for this future.  In order to determine this we must look at the trends, technologies, and jobs that will dominate the landscape of tomorrow. IT Trends Shaping The Future       There are many mega trends are currently influencing how technology will be used in the future. For example, there is starting to be a greater connection between people and the internet. People now view the internet as more than a piece of technology but as a mental, social, and physical extension of themselves. This means they also expect to have access to technology everywhere and on any device. The “Internet of Things” is another major trend. The internet is now expected to be digitally linked to objects we use on a daily basis. At the same time big data is emerging providing new opportunities and challenges while artificial intelligence is putting computers in the position to make decisions. The shared economy is also creating a need for digital transparency and trust mechanisms that allow direct exchange of goods and services. People also now want to utilize 3D-printing and other technology to create physical materials on the spot. All of these trends are greatly influencing our current and future technology demands and needs.  IT Technology of the Future  Due to the current trends and advancements technology will look a lot different in the future. Here are some of the technologies that will be shaping our world in the future: Space drones: NASA has issued a challenge for designers to develop drones that can operate inside a space station. 760mph trains: PayPal, Tesla and SpaceX founder Elon Musk has been pioneering the new Hyperloop system. These “trains” can travel up to 760mph through a vacuum tube, propelled by compressed air and induction motors. With this technology passengers could travel between San Francisco and LA in 35 minutes. Using sound to fight forest fires: We all know that wild fires are a major problem in many areas of the country. Luckily, these fires will one day be fought by drones that direct loud noises at the trees below. Since sound is made up of pressure waves, it can be used to disrupt the air surrounding a fire, cutting off the supply of oxygen to the fuel. This technology can help fire fighters and ultimately save lives. Breathalyser cars: The US National Highway Traffic Safety Administration has developed devices that can monitor alcohol levels by sniffing a driver’s breath or scanning the blood in their fingertips via the steering wheel. With the technology cars can be immobilized the car if levels are too high. Drivers who use this system could even be offered discounts on insurance premiums. Internet for everyone: Elon Musk is requesting permission to send almost 4,000 small satellites into low-Earth orbit. These satellites would beam back a high-speed wireless signal to everyone on the planet. This would provide wi-fi to everyone in the world opening use of the internet and technology to everyone. Personalities for robots: Google has obtained a patent on robot personalities. Owners could have a personality automatically chosen to match their needs, or select one based on a fictional character, or a loved one. These will definitely be the robots of the future. Self-driving trucks: Driverless trucks are cheaper to run than regular rigs. They drive more smoothly and use less fuel while computers never get tired or need breaks. They can also drive in convoys, nose-to-tail, to minimize wind resistance. This type of technology will most likely be the future of transport. Your brain print as a password: A team at Binghamton University, New York looked at the way volunteers’ brain signals changed as they read a list of acronyms. Each person reacted differently enough for the system to predict who was reading the list with 94% accuracy. In the future a version of this technology could be used to verify who is using a computer. Your brain would ultimately be your password.  IT Jobs in the Future To take advantage of the trends and technologies identified here, we must also know what jobs will be in demand in the future. These include: Cognitive computing engineer/machine learning specialist: Do you remember IBM’s cognitive computing initiative, Watson which became a “Jeopardy” champion? Cognitive systems are becoming a very large part of IBM’s business plan and other companies are following. The demand for cognitive computing skills is growing and colleges are starting to offer courses and programs that address this need. Blockchain engineer: Many startups are recruiting engineers and developers who are familiar with the technologies behind bitcoin. They want people who have experience in cryptography, distributed systems, hash algorithms, and more. In fact, more than 200 companies and open source projects are seeking to apply blockchain technology to applications such as trading platforms , secure identification cards, and self-executing contracts. GPU cluster engineer: GPU computing improves application performance by offloading compute-intensive portions of the application to the GPU, while the remainder of the code still runs on the CPU. This advantage is key to companies like Facebook, China’s Baidu, and Experian that deal with enormous data sets. Virtual reality engineer: Virtual reality is expanding beyond being exclusive to just gamers. For example, the New York Times, is one of the first newspapers to begin using virtual reality (and Google Cardboard) as a storytelling tool. Goldman Sachs predicts that virtual reality will generate $110 billion, compared to television’s $99 billion, in 10 years. Internet of things architect: Everything is starting to connect to the internet of things. Verizon recently posted a job for an “IoT solutions architect.” People who can work with this technology will be able to shape the future and remain in high demand. Computer security incident responder: Cyber security specialist has been an in-demand job for some time. Incident responders are the people who deal with the effects of an attack or an exploit. They understand security information and event management (SIEM) SIEM. combines a number of functions into a single system and centralizes event logs and other security-related documentation for analysis. The future of technology is definitely bright. Those who understands the IT trends, uses, and jobs of the future will remain in high demand. They will be the people who work with the technology that shapes the future of our world.
INFOGRAPHIC: The Future of IT

Technology is rapidly changing at a staggering... Read More

Learn the ITIL Ways To Accelerate Digital Transformation In Your Organization

Digital transformation is omnipresent, and every organization is gearing up for a change. Today the relationship between the physical and virtual world is confined and blurred, so every business needs to go digital. An effectual digital business transformation can leverage technology used in an enterprise and improve the user experience. While transforming traditional ways to digital, many of the organizations recognized that ITIL service management (ITSM) always implements the change programmes. This change plays a fundamental role in the IT world. ITIL is not only a facilitator but also a business in itself as it is leaping up in every industry. Expanding a digital business is not only a one-time investment but also it needs the continuous involvement of digitization and revolution of the business processes and the software which are used to implement the business. The top organizations are recently encouraging their employees to opt for the popular ITIL certification programs in order to be a part of the globewide digital transformation.  Two high-profile companie -Uber and Airbnb have a turnover of billions of dollars after implementing digital transformation in their companies. Neither Uber has its own taxis nor Airbnb any hotels.   This marks a transition from traditional business ways to digital approaches without having any company assets. Things like technology, processes and intellectual property are the more important facets of the digitized business if the systems are reliable, responsive, and fast.  Many organizations have moved towards implementing the methodologies like DevOps, Agile and Scrum and this is the first step to go digital. But simply executing these methodologies and frameworks needs a complete guidance on the terminologies about how to integrate with all the processes involved in the company’s working environment. ITIL might not be a solution for everything, still, your organization needs to hook up with ITIL services and processes, as it provides a proper process framework. ITIL is a open jar, from where you can select the methods, procedures, and best practices that suit your project requirements.    To fully understand the role of ITIL in an organization-level digitization, you first need to know the main reasons why ITIL is popular.    How can ITIL help transform businesses to digital? Here are the 5 ways you can use to accelerate digital transformation using ITIL in your organizations. Businesses should adopt these approaches while sourcing their IT services.   1. Contextualised ITSM: This framework in ITIL was launched especially to meet the requirements of an individual business and user context. The ITIL technical management system can configure resources automatically so that the employees can get a special access to use standard user levels. Contextualised ITSM modifies different roles and operations to form the contextual framework for the individual business, as a result, businesses can pick the best way to automate their operations to be more efficient.    2.Infrastructure Service Management: ITSM framework provides the infrastructure of the technology distributors that allows for the planning of the organizational IT services. The Infrastructure service management helps to not only carry out the discussions between the service providers but also coordinate among the organizational data governance activities. The conversation improves the bond between the suppliers, service desk, user services, applications and the consultants. This helps in better service orchestration as the fundamental principles of ITIL are the universally accepted principles that encompass the entire organizational operations.   3. Integrated Performance Management: Integrated performance management leverages companies to measure how the suppliers are compliant with each service request. This gives you an in-depth business-aligned performance metrics. If a business is failing to process a bill, you can check the entire internal and external business processes and act accordingly. 4. User Experience Engineering: User experience engineering is a new concept which addresses the gap between the employees and the customers about the system access (such as Enterprise Resource Planning (ERP) in the larger organizations. Companies expose the customers to their internal systems. So even a delay of 3 seconds can affect the customer service. User experience engineering leverages the smoothly running internal system processes, improving user experience. 5. Business Value Articulation: ITIL provides the business value articulation to understand the business and financial value of the system which has to be implemented. Also, it gives the clarity to the ITSM practitioners on the service provider based on whether it is external or in-house service.  Several organizations are currently dismissing ITIL as an operations-only framework and are missing out on the opportunities to digitize themselves.   Conclusion Transforming your old organization into a digitized equivalent can be a complex process. But the ITIL framework will help your organization to transit from expired services to the highly sophisticated IT services. The framework is flexible and more adaptable in nature which can help you follow a digital maturity roadmap.   
Learn the ITIL Ways To Accelerate Digital Transfor...

Digital transformation is omnipresent, and every o... Read More

ITIL Practitioner: Importance of “Adopt and Adapt” Principle and SWOT analysis

In my previous posts on ITIL Practitioner, we walked the journey of basics of ITIL practitioner, then emboldened by our little endeavor, we explored core competencies of ITIL, 9 guiding principles and tried to understand why “service strategy” is the core of ITIL framework. Briefly, we had touched upon the concept of Adopt and Adapt that is the core message of ITIL framework governing body. In this post, I will share my thoughts with you on how ITIL’s core concept of “Adopt and Adapt” is part of their curriculum and if possible, I will share some examples with you. What is Adopt and Adapt concept? Adopt says take whatever you like and think will be useful for your project or organization. Adapt says change it to suit your needs. Simple! Not so. Because this simple looking definition is full of pitfalls and very dangerous ones, at that. If you start adopting everything that you liked in other projects and companies then soon your own project and company will be overburdened with things that do not work well together and worst still, there will be humongous redundancy in techniques and tasks. Let us take a simple example of internet search engine. Suppose I am the owner of company XYZ and I am marketing a new internet search engine service known as XYZ-Search. While my engineers and managers are working hard to make sure that my internet search service performs well on the parameters that have been given to them; at the same time, I should also be spending time to find out the existing best practices being followed by my competitors and peers. But I exercise extreme restraint before actually taking those practices and asking my engineers to follow them blindly. For example, it will be foolish on my part to build a sprawling campus with 24*7 entertainment facilities for my engineering team working on XYZ-Search just because Google does it for its employees. No doubt, this kind of environment does have its own benefits, but it comes with its own cost. And being a start-up, my XYZ-Search cannot afford this. So in spite of success for this organizational facilities, I should not be adopting it as-is. Similarly, I notice Google search engine places online advertisements on specific locations on the page such as top, bottom, right navigation panel etc. So if I tell my engineers, UX, and marketing team to start putting such advertisements on my XYZ-Search page then I can easily drop my dreams of tasting success. Why? Because Google is earning those advertisements on the basis of top-class search results that lead to user satisfaction and if I try to replicate that financial model for my XYZ-Search engine service then it will be thrown to trash in a matter of a few days. Always remember, bad quality never goes unpunished!  But I do want to adopt my peers’ success model; so what should I do? In that case, you need to learn to adapt. The concept of adapting means that you tailor the existing product or service as per your needs and requirements that suit you best. We know, this is a required thing to be done else it leads to the problem of force fitting leading to a lot of other issues such as employee dissatisfaction, customer drain, regulatory non-compliances etc. To continue with our example of internet search engine service, if our very successful competitor, Google, decides to set up a 24*7 customer care number that provides personalized attention to each caller, then obviously, this initiative is going to win a lot of appreciation from the clients for Google. Who does not want a personalized support and care in business especially if things are not working as expected? But it would be foolish on our part to adopt this model in its entirety; in fact even suicidal for our startup that is already tight on cash inflow and is in primitive stages of internet search engine service development and release. So how do we adapt here?  Because adopting this wonderful idea is a no-brainer; it would be stupid to not implement this. But how to make it fit for us? That is where your SWOT analysis comes into picture. SWOT stands for strengths, weakness, opportunities and threats. How will this help us fulfill our needs? Let’s see.  SWOT analysis to Adapt the Adopted SWOT analysis is helpful here because it will help us nail down the reasons why we want to adopt a best practice, what are our current challenges to be solved through this, what are the constraints that limit our ability to go beyond what is currently possible and what benefits we are going to reap if we are successful. Let me show you an example of this internet search engine service 24*7 customer care with personalized attention. What are our Strengths? Here we or anyone is supposed to list down the aspects that are your strong points for a given situation. You will need to involve more than 3 but less than 10 people in this exercise to get some tangible outcomes. Let’s give it a try. 1) We are a startup with limited and very minuscule customer base; since we are just starting up In normal circumstances, this would be considered as our weakness but in this case, this is our strength; see how This implies that the demand to set up 24*7 customer support is almost nil or maybe does not even exist. And that actually cuts down on our cost factor to set this up 2) Our another strength is, in this case, that no one expects us to give a wonderful customer support since we are a startup busy with getting our service correct first. So the pressure to set this up is not there. What are our weaknesses? Here, we list down our weaknesses in this area. 1) We do not have big purse or deep pockets; that means we cannot spend money on getting state of art technical automated customer support setup 2) Our developers are busy in developing next version, and they barely have time to work with customers for live site issues And we do not have the capacity to hire new developers What are the Opportunities? List down the scope of getting ahead in business and on your competitors, if you succeed in this case 1) Since the expectations are low, so if we are able to provide 24*7 customer support with personal attention then it takes our customer ratings higher at a very steep rate. This positive feedback loop in turn would lead us to get more business and hence, bigger market share Wow; didn’t think it that way! 2) Customer feedback loop would allow us to develop features that are more relevant to them and since our customer base is small, the impact of positive reaction would be higher Hence, more business through positive word of mouth What are our threats? Here we list down the threats that might hamper us on this journey or worst still, the losses that we may incur if we fail. 1) The much-needed finance would be diverted for something that was not asked for in the first place. 2) We are opening up another input channel for our engineering team through customer feedback and not to forget, our engineering team is already overloaded 3) Increased business might become a bane for us if we don’t keep up with the same quality of customer care going forward, and we might lose business due to that. Now, our SWOT analysis is done; and what is the result? That depends upon you and your risk appetite. Now, you should have a discussion with your team and managers and stakeholders and arrive at the best way to go forward depending upon the above SWOT analysis. And before you realize, you will have a perfectly adapted version of a best practice in your hands for your benefit! ☺ All the best! By the way, if I were you, I would have chosen to implement this model of personalized attention to all customers but only during specific hours of the day along with specific modifications to engage with other countries’ customers.    
ITIL Practitioner: Importance of “Adopt and ...

In my previous posts on ITIL Practitioner, we walk... Read More