Information and Cyber security is becoming a big topic of discussion extending beyond IT; in recent times it has definitely caught the attention of many country heads – Presidents and Prime Ministers alike. Conferences and Summits are being organized with discussions and debate around how to protect sovereign interests and secrets in many parts of the world. It is thus surprising that beyond a few industries like telecom and collectively the BFSI companies, there is very limited traction with CEOs and Boards.
Security breaches are increasingly creating adverse impact on enterprises; many high profile incidents have heightened awareness globally thereby removing the excuse of ignorance for decision makers. Thus manifestation of interest is easily discerned by the presence or absence of a security function, irrespective of whether it reports to IT or not. Recent survey by global consulting companies indicate improvement over the years though the gap is still quite large to give comfort. Why the indifference or inertia?
If we go back in time, systems were islands of information; information was exchanged between systems manually or through physical electronic media. Soon there was a way to connect multiple computers and they talked to each other within the computer room or data center. Improvements in telecom networks introduced the ability to connect distant locations though still within the enterprise. The advent of long distance data networks and the internet introduced new possibilities to connect with external stakeholders.
Standardization of data formats and published formats like EDI, XML, and integration using published APIs created new business models as well as collaboration opportunities with Extranets and Exchanges. The interconnected world also brought with it crooks, rogues, greedy and the disgruntled who wanted to disrupt business as usual and profit from enterprise loss. The industry responded with solutions to prevent intrusion, hacking, sniffing, direct and indirect attacks, attempting to create a shield around the end points and the transport layer.
IT was chastised for writing insecure programs that could be broken; they were never expected to write code that would be subject to threats from within or outside as their starting point was information islands. Remedial action demanded layers around the information while business upped the ante to demand information anywhere, anytime, for everyone. Moving from offline transactions to real-time information flow, programs were patched, retired, replaced and then left to run on uncontrolled machines thanks to BYOD.
Conventionally adopted protection technology solutions have been compromised; new vulnerabilities are being discovered every day. Patching remains the solace of the susceptible which lags the threats and their discovery. Evolution of defense strategies offers newer ways to safeguard the data but they come with a cost that is unpalatable to many enterprises. Challenge lies in non-existent to thin security budgets. Business expectation of quick and dirty solutions does not allow for adequate time to create secure solutions.
In conversation with a few CXOs, they expected regulators to enforce spends on security; according to one, spends will stay muted unless it is mandated. Another had instructed his CISO to find low cost or open source solutions; alternatively to selectively deploy security for specified endpoints or applications leaving the rest protected with basic anti-virus. To him no evidence of leakage implied that all systems are well protected; head in the ground appears a good way of declaring enterprise information assets secure.
It is contingent upon senior enterprise leaders, CXOs and Boards to take up the cause and demonstrate leadership starting with visible endorsement of security for all information assets. Risk Committees are at risk should a breach become high profile with loss of credibility and customers losing trust. Recovery from such incidents can be long and painful consuming higher budgets and efforts than planned interventions; and when something does go wrong, necks roll. There are many examples of breaches claiming CIOs and CEOs tainting their illustrious careers.
It is up to IT organizations to include security by design into every new system they plan to build or buy. New technologies do offer opportunities to create secure solutions and they do not necessarily come from current industry leaders in solutions or security. The world is connecting in a way never imagined before. Collaboration has extended beyond B2B, B2C, C2C, E2C, C2C, to M2M, and new paradigms are created every day. Reality is the innovation wheel is spinning faster and faster, where are you in the game?
Someone had quipped “You cannot do today’s job with yesterday’s tools and expect to be in business tomorrow.” And I agree, do you?
It was time to refresh the data center with existing infrastructure completing its lifecycle; some of the equipment was end of life with no support available, the rest needed replacement to ensure that the company stays current with technology. The IT team gathered all the data and statistics on usage to arrive at new configurations that will serve them for the next 3-4 years. All interested vendors contributed to the technology evaluation with differentiated solutions promoting esoteric features that normally don’t matter.
The team assimilated the information overload with judicious sifting that created a clear picture aligning the need to the offerings. It was a fair comparison where technology took precedence over comfort with any specific vendor or technology. To be doubly sure, the team reached out to peers and seniors across the industry to validate the recommendation. After a few iterations, all of it came through as good to go. To conclude the exercise, a presentation was prepared for the CEO who would needed to approve the budget and bless the project.
The CEO was known to be a technophile who kept the CIO and the rest of IT on their toes; he was well read, well connected and at times deep dived into finer details that most techies would find hard to hold a conversation. He was the force behind the company adopting IT in the way they did, spending judiciously and yet remaining current with industry evolution; recent times had seen a slowdown in investments and it was time to play catch-up. D-day arrived and the CIO along with the team was ready to present.
Why have you chosen the configuration that you present? What are my options with engineered systems or for that matter Public Cloud? Why do I need to invest in 50 TB of storage upfront; how can I stagger the deployment? Why have you chosen 12 core processors over 16 core? Why not 1.2 TB disks or SATA drives which offer higher capacity? Why is the number of VMs so low per physical box? Where is your Cloud strategy? The discussion went on for an hour with the CEO throwing question after question at the team.
The team could field only some and ran out of answers after some time; they promised to rework the solution with clarifications sought and inputs given. They were not expecting the kind of questions asked, they had prepared the business case based on transaction volume, new systems underway and planned, business growth and new initiatives that the business had planned over the next few years. It was as if the tables had turned on them with the CEO going technical while they had focused on business outcomes.
Is this a reality for large number of CIOs or just an exception to the rule where CEOs and CXOs rarely get into technology discussions citing ignorance and the fact that they find technology unfathomable ? Scanning the horizon I find that this breed of techno savvy CXOs is beginning to grow; they may not be able to differentiate between SAS and NL-SAS drives or size storage based on IOPS, they do understand basics that matter and are able to hold their own based on reasonable understanding of technology; all thanks to tech going mainstream media.
This world is antonymous to the world I wrote about last week (My CFO thinks he knows technology). There are people who know technology and use their expertise where it matters and there is a breed who thinks who know and want to show off in various forums. The first engage and challenge you to find better solutions, the other group ends up being a pain with their pseudo expertise. It takes little effort to see through the façade of the latter who can derail the best of hard work by seeding random thoughts of doubt.
Having worked with both camps, I found that opportunities can be created with the technophiles to engage and innovate depending on your risk appetite and ability by staying updated with finer nuances of technology. This may sound contradictory to the well beaten drum that CIOs need to move away from technology to business; my view is that CIOs cannot leave their foundations for purportedly greener pastures; they need to stay grounded in their domain while learning the newer skills and moving forth.
After all if the CFO does not know about IRR, NPV or ROA (Return on Assets), s/he will become a liability to the organization!
After a weeklong discussion on the new business opportunity that clearly defined the process and the strategy, the CMO thanked the IT team and the CIO for their active participation. Then he said something that resulted in pin drop silence and uneasy calm: I think the solution should be ready within a week from now? You know in college we used to write code and release programs in a few days. The CIO decided to clarify different reality for enterprise solutions that require a bit longer for time measured in weeks and months.
The CIO had invited the CFO to the IT meeting to interact with the team; every month he used to call some of the business leaders to give the team differing perspectives of how they contributed to the business and made a difference. In an endeavor to show off his technical prowess, the CFO asked about the storage environment: why don’t you use the NAS for the ERP? SAN is expensive; you should know how to economize! I have been involved in many technology projects and want to help you to choose most optimum solutions!
I had the privilege of working with many CEOs who were tech savvy and challenged me to find new ways to use existing investments as well as keep scanning for new technologies which could be disruptive in the future. The joy of working with such CEOs multiplied the not just my enthusiasm but also kept my teams motivated to put in their best to keep us ahead of the curve. This obviously created a culture of tech adoption that infected the rest of the CXOs to create an enterprise that enjoyed the benefits that IT can bring to the business.
Life gets interesting when some of the CXOs think they know technology better than IT professionals just because they worked in a tech company or studied a programming language in their school. Above are just 2 samples of such dialogues which keep the CIOs challenged and humored at the same time. They would make a great compendium to keep the IT fraternity smiling for a long time; the question that keeps raising its head is how to address such “know IT all” and “been there, done that” situations without creating a scene.
In conversations with many CIOs sharing experiences a few strategies emerged which had worked for most of them. To begin with the general consensus was to humor them by letting them speak out their heart and then keep doing what is in best interest of the project, team and the company. They need a platform to voice their knowledge which makes them feel better about themselves; most are happy doing just that in a harmless way without realizing that their wisdom is no longer relevant to the current technology realities.
The balance select minority of self-professed and declared IT experts who really believe that they know, unaware of when to stop are a challenge that needs handling with care. In positions of influence or power, they can be seriously disruptive to progress. This elite group wants to stay involved, sit through review meetings, add value to discussions with vendors, and get into minute details of deep technology that is best left to the techies. The group had no silver bullet though everyone had faced and managed such individuals in their careers.
Some CIOs had escalated such incidents where possible to the CEO or the Board to get them off their backs. Another avenue appeared to be to get an external third party or consultant on board to provide an expert view to counter the often antiquated, incorrect or incomplete knowledge. For the rest it was about the adverse impact on their deliverables which they were unable to control. So they struggled with shifting goalposts and changing timelines driven by the inane and absurd; they just had to grin and bear it.
One CIO had decided to take on such a CXO head-on and not accept the nonsense; he corrected the CXO in meetings and gave alternative and at times contrary views which almost every time put the CXO in an embarrassing and compromised situation. Unable to withstand the humility of the situation, the CXO confronted the CIO: Why do you keep countering everything I say as if I know nothing? You make me feel like a chump! What makes you so right all the time as if you know everything? Stop doing this else…
The CIO moved on to newer pastures leaving the company to the mercy of half-baked buzzword laden CXO.
They had a new CIO and the IT team was wondering how he would be; the earlier CIO was a self-professed workaholic. A bachelor staying few blocks away, he would land up at the office during his morning jog. He would stay on until the morning review meeting with the team running over every activity of the previous day which they had to record in a time sheet. His need to know everything and micromanage every activity obsessively; the team feared his scrutiny. So when the new CIO was announced, everyone was apprehensive, can it get worse?
The new guy came on board with his reputation preceding him as a celebrated CIO with much published success. Many of the team members had heard him in a few events and seminars though did not know his personality or working style. His demeanor was friendly and approachable which portrayed a pleasant personality. IT vendors spoke highly of his professional expertise and no nonsense way of working; he was tough with them and yet appreciated their contribution. This confused the IT team especially his direct reports.
The team of seven who ran the IT organization were coincidentally all of the same experience levels though across domains and technologies. Some old and some new, they had a tolerable coexistence with occasional professional conflicts resulting from overlapping responsibilities and dependencies on their individual success. Respective teams ran an efficient shop which the organization was proud of, with early adoption of many technologies. Their only challenge was an unfriendly image of IT which was growing rapidly.
The CIO met with the team collectively and individually within the first week to note their challenges and opportunities, aspirations and setbacks, and to understand the organization and team culture. He looked at their modus operandi, reports they created for internal review, processes and practices they had imbibed; he was quite happy to see their diligence and dedication towards work. He also found that some negativity was attributable to the earlier leader’s high technology orientation and disconnect with the business which rubbed off onto the team.
Soon they settled down into a comfortable rhythm, back to the grind, except that they noticed a subtle shift in the way business interacted with them. It was as if suddenly the enterprise had discovered some of the good qualities of the team that got beaten up every so often for operational failures, some of which had nothing to do with IT. Enjoying their new found status, the team gave it back in kind with positive collaboration towards solving business problems or finding new opportunities to win in the cutthroat industry.
Few in the IT team who were hired by the earlier CIO missed the daily morning grilling and technology sessions; they craved the micromanagement, instructions on how to do, prioritization of their activities; for them the regimented way had comfort, it took away the pain of thinking. They associated the new hands-off approach and delegation with lack of technical prowess and acumen; they saw the CIO attend business meetings, seminars, events, and take lead as the spokesperson for the industry which was in conflict to their benchmark of what a CIO should be.
They seeded thoughts across the IT team on the frivolous nature of their new leader and his style of operation; grudgingly granting the fact that business had begun to love technology and investments had gone up, these were anyway expected. For them success was despite the CIOs interventions and not because of what he did. The majority disagreed though had stray thoughts on what is indeed the role of the CIO and the complexity of the job which seemed to change dramatically with the new person. He appeared to have so much of free time!
I recently met with one of the seven who had taken on the role of the CIO stepping into the shoes of his highly successful boss. He was one of the persons close to the earlier CIO though not critical of the new one; he acknowledged the complexity of the role and the balancing act that it demanded from internal stakeholders expectations, team dynamics and its management, vendor ecosystem that needed periodic attention and finally the orchestration of all the components to keep everyone together aligned to the vision of the company’s future.
Few months into the role, he was struggling with the balance tilting frequently, the bar raised high; he was enjoying the challenge. He had finally found the answer to the question, what is the role of the CIO!
The CEO was perplexed that despite his product having all the features and more when compared to the market leader, most enterprise customers were shy of giving him business. His product was priced at a discount to the larger and dominant players thus providing great business cases and ROI; the technology platform was current versus competition. Customers liked the product and agreed that it met specifications and requirements; however it did not result in business. His company was a young startup and had few customers.
The world of startups is exploding and they offer solutions for existing and imaginary problems that you may have never thought about. Consumer applications are finding their way into the enterprise while the choices for enterprise applications have increased manifold. Convergence across the differing use cases creates opportunities for IT to automate and/or create new process efficiencies. These are beginning to offer viable alternatives to the large vendor solutions with complex licensing models and maintenance contracts.
Meeting a few entrepreneurs exhibited the most prominent feature across all the discussions was the belief and the passion in their ideas. Everyone had a dream to challenge the big players, wanted to solve problems of the world, and almost everyone was born a digital native. For these individuals the pursuit of their dream overshadowed the difficulties they faced learning to survive in fiscal deficit. With loads of infectious enthusiasm they happily demonstrate the value of what they have or plan to build to anyone interested.
They have like-minded teams with great technology skills and ability to create solutions with velocity that puts many enterprise IT teams to shame. They are able to react quickly to market and demands of their sparse customers; the struggle is largely around creating a dialogue with business and IT leaders on how their solutions will benefit the enterprise. They are the advocates and the best salespersons for their companies and solutions and in an endeavor to get first few customers, it is highly probable that they are willing to offer bargain prices.
Most enterprise CIOs and business heads find themselves meeting these entrepreneurs more often, now competing with the larger well established local or global solution providers. The gorillas with loads of muscle power, large number of customers, and an ecosystem of system integrators create doubts in the minds of potential buyers on the stability and longevity of the minnows. Thus in the face of perceived risk most customers end up making the expensive choice of going with the well-entrenched players.
Good news is that there is a wave of fresh air wafting through the crevices in the enterprise fortress – the data center and the application landscape; some successful and early adopter CIOs have taken calculated risks and the call to work with startups. The benefits in almost call cases have been beyond compare with quick and unbelievable ROI; for the struggling beginners these saviors were embraced and they stretched to exceed expectations. The CIOs pleased with success built symbiotic relationships by mentoring them.
For the safety net seekers following conventionally long implementation cycles, the larger players provided rich functionality though with restrictive practices offering ROI over 2-3 years. They became victims of their choices when they could have taken an alternative approach and experimented with the newer generation solutions and enjoyed associated benefits. The loss of agility came with its own set of challenges considering the fact that rarely a solution change is undertaken after long cycle of implementation.
Startups nurture their customers who imposed faith in them; large enterprise customers bring them credibility. They contributed significantly to their revenues which in turn helps them raise money from interested sources. For the large players another customer is just another customer even if you are a dominant force in the industry; exception being companies who are larger than these large vendors and they are just a handful. Relatively size does makes a difference to the treatment the vendors give to a customer.
All things being equal the question is where do you want to be? A big customer to a small vendor or a small customer of a big vendor? Your choices will determine not just your success but also your ability to influence the product direction, shape industry solutions, and finally give you a financial advantage. Having been in all the three camps, I would say that being a big customer of a startup outweighs the perceived risks; the sluggishness imposed by big vendors can be a big challenge; finally as a part of startups now I love big customers!
I recently met one of the senior team members of an enterprise who had decided to move away from bespoke custom developed solutions to implement a market leading ERP solution. For the company it was a big step forward after much discussion, debate and hesitation on the changeover and expected resultant business impact. They had thought about it many times, engaged with different consultants to assess the business case and every time decided to retain status quo fearing business disruption and no change readiness.
The ERP wave that started in the mid and late nineties ebbed almost a decade back with almost everyone taking one or other solution. The resultant automation, integration of business processes, and transparency brought about a quantum jump in efficiency for most. Some enterprises resisted the change to process and practices embedded in the solutions, ending up with highly customized implementations. They delivered superior results over the earlier tailored solutions though with overhead of maintaining the custom code.
In the ensuing years with the changing industry and economic dynamics, maturity and evolution of the solutions with new features and technology, and new business models, the ERP implementations began to appear as monolithic and unwieldy. The high level of customization became a roadblock towards leveraging newer technology and innovation. Soon it was evident that new strategies will be required to overcome the agility challenge; to gain benefit from the new age solutions, it became imperative to review the IT landscape.
Business CIOs took up the challenge and recommended trimming bolt-on and fringe solutions with every version and technology upgrade. The brave ones endorsed and took up reimplementation of their ERPs which eliminated changes to the core solutions and depended on parameterization over custom code to the extent possible. Advent of the Digital world and on-demand service models gave them an opportunity to stay current and relevant. Few who had implemented out-of-the-box solutions stood validated and happy.
In conversation with my friend I was curious to learn about his journey on the project which had high visibility in the industry due to the large size and complexity as well as the reputation of his company being risk averse. They had gone live after multiple misses to the timeline stretching the project to a level where the fainthearted would have got palpitations. He was not too happy with the end outcome; the project which to begin with had been planned well down to the last level of detail had not gone the anticipated way for many.
The going in mandate was to stay with out-of-the-box best practice processes and functionality with help of one of the best global implementation partners. Everyone had aligned to this direction which was deemed to be the best approach for a large enterprise. Functionality was cast in alignment to available features, changing process to ensure that business requirements are met. Progress suddenly faced potholes and bottlenecks with some new constituents challenging every decision that steered away from changing the system.
Archaic views prevailed over commonsense and best practices were overruled as being irrelevant to the company’s context. The direction was changed to the well-trodden path of an era gone by as the new players had only been on that track which lay mothballed and abandoned by the newer generation of IT leaders and followers. Thus began the regressive journey of change that brought in a battalion of programmers to fit all processes with customizations even if it meant breaking the core to batter the system into a familiar face.
When the secret chambers are opened and fundamental innards tinkered with, something has to break; and it did colossally spinning a spiral from which it became difficult to surface. Despite the writing on the wall the team plodded through with fear of retribution should they even raise a whimper. Deadlines came and went. The chaos and delays started hurting the business who finally found their voice and asked uncomfortable questions. The inept leadership reduced project scope, blamed everyone but themselves, and finally declared go-live with a badly bandaged system.
With an embargo on communications, the real state of affairs will probably never be known, though murmurs are heard off the records of the adverse business impact and the loss of credibility of the team with the business. Published numbers do indicate everything is not hunky dory; I guess that this episode will remain under the carpet for some time to come. Custom applications and customizing commercial off the shelf systems are getting buried. Unfortunately the challenged in positions of power continue to hurtle enterprises down the ravines of ignominy.
The IT team was pleased with the effort and congratulated each other for the delivery. The team had worked hard with the development partner to meet aggressive timelines and delivered for UAT a few days early. But that is when the problem started; the team working on the UAT came up with many exceptions that poked holes in the solution; a process not captured well, some processes missing and absent data elements. It was like IT was from Mars and the business was from Venus and they blamed each other.
The CIO was peeved off by the disconnect; the vendor with high pedigree and domain expertise had been carefully and jointly chosen; the business had offered domain experts with good standing, and the IT team understood the technology well enough. So the CIO did some quick checks on the delivery versus expectations and discovered that the IT team knew the business though the understanding was not as deep as it appeared to be. There were translation losses with implicit assumptions by the business and IT.
I think the drums started beating almost a decade back on the need for the CIO to become business savvy. It was about understanding business operations so that the written and articulated processes are translated it into a solution that meets business expectations. The origin of this was the nemesis of what everyone called scope creep and resultant change requests that escalated cost and created time overruns such that the end solution at times became irrelevant to the business; bridging the gap was necessary and critical.
The CIO also had aspirations to get a seat on the Management Committee or the Operating Board or equivalent leadership team. Discussions in these meetings largely did and continue to focus on topline, operating efficiency, bottom line; essentially discuss monthly performance and numbers. Some teams had graduated to reviewing competitive activities and customer engagement while the more evolved ones discussed strategies and more openly. For the CIO to get there it was imperative that s/he understand, participate and contribute.
It took some effort and humility to make the grade, while some for whatever reason did/could not; the fruits of the effort were worth the struggle and more. As a business partner the CIO enjoyed the perks of being in the team and on the table working lockstep with other CXOs. Having a bird’s eye view of the business and a pulse of operations, the CIO stitched together the missing pieces of the jigsaw that made up the business. The transition to a business leader brought new aspirations which resulted in lateral or upward movement for a few.
The IT team reveled in the success and leadership position taken by the CIO; the adulation apart some of them attempted to follow the CIO’s footsteps that led to the transformation. The CIO was happy in his/her new found position and willingly coached anyone who wanted to follow the path. Key lessons revolved around the not so obvious soft skills which help in building relationships; s/he also stressed the need to know the chosen function or domain as well to be seen as a subject matter expert internally as well as externally.
Attempting to get to the bottom of the imbroglio, the CIO realized that the IT team involved in the project had not fully imbibed the learning citing paucity of time and work pressures. They had sidestepped some meetings and relied on their knowledge and focused on technology. The vendor to his credit had attempted to engage with the business and had suggested field trips which were deemed unnecessary by the IT team. Thus the partial understanding created a solution that evidently did not meet expectations and resulted in frustration on both sides.
It is the CIOs responsibility to push his/her team to leave their comfort zones and make the cut; business in most cases is willing to help the learning. A planned approach to engage from both sides works best; the CIO must measure the engagement levels and continuously create opportunities on both sides to appreciate each other’s expertise. Project success is an important milestone but to move to a trusted partner and advisor takes a lot more. In this case walking the talk is a difficult journey which the IT team had failed to do.
Prepare your teams the way you plan your learning, after all your success depends on them.
A long time back I wanted to write a book on Organizational Inertia; it was to be an expression of angst from stories captured from many IT teams on theirs and my experiences in large enterprises. The funny thing is that large enterprises have a peculiar life of their own which makes interesting case studies. They rarely surface and get buried in the stifled cries and whimpers of the frustrated who try to find solace in greener pastures. When I wrote No decision, the biggest enemy to progress, it appeared to have stories of many encapsulated into the anecdotes.
Organizational inertia manifests itself in many ways; pushback to innovation, new ideas and change, is the norm with justification that is final in its utterance. If that does not work, Committees are setup to review feasibility, or research commissioned to validate the assumptions, or a Consultant hired to benchmark and recommend best practice, or just keep asking for more data; anything to maintain status quo almost as if life depended on it. Let me give you a few examples of how they manifest themselves, I am sure you can add to the list:
- That’s the way it is done here
- The current process was written/endorsed by the Chairman/Founder/CEO, how can we change it?
- It was tried earlier and it did not work
- There is no budget allotted
- How can you even think about … you don’t understand this company!
- This requires approvals from global headquarters … and you know how it works …
- It is not relevant to our industry/company …
Almost two decades back as I remember some bright consultants created a practice around “Change Management” to address these issues which plagued the industry. How to manage change, how to get people to embrace new ideas, and how to institutionalize change. Every large enterprise went through some kind of workshops, management consultants adding value, and attempting to coerce people to look at things differently. The inherent pushback from the change averse (that’s what they were called) was WIIFM (What’s In It For Me)?
Fair amount of the change was created by automation and force fitment of processes into technology solutions that integrated processes and functions (ERP). The next layer of function specific solutions like CRM or SCM and then broad based solutions like BPM added to the change which started accelerating. Post the initial chaos emerged clarity on the benefits and the ease of use with early adopters enjoying market leadership or an agile advantage. Things were beginning to settle down and enterprises were at peace with themselves.
Change being the only constant, the next level of disruption was thrust upon enterprises from outside with the changing dynamics of employees, contractors and customers embracing technology in their personal lives. The now ubiquitous smartphone in the hands of the masses catalysed by exploding plethora of applications forced enterprises to accept this force multiplier. CIOs and others were challenged to accept the new wave which required not just adaptation to the technology but also a change in process.
From the internet led disruption to mobility to Clouds to now the Digital hype, IoT, and wearables to name a few, enterprises and CIOs have never had a dull moment. Doomsday did happen for some though not because they did not embrace the hype, but because they did not change when they should have or when they could have. Stories of such companies shall remain case studies in organizational inertia. In the new world of digitally defined success measured by valuations among other things, everyone wants a share of the pie.
This is an opportunity for every company and leader to introspect and take some uncomfortable decisions to give up the good old ways of working and explore how the hype can be tamed and applied within. The CIO more than other CXOs is well placed to take steps towards creating a dialogue that puts the elephant in the room and test hypotheses on impact to customer, employees, partners and stakeholders. In the new age some of the fundamentals cannot be forgotten; finally for every company it is about creating value for the ecosystem.
“A year from now, you may wish you had started today.” – Karen Lamb
I was at this conference of small and mid-sized cloud service providers who were discussing the current state of the market and evolution with everyone talking digital. They were hoping to collectively brainstorm and learn from each other’s experience. They discussed the evaluation criteria they were subjected to, problem statements they had to answer, and the two biggest stumbling blocks that would not go away even with the maturity of the cloud solutions and growing customer base; they are ROI and Security.
Some large enterprises have adopted a cloud first approach to their new initiatives while they seriously evaluate movement to the cloud whenever faced with any upgrade or refresh decision. These early adopters and fast followers now are more or less convinced that it does not make sense to continue investing in conventional hardware solutions. Data centers and servers are best left to the experts to manage while application management was outsourced a decade back. DevOps is the way to go and Cloud is where everything should reside.
Off course there are industries which have seen exceptions for some types of solutions which are still not amenable to be on the cloud. Even the providers acknowledge this and keep away from pitching for such use cases. Big monolithic solutions are facing the agility challenge and the paradigm has shifted to accommodate multiple for purpose apps on the cloud that are making some parts of the big solutions redundant or enhancing productivity by reducing the effort to complete a workflow or task in the conventional solutions.
Consumer and personal apps reside on the same devices that are used at work; this transgression managed or otherwise is here to stay. CIOs and CISOs have learned that pushbacks are no longer accepted and they have to find a way to make peace and find solutions that allow coexistence. MDM has evolved to provide some level of containerization to separate the official from personal and the ability to brick a device should it be lost or fail to return on exit. So where is the unfulfilled promise of security and ROI or is it just a favorite flogging horse?
How secure is your cloud solution? Have you had any security certification done for your software? When was the last time penetration test was conducted? What is the uptime offered on your cloud? Clouds are expected to save money; what is the ROI of your solution? The service providers’ reality was that they had to field these questions every day with every customer with every opportunity with everyone they met. It was as if repeating the message would strengthen its value and make it work for the customer and stakeholders.
After all the due diligence and certifications, customers then go on and deploy the solution with limited security governance and vulnerable practices that expose the data. Eventually if and when data leakage does occur, the cloud and/or the solution is deemed immature and not up to the mark. Attempting to create idiot proof solutions with all the checks and balances to protect against human stupidity is the final and ultimate step in ensuring that the solution is secure; and this has remained the goal of every enterprise and the challenge for every provider.
Return on Investment is a different ballgame; value is a function of the frame of reference of the perceiver and nothing to do with reality. For someone a dollar a month per user may be value and for another $10 is not expensive. Can service providers do justice to the wide spectrum of expectations? I am not sure that kind of elasticity exists; volume driven discounts or market entry strategies may offer initially low pricing which is rarely sustainable in the long-term unless the end game is market valuation and not profitability.
At the end of the discussions collective wisdom indicated that alleviating the fear factor will take its time with evolution not being consistent and everyone wanting to reassure themselves of the risk factors. It does not matter how many have taken the leap of faith or how long the solution has been around. Even today there are buyers apprehensive of every decision lest it not work in their unique environment or their inability to leverage the value. I think that the discussion will keep popping up and we will have to reassure a zillion times over.
Why does the team need to travel and spend money? You know well enough that there is pressure on costs and it is imperative that everyone contribute and IT is no exception. I don’t want to hear excuses on why it will not work effectively. Get on to a video conference to understand more about what they have and what they do. Use a bit of technology to get requirements from these markets; there has already been too much travel from other functions. I just came back from a review and we have busted the travel budget.
With this spiel to the CIO and the IT team, the CFO proceeded to travel to four countries to give the message on cutting cost to the country heads. It was not important that he always made up his trips last minute and traveled First Class. It was also not of relevance that just his personal travel budget was higher than the total IT budget for travel. It did not matter if suboptimal solutions were being used by some of the acquired companies and the integration effort had faltered in the absence of travel authorizations to IT.
The company had leapfrogged into the big league with acquisitions in quick succession; after an era of organic growth, the change in pace was exciting. There was a palpable sense of aggression and pride that prevailed internally and also made news thrusting the company to the pages of business magazines and newspapers. At the same time there was a bit of uncertainty on how to work the mechanics of integrating multiple companies simultaneously. As normal, Consultants were hired and teams created to oversee the process.
Business teams created groups of domain experts who traveled to the acquired companies globally to meet their counterparts, understand culture, process and systems used. Teams were mapped and processes reviewed for compliance to standards and regulatory requirements. All this was fed into a structure which captured each and every component of the new company beyond the pre-acquisition due diligence. They followed the best practices laid down by the Big Consulting Company assisting in the integration.
Weeks became months and progress was good though with one glaring gap; IT was nowhere to be seen in the picture. The business teams reached out to the CIO seeking a timeline and calendar that IT would follow in the integration process. The CIO advised them of the incremental data required and promised to have his team reach out to the far side. Quickly it was evident that the gap cannot not be bridged with conference calls and email exchanges. Having executed a couple of integrations, the CIO realized that he was being setup for failure.
The CIO reached out to the business teams with his constrains and sought help which was promptly offered since everyone was now feeling the pinch of un-integrated email systems which bounced messages, lack of information flow and integration between various systems including financial reporting. Some of the functions whose success depended on harmonized IT were happy to sponsor. Despite the urgency, need and demand, ego prevailed and the CFO was unwilling to accede leaving everyone frustrated and wondering.
It was evident that the deadlock would be difficult to break; in the absence of an integrated approach taking off, business leaders attempted to use local solutions. They had to deliver results with synergies and process improvements, and their dependence on IT was critical. Using personal rapport with the CIO they validated some of the local solutions that could be deployed in the short term. Scrounging for budgets they attempted to get these off the ground; talent crunch and missing strong leadership failed to get them going.
Integration review meetings became a war of words with the CFO finding excuses and then blaming the CIO for not effectively managing the effort. Business knew the reality to be otherwise and had reached a situation that they had no recourse but to accept the fact that the new company will remain technology challenged for some time to come. The acquired company’s leadership team too accepted the power play and silently lived in their acceptable level of inefficiency hoping that someday in the future things would change.
What happened to the CIO and the IT team? Well in quick succession many of them found greener pastures outside leaving the CFO to find other scapegoats for his ego while business struggled to stay afloat.