The advent of smartphones started a small experiment for senior management; it has now become mainstream. Explosion of smartphones in the enterprise driven by economical choices and increasing convenience has seen Progressive IT departments adopting a controlled and open attitude towards providing access to information on the go. Solutions have evolved with app-ification of many processes and business opportunities and Cloud based offerings. BYOD is no longer a 4 letter word, it’s reality for enterprises and CIOs.
Reluctant IT organizations are being pushed and forced into acceptance to define a framework on how to weave BYOD into the company fabric. Reality of yesterday which revolved around unmanaged devices, multiple platforms and form factors, and security of corporate data appear to be excuses now. While the starting point for most enterprises has been MDM or Mobile Device Management, additional solutions are equipping enterprises to create a secure and managed ecosystem for employees and partners.
The next few years will see a shift towards BYOD for most enterprises who are deploying mobility solutions of any kind. This is largely driven by the need to push information to stakeholders though newer use cases are emerging with sales force, distribution and approvals. There is also a pull exerted by various parts of the enterprise who are beginning to realize the time value of information. The challenge is not security anymore, it is managing the upsurge in expectations driven by the fact that someone has already done it somewhere in the world.
Is there a balance between complete freedom to totally restricted world? There is no formula by size or industry type or even geography that provides a generic universally acceptable answer. Each enterprise will have to find its own equilibrium depending on need and benefit; my belief is that information enabled employees are likely to take better decisions or create newer opportunities in comparison to staff that live with enforced restrictive policies. Wearables open up new opportunities for the savvy technophiles.
The world is getting bipolar with mobility divided into 2 camps – Android and iOS. Stealthily a third alternative is emerging which offers comfort of the known and familiar to IT folks: Windows! IT knows how to manage this platform while others intrusively came in from the consumer employee. I believe that this trend will be the savior for IT giving them a platform that they know how to manage. Interestingly new innovation with dual boot devices with Windows and Android are just around the corner.
Some people may ask, what about the Blackberry as a device or platform? Should we stop thinking about it? There still are remnants of this in some enterprises. Should they stay in focus? Predictions have a bad way of turning around and biting you; so if they do offer something critical that others don’t (which I am not sure of unless it is specific to your business), move them off. It is easier to manage one less technology than keeping it lingering around. In the near term I don’t see any merit in continuing with them.
The future belongs to an empowered enterprise where every person has information on demand available on his/her fingertips on a device of his/her choice. Ubiquitous and seamless access activated by secure channels that are MITM (Man In The Middle) and MOTB (Man On The Browser) attack proof; apps are obviating the need to create adaptive websites and compromises in user experience. Enterprises should explore a way to use Apps to provide secure transactional capabilities to employees while running off a public or private cloud.
New devices will continue to challenge IT; drive with policy which is adaptable and allows for induction of new environments. Put them to work in a lab before they start knocking on the door asking for permission to connect. Invest in tools and technology that allow you to manage the devices by exception and policy; that is easier to execute than creating an exception every time something new turns up. You will have limited time and capacity, use it wisely. Finally take a stand if it comes to a crunch; after all when things break only your neck is on the block!
I read somewhere about the government’s intent to increase budget allocation towards fighting and creating cybersecurity awareness. The link was hidden somewhere towards the bottom of the newsletter; quickly I clicked through to read word by word the good news and realized that it was indeed true! The chart showing CAGR was quite impressive with the trend line going north; then I looked again at the Y axis to find that the investment per annum was so low that the entire news was like actually too scary to be funny.
Not too long ago when I wrote about Creating Secure & Safe Enterprise, many CIOs and CISOs wrote back with their personal experiences; most of them agreed that their realities were reflected within. Some of the interesting facts that emerged is that budgets were a challenge, but then not really a challenge when an incident occurred. With corporate focus on short-term goals and measurement of tactical performance, the biggest challenge that everyone unanimously portrayed was that of sliding priorities with security settling close to the bottom.
Why is security investment such a drag when it comes to budgeting and spending? Why do enterprises and with that I imply the CXOs who collectively represent the Management believe that they don’t really need to invest in protecting their information assets which are family jewels in most cases? What creates such a lackadaisical attitude towards creating process, policy, and implementing tools that provide a secure framework to do business despite the fact that threats are increasing and businesses are losing customers, revenue and credibility!
Everyone agrees in principle that security is a must; they (the CXOs) espouse this in conferences and project themselves as the messiahs of information protection and security. When one such leader was asked pointed question on the budget allotted, he sidestepped the question deftly instead talking about how the industry needs to up the ante. The lip service that ignores the elephant in the room is beginning to hurt enterprises. The cause for such an attitude towards keeping the doors and windows open has to be deeper.
I am not that big and not an attractive target for anyone! Why would any hacker want to breach our security? Our customer data is locked up on one computer and only two people have access to it; they are both trustworthy. We don’t have anything worth stealing, so why would anyone compromise our systems? We know internal threats are higher than external, we have information distributed across multiple solutions, so no one can decipher the full picture; we have locked USB, installed anti-virus and firewall, isn’t that enough?
Is lack of awareness or education creating a false sense of security and complacency? Or is it a belief that such things happen to others and I am safe? Is CXO ignorance and indifference an acceptable proposition towards defining the security posture of an enterprise? When you live dangerously sooner or later an adverse incident does occur and that is when the scapegoat syndrome always ends up pointing fingers at the CIO or the CISO, and/or the service provider. Breaking this paradox is the need of the hour for enterprises.
No one wants to fall sick or die but everyone takes health and life insurance! Investments in security are like insurance to protect the business. Physical security has seen this paradigm shift with electronic tags and biometric solutions becoming the norm. With the number of threats increasing and new ones emerging, the education of CXOs is not just an imperative but an urgent need. CIOs, CISOs, Internal Audit, and Risk Committees have to own up the information protection agenda and drive it with their collective might.
Using ethical means to understand vulnerabilities and fixing them should be high in the corporate agenda towards creating a safer digital enterprise. Customers and consumers are becoming sensitive to this fact and the probability of them taking their business elsewhere is beginning to happen. A safe and secure ecosystem is required for the extended enterprise including suppliers, contractors, partners, and customers. The writing on the wall is that companies who emerge as secure digital enterprises will be winners of the future.
Where are you?
Information and Cyber security is becoming a big topic of discussion extending beyond IT; in recent times it has definitely caught the attention of many country heads – Presidents and Prime Ministers alike. Conferences and Summits are being organized with discussions and debate around how to protect sovereign interests and secrets in many parts of the world. It is thus surprising that beyond a few industries like telecom and collectively the BFSI companies, there is very limited traction with CEOs and Boards.
Security breaches are increasingly creating adverse impact on enterprises; many high profile incidents have heightened awareness globally thereby removing the excuse of ignorance for decision makers. Thus manifestation of interest is easily discerned by the presence or absence of a security function, irrespective of whether it reports to IT or not. Recent survey by global consulting companies indicate improvement over the years though the gap is still quite large to give comfort. Why the indifference or inertia?
If we go back in time, systems were islands of information; information was exchanged between systems manually or through physical electronic media. Soon there was a way to connect multiple computers and they talked to each other within the computer room or data center. Improvements in telecom networks introduced the ability to connect distant locations though still within the enterprise. The advent of long distance data networks and the internet introduced new possibilities to connect with external stakeholders.
Standardization of data formats and published formats like EDI, XML, and integration using published APIs created new business models as well as collaboration opportunities with Extranets and Exchanges. The interconnected world also brought with it crooks, rogues, greedy and the disgruntled who wanted to disrupt business as usual and profit from enterprise loss. The industry responded with solutions to prevent intrusion, hacking, sniffing, direct and indirect attacks, attempting to create a shield around the end points and the transport layer.
IT was chastised for writing insecure programs that could be broken; they were never expected to write code that would be subject to threats from within or outside as their starting point was information islands. Remedial action demanded layers around the information while business upped the ante to demand information anywhere, anytime, for everyone. Moving from offline transactions to real-time information flow, programs were patched, retired, replaced and then left to run on uncontrolled machines thanks to BYOD.
Conventionally adopted protection technology solutions have been compromised; new vulnerabilities are being discovered every day. Patching remains the solace of the susceptible which lags the threats and their discovery. Evolution of defense strategies offers newer ways to safeguard the data but they come with a cost that is unpalatable to many enterprises. Challenge lies in non-existent to thin security budgets. Business expectation of quick and dirty solutions does not allow for adequate time to create secure solutions.
In conversation with a few CXOs, they expected regulators to enforce spends on security; according to one, spends will stay muted unless it is mandated. Another had instructed his CISO to find low cost or open source solutions; alternatively to selectively deploy security for specified endpoints or applications leaving the rest protected with basic anti-virus. To him no evidence of leakage implied that all systems are well protected; head in the ground appears a good way of declaring enterprise information assets secure.
It is contingent upon senior enterprise leaders, CXOs and Boards to take up the cause and demonstrate leadership starting with visible endorsement of security for all information assets. Risk Committees are at risk should a breach become high profile with loss of credibility and customers losing trust. Recovery from such incidents can be long and painful consuming higher budgets and efforts than planned interventions; and when something does go wrong, necks roll. There are many examples of breaches claiming CIOs and CEOs tainting their illustrious careers.
It is up to IT organizations to include security by design into every new system they plan to build or buy. New technologies do offer opportunities to create secure solutions and they do not necessarily come from current industry leaders in solutions or security. The world is connecting in a way never imagined before. Collaboration has extended beyond B2B, B2C, C2C, E2C, C2C, to M2M, and new paradigms are created every day. Reality is the innovation wheel is spinning faster and faster, where are you in the game?
Someone had quipped “You cannot do today’s job with yesterday’s tools and expect to be in business tomorrow.” And I agree, do you?
It was time to refresh the data center with existing infrastructure completing its lifecycle; some of the equipment was end of life with no support available, the rest needed replacement to ensure that the company stays current with technology. The IT team gathered all the data and statistics on usage to arrive at new configurations that will serve them for the next 3-4 years. All interested vendors contributed to the technology evaluation with differentiated solutions promoting esoteric features that normally don’t matter.
The team assimilated the information overload with judicious sifting that created a clear picture aligning the need to the offerings. It was a fair comparison where technology took precedence over comfort with any specific vendor or technology. To be doubly sure, the team reached out to peers and seniors across the industry to validate the recommendation. After a few iterations, all of it came through as good to go. To conclude the exercise, a presentation was prepared for the CEO who would needed to approve the budget and bless the project.
The CEO was known to be a technophile who kept the CIO and the rest of IT on their toes; he was well read, well connected and at times deep dived into finer details that most techies would find hard to hold a conversation. He was the force behind the company adopting IT in the way they did, spending judiciously and yet remaining current with industry evolution; recent times had seen a slowdown in investments and it was time to play catch-up. D-day arrived and the CIO along with the team was ready to present.
Why have you chosen the configuration that you present? What are my options with engineered systems or for that matter Public Cloud? Why do I need to invest in 50 TB of storage upfront; how can I stagger the deployment? Why have you chosen 12 core processors over 16 core? Why not 1.2 TB disks or SATA drives which offer higher capacity? Why is the number of VMs so low per physical box? Where is your Cloud strategy? The discussion went on for an hour with the CEO throwing question after question at the team.
The team could field only some and ran out of answers after some time; they promised to rework the solution with clarifications sought and inputs given. They were not expecting the kind of questions asked, they had prepared the business case based on transaction volume, new systems underway and planned, business growth and new initiatives that the business had planned over the next few years. It was as if the tables had turned on them with the CEO going technical while they had focused on business outcomes.
Is this a reality for large number of CIOs or just an exception to the rule where CEOs and CXOs rarely get into technology discussions citing ignorance and the fact that they find technology unfathomable ? Scanning the horizon I find that this breed of techno savvy CXOs is beginning to grow; they may not be able to differentiate between SAS and NL-SAS drives or size storage based on IOPS, they do understand basics that matter and are able to hold their own based on reasonable understanding of technology; all thanks to tech going mainstream media.
This world is antonymous to the world I wrote about last week (My CFO thinks he knows technology). There are people who know technology and use their expertise where it matters and there is a breed who thinks who know and want to show off in various forums. The first engage and challenge you to find better solutions, the other group ends up being a pain with their pseudo expertise. It takes little effort to see through the façade of the latter who can derail the best of hard work by seeding random thoughts of doubt.
Having worked with both camps, I found that opportunities can be created with the technophiles to engage and innovate depending on your risk appetite and ability by staying updated with finer nuances of technology. This may sound contradictory to the well beaten drum that CIOs need to move away from technology to business; my view is that CIOs cannot leave their foundations for purportedly greener pastures; they need to stay grounded in their domain while learning the newer skills and moving forth.
After all if the CFO does not know about IRR, NPV or ROA (Return on Assets), s/he will become a liability to the organization!
After a weeklong discussion on the new business opportunity that clearly defined the process and the strategy, the CMO thanked the IT team and the CIO for their active participation. Then he said something that resulted in pin drop silence and uneasy calm: I think the solution should be ready within a week from now? You know in college we used to write code and release programs in a few days. The CIO decided to clarify different reality for enterprise solutions that require a bit longer for time measured in weeks and months.
The CIO had invited the CFO to the IT meeting to interact with the team; every month he used to call some of the business leaders to give the team differing perspectives of how they contributed to the business and made a difference. In an endeavor to show off his technical prowess, the CFO asked about the storage environment: why don’t you use the NAS for the ERP? SAN is expensive; you should know how to economize! I have been involved in many technology projects and want to help you to choose most optimum solutions!
I had the privilege of working with many CEOs who were tech savvy and challenged me to find new ways to use existing investments as well as keep scanning for new technologies which could be disruptive in the future. The joy of working with such CEOs multiplied the not just my enthusiasm but also kept my teams motivated to put in their best to keep us ahead of the curve. This obviously created a culture of tech adoption that infected the rest of the CXOs to create an enterprise that enjoyed the benefits that IT can bring to the business.
Life gets interesting when some of the CXOs think they know technology better than IT professionals just because they worked in a tech company or studied a programming language in their school. Above are just 2 samples of such dialogues which keep the CIOs challenged and humored at the same time. They would make a great compendium to keep the IT fraternity smiling for a long time; the question that keeps raising its head is how to address such “know IT all” and “been there, done that” situations without creating a scene.
In conversations with many CIOs sharing experiences a few strategies emerged which had worked for most of them. To begin with the general consensus was to humor them by letting them speak out their heart and then keep doing what is in best interest of the project, team and the company. They need a platform to voice their knowledge which makes them feel better about themselves; most are happy doing just that in a harmless way without realizing that their wisdom is no longer relevant to the current technology realities.
The balance select minority of self-professed and declared IT experts who really believe that they know, unaware of when to stop are a challenge that needs handling with care. In positions of influence or power, they can be seriously disruptive to progress. This elite group wants to stay involved, sit through review meetings, add value to discussions with vendors, and get into minute details of deep technology that is best left to the techies. The group had no silver bullet though everyone had faced and managed such individuals in their careers.
Some CIOs had escalated such incidents where possible to the CEO or the Board to get them off their backs. Another avenue appeared to be to get an external third party or consultant on board to provide an expert view to counter the often antiquated, incorrect or incomplete knowledge. For the rest it was about the adverse impact on their deliverables which they were unable to control. So they struggled with shifting goalposts and changing timelines driven by the inane and absurd; they just had to grin and bear it.
One CIO had decided to take on such a CXO head-on and not accept the nonsense; he corrected the CXO in meetings and gave alternative and at times contrary views which almost every time put the CXO in an embarrassing and compromised situation. Unable to withstand the humility of the situation, the CXO confronted the CIO: Why do you keep countering everything I say as if I know nothing? You make me feel like a chump! What makes you so right all the time as if you know everything? Stop doing this else…
The CIO moved on to newer pastures leaving the company to the mercy of half-baked buzzword laden CXO.
They had a new CIO and the IT team was wondering how he would be; the earlier CIO was a self-professed workaholic. A bachelor staying few blocks away, he would land up at the office during his morning jog. He would stay on until the morning review meeting with the team running over every activity of the previous day which they had to record in a time sheet. His need to know everything and micromanage every activity obsessively; the team feared his scrutiny. So when the new CIO was announced, everyone was apprehensive, can it get worse?
The new guy came on board with his reputation preceding him as a celebrated CIO with much published success. Many of the team members had heard him in a few events and seminars though did not know his personality or working style. His demeanor was friendly and approachable which portrayed a pleasant personality. IT vendors spoke highly of his professional expertise and no nonsense way of working; he was tough with them and yet appreciated their contribution. This confused the IT team especially his direct reports.
The team of seven who ran the IT organization were coincidentally all of the same experience levels though across domains and technologies. Some old and some new, they had a tolerable coexistence with occasional professional conflicts resulting from overlapping responsibilities and dependencies on their individual success. Respective teams ran an efficient shop which the organization was proud of, with early adoption of many technologies. Their only challenge was an unfriendly image of IT which was growing rapidly.
The CIO met with the team collectively and individually within the first week to note their challenges and opportunities, aspirations and setbacks, and to understand the organization and team culture. He looked at their modus operandi, reports they created for internal review, processes and practices they had imbibed; he was quite happy to see their diligence and dedication towards work. He also found that some negativity was attributable to the earlier leader’s high technology orientation and disconnect with the business which rubbed off onto the team.
Soon they settled down into a comfortable rhythm, back to the grind, except that they noticed a subtle shift in the way business interacted with them. It was as if suddenly the enterprise had discovered some of the good qualities of the team that got beaten up every so often for operational failures, some of which had nothing to do with IT. Enjoying their new found status, the team gave it back in kind with positive collaboration towards solving business problems or finding new opportunities to win in the cutthroat industry.
Few in the IT team who were hired by the earlier CIO missed the daily morning grilling and technology sessions; they craved the micromanagement, instructions on how to do, prioritization of their activities; for them the regimented way had comfort, it took away the pain of thinking. They associated the new hands-off approach and delegation with lack of technical prowess and acumen; they saw the CIO attend business meetings, seminars, events, and take lead as the spokesperson for the industry which was in conflict to their benchmark of what a CIO should be.
They seeded thoughts across the IT team on the frivolous nature of their new leader and his style of operation; grudgingly granting the fact that business had begun to love technology and investments had gone up, these were anyway expected. For them success was despite the CIOs interventions and not because of what he did. The majority disagreed though had stray thoughts on what is indeed the role of the CIO and the complexity of the job which seemed to change dramatically with the new person. He appeared to have so much of free time!
I recently met with one of the seven who had taken on the role of the CIO stepping into the shoes of his highly successful boss. He was one of the persons close to the earlier CIO though not critical of the new one; he acknowledged the complexity of the role and the balancing act that it demanded from internal stakeholders expectations, team dynamics and its management, vendor ecosystem that needed periodic attention and finally the orchestration of all the components to keep everyone together aligned to the vision of the company’s future.
Few months into the role, he was struggling with the balance tilting frequently, the bar raised high; he was enjoying the challenge. He had finally found the answer to the question, what is the role of the CIO!
The CEO was perplexed that despite his product having all the features and more when compared to the market leader, most enterprise customers were shy of giving him business. His product was priced at a discount to the larger and dominant players thus providing great business cases and ROI; the technology platform was current versus competition. Customers liked the product and agreed that it met specifications and requirements; however it did not result in business. His company was a young startup and had few customers.
The world of startups is exploding and they offer solutions for existing and imaginary problems that you may have never thought about. Consumer applications are finding their way into the enterprise while the choices for enterprise applications have increased manifold. Convergence across the differing use cases creates opportunities for IT to automate and/or create new process efficiencies. These are beginning to offer viable alternatives to the large vendor solutions with complex licensing models and maintenance contracts.
Meeting a few entrepreneurs exhibited the most prominent feature across all the discussions was the belief and the passion in their ideas. Everyone had a dream to challenge the big players, wanted to solve problems of the world, and almost everyone was born a digital native. For these individuals the pursuit of their dream overshadowed the difficulties they faced learning to survive in fiscal deficit. With loads of infectious enthusiasm they happily demonstrate the value of what they have or plan to build to anyone interested.
They have like-minded teams with great technology skills and ability to create solutions with velocity that puts many enterprise IT teams to shame. They are able to react quickly to market and demands of their sparse customers; the struggle is largely around creating a dialogue with business and IT leaders on how their solutions will benefit the enterprise. They are the advocates and the best salespersons for their companies and solutions and in an endeavor to get first few customers, it is highly probable that they are willing to offer bargain prices.
Most enterprise CIOs and business heads find themselves meeting these entrepreneurs more often, now competing with the larger well established local or global solution providers. The gorillas with loads of muscle power, large number of customers, and an ecosystem of system integrators create doubts in the minds of potential buyers on the stability and longevity of the minnows. Thus in the face of perceived risk most customers end up making the expensive choice of going with the well-entrenched players.
Good news is that there is a wave of fresh air wafting through the crevices in the enterprise fortress – the data center and the application landscape; some successful and early adopter CIOs have taken calculated risks and the call to work with startups. The benefits in almost call cases have been beyond compare with quick and unbelievable ROI; for the struggling beginners these saviors were embraced and they stretched to exceed expectations. The CIOs pleased with success built symbiotic relationships by mentoring them.
For the safety net seekers following conventionally long implementation cycles, the larger players provided rich functionality though with restrictive practices offering ROI over 2-3 years. They became victims of their choices when they could have taken an alternative approach and experimented with the newer generation solutions and enjoyed associated benefits. The loss of agility came with its own set of challenges considering the fact that rarely a solution change is undertaken after long cycle of implementation.
Startups nurture their customers who imposed faith in them; large enterprise customers bring them credibility. They contributed significantly to their revenues which in turn helps them raise money from interested sources. For the large players another customer is just another customer even if you are a dominant force in the industry; exception being companies who are larger than these large vendors and they are just a handful. Relatively size does makes a difference to the treatment the vendors give to a customer.
All things being equal the question is where do you want to be? A big customer to a small vendor or a small customer of a big vendor? Your choices will determine not just your success but also your ability to influence the product direction, shape industry solutions, and finally give you a financial advantage. Having been in all the three camps, I would say that being a big customer of a startup outweighs the perceived risks; the sluggishness imposed by big vendors can be a big challenge; finally as a part of startups now I love big customers!
I recently met one of the senior team members of an enterprise who had decided to move away from bespoke custom developed solutions to implement a market leading ERP solution. For the company it was a big step forward after much discussion, debate and hesitation on the changeover and expected resultant business impact. They had thought about it many times, engaged with different consultants to assess the business case and every time decided to retain status quo fearing business disruption and no change readiness.
The ERP wave that started in the mid and late nineties ebbed almost a decade back with almost everyone taking one or other solution. The resultant automation, integration of business processes, and transparency brought about a quantum jump in efficiency for most. Some enterprises resisted the change to process and practices embedded in the solutions, ending up with highly customized implementations. They delivered superior results over the earlier tailored solutions though with overhead of maintaining the custom code.
In the ensuing years with the changing industry and economic dynamics, maturity and evolution of the solutions with new features and technology, and new business models, the ERP implementations began to appear as monolithic and unwieldy. The high level of customization became a roadblock towards leveraging newer technology and innovation. Soon it was evident that new strategies will be required to overcome the agility challenge; to gain benefit from the new age solutions, it became imperative to review the IT landscape.
Business CIOs took up the challenge and recommended trimming bolt-on and fringe solutions with every version and technology upgrade. The brave ones endorsed and took up reimplementation of their ERPs which eliminated changes to the core solutions and depended on parameterization over custom code to the extent possible. Advent of the Digital world and on-demand service models gave them an opportunity to stay current and relevant. Few who had implemented out-of-the-box solutions stood validated and happy.
In conversation with my friend I was curious to learn about his journey on the project which had high visibility in the industry due to the large size and complexity as well as the reputation of his company being risk averse. They had gone live after multiple misses to the timeline stretching the project to a level where the fainthearted would have got palpitations. He was not too happy with the end outcome; the project which to begin with had been planned well down to the last level of detail had not gone the anticipated way for many.
The going in mandate was to stay with out-of-the-box best practice processes and functionality with help of one of the best global implementation partners. Everyone had aligned to this direction which was deemed to be the best approach for a large enterprise. Functionality was cast in alignment to available features, changing process to ensure that business requirements are met. Progress suddenly faced potholes and bottlenecks with some new constituents challenging every decision that steered away from changing the system.
Archaic views prevailed over commonsense and best practices were overruled as being irrelevant to the company’s context. The direction was changed to the well-trodden path of an era gone by as the new players had only been on that track which lay mothballed and abandoned by the newer generation of IT leaders and followers. Thus began the regressive journey of change that brought in a battalion of programmers to fit all processes with customizations even if it meant breaking the core to batter the system into a familiar face.
When the secret chambers are opened and fundamental innards tinkered with, something has to break; and it did colossally spinning a spiral from which it became difficult to surface. Despite the writing on the wall the team plodded through with fear of retribution should they even raise a whimper. Deadlines came and went. The chaos and delays started hurting the business who finally found their voice and asked uncomfortable questions. The inept leadership reduced project scope, blamed everyone but themselves, and finally declared go-live with a badly bandaged system.
With an embargo on communications, the real state of affairs will probably never be known, though murmurs are heard off the records of the adverse business impact and the loss of credibility of the team with the business. Published numbers do indicate everything is not hunky dory; I guess that this episode will remain under the carpet for some time to come. Custom applications and customizing commercial off the shelf systems are getting buried. Unfortunately the challenged in positions of power continue to hurtle enterprises down the ravines of ignominy.
The IT team was pleased with the effort and congratulated each other for the delivery. The team had worked hard with the development partner to meet aggressive timelines and delivered for UAT a few days early. But that is when the problem started; the team working on the UAT came up with many exceptions that poked holes in the solution; a process not captured well, some processes missing and absent data elements. It was like IT was from Mars and the business was from Venus and they blamed each other.
The CIO was peeved off by the disconnect; the vendor with high pedigree and domain expertise had been carefully and jointly chosen; the business had offered domain experts with good standing, and the IT team understood the technology well enough. So the CIO did some quick checks on the delivery versus expectations and discovered that the IT team knew the business though the understanding was not as deep as it appeared to be. There were translation losses with implicit assumptions by the business and IT.
I think the drums started beating almost a decade back on the need for the CIO to become business savvy. It was about understanding business operations so that the written and articulated processes are translated it into a solution that meets business expectations. The origin of this was the nemesis of what everyone called scope creep and resultant change requests that escalated cost and created time overruns such that the end solution at times became irrelevant to the business; bridging the gap was necessary and critical.
The CIO also had aspirations to get a seat on the Management Committee or the Operating Board or equivalent leadership team. Discussions in these meetings largely did and continue to focus on topline, operating efficiency, bottom line; essentially discuss monthly performance and numbers. Some teams had graduated to reviewing competitive activities and customer engagement while the more evolved ones discussed strategies and more openly. For the CIO to get there it was imperative that s/he understand, participate and contribute.
It took some effort and humility to make the grade, while some for whatever reason did/could not; the fruits of the effort were worth the struggle and more. As a business partner the CIO enjoyed the perks of being in the team and on the table working lockstep with other CXOs. Having a bird’s eye view of the business and a pulse of operations, the CIO stitched together the missing pieces of the jigsaw that made up the business. The transition to a business leader brought new aspirations which resulted in lateral or upward movement for a few.
The IT team reveled in the success and leadership position taken by the CIO; the adulation apart some of them attempted to follow the CIO’s footsteps that led to the transformation. The CIO was happy in his/her new found position and willingly coached anyone who wanted to follow the path. Key lessons revolved around the not so obvious soft skills which help in building relationships; s/he also stressed the need to know the chosen function or domain as well to be seen as a subject matter expert internally as well as externally.
Attempting to get to the bottom of the imbroglio, the CIO realized that the IT team involved in the project had not fully imbibed the learning citing paucity of time and work pressures. They had sidestepped some meetings and relied on their knowledge and focused on technology. The vendor to his credit had attempted to engage with the business and had suggested field trips which were deemed unnecessary by the IT team. Thus the partial understanding created a solution that evidently did not meet expectations and resulted in frustration on both sides.
It is the CIOs responsibility to push his/her team to leave their comfort zones and make the cut; business in most cases is willing to help the learning. A planned approach to engage from both sides works best; the CIO must measure the engagement levels and continuously create opportunities on both sides to appreciate each other’s expertise. Project success is an important milestone but to move to a trusted partner and advisor takes a lot more. In this case walking the talk is a difficult journey which the IT team had failed to do.
Prepare your teams the way you plan your learning, after all your success depends on them.
A long time back I wanted to write a book on Organizational Inertia; it was to be an expression of angst from stories captured from many IT teams on theirs and my experiences in large enterprises. The funny thing is that large enterprises have a peculiar life of their own which makes interesting case studies. They rarely surface and get buried in the stifled cries and whimpers of the frustrated who try to find solace in greener pastures. When I wrote No decision, the biggest enemy to progress, it appeared to have stories of many encapsulated into the anecdotes.
Organizational inertia manifests itself in many ways; pushback to innovation, new ideas and change, is the norm with justification that is final in its utterance. If that does not work, Committees are setup to review feasibility, or research commissioned to validate the assumptions, or a Consultant hired to benchmark and recommend best practice, or just keep asking for more data; anything to maintain status quo almost as if life depended on it. Let me give you a few examples of how they manifest themselves, I am sure you can add to the list:
- That’s the way it is done here
- The current process was written/endorsed by the Chairman/Founder/CEO, how can we change it?
- It was tried earlier and it did not work
- There is no budget allotted
- How can you even think about … you don’t understand this company!
- This requires approvals from global headquarters … and you know how it works …
- It is not relevant to our industry/company …
Almost two decades back as I remember some bright consultants created a practice around “Change Management” to address these issues which plagued the industry. How to manage change, how to get people to embrace new ideas, and how to institutionalize change. Every large enterprise went through some kind of workshops, management consultants adding value, and attempting to coerce people to look at things differently. The inherent pushback from the change averse (that’s what they were called) was WIIFM (What’s In It For Me)?
Fair amount of the change was created by automation and force fitment of processes into technology solutions that integrated processes and functions (ERP). The next layer of function specific solutions like CRM or SCM and then broad based solutions like BPM added to the change which started accelerating. Post the initial chaos emerged clarity on the benefits and the ease of use with early adopters enjoying market leadership or an agile advantage. Things were beginning to settle down and enterprises were at peace with themselves.
Change being the only constant, the next level of disruption was thrust upon enterprises from outside with the changing dynamics of employees, contractors and customers embracing technology in their personal lives. The now ubiquitous smartphone in the hands of the masses catalysed by exploding plethora of applications forced enterprises to accept this force multiplier. CIOs and others were challenged to accept the new wave which required not just adaptation to the technology but also a change in process.
From the internet led disruption to mobility to Clouds to now the Digital hype, IoT, and wearables to name a few, enterprises and CIOs have never had a dull moment. Doomsday did happen for some though not because they did not embrace the hype, but because they did not change when they should have or when they could have. Stories of such companies shall remain case studies in organizational inertia. In the new world of digitally defined success measured by valuations among other things, everyone wants a share of the pie.
This is an opportunity for every company and leader to introspect and take some uncomfortable decisions to give up the good old ways of working and explore how the hype can be tamed and applied within. The CIO more than other CXOs is well placed to take steps towards creating a dialogue that puts the elephant in the room and test hypotheses on impact to customer, employees, partners and stakeholders. In the new age some of the fundamentals cannot be forgotten; finally for every company it is about creating value for the ecosystem.
“A year from now, you may wish you had started today.” – Karen Lamb