Purchase your Section 508 Compliance Support guide now!

Purchase your Section 508 Compliance Support guide now!

Cognos 8 Diagnostic: IBM Monitoring and Diagnostic Tools for Java - Mem...

Cognos 8 Diagnostic: IBM Monitoring and Diagnostic Tools for Java - Mem...: IBM Monitoring and Diagnostic Tools for Java - Memory Analyzer Version 1.1 The IBM Monitoring and Diagnostic Tools for Java - Memory Analy...

Cognos Java Security Vulnerability CVE-2010-4476 Exposure Response

Products


Special offersSoftwareSoftware overviewProductsTrials and demosEvents and conferencesBusiness Analytics- Cognos- SPSSEnterprise Content ManagementInformation Management- DB2- Informix- InfoSphereLotusRationalTivoliWebSphereSystem z softwareStorageAll storageDisk systemsTape systemsStorage area networksNetwork attached storageStorage softwareHard drives/microdrivesStorage A to ZServers & systemsAll servers and systemsSystems softwarePower Systems (AIX, IBM i, Linux)System z (Mainframe)System x (xSeries)BladeCenterCluster systemsUNIX serversLinux serversIntel processor-based serversAMD processor-based serversOEM systemsInternet securityNetworkingPersonal computersPoint of salePrinting systems from InfoPrintSemiconductorsUpgrades, accessories & partsCertified used servers & storageCommunitiesSmall business productsMedium business productsHardwareSoftwareMoreSupport & downloads

DownloadFixes, updates and driversTrials and demosTroubleshootSearchDocumentationCommunitiesPlanInstallUseOpen a technical service requestCustomer supportFormer IBM productsPrinting systems from InfoPrintLenovo ThinkPads and ThinkCentresMoreMy IBM

My accountsMy profileMy interestsMy community spacesMy technical supportMy customer supportShopping cartContractsOrders and deliveryInventory and maintenanceInvoices and paymentsSelf-service toolsMore customer supportSubscriptionsMoreWelcome [ IBM Sign in ] [ Register ].Cognos Java Security Vulnerability CVE-2010-4476 Exposure Response

.Flash (Alert)



AbstractLast updated on April 19, 2011.



This Security Alert addresses a serious security vulnerability (CVE-2010-4476) which can cause the Java Virtual Machine to enter an infinite loop. This issue is described in more detail at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476.



To find out about applying the JRE patch to Cognos Business Intelligence on the Cloud, go to http://www.ibm.com/support/docview.wss?uid=swg21470017.



To find out about applying the JRE patch to Cognos Business Intelligence Special Edition, go to https://www-304.ibm.com/support/docview.wss?uid=swg21497107.



To find out about applying the JRE patch to the Cognos Now! 4.6.0 appliance, go to http://www.ibm.com/support/docview.wss?uid=swg21473104.







ContentProducts Affected



The issue exists in the Java class libraries and affects all products that use Java. IBM Cognos products that use Java include





Business Intelligence products:

□ Cognos Business Intelligence* versions 10.1, 8.4.1, 8.4.0, 8.3.0

□ Cognos Business Intelligence Developer Edition versions 10.1, 8.4.1

□ Cognos Business Intelligence Starter Edition versions 10.1, 8.4.1

□ Cognos PowerPlay versions 10.1, 8.4.1, 8.4.0, 7.5.0, 7.4.x,

□ Cognos Mobile versions 10.1, 8.4.1, 8.3.1, 8.3.0

□ Cognos Now! versions 4.6

□ Cognos DecisionStream version 7.1.4

□ Cognos Impromptu Web Reports versions 7.5, 7.4.x

□ Cognos NoticeCast versions 7.5, 7.4.x

□ Cognos Web Services versions 7.5, 7.4.x

□ Cognos Visualizer versions 7.5, 7.4.x

□ Cognos Query version 7.4.x

□ Cognos Express versions 9.5.0, 9.0.0

□ IBM Smart Analytics System Business Intelligence Module (all versions)





* Cognos Business Intelligence includes all BI components such as Reporting, Analysis, Data Manager, Virtual View Manager, Go! Search.Financial Performance Management products:

□ Cognos Business Viewpoint versions 10.1, 8.4.1, 8.4.0

□ Cognos Controller versions 8.5.1, 8.5.0, 8.4.0, 8.3.0

□ Cognos Finance versions 7.5.0, 7.4.x

□ Cognos Metrics versions 10.1, 8.4.1, 8.4.0, 8.3.0

□ Cognos Planning versions 10.1, 8.4.1, 8.4.0, 8.3.0, 8.1.x

□ Cognos TM1 versions 9.5.1, 9.5.0, 9.4.1, 9.4.0

Analytic Applications products:

□ Cognos Banking Risk Performance - Credit Risk versions 8.4.2, 8.4.0

□ Cognos Customer Performance Sales Analytics versions 8.4.2, 8.4.1, 8.4.0

□ Cognos Financial Performance Analytics (AP, AR & GL) versions 8.4.2, 8.4.1, 8.4.0

□ Cognos Supply Chain Performance Procurement Analytics versions 8.4.2, 8.4.1, 8.4.0

□ Cognos Workforce Performance versions 8.4.2, 8.4.1, 8.4.0, 8.3.0, 8.2.0, 8.1.x

□ Cognos Consumer Insight version 1.1.0



Description

This vulnerability can cause the Java Runtime Environment (JRE) to hang, enter an infinite loop, or crash when converting "2.2250738585072012e-308" to a binary floating-point number. The result can be a denial of service exposure. This same problem can occur if the number is written without scientific notation (that is, using all of the 324 decimal places). Any Java program that uses the Double.parseDouble method is at risk of this vulnerability.





Solution

To prevent this vulnerability from affecting your product, you must apply a patch to your existing version of Java or install a version of Java that contains the fix.



If you do not require the fix, no action is necessary.



Before you update your JRE on a production system, it is strongly recommended to:

• Apply the patch in a test environment to verify that your product is working correctly

• Make a backup before you apply any changes



Linux or UNIX Installations

On Linux or UNIX, the JRE is not provided by Cognos as part of the product. The JRE used with Cognos is a separately installed component that is available from the operating system, application server or Java vendor.



To resolve the security vulnerability, you will need to patch or upgrade the JRE to a version that is recommended by the Operating System, Application Server or Java vendor. Ensure you stop the Cognos Services before applying the patch and restart the Cognos Services once the patch has been successfully applied.



The following table provides links to vendor-supplied details and solutions to this vulnerability: IBM​ http:​/​​/​www.ibm.com​/​developerworks​/​java​/​jdk​/​alerts​/​cve​-​ 2010​-​4476.html​​

HP​ https:​/​​/​h20392.www2.hp.com​/​portal​/​swdepot​/​displayProductInfo.do?productNumber​=​HPUXFPUPDATER​​

Oracle​ http:​/​​/​www.oracle.com​/​technetwork​/​topics​/​security​/​alert​-​cve​-​2010​-​4476​-​305811.html​​







Windows Installations



Typically, a JRE is packaged with the Windows versions of Cognos products. However, you may also use a version of Java that already existed on your system.



If you are using a JRE that already existed on the system, the solution is to update the JRE to a version that is recommended by the Operating System, Application Server or Java vendor.



If you are using the JRE version that is provided with your Cognos product, interim fixes are now available for several of the Cognos products. To determine if an interim Windows fix is available for your Cognos product as well as download and installation information, please follow the instructions at http://www.ibm.com/support/docview.wss?uid=swg24029220.



It is necessary to stop the Cognos services before applying the patch and then restart the Cognos Services once the patch has been successfully applied.



Cognos is continuing to develop interim fixes for the remaining affected products. These fixes will be made available as soon as possible.



If you cannot wait for the patch to become available from Cognos, you can also manually apply the patch to your JRE using the following steps.





Determine which version of JRE you are using



1.In a command window, go to the cognos_location/bin/jre directory.

If you are using a 64-bit installation, go to the cognos_location/bin64/jre directory.





2.Type the following:

java –version



The resulting message will indicate whether you have an IBM or Sun version of JRE.



To apply a patch to an IBM version of JRE, do the following:

Go to the following Web page, and following the instructions provided: http://www.ibm.com/developerworks/java/jdk/alerts/cve-2010-4476.html





1.Download the ParseDoubleTest.jar from the link above to verify if you need to apply the patch.





2.Copy the ParseDoubleTest.jar file to the cognos_location/bin/jre directory.





3.Open a command window in the location where you downloaded the file, and type the following:

java –jar ParseDoubleTest.jar



If the result is “Test Succeeded”, you do not have to apply the patch.





4.If you have to apply the patch, download the appropriate patch file from http://www.ibm.com/developerworks/java/jdk/alerts/cve-2010-4476.html.



For example, for JRE version 1.4 on Windows, download PM31983_FIX_1.jar.





5.Download the Java Update Installer from the following location: http://www.ibm.com/developerworks/java/jdk/alerts/updateinstaller.html



Unzip the UpdateInstallerforJava.zip.





6.Ensure that you have the patch file and the unzipped Java Update Installer in the same location.





7.In a command window, go to the location where you downloaded the patch file and the Java Update Installer, and enter the following command:



java -jar JavaUpdateInstaller.jar -install [patch JAR file] [JAVA_HOME of target JDK]



For example, for IBM Cognos products, the [JAVA_HOME of target JDK] is cognos_location/bin/jre/.



If you are installing the update for JRE version 1.4 to a default IBM Cognos installation location, the command would look like the following:



java -jar JavaUpdateInstaller.jar -install PM31983_FIX_1.jar C:/Program Files/IBM/cognos//bin/jre//bin





To apply a patch to a SUN version of JRE, do the following:



1.Download the compressed file for Java SE Floating Point Updater Tool:

http://www.oracle.com/technetwork/java/javase/downloads/index.html#fpupdater





2.Uncompress the file, and then copy fpupdater.jar to cognos_location/bin/jre//bin.



If you are using a 64-bit installation, copy fpupdater.jar to cognos_location/bin64/jre//bin.





3.In a command window, go to the cognos_location/bin/jre//bin directory, and enter the following command:



java -jar fpupdater.jar -u -v













.

Cross Reference information Segment Product Component Platform Version Edition

Business Analytics Cognos Business Intelligence Not Applicable AIX, HP-UX, HP Itanium, Linux, Solaris, Windows 10.1, 8.4.1, 8.4, 8.3 All Editions

Business Analytics Cognos Mobile Not Applicable Windows 10.1, 8.4.1, 8.4, 8.3 All Editions

Business Analytics Cognos Series 7 Not Applicable AIX, HP-UX on PA-RISC, Solaris, Windows 7.5, 7.4 All Editions

Business Analytics Cognos Now! Not Applicable AIX, HP-UX, Linux, Solaris, Windows 4.6, 4.5 All Editions

Business Analytics Cognos Express Not Applicable Windows 9.0, 9.5 All Editions

Business Analytics Cognos Real-time Monitoring Not Applicable AIX, HP-UX, Linux, Solaris, Windows 10.1 All Editions

Business Analytics Cognos Business Viewpoint Not Applicable AIX, HP-UX on PA-RISC, HP Itanium, Linux, Solaris, Windows 8.4.1, 8.4, 10.1 All Editions

Business Analytics Cognos 8 Controller Not Applicable Windows 8.5.1, 8.5, 8.4, 8.3 All Editions

Business Analytics Cognos Executive Viewer Not Applicable Windows 9.5 All Editions

Business Analytics Cognos Finance Not Applicable Windows 7.5, 7.4 All Editions

Business Analytics Cognos Planning Not Applicable Windows 10.1, 8.4.1, 8.4, 8.3, 8.1 All Editions

Business Analytics Cognos TM1 Not Applicable AIX, Linux, Solaris, Windows 9.5.1, 9.5, 9.4 All Editions

Business Analytics Cognos Analytic Applications Not Applicable AIX, HP-UX, Linux, Solaris, Windows 8.4.2, 8.4.1, 8.4, 8.3 All Editions

Business Analytics Cognos 8 Workforce Performance Not Applicable AIX, Solaris, Windows, HP-UX 8.3, 8.2 All Editions

Business Analytics Cognos Consumer Insight Not Applicable Linux 1.1 All Editions

Business Analytics Cognos 8 Go! Not Applicable Windows, AIX, HP-UX, Linux, Solaris 8.4.1, 8.4, 8.3 All Editions

Cognos Java Security Vulnerability CVE-2010-4476 Exposure Response

Products


Special offersSoftwareSoftware overviewProductsTrials and demosEvents and conferencesBusiness Analytics- Cognos- SPSSEnterprise Content ManagementInformation Management- DB2- Informix- InfoSphereLotusRationalTivoliWebSphereSystem z softwareStorageAll storageDisk systemsTape systemsStorage area networksNetwork attached storageStorage softwareHard drives/microdrivesStorage A to ZServers & systemsAll servers and systemsSystems softwarePower Systems (AIX, IBM i, Linux)System z (Mainframe)System x (xSeries)BladeCenterCluster systemsUNIX serversLinux serversIntel processor-based serversAMD processor-based serversOEM systemsInternet securityNetworkingPersonal computersPoint of salePrinting systems from InfoPrintSemiconductorsUpgrades, accessories & partsCertified used servers & storageCommunitiesSmall business productsMedium business productsHardwareSoftwareMoreSupport & downloads

DownloadFixes, updates and driversTrials and demosTroubleshootSearchDocumentationCommunitiesPlanInstallUseOpen a technical service requestCustomer supportFormer IBM productsPrinting systems from InfoPrintLenovo ThinkPads and ThinkCentresMoreMy IBM

My accountsMy profileMy interestsMy community spacesMy technical supportMy customer supportShopping cartContractsOrders and deliveryInventory and maintenanceInvoices and paymentsSelf-service toolsMore customer supportSubscriptionsMoreWelcome [ IBM Sign in ] [ Register ].Cognos Java Security Vulnerability CVE-2010-4476 Exposure Response

.Flash (Alert)



AbstractLast updated on April 19, 2011.



This Security Alert addresses a serious security vulnerability (CVE-2010-4476) which can cause the Java Virtual Machine to enter an infinite loop. This issue is described in more detail at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476.



To find out about applying the JRE patch to Cognos Business Intelligence on the Cloud, go to http://www.ibm.com/support/docview.wss?uid=swg21470017.



To find out about applying the JRE patch to Cognos Business Intelligence Special Edition, go to https://www-304.ibm.com/support/docview.wss?uid=swg21497107.



To find out about applying the JRE patch to the Cognos Now! 4.6.0 appliance, go to http://www.ibm.com/support/docview.wss?uid=swg21473104.







ContentProducts Affected



The issue exists in the Java class libraries and affects all products that use Java. IBM Cognos products that use Java include





Business Intelligence products:

□ Cognos Business Intelligence* versions 10.1, 8.4.1, 8.4.0, 8.3.0

□ Cognos Business Intelligence Developer Edition versions 10.1, 8.4.1

□ Cognos Business Intelligence Starter Edition versions 10.1, 8.4.1

□ Cognos PowerPlay versions 10.1, 8.4.1, 8.4.0, 7.5.0, 7.4.x,

□ Cognos Mobile versions 10.1, 8.4.1, 8.3.1, 8.3.0

□ Cognos Now! versions 4.6

□ Cognos DecisionStream version 7.1.4

□ Cognos Impromptu Web Reports versions 7.5, 7.4.x

□ Cognos NoticeCast versions 7.5, 7.4.x

□ Cognos Web Services versions 7.5, 7.4.x

□ Cognos Visualizer versions 7.5, 7.4.x

□ Cognos Query version 7.4.x

□ Cognos Express versions 9.5.0, 9.0.0

□ IBM Smart Analytics System Business Intelligence Module (all versions)





* Cognos Business Intelligence includes all BI components such as Reporting, Analysis, Data Manager, Virtual View Manager, Go! Search.Financial Performance Management products:

□ Cognos Business Viewpoint versions 10.1, 8.4.1, 8.4.0

□ Cognos Controller versions 8.5.1, 8.5.0, 8.4.0, 8.3.0

□ Cognos Finance versions 7.5.0, 7.4.x

□ Cognos Metrics versions 10.1, 8.4.1, 8.4.0, 8.3.0

□ Cognos Planning versions 10.1, 8.4.1, 8.4.0, 8.3.0, 8.1.x

□ Cognos TM1 versions 9.5.1, 9.5.0, 9.4.1, 9.4.0

Analytic Applications products:

□ Cognos Banking Risk Performance - Credit Risk versions 8.4.2, 8.4.0

□ Cognos Customer Performance Sales Analytics versions 8.4.2, 8.4.1, 8.4.0

□ Cognos Financial Performance Analytics (AP, AR & GL) versions 8.4.2, 8.4.1, 8.4.0

□ Cognos Supply Chain Performance Procurement Analytics versions 8.4.2, 8.4.1, 8.4.0

□ Cognos Workforce Performance versions 8.4.2, 8.4.1, 8.4.0, 8.3.0, 8.2.0, 8.1.x

□ Cognos Consumer Insight version 1.1.0



Description

This vulnerability can cause the Java Runtime Environment (JRE) to hang, enter an infinite loop, or crash when converting "2.2250738585072012e-308" to a binary floating-point number. The result can be a denial of service exposure. This same problem can occur if the number is written without scientific notation (that is, using all of the 324 decimal places). Any Java program that uses the Double.parseDouble method is at risk of this vulnerability.





Solution

To prevent this vulnerability from affecting your product, you must apply a patch to your existing version of Java or install a version of Java that contains the fix.



If you do not require the fix, no action is necessary.



Before you update your JRE on a production system, it is strongly recommended to:

• Apply the patch in a test environment to verify that your product is working correctly

• Make a backup before you apply any changes



Linux or UNIX Installations

On Linux or UNIX, the JRE is not provided by Cognos as part of the product. The JRE used with Cognos is a separately installed component that is available from the operating system, application server or Java vendor.



To resolve the security vulnerability, you will need to patch or upgrade the JRE to a version that is recommended by the Operating System, Application Server or Java vendor. Ensure you stop the Cognos Services before applying the patch and restart the Cognos Services once the patch has been successfully applied.



The following table provides links to vendor-supplied details and solutions to this vulnerability: IBM​ http:​/​​/​www.ibm.com​/​developerworks​/​java​/​jdk​/​alerts​/​cve​-​2010​-​4476.html​​

HP​ https:​/​​/​h20392.www2.hp.com​/​portal​/​swdepot​/​displayProductInfo.do?productNumber​=​HPUXFPUPDATER​​

Oracle​ http:​/​​/​www.oracle.com​/​technetwork​/​topics​/​security​/​alert​-​cve​-​2010​-​4476​-​305811.html​​







Windows Installations



Typically, a JRE is packaged with the Windows versions of Cognos products. However, you may also use a version of Java that already existed on your system.



If you are using a JRE that already existed on the system, the solution is to update the JRE to a version that is recommended by the Operating System, Application Server or Java vendor.



If you are using the JRE version that is provided with your Cognos product, interim fixes are now available for several of the Cognos products. To determine if an interim Windows fix is available for your Cognos product as well as download and installation information, please follow the instructions at http://www.ibm.com/support/docview.wss?uid=swg24029220.



It is necessary to stop the Cognos services before applying the patch and then restart the Cognos Services once the patch has been successfully applied.



Cognos is continuing to develop interim fixes for the remaining affected products. These fixes will be made available as soon as possible.



If you cannot wait for the patch to become available from Cognos, you can also manually apply the patch to your JRE using the following steps.





Determine which version of JRE you are using



1.In a command window, go to the cognos_location/bin/jre directory.

If you are using a 64-bit installation, go to the cognos_location/bin64/jre directory.





2.Type the following:

java –version



The resulting message will indicate whether you have an IBM or Sun version of JRE.



To apply a patch to an IBM version of JRE, do the following:

Go to the following Web page, and following the instructions provided: http://www.ibm.com/developerworks/java/jdk/alerts/cve-2010-4476.html





1.Download the ParseDoubleTest.jar from the link above to verify if you need to apply the patch.





2.Copy the ParseDoubleTest.jar file to the cognos_location/bin/jre directory.





3.Open a command window in the location where you downloaded the file, and type the following:

java –jar ParseDoubleTest.jar



If the result is “Test Succeeded”, you do not have to apply the patch.





4.If you have to apply the patch, download the appropriate patch file from http://www.ibm.com/developerworks/java/jdk/alerts/cve-2010-4476.html.



For example, for JRE version 1.4 on Windows, download PM31983_FIX_1.jar.





5.Download the Java Update Installer from the following location: http://www.ibm.com/developerworks/java/jdk/alerts/updateinstaller.html



Unzip the UpdateInstallerforJava.zip.





6.Ensure that you have the patch file and the unzipped Java Update Installer in the same location.





7.In a command window, go to the location where you downloaded the patch file and the Java Update Installer, and enter the following command:



java -jar JavaUpdateInstaller.jar -install [patch JAR file] [JAVA_HOME of target JDK]



For example, for IBM Cognos products, the [JAVA_HOME of target JDK] is cognos_location/bin/jre/.



If you are installing the update for JRE version 1.4 to a default IBM Cognos installation location, the command would look like the following:



java -jar JavaUpdateInstaller.jar -install PM31983_FIX_1.jar C:/Program Files/IBM/cognos//bin/jre//bin





To apply a patch to a SUN version of JRE, do the following:



1.Download the compressed file for Java SE Floating Point Updater Tool:

http://www.oracle.com/technetwork/java/javase/downloads/index.html#fpupdater





2.Uncompress the file, and then copy fpupdater.jar to cognos_location/bin/jre//bin.



If you are using a 64-bit installation, copy fpupdater.jar to cognos_location/bin64/jre//bin.





3.In a command window, go to the cognos_location/bin/jre//bin directory, and enter the following command:



java -jar fpupdater.jar -u -v













.

Cross Reference information Segment Product Component Platform Version Edition

Business Analytics Cognos Business Intelligence Not Applicable AIX, HP-UX, HP Itanium, Linux, Solaris, Windows 10.1, 8.4.1, 8.4, 8.3 All Editions

Business Analytics Cognos Mobile Not Applicable Windows 10.1, 8.4.1, 8.4, 8.3 All Editions

Business Analytics Cognos Series 7 Not Applicable AIX, HP-UX on PA-RISC, Solaris, Windows 7.5, 7.4 All Editions

Business Analytics Cognos Now! Not Applicable AIX, HP-UX, Linux, Solaris, Windows 4.6, 4.5 All Editions

Business Analytics Cognos Express Not Applicable Windows 9.0, 9.5 All Editions

Business Analytics Cognos Real-time Monitoring Not Applicable AIX, HP-UX, Linux, Solaris, Windows 10.1 All Editions

Business Analytics Cognos Business Viewpoint Not Applicable AIX, HP-UX on PA-RISC, HP Itanium, Linux, Solaris, Windows 8.4.1, 8.4, 10.1 All Editions

Business Analytics Cognos 8 Controller Not Applicable Windows 8.5.1, 8.5, 8.4, 8.3 All Editions

Business Analytics Cognos Executive Viewer Not Applicable Windows 9.5 All Editions

Business Analytics Cognos Finance Not Applicable Windows 7.5, 7.4 All Editions

Business Analytics Cognos Planning Not Applicable Windows 10.1, 8.4.1, 8.4, 8.3, 8.1 All Editions

Business Analytics Cognos TM1 Not Applicable AIX, Linux, Solaris, Windows 9.5.1, 9.5, 9.4 All Editions

Business Analytics Cognos Analytic Applications Not Applicable AIX, HP-UX, Linux, Solaris, Windows 8.4.2, 8.4.1, 8.4, 8.3 All Editions

Business Analytics Cognos 8 Workforce Performance Not Applicable AIX, Solaris, Windows, HP-UX 8.3, 8.2 All Editions

Business Analytics Cognos Consumer Insight Not Applicable Linux 1.1 All Editions

Business Analytics Cognos 8 Go! Not Applicable Windows, AIX, HP-UX, Linux, Solaris 8.4.1, 8.4, 8.3 All Editions

How to Make the Case for a BI Center of Excellence

The phrase "You're only as successful as your last project" is not reserved for business intelligence but feels particularly applicable these days. It's no secret that BI teams are under pressure to engage or re-engage business users. They need to explain why BI isn't like other IT development efforts. They need to remind distracted executives of BI's value. They need to have an answer for the ubiquitous question, "What have you done for me lately?"

The good news is also the bad news. End users are smarter than ever. Many of them have co-opted BI by acquiring their own tools and have funded their own skill development to create specific functionality. As BI is increasingly adopted across organizations, it has become a free-for-all of brand-new silos, unmanaged data, duplicate work efforts and poor data quality, all of which lead to misaligned business decisions. Translation: We're spending too much time and money getting information and not using it cohesively. In response, many BI teams have chosen to launch a center of excellence as a way of refocusing attention on the unique nature of BI projects and the processes that come with them. But such a big project can easily backfire and lead to more chaos. We need to know when the time is right for a BI COE.

Failure to Launch: How Not to Start Your COE

When I asked Craig, the CIO at a regional bank, why he'd decided to launch a BI COE, he explained that, after working for two years as a formal team, the BI developers had practically disappeared. The initial business process management dashboard had been a high-profile success, but users had reverted back to Excel spreadsheets for most of their reporting, enlisting developers only when new query creation proved too complex. Meeting fatigue had become part of the culture, and users didn't want to be proactively engaged in business requirements discussions, however strategic. BI had become commoditized.

Craig's hope was that by announcing a BI COE, his user community would take him and his team more seriously. "I thought the COE concept would give us street cred," he admitted. It had the opposite effect. Immediately, business users began asking why the BI team was getting more funding when they hadn't delivered anything in more than six months.

And it was true. Since the dashboard project's success, BI team members had been focusing their time on infrastructure and platform issues. Data model enhancements and regular data loading activities were absorbing most of the resources. Users weren't seeing value, so Craig's emails advocating a COE seemed self-serving. Craig hoped his COE idea would get attention, but cynical email replies and eye-rolling weren't the kind of attention he wanted.

Craig's users brought their old resentments to the COE discussion. "It's rearranging deck chairs on the Titanic," a segment manager in marketing remarked. "We don't know what these guys are doing - and neither do they. Why should we be the ones to fund a COE when we have no idea what's in their pipeline - and have absolutely no input into it? It's a funding grab if you ask me." Ouch.

I've seen other failed COEs at companies that used high-profile problems - such as an enterprise resource planning system's problems acquiring data or management's desire to standardize on reporting tools - as a pretext for starting a COE. The results have been equally fruitless. In reality, the situations that justify a COE are few and very easy to spot.

When the COE Makes Sense

As real as Craig's problem was, announcing a COE wasn't the answer. Craig needed to re-enlist users in a structured process with clear rules of engagement and begin to quantify the value of work tasks to prove that his team was deserving of continued funding. He needed to deploy BI applications that business users would use and establish structure and BI-specific development processes. Only then would a COE make sense.
And that's the problem with many existing (and increasingly defunct) COEs: They begin prematurely, before stakeholders perceive value. A COE will only become sanctioned if its stakeholders recognize a bona fide need for it. There are three predominant drivers of successful and sustainable COEs:
  1. BI projects often compete for funding with other IT projects that are seen as operationally critical. The executive steering committee at a catalog retailer constantly placed BI at the bottom of the funding list. "When funding came down to either BI or a new merchandise management system, we'd lose," said one director of BI, "and we lost most of the time." The director set out to educate the steering committee about why BI development was different, and how it could enable strategic goals like customer retention and promotions effectiveness. With the caveat that cost recovery was an end goal, the steering committee agreed to fund BI as a separate group with its own organizational structure and governance process.
  2. The data warehouse has become a shared resource across organizations, and the economies of scale justify a central development organization. Alternative, piecemeal and siloed efforts at data management and BI have become not only costly, but also risky, as different versions of data proliferate across the company. A COE not only ensures a deliberate approach to funding and deploying BI, but an ongoing investment in BI-specific tools, skills and data.
  3. Business operations become dependent on BI. When a company relies on its data warehouse or BI infrastructure for business-critical capabilities such as inventory management or financial reporting, the company should invest in a COE. It has become more common to see that certain high-profile business functions or processes can't run without BI, in which case you've established BI as a business-critical platform that justifies its own skill sets and budget.
Without the ability to prove efficiencies, cost savings or revenue generation, the nascent idea of a COE becomes a solution looking for a problem. The risk is that prematurely or casually launching a COE raises stakeholder expectations around delivery and know-how, making the inevitable fall even more painful.

Getting Ready for Your COE

Most BI organizations today are in limbo. They have a vision for a COE, but they're not yet qualified to hang the COE shingle. You can take the following steps to prepare before you make your pitch.
Reconsider your data provisioning model. There's nothing wrong with a data warehouse availing data to various organizations and reports across the company. Indeed, that's part of its value. But if your BI team spends its days modeling and loading data into data marts, you're being marginalized as infrastructure, not as a value driver. Consider helping a high-profile user group to not only get its data, but to use it. Develop expertise in BI applications as well as platforms. It's a truism in BI (and in IT in general) that he who is closest to the end user wins.

Adopt a BI portfolio approach. When companies develop their BI roadmaps the right way, the whole is usually greater than the sum of its parts. A BI portfolio is a collection of business capabilities deployed over time. A portfolio approach guarantees reuse of common data for a range of analytical applications. Defining the initial set of portfolio applications helps establish the short and midterm development pipeline and gets BI team members back in front of key end users to discuss their need for business information in the context in which they use it.


The portfolio diagram in the provided figure illustrates functional applications at the top accessing reusable data in the data warehouse below. After your initial discovery work with business users, the simple act of unveiling the new portfolio can instill confidence that BI planning is rigorous and deliberate, thereby increasing stakeholder support for the BI COE and your chances for success.
Document your development process. Everyone in BI knows that BI development is different than other IT/business projects. As you consider a BI COE, be rigorous about circumscribing and documenting your BI development process. Activities such as user requirements gathering, data modeling, data loading, application and data acceptance testing, and deployment should be well-defined and within the context of an overall BI-specific delivery method with its own artifacts and handoff points. Instituting regular status updates, closed-loop ROI reviews and project postmortems reflects additional rigor and instills goodwill.
Get serious about staffing. A COE that wants to be sanctioned and funded involves more than just a data modeler and a few developers. Roles and responsibilities should be specific to the BI development process, with clear inputs and outputs between functional areas. Depending on the scope of the COE, it may include functions such as business analysis, data stewardship, metadata management, BI application development and more. Discrete job roles should be defined and well-documented, vetted with HR and accompanied by distinct measures of success.

Create a charter and guiding principles. Many IT leaders view organizational charters and mission statements as extraneous fluff. But only by communicating the COE's fundamental purpose and common philosophies can your BI team enforce an effective pitch. The organizational charter includes a purpose statement, a list of recurring problems the COE will address and a value proposition for the organization at large. This can be the glue that secures the buy-in of executive and user stakeholders.
My client Craig retracted his COE pitch and instead invested in some discovery work, pinpointing three key business applications through which his team could prove its newly documented BI development process. Once the applications were deployed, Craig measured and communicated their business value to a handpicked set of business stakeholders, leveraging his newfound prestige to pitch a COE model to executives.

The results are impressive. The BI COE regularly engages stakeholders both formally (through a structured business requirements-gathering process and periodic vendor presentations) and informally (through lunch-and-learn sessions and a corporate portal for BI information and status). As the rules of engagement have become clearer, so has the team's ability to leverage existing technology platforms and drive additional business value through cost savings and strategic enablement. All in all, the BI COE is a celebrated success. After a visible lapse, it took a deliberate plan to get on the right track.

Jill Dyché is a partner and co-founder of Baseline Consulting (www.baseline-consulting.com), a data integration and business analytics delivery firm. Her first book, e-Data (Addison Wesley, 2000) introduced managers to the concept of enterprise data integration and has been published in eight languages. Her second book, The CRM Handbook (Addison Wesley, 2002) is the CRM bestseller. Jill's work has been featured in major publications, and she is a frequent speaker at industry events. Her latest book, Customer Data Integration: Reaching a Single Version of the Truth was co-authored with Evan Levy. You can reach her at jilldyche@baseline-consulting.com.

Where The IT Dollars Will Go in Banking in 2012

Where The IT Dollars Will Go in Banking in 2012

1. Regulatory. Rep. Barney Frank is planning to retire after his next term, but the financial reform package that bears his name lives on. Many of the interpretations of the Dodd-Frank and changes to Regulation Z will emerge this year. Tech projects tied to the Durbin amendment will get under way soon. Not only will the new laws require banks to improve their disclosures and reports, but the new rules will affect payments technology, data storage and technology used to develop loyalty rewards programs, which are expected to increase in importance as Durbin squeezes traditional fees. “This is a ‘must’ spend, so when banks look at their investment strategy, this is the first thing they have to satisfy,” says Wayne Busch, a senior executive leading Accenture’s North American banking practice.

2. Security. It may seem like an obvious area of IT spending, but security is one of the few line items getting money without a lot of constraints, and Internet crime and data theft aren’t going away. Banks are likely to spend on software to prevent breaches and control access to data, with a particular focus on multifactor authentication and new encryption techniques such as format-preserving encryption, or a stronger means of protecting cardholder data: by using a replacement number that has the same number of digits as the real data figure, and cross-department integration of previously siloed data loss prevention.

“Anything that’s security-related will get attention,” says Jacob Jegher, a senior analyst at Celent. He says one bank exec told him that “he had an unlimited amount of money” when it came to security and data loss mitigation. “He could get anything he wanted if he could prove that it was protecting the bank’s data.”

3. Governance, risk and compliance. The focus on compliance and security will be a boon for any company that sells solutions in the governance, risk and compliance arena, which is good news for firms like Oracle, SAP and SAS.”Whether it’s a holistic platform, a service company or a point solution, GRC’s going to be in high demand,” says Jim Washburn, global practice leader for core banking for Cap Gemini Financial Services. GRC-related expense can take up to 50% of a bank’s overall IT budget, he says. “And that will come at the expense of flat or slow overall IT growth.”

4. Mobile banking. The days of offering simple information and rudimentary transfers on mobile devices is long gone, and banks will expand mobile capabilities, harnessing the innovative power of the actual devices. For customers, that means lots of new person-to-person applications, mobile remote deposit capture and exposure to GPS-enabled marketing. And for internal staff it means more initiatives to allow remote sales and new account onboarding via connections to their bank’s IT network. But it’s the ability of the mobile phone to deliver on-the-spot personalized messages to users that will be the big score for 2012.

“In interviews with the 10 largest banks, 10 of 10 suggest the most important investment in the mobile platform is in marketing,” says Carl Tsukahara, CMO of ClairMail.

5. Mobile payments. The battle over who controls the gateway to the coming multitrillion-dollar, NFC-driven contactless payments market will rage unabated into the year ahead, with Isis, handset manufacturers, PayPal, Google and other participants jockeying for position. Adoption trends suggest a large market is at stake. A recent study by MasterCard found two-thirds (62%) of Americans who use a mobile phone would be open to using their device to make purchases wherever their errands may take them. And Aite Group Mobile says the pay-by-phone market will tally $22 billion in transactions by 2015.

Card payments may also lead to IT investment as moves by card networks to push chip-and-PIN standards may force US banks and merchants to consider costly upgrades. “Visa’s push on EMV in the U.S. will force some spending in that area,” says Gwenn Bezard, research director at Aite Group.

6. Cloud computing. e Banks have been reluctant to adopt outsourced IT delivery modes such as cloud computing because of concerns over reliability and security. That’s starting to change. Economic pressures are likely to nudge banks further into the cloud.

“Those [security and accessibility] concerns are still there,” says Lisa Kart, a research director for Gartner. She says that cloud computing will still be used primarily for non-customer-data-intense applications, and that encryption techniques have improved and service-level agreements have become more detailed. “Banks are starting to be more influenced by the potential benefits, the cost savings and the ease of deployment.”

7. Data management. Data projects of all sorts abound in the in the financial services industry, which means spending on CRM and middleware will increase as banks link disparate business lines together for single-view purposes. Also to be expected is a dramatic increase in data storage requirements from regulatory requirements, along with the need to improve cross-sales and customer service.

“The retail banking climate in the U.S. is dismal, and it’s a bit of a struggle right now,” Jegher says. “Banks that do have some money set aside are going to be investing in things that will lower the cost of transactions and interaction. Online sales and online account openings, cross-selling, a lot of that is based on data analysis. And these are large projects that won’t be started and completed in 2012 alone.”

8. Social media. e The growth of social media will be less a matter of throwing tons of money at networking sites – social media doesn’t cost a whole lot – than an exploration of how the information that pours into the sites can be mined, learned from and monetized. Consumers express tastes, attitudes and their activities on social networking sites, all information that can be used to better understand what they want to do and when. And, most importantly, they often share how they feel about their bank.

Banks are increasingly using social media as part of marketing, lead generation and contests; U.S. Bank has used it to reach out to business clients.

“Banks are going to move beyond just using social media to managing it,” says Nicole Sturgill, research director for TowerGroup. “That means more use of sentiment monitoring and content management tools.”

9. Treasury software. Corporate cash management is ripe for new technology. Automation for corporate payments and remote deposit capture is less mature than the consumer market and the segment is performing better than retail banking.

In 2012, analysts say, spending will be particularly focused on enhancing mobility for executives looking to approve transaction, T&E apps that connect to accounts payable and tablet apps for sales staff. “It’s the most lucrative portion of the banking market,” Jegher says.

10. Branch technology. Digital signage is making a comeback at banks such as Huntington. But that’s only one advancement taking off in the branch, where innovation such as teller capture will become mainstream in 2012. Mobile devices, particularly tablets like the iPad, will be considered as a way to allow in-branch service and sales reps to engage with consumers without having to turn away to look at paper brochures or a PC monitor.

“There is a strong consumer side to the tablet, which can be brought into the branch,” Sturgill says. “It can be used instead of paper to open new accounts and serve customers while they are with a rep.”

This article first appeared on the Bank Technology News web site.

BI is Giving Back – Coming out of recession, more enterprises noting returns from deployments and growing user base

BI is Giving Back – Coming out of recession, more enterprises noting returns from deployments and growing user base

Business intelligence is turning in more contributions to enterprises in 2011, with an expanding net of users and maturing set of implementations since the funk of the recession two years ago, according to a new survey from BI Scorecard.

In “2011 Successful BI Survey,” BI Scorecard categorized and assessed answers from more than 600 respondents involved in business intelligence implementations at their respective enterprises. BI Scorecard, a business intelligence tool and strategy advisory, conducts the survey annually.

Thirty-four percent of respondents said BI significantly contributed to their company’s performance in 2011, a 9-percent jump from 2009, with other responses on contributions hovering around the same percentages as two years ago, according to the survey. Much of that business impact is being felt as a result of maturing implementations: impact was “significant” for 69 percent of enterprises with systems in place for at least a decade, while only 23 percent found business impact in their first year.

In a question on how enterprises gauged their BI deployments, 26 percent stated “very successful,” followed by nearly half at “moderately successful,” 22 percent as “slightly successful” and 5 percent as “failure.” Percentages rank nearly the same as responses to those same questions in 2009, including only a 5-percent bump in “very successful” deployments.

BI Scorecard Founder Cindi Howson says the slight bump in “very successful” BI deployments in the last two years comes from a mix of internal enterprise definitions and a recognition that “there is still so much more to do.” Howson says that success and business impact are related but not synonymous, and many organizations noted that they still have governance or data quality issues to work through with deployments.

“Many people associate BI success with technical architecture, program execution, as well as the business contribution. I think this is why business impact is rated higher than BI success,” Howson says. “IT people in particular are hesitant to say their BI initiative is ‘very’ successful because they know there are problems still to solve.”

The BI user segment has expanded greatly since 2009, according to the survey. Business and financial analysts (67 percent) continue to lead users in this year’s study, but gains in BI use were seen across the board, including executive use (50 percent) up 6 percent from 2009, field staff (41 percent), up 8 percent, and customers and suppliers (33 percent), up 17 percent.

Information Management Online, December 1, 2011

Analytics in 2012 Backs Big Data, Cloud Trends – Davenport and IIA forecast: predictive and unstructured capabilities taken on by more enterprises

Analytics in 2012 Backs Big Data, Cloud Trends – Davenport and IIA forecast: predictive and unstructured capabilities taken on by more enterprises

Big data analytics will top all other areas of growth in analytics during 2012 due to the rapid expansion of social, mobile, location and transaction-based data taken in by various industries, according to predictions from the International Institute for Analytics.

In its annual analytics forecast, IIA and its analysts, including analytics expert Thomas Davenport, slated analytics to follow trends of big data and cloud proliferation in 2012, bringing along a spate of new capabilities and applications. Analysis of big data ranked as the biggest issue in analytics in the coming year, and IIA experts stated that it expects big data analytics to become cheaper and more accessible as vendor offerings for unstructured data, in-memory analytics and data appliances mature. In a related prediction, IIA ranked privacy concerns from analytics with big data as its fourth most notable prediction for 2012, with online browsing behavior and the collection and sale of data to third-party brokers expected to come under more scrutiny.

IIA ranked predictive analytics as its second biggest change for 2012, as more and more enterprises seek predictive competitive capabilities, especially in growing SaaS and cloud offerings, according to Davenport’s presentation of the predictions. Davenport noted that the cloud’s general “uninformed optimism” has been replaced by “informed pessimism” by some, though, in the cloud, predictive analytics has already proven its business worth.

“It was clear from a recent study that those who are experimenting with predictive analytics in the cloud – both deploying predictive analytics in the cloud and using cloud data and resources to develop predictive analytics – are getting positive results. These early adopters were much more likely to see cloud-based predictive analytics as important to their companies and much more likely to adopt them more broadly,” said Davenport.

Coming in at third in its 2012 predictions, IIA put the evolution of performance management applications that merge analytics disciplines with business process engineering, workflow orchestration and social collaboration. The fifth biggest change in analytics in the coming year is a slower demand for analytical talent. However, there will be a special focus on analytics professionals with business and communications skills prior to another expected boost in overall analytics hiring from planned enterprise investments in data warehousing and in-memory solutions, according to Davenport.

In its predictions for this past year, IIA pegged the lack of available, business-focused analytic talent at number five in its predictions. The top prediction by IIA last year was the importance of analytics as a defining competitive advantage in certain industries, a trend that IIA analysts wrote has rung true.
Rounding out the top 10, IIA predictions included:

6) A marked shift in power and influence from the IT function to the analyst.
7) The emergence of analytic asset management as a major challenge.
8) A correlation between the companies advancing their analytic maturity and those executing a complete “analytical ecosystem” strategy.
9) Mainstream use of methods for text analysis and social media analytics.
10) Increase in analytics applied toward health care patient safety hazards.

A broadcast of the predictions is available to members at IIA’s website.

Information Management Online, December 20, 2011

Justin Kern

Cognos 8 Diagnostic: Cognos 10 Training

Cognos 8 Diagnostic: Cognos 10 Training: IBM Training Cognos Training Paths and Curriculum Fact Sheets IBM Cognos BI 10.1 – Consumer Role Use this training path to see the cou...

Cognos 10 Mobile on iPad

 http://www.youtube.com/watch?v=DEUrXuEgi0M

9 tips for Mobile BI succes

9 tips for Mobile BI success

Full article

http://www.yellowfinbi.com/YFCommunityNews-Mobile-Business-Intelligen...


Brief

The results of the IT Executive Outlook survey indicate that there
remains a significant level of doubt, or even scepticism, surrounding
the implementation and adoption of mobile information sharing
strategies and technologies within the enterprise. In response, we’ve
compiled nine tips for success for those considering Mobile BI:

[1] Get onboard or get left behind:

Respected industry expert, Howard Dresner, stated in the wake of his
most recent Mobile Business Intelligence Market Study that
advancements in technology, shifts in information consumption and the
rapid up-take of mobile data sharing strategies within many
organizations, have led him to conclude that Mobile BI is the new
platform for BI itself.

[2] Choose a vendor that offers browser-based, native MA:

With the continued adoption of HTML 5 to support device-based caching,
the debate between delivering reporting and analytics remotely via a
Web-browser or device-specific application will continue. Select a BI
application that offers both to give you flexibility. Whatever the
choice (and it must be a unified one), ensure that the needs of the
information consumer (rather than the report writer) dictates your
chosen approach.

[3] Secure your data assets:

The prevalence of mobile computing and information sharing at the
enterprise level brings with it a plethora of new security risks.
Ensure your data is secure at the application and device level.
Application: Your BI application and its accompanying mobile platform
should easily integrate with existing security protocols to support
authorization and authentication. It should also be 100 percent Web-
based to ensure no data is stored on the actual device.
Device: A password protection system on the device should guard
against unauthorized access to sensitive business data. Additionally,
an automatic lockout system should log users out from a dashboard or
report after a significant period of inactivity.
Broadcast security: Establish and ensure a clear method and system for
segmenting mobile user groups based on their specific job function and
information needs.

[4] Interactivity on-the-go:

Give users the ability to consume, analyze and interact with business
data on their mobile devices the same as they would from their PC.
Select a Mobile BI platform that offers a range of native applications
for major operating systems to allow users to filter results and
reports, drill-down and through data, as well as comment on and share
reports to make critical business decisions in real-time.

[5] Device independent:

Your chosen MA should support total device independence to ensure
higher rates of productivity and faster ROI. Users should be able to
log into their existing BI account and gain instant access to their
report content remotely, without the need to re-create content for the
mobile platform, or repackage it for mobile distribution.

[6] Take advantage of native mobile device features:

Many popular tablets and smartphones (including the iPhone, iPad and
Android family) have amazing intuitive functionality such as multi-
touch interfaces and generous screen sizes. Select a mobile platform
with native applications that support this highly beneficial
functionality.

[7] Carefully consider who actually needs Mobile BI:

Not everybody in an organization needs Mobile BI. Carefully establish
specific user groups based on their likely need for reporting and
analytics on-the-go. Many departments or job functions will not need
to address problems in real-time or are almost entirely desk-bound –
the point of enabling such user groups with Mobile BI is moot.

[8] Define which information will be useful remotely:

There will be limited or no benefit in consuming certain data types
remotely. Establish the specific benefits of being able to consume
specific types of information from mobile devices. Carefully identify
which alerts, reports and dashboards are capable of driving
performance or mitigating risk by being received on mobile devices.

[9] Establish ROI:

Outline the expected business benefits of Mobile BI pre-rollout
(enhanced productivity of user groups, etc) and match them with both
initial and ongoing costs (mobile devices, software, hardware,
maintenance, etc).