May 17, 2011 3:18 AM
Posted by: Arun Gupta
IT governance and the CIO
, project challenges
, software evaluation
, Vendor sales targets
It was an interesting meeting of a few CIOs with the debate revolving around IT Governance. From all types of models being discussed, the common subject of woes shifted to business intelligence (BI). All the CIOs present had large investments in BI with varied degrees of success, some more than the others. Everyone acknowledged the presence of multiple tools and technologies with no single vendor possessing the ability to address the wide spectrum of needs. It was evident that their respective enterprises had reached a level of maturity in adoption of IT that would be the envy of many companies—large and small.
Later in the evening, as the discussion continued over drinks, with rising ‘spirits’, the voices became louder, the emotions hotter, and the language looser. It so transpired that all of them had a few common service providers and solution vendors; stories exchanged may stay in the room but the lessons may be shared.
Most companies have common groups created with IT and business participants to explore, evaluate, and decide on solutions. These heterogeneous groups are typically led by the CIO or a senior IT leader who orchestrates the process. The process is similar across companies, with one or more of the following steps involving RFI, RFP, Demo/POC, business case, budget approval, negotiation, and commencement of the project. A few vendors in their excitement sometimes try to take shortcuts which almost always result in unpleasantness for everyone.
But the more interesting phenomenon occurs when solutions don’t really meet the functionality requirements by a reasonable margin, but the sales person, in his desire to meet monthly/ quarterly—or whatever—sales target, pushes ahead with the desperation of a man clutching straws to save himself from drowning. Everything then seems possible with a tweak, a small code change, customization, bolt-on systems, or some to be released fix in the next version or patch.
Stick to best practices
The resulting tragedy of errors, omissions, round pegs in square holes and heartburn caused to the IT and business teams is imminently avoidable by following the process the way it should be, the urgency on the part of the sales person and his/ her manager ensuring that targets do not override good business practices. It is not okay to withhold information or bend the process to fit the tools, neither it is acceptable for the CIO to allow leeway in the due diligence process. Even with rigor practiced, it is probable that some critical elements may remain uncovered. The business and IT teams will have to manage such exceptions (not a rule).
The luxury of time always eludes us in such activities; many a time deferred decisions put pressure on delivery of milestones, thereby compromising quality or extended time lines and sliding targets to fix issues that could have been avoided with collaboration from both sides. Good practice is a result of everyone being on the same side of the table; a skillful CIO should and will recognize the body language when the problem is being twisted to fit the solution.
May 10, 2011 7:06 AM
Posted by: Arun Gupta
ERP vendor lock-in
, maintenance contracts
, patch management
, patching software
In a class of MBA students, a discussion around quality frameworks veered towards ERP-class systems and the large amount of effort it takes to keep them running. The number of patches released frequently as well as the overall administration keeps everyone busy and on their toes. Bug fixes, functionality enhancements, and then some more bug fixes are the norm. Comparatively the in-house or bespoke systems are relatively stable and the effort investment is around incremental functionality.
Is it because the development of custom solutions is carried out by IT companies with multiple quality certifications like CMMI and others; or just that the big software vendors providing so called ‘off-the-shelf’ solutions are struggling with factories of programmers that churn code trying to keep the innovation wheel running just to stay in the game. The resultant code is often bug ridden with usability that requires a Ph.D. and a large team to keep it from falling apart.
Despite paying anything between 15-30% of the initial acquisition cost and spending a bomb on implementation with process consultants attempting to fit business to solution to business, it is indeed a wonder that quality remains firmly in the backseat.
The story is no different across the industry. Vendors have started believing that it is their birthright to charge customers exorbitantly as Annual Maintenance Charges so that they can forever keep on downloading patches; they also get to call a helpdesk which will in most cases not solve the problem, which, to begin with, should not have been there. The twist in the story is that now AMC is also indexed to inflation which provides a creeping increase every year with no improvement in the service level.
Why is it that none of the big software vendors ever talk about quality certifications or Six Sigma levels of defects? Do they not believe in churning out quality solutions that will be the biggest differentiator for the customer rather than esoteric functionality that is rarely used; consider the fact that almost every enterprise uses between 5-50% of the functionality, I am sure that customers would gladly shift to solutions which are stable, work as designed and provide updates to functionality collaboratively.
There have been efforts from various CIO and industry groups to rein in the runaway costs of maintaining business as usual of which a large chunk goes towards the AMC and teams managing the big solutions. User Groups have failed to make a dent in the ever increasing charges; it does not matter how big or small you are, neither does it matter if the solution does not work as promised, you got to pay else support will be withdrawn and reinstatement of support is very expensive.
I wonder how many customers will pay for AMC if the solution worked perfectly out of the box and did not have any bugs or required any patches. Maybe, this is a ploy to create solutions that fail on quality tests so that vendors can charge you to just make the system work; after all it is a very large chunk of revenue for these companies. An interesting thought thus emerges, would the CIO pay more if s/he was assured that the software does not require any patches, bug fixes or support? I definitely would!
May 2, 2011 8:28 AM
Posted by: Arun Gupta
managing unstructured data
, networking sites
, online communities
, Social media and the CIO
, social media strategy
In the year 1996, when India just started opening up internet access to its citizens, I happened to join one of the first online CIO communities. It was a small group of about 100, with global representation, and it stayed that way for a long time. The community was promoted by an IT services company who mostly stayed off from influencing any discussion or attempt to sell. The moderators were professional and provoked thought from the community who responded with mirrored passion. With the dotcom boom, the community transferred ownership to an online giant with commercial interests; en mass the CIOs moved on and created their own community that continued to focus on learning.
Recent times have seen an explosion of online communities that are generic, specific, niche, community, profession, or domain based, and a lot of ‘me too’ with hopeful intent to provide many things to members. A few [of them] have become hot properties with stratospheric valuations and a large member-base. Corporates joined in to understand what the communities are saying about them or their competitors; some started targeted messaging with little success. Industries have mushroomed selling strategy, analytics, and a lot more from the mass of posts and unstructured data.
Consolidation is imminent
A shakeout has begun in this space, leaving the individual confused on the choices made; corporate entities are beginning to wonder how to generate revenue from all the investments made in the height of euphoria. Every intervention requires effort and resource commitment to bind the members. Whether you are an individual or an enterprise, how does one decide which community to join?
For individuals, the choice is largely made by following Connectors (Tipping Point, Malcolm Gladwell) within their groups or when friends invite them to join new communities with an expectation to stay in touch, to share knowledge, emotions, or happenings within their friends and family circles, and a lot more. As the numbers start stacking up over a period of time, the activity level falls off from most. The winning communities are the ones that offer a bit of something to everyone, freshness, content, features, etc.
Enterprises have followed the crowd and the hype around the communities with hope of understanding their customers, stakeholders, and influencers who potentially impact business outcomes, even if indirectly. ‘Crowd-sourcing’ and ‘networked innovation’ became the buzz words with significant investments pouring in. The few success stories added fuel to the fire. But a large amount of efforts has not yielded the desired outcome. Even though the starting point for most was Marketing or other functions with no ROI or business case, the online nature of such interactions put the CIO and IT in the middle of the discussion.
A reality check is needed
CIOs have struggled to moderate expectations and make sense of the noise. Combining these with the relatively clean, structured data remains a challenge, though multiple service providers and consultants tout the next level of competitive differentiation. These are early days where a lot of investment is a leap of faith or hit in the dark, until the haze lifts and clarity emerges, the worry for the enterprise is not to be left behind in the race to the unknown.
As for me, accepting every new invite that comes my way, I think, I will pass them for now and stick to a couple of them that offer me personal and professional connectivity. The direction for enterprise and peers remains: “keep a watch on the horizon, stay invested, but be focused on what matters.”
April 26, 2011 5:08 AM
Posted by: Arun Gupta
, CIO and agile security
, information security
, mobile explosion
, mobile security
Not too long ago, IT departments faced the challenge of integrating a new consumer device into the corporate infrastructure; this was the iPad which took the fancy of every CXO and techno-affiliate with its cool factor. It did not matter that the tablet was another appendage to do everything that the earlier devices did well enough while ensuring that the information assets of the company stayed protected from nefarious elements. The tablet toting executive would simply declare: “I want it; security is for you to go [and] figure [out].”
The starting point though, was the iPhone, which was contained to some extent. The tablet was something different; it was a wave that swept away all opposition. Developers mushroomed all over, creating applications to do everything that mattered, and some that did not. IT had no clue what kind of vulnerabilities these apps created or introduced on the device. Faith in mankind was one of the strategies promoted by many to allow the devices to connect.
Compliance vs. convenience
In another part of the world, employees went up in arms against the corporate-issued compute devices—laptops and desktops—citing their home computers’ superiority over the standardized and locked corporate devices. Thus started a trend that is gaining momentum now: BYOD or Bring Your Own Device. BYOD frees up financial resources for companies, it can even free up the support costs if the employee fends for herself. And there are no hassles of managing the refresh.
But what about information on the device? Confidentiality or sensitivity of information, especially when the employee leaves?
Now extend the same to the mobile, which is a lot more like a consumable, gets changed every year on an average (and in some cases, even faster). With the category evolving, this multi-polar, multi-version world of IOS, Android, Symbian, Blackberry, and Windows has brought in unique challenges that are getting out of hand for CIOs.
In a world where every corporate employee expects all kinds of information on her fingertips (read, mobile device), the security framework looks worse than a coarse sieve.
Mobile device security
Mobile device security is an evolving subject; vulnerabilities on the mobile are being discovered every day and they are attaining critical proportions with multiple applications vying for users’ attention. In a 24X7 world, the definition of acceptable risk has changed. CIOs are expected to create visibility of the potential compromises and keep the critical information assets secure at all times. The change in the security stance, thus, creates new challenges and opportunities, requiring higher agility to respond.
Abstraction of applications and information layers from the device is one of the strategies that helps and many frameworks are emerging in this space. The only thing that a CIO can do is to keep abreast of these developments and experiment before business forces change.
It’s expected that the dependence on the big computer (including laptops) will dramatically reduce in another couple of years. The CXO will carry a few devices—personal, corporate, and function-specific—and all these devices will require management and access to corporate information assets.
Start preparing now!
April 19, 2011 5:06 AM
Posted by: Arun Gupta
, CIO and IT policies
, work life balance
A CEO, in a heated debate, asks a question to one of the CXOs; the poor phone tapping guy has no clue what the discussion is all about. Confused in his reality, he blurts the words out that are on his top of the mind recall about his interaction with his girlfriend. Everyone on the table smirks, but the CEO accepts whatever nonsense comes out.
“Go ahead, mix your worlds,” proudly says an advertisement by a mobile service provider, justifying the jumbling up of internet social media world and the workplace.
Disappearance of personal space, time
Ever since the time of portable computers to the current paradigm of everything on the handheld device, be it mobile, tablet or the laptop, work transgressed the boundaries of what was earlier a 9 to 5 or whatever hours people worked. The dividing line between what was referred to as work and life has disappeared.
It is normal to expect a response to a mail 24X7 and many obliged. In an interconnected world, with business being conducted across time zones, this became a way of life. Umpteen cases have reflected the damage this phenomena causes to friends, family, and the individual.
As we grew up through school, there was a sense of relief that there will be no homework when we start attending a job in an enterprise. The irony of the situation is that work has expanded to fill all the time beyond the cubicle or cabin reaching the bedroom, thus permeating every nook and corner of life, threatening to follow like the shadow.
A state of imbalance
So a debate on work-life balance is an exercise in intellectual stimulation; the reality for most executives is that balance is a utopian state never to be reached, with the swing all the way towards work. So if work activities are standard fare, why not allow the life to creep into the workplace?
Why do organizations abhor the thought of employees occasionally checking personal email or posting a few updates on social or micro-blog sites but expect them to work on the presentation or spread sheet while traveling or in their homes? Security is one of the justifications and then corporate data travels all over the world. Consultants will tout productivity loss due to distractions not recognizing the gains in after office hours.
This is more so now with the IT function with networks, ERP systems, messaging and collaboration, you name it, is buzzing with activity through the day and night. Downtime, what’s that? And then, the scheduled downtime shifts again and again until the breakpoint is imminent. CIOs struggle to retain teams engaged in keeping these aspects running. Weekends, holidays, vacations belong to an era gone by; the executive is now chained on a Wi-Fi, GPRS, or 3G network which cannot be unshackled.
Role of IT policies
IT and work policies straightjacket the behavior on premise and often off premises too when using corporate assets like the laptop, smartphone or others. We all accept using these as a way of life. Progressive organizations have taken a lenient view of some digression; as of date, they are the exceptions. I believe that productivity will be higher when knowledge workers have the flexibility to escape a few times. Unfortunately, there are no empirical data or solutions to validate this. Contradictory claims make such decisions difficult while burnouts continue. Incidences of fatality are getting younger with stress induced by work pressures and lifestyles that may get promotions, but what is a promotion worth when you are dead?
I don’t know what can help alleviate the issue; unless life is allowed to creep into the work hours.
P.S. I wrote this past the midnight hour on Saturday.
April 12, 2011 2:20 AM
Posted by: Arun Gupta
, consumerization of IT
, IT governance
, micro-apps in the enterprise
, mobile explosion
, Shadow IT
If you have looked for an app on Apple’s App Store, I am sure you have faced a Google search kind of frustration with hundreds of applications purporting to do the same stuff, one better than the other, or many times just a ‘me too’. So some of us end up downloading more than one to try and then decide which one is better; many a time we don’t end up discarding the others. Check around with friends who would have downloaded, say, an ‘Alarm Clock’, and it is quite likely you will find that their app is different. You may be tempted to download that one too, just to try!
The problem of plenty
I met a CIO who was showing his angst on the fact that there were more than a dozen applications within his enterprise for travel approvals. While some were a result of ‘forgotten’ acquisition synergies, the others were created by Shadow IT for departments to address short term need. These sustained themselves even after the corporate version was deployed. And now to top it all, almost all of them had mobile versions for different mobile devices thereby multiplying the number of micro-apps that were floating around.
The resulting collection of travel approval micro-apps exceeded a number that crossed the tipping point for the CIO. There was an uneasy silence on the table as she described the chaos and now the support expectations when some of them failed to work with the clamp down or rationalization of applications. Sympathetic nods followed as new governance processes were discussed and general agreement that the actions taken were fair.
Most of the micro-apps on the App Store are written by enthusiasts and programmers wanting to showcase their prowess. They test the waters with free apps, and then add features and a tiny charge. Some start-up companies too indulged in similar bunch of apps on the store getting a few hits and lots of misses. How did this suddenly become an industry with 10 billion downloads in such a short span? Because you can!
Challenges for the CIO
The simplicity and ability to create such apps is, I guess, one of the reasons that contributed to this explosion. Consumerization of the hand held device has given rise to the opportunity that had to be capitalized upon. The slowdown/ recession encouraged the blurring of the lines between work and life, while everyone wallowed in the need to stay connected 24X7. The pressure is now on the CIO to stay ahead of the game and deploy even more processes that can be accessed on the mobile. Even if you have already formulated a mobility strategy, review it frequently to stay on top of the situation.
But what about the increasing number of micro-apps that are being downloaded, sanctioned or otherwise? No one knows what kind of vulnerabilities they create; what will they lead to in the future? Are they the future support nightmare? Only time will tell; until then, tread cautiously, create the micro-apps required, test the ones you may want to endorse from the store, and pray!
April 5, 2011 5:22 AM
Posted by: Arun Gupta
, Team management
, Team management and the CIO
An intense debate was on, on how we ensure team alignment across the different organizational units that form a work group within an enterprise. As the discussion moved towards pinning responsibility (read blame) when things go wrong, there was a palpable sense of unease across the group; specifically the team that manages the vendor relationships and is expected to deliver and monitor the service.
The discussion had started when one of the stakeholders had raised the issue of inter-dependency across other teams and his ability to influence how the team is rated during the review and appraisal. It is true that all of us are no longer islands with any connection to others. We use services from within and outside and similarly provide it directly or indirectly to internal and external customers. The work, subdivided into interrelated tasks, when performed in unison, leads to a positive outcome (in most cases).
Stop the blame game
Adversarial attitude is the outcome when we are not satisfied with the result or our perception of the effort put in by others. The conventional solution is to create service level agreements (SLAs) and cross-linked KRAs (key result areas).
Review meetings are often heated while everyone trying to pin the ‘blame’ on the other. Such meetings are rarely productive and highlight the gap resulting in the ‘you’ versus ‘us’ stance.
Even this meeting, as cited above, was headed for a showdown that would have been messy for everyone with skeletons tumbling out of the proverbial closet. An eye opener remark from one of the participants got everyone hushed and staring at the person who uttered those words: “But aren’t we all on the same side of the table?”
Could anyone have disagreed to such a profound insight? Being speechless, everyone exchanged glances, feeling generally uncomfortable, without acknowledging the cause.
Work towards a common objective
The acknowledgment of the fact that we all are working towards the same objective is a starting point not just for any collaborative endeavor, but for teams within the organization. Everyone contributes and brings a skill to the table that matters, even if in a small way. When we are in a challenged situation, we know that the best recovery strategy is to help the other overcome the challenge and not berate the lack of skill or achievement.
Great teamwork is always a result of shared goal and common objective; the acknowledgment of complementary skills within the team provides a framework that nurtures healthy collaboration and focus on what matters, i.e. the result, without compromising the quality of team spirit. Keeping this as the foundation of review helps ensure better outcomes. It is indeed difficult to sustain such a mindset when one is at the receiving end.
The hierarchical leader of the team, the CIO in this case, has to play the role of setting expectations and resolve confrontations and conflict which will always be there. The matrix organizations of today are necessary; we have to learn to live in the rain.
March 29, 2011 10:08 AM
Posted by: Arun Gupta
CIO and SLA
, managing vendors
, Outsourcing effectiveness
, Service Level Agreements
I recently had a discussion with one of the respected global company that specializes in providing consulting around outsourcing and managing service level agreements (SLAs). My friend on the other side of the phone passionately tried to convince me why it is important to create SLAs that can tie down every aspect of the service that the outsourced service provider will deliver now or in the future. He cited many examples of how his company helped many customers ‘win’.
In another setting, a debate was set off between CIOs on how they ensure that their service providers deliver what they promise consistently that meets the promise to the business. For more than a year, one of them has been unsuccessfully trying to get a bunch of vendors to come to the table for a discussion on creating effective SLAs. Not that the vendors are shy of the subject but collectively at the same table with multiple CIOs is not a viable proposition.
Why SLAs fail
Service levels matter to everyone, the customer, the provider and the end consumer of the customer; I do not believe that deficiency of service is due to willful behavior or mal-intent. The exception to this may be in monopolistic scenarios where no incentive exists. When it is relatively easy to switch services or move business to competition, efforts are indeed put in by the provider, the end results may however not be aligned to expectations.
The reasons why SLAs fail could be many, ranging from ambiguous definition of service, staff involved in execution not being aware of quality of service expected, lack of skills on the ground, unrealistic expectations, or force majeure conditions, to name a few. Irrespective of the reasons, when things do go wrong, contracts come out of the closet again to review the penalties that can be levied or avoided depending on the frame of reference.
My belief is that ‘if-then’ motivation will not deliver world class service; i.e. if SLA is met you get paid, if you better the SLA, you collect a bonus, whereas if the SLA is breached, there is a penalty.
Placing the business impact first
SLAs are typically calculated on statistical data which fails to recognize business impact when the service is deficient. Creating complex SLAs that factor in all types of exception conditions makes it readable and enforceable only by lawyers and not CIOs.
An SLA should illustrate the intent of partnership between the two (or more) parties. Incremental innovation or improvements are expected as much as occasional failures that could be for any of the reasons listed above. Both parties need to work together towards ensuring that they understand the root causes and work towards prevention of repeated adverse impact.
Unfortunately, such behavior is rarely seen and everyone invests significant resources towards the scripting of a document that covers all bases. End result is that the parties involved split hairs with irrational discussions thereby leaving the spirit of partnership aside. Most successful relationships are based on simple few page documents that capture the intent with the managements investing time in frequent reviews not just when things go wrong, but when they are working too.
Over the years it has been a difficult journey on this path, but it has been worth the effort. The big companies (customer as well as provider) have however yet to learn.
March 22, 2011 2:37 AM
Posted by: Arun Gupta
Award winning vendors
, customer references
, IT industry awards
, selecting technology
, Selling to the CIO
I had the privileged invite to judge ICT vendors; from a respected enterprise that gives away awards every year. This was their first attempt to form a jury to decide the awards. Earlier years the awards were decided based on size, growth, market share, and in some cases new innovations added during the previous year.
The number of award categories had grown over the years from a handful to more than double score. Thus multiple juries consisting of senior CIOs were appointed and the task was split.
Absence of customer-inputs
We got started with the understanding of categories we were to judge and the time allocated for discussions of each award. Everyone agreed and we jumped onto the first category. The nominated and shortlisted names were not a surprise.
But as we started to scratch the surface, the question came up “where is the customer dimension? How can we assess the relative merits of performance without the voice of customer?” It was evident and confirmed that over the years there was no thought given to this aspect in deciding the winner. The sound logic stated that size and/or growth demonstrate customer confidence.
The jury did not bite that. Sometimes size is a function of regulatory play, incumbency factor or better marketing machinery. Progressing through the categories, the debates took many hues; at times the shortlisted vendors were not perceived to be market leaders or worthy of an award.
In some the selection criteria of the nominations made it appear that the award was pre-decided; the deliberations had the jury wondering if these were sponsored awards being played out to gain respectability.
Truth Vs. marketing babble
Not too long ago a CIO had used social media to highlight the farce behind one of the industry awards for CIOs. In the world of scams, anything is possible. Over lunch the discussion did veer to this doubt. We were animatedly appeased by the organizers that such was not the case. They acknowledged the shortfall in data and that some criteria needed amends.
CIOs listening to vendor pitches and presentations tend to believe awards cited by the vendor. They purportedly validate the technology, solution, or service as it is assumed that experts indeed evaluated objectively across formal KPIs that matter. A few dazzling awards may appear alien but are rarely challenged. If an exotic niche publication conferred the award, so be it. Micro-segmentation works to serve a purpose. Ho hum!
Importance of being prudent
Sticking to what matters to the business is always a good starting point while selecting any vendor. The other important factors include, and not limited to, cultural alignment, success in solving similar problems, industry/ domain focus, long-term development strategy, apart from size, growth, and the awards they have accumulated.
If you are an early adopter of technology, seek safeguard that shares the risk/ reward. For others, nothing works better than peer reference, i.e. talking to existing customers.
Back to the awards, we the jury were aghast at the invisible customer angle. The high point of the day spent was a category that was denied an award in the context presented and one that got away was a lone nomination to a category that at best had a start-up as a challenger.
So next time a vendor puts up a slide or gives you a brochure with glitzy photos of awards, acknowledge them, but do remember to exercise your right to references with or without the help from the vendor.