Rawad Rahme is the director and co-founder of Sekimia ltd. He has been leading Sekimia since its foundation in 2007, and is closely working with Sekimia’s customers as “partners in invention”.
Before, Rawad was working in the Telecommunications sector, characterised by its high accuracy in process definition with regards to technical specifications. With the surge of security considerations, the need to protect organisations’ critical data became Rawad’s primary interest. Looking more deeply at the BPM landscape, he partnered in founding Sekimia whose mantra is “speaking security in the language of business” in order to bridge the gap between business representatives and security practitioners.
Rawad holds a Master of Science degree from ENST Bretagne in France. His career path included several West European and Middle Eastern countries.
2009 was seen as a fairly turbulent for most but towards the end year many kicked off major change programs focused on process transformation. How do you expect 2010 will unfold for the BPM industry generally and for BPM Vendors ?
We don’t have particular insights on the BPM industry. However, independently from the market turbulence, we believe that Process Mapping is a mandatory bridge towards security and business continuity. We stress in our mantra on the importance of “speaking security in the language of business”. Indeed, to be able to derive efficient and precisely dimensioned information security and business continuity management systems, one should rely on an efficient process mapping scheme. Besides, business process mapping is a splendid cross functional communication enabler. Information Security and Business Continuity projects are by essence transversal projects that need “silos” breaking.
Do you expect clients to alter their buying criteria as a result of the downturn and concentrate on initial cost first rather than ROI or indeed the need for BPM itself to support strategy?
Naturally, during downturns, clients tend to concentrate more on initial costs rather than ROI. However, as we believe that Information Security and Business Continuity are mere ramifications of the global corporate strategy, and since cyber security has been gaining such a world wide momentum, we highly encourage clients to rely on BPM itself to derive Information Security and Business Continuity Management systems.
We have been proving the concept to our customers on a small scale, by the use of our low cost SaaS platform, before enlarging the perimeter and reaching higher costs. Indeed, an initial and limited proof of concept provides our customers with the appropriate arguments to justify before Top Management the need for larger budgets.
What’s your definition and philosophy towards BPM?
We share the definition given by ABPMP. According to the ABPMP International’s Guide to The BPM CBOK (http://www.abpmp.org/displaycommon.cfm?an=1&subarticlenbr=224), “Business Process Management (BPM) is a disciplined approach to identify, design, execute, document, measure, monitor, and control both automated and non-automated business processes to achieve consistent, targeted results aligned with an organization’s strategic goals. BPM involves the deliberate, collaborative and increasingly technology-aided definition, improvement, innovation, and management of end-to-end business processes that drive business results, create value, and enable an organization to meet its business objectives with more agility. BPM enables an enterprise to align its business processes to its business strategy, leading to effective overall company performance through improvements of specific work activities either within a specific department, across the enterprise, or between organizations.”
As per our philosophy towards BPM, we cannot but re-iterate our answer to your first question, and state that “Speaking Security in the Language of Business” consists of using an intuitive and collaborative process modeling tool to engage a constructive dialog with business representatives around security and continuity.
Do you see an eventual convergence between BPM, CRM, ECM and other similar process-centric markets?
Our first challenge is to reach a proper level of convergence between BPM and security. Any additional “natural” convergence, as per example with CRM and ECM, is to be encouraged. Indeed, a natural convergence is achieved whenever people, processes and technologies meet.
Sekimia looks at process and data together in a more holistic way, can you tell us more about this?
In order for an enterprise to be capable of implementing an efficient security governance scheme, the following pre-requisites must be met. Security is here to satisfy business needs, thus business lines should be able to dynamically express their needs in terms of security through the most natural language they speak, which is the Business Process language. This dialog goes from process mapping to data localization and classification.
Indeed, we define a unitary process as an n-tuple consisting of: Name, owner, duration, involved actors, exchanged data and underlying resources. We consider data, whether being an input and/or an output to a given process step, as the primary informational “assets” to be protected. Thus, business needs in terms of Confidentiality, Integrity, Availability and Traceability on the involved data, are collected through our SW suite, and further processed and inherited by the underlying resources (human, physical and technological).
From this exercise, the appropriate Information Security and Business Continuity policies are derived.
An article in Forrester talked about turning to the process professionals more in 2010 and Gartner’s Magic Quadrant underwent a makeover in how they approached their analysis last year. Do you still see a need for the kind of high brow research which is perceived to be vendor led/ driven given the rise of independent professional blogs and insight columns?
We appreciate independent and objective reviews and studies, whether they are conducted by large research institutions or by independent professional reviewers and bloggers. Moreover, one should respect the end customers’ perception as to the reviewing party with whom they feel most comfortable.
There’s a shift towards Cloud/ SaaS offerings, Social BPM fever is starting to take hold after a few years in the wilderness and some are venturing into the Mobile space, are these viable roadmaps for vendors to look into or just hype for now?
From the beginning, we have taken SW architectural decisions based on ease of access, user friendliness, security, collaboration, portability and minimum client side host requirements. We do thus believe in the added values introduced by the technological/social advance. We naturally support a cloud/SaaS offering.
If there was one thing you could tell someone who is just starting out on the BPM journey what would it be?
BPM is a splendid opportunity to provide common goals and to bring people from many sectors and levels of the organization into a positive collaboration. We believe BPM is the corner stone for an efficient security g
What’s the next big thing you would like to see happening in BPM?
We would like BPM to reach Information Security and Business Continuity practitioners, and become an integral part of their mindset.
Finally, what next for Sekimia?
– More adherence to our mantra “speaking security in the language of business”, thus more growth.
– Enhancing our Go To Market with seamless importing of already defined processes (BPMN2.0 compliant) within organizations.
– Facilitating client side process mapping inputs by using appropriate technologies (more intuitive GUI, visual thinking, drag and drop, and much more, … ala iPad style).
– Interfacing with technical security products, allowing for a “contextual” risk analysis by bringing the business perspective.