The beginning of the monsoon season in Mumbai inspired me to push the boundaries again in quest of the silver lining in the cloud. Recent events around outages and security across multiple global cloud pioneers poses doubts on the movement of even non-mission critical applications outside of the corporate data centers. We are not just talking about infrastructure or platform as a service, but everything that is the manifestation of the public cloud.
Evolution of cloud
Over the last couple of years, every offering saw two shifts: first it had to have a cloud flavor and second around social networking (that is another story). Some termed this new euphoria as bubble 2.0 tinted by valuations achieved in recent IPOs. So everyone justified how this time it is different and why it is sustainable. Many large and small enterprises found efficiencies, at least short term, in shifting field functions like sales and service and collaboration on the move to the cloud.
Leaving aside the debate between public, hybrid, and private clouds, the real issue is about the promise of the cloud, irrespective of the vendor, the type of cloud offering, or the engagement model. The big benefit that every type of cloud offered was savings, real quantifiable savings, or better, total cost of ownership. CFOs would agree that TCO is always a good measure for any financial model if all other dimensions remain unchanged.
Cloud service providers’ financial models are contingent on multiple customers adopting their base-solutions which give them the efficiency of scale and repeatability. As the number increases beyond a threshold, they start making money. Non-concurrency improves yields, but prices remain the same for customers. So the financial models attempted to capture some efficiency-based gains, making them look attractive to the prospects.
A few unanswered questions
Most discussions got off to a good start with worksheets providing easy decisions. The newness of the paradigm left some questions unanswered, but during the slowdown, these were brushed aside. Some of these were:
a) What happens if the SLA is not met?
b) Is my data as secure as it is in my current state?
c) Can I move off to another cloud if I don’t like something? How easy is the transition going to be?
d) As I upgrade the internal systems, how do I ensure that their integration with the external systems does not break?
e) What recourse do I have if the cloud service provider goes bust?
I will stop here, the list is a bit longer, but you get the point.
Business impact due to recent outages and security breaches for some of the smaller customers was significant. Some of them just had to wait and watch with no option. A few had spread the risk across, and thus, the impact was limited. The big enterprises shrugged and moved on. How does one balance the adverse business impact against the cost savings? To me this is a bad compromise as everything is subservient to business interest.
Earlier this month I was confronted by a peculiar but innocent question from a young professional: “Do CIOs take real vacations, I mean, real long vacations with friends and family, free from all the worries of workplace and fighting fires that keep them at work beyond the normal hours?”
I began to wonder about the question. The more I thought about it, the more it troubled me; I mean, vacations without my email, phone, laptop, no connectivity; that was eons ago.
Today every executive, irrespective of hierarchy, is consumed by the need to stay connected with the workplace. Downloaded information and alerts keep the buzz going 24X7. Approvals via phone, business intelligence on the fly, are the norm; one cannot ever claim: “I was not informed” or “I did not have access to information”. To add to the clutter, friends and partners want to stay connected using various social networks.
So what is the vacation about? Working on the road with interruptions on the phone, balancing the laptop in between site-seeing trips, late night responses to emails with long attachments, talking to a vendor while soaking into the natural beauty staring in the face? For most of us who travel across time zones, the first reflex is to reach out to the phone to see what came through while we caught up with the forty winks.
What does it take to sell the Ferrari and become a monk who has no links with what we call ‘work’, while immersing into ‘life’. Is that a possibility in the hyper-connected, fast paced activity-conundrum? We CIOs created this paradigm for our enterprises to which every corporate employee is a willing slave.
Imagine if we did not answer the phone (may make us appear rude), stopped responding to emails and had an active ‘Out of Office’ message, let team fight the fires that make up a regular day at work; would it make a stress free day? Nine out of 10 times, people would say, ‘yes’, but nine out of 10 times they will suffer higher stress levels, wondering about what is, indeed, happening.
So is there a way out? I would hazard to say, ‘yes’. And it requires excruciating will power to execute; go at it one hour at a time. That is like taking baby steps and setting a realistic target because stating that I will not look at that device called the phone for a week is unlikely to happen. Feeling awkward, I called many CIO friends who took vacations recently and asked them if they did what I have outlined above. No prizes for the result of the survey.
I think Bob Dylan had seen the future when he wrote in the year I was born: “The answer my friend…”
Guess what, next vacation I am going to try it. (It’s always the next one, isn’t it?)
Once upon a time, many moons back, the IT industry discovered multi-shore sourcing, I use this term to encompass all types of (out)sourcing initiatives, and with that came long-term contracts; 10 years was normal, and five years was seen as short-term. A lot of these that termed themselves as Strategic Sourcing also built in innovation, new technology, business process linked contracts with broad intent on changing market and business dynamics.
The fever spread across the globe and no markets or sectors remained untouched. Big or small, almost every company was expected to embrace this new wave. The euphoria within the enterprise as well as IT companies was such that companies that did not enter into such arrangements were seen as stakeholder-unfriendly or just plain dumb for not acquiring the obvious value.
As the years passed by, many companies reported rumblings of discomfort and missed expectations. Analysis appeared to indicate specific issues with companies and individuals for not putting in their best effort, safeguarding the model with zeal, lest the industry collapse with an unsustainable framework if there were indeed cracks in the carefully crafted contracts, service level agreements and reference architecture that represented the blueprint for the future. Business, profitability, political and other pressures forced reviews and scale down.
Downside of long term contracts
Prudent and rigorous reviews also exposed that long-term contracts had advantages of consistency and predictability, but lost on taking advantage of swings in the IT industry as well as did not bring in the level of efficiency or capitalization of quick market trends requiring agility that was possible with short-term relationships or with the ability to review and recast the terms of engagement, say, every alternate year. This was reflected in the drying up of the decade-long deeds and most engagements focused on a 3-5 year term. Maybe, ‘familiarity breeds complacence’ also took root; with both parties, in most cases, working hard to keep the marriage going.
There is no implication that these did not deliver to promise; some of them did and continue to do extremely well; some required significant investments in governance. Leaving aside labor arbitrage, the value captured did stretch the boundaries of discussion and measurement models.
Sustenance of outsourcing
New models now seem to be emerging with a focus on outcome-based payment schedules and collaborative investments in new technology exploration. But the basic framework has survived the troughs and waves of the economy and the resultant impact. The challenge of growth (manpower retention) has mutated the needs and solutions into new forms with service providers hungry to get back to growth of the past, but discarding the learning of unsustainable linear growth assumptions.
Outsourced contracts or strategic sourcing contracts will thus become expensive and non-tenable with linear growth not aligned to market/ business or the (in)ability to manage sudden shocks or black swans that keep coming back to surprise us. Periodic review of terms of engagement, even if they imply disruption, is the need of the hour; the IT industry, however, is not very excited.
It was an interesting meeting of a few CIOs with the debate revolving around IT Governance. From all types of models being discussed, the common subject of woes shifted to business intelligence (BI). All the CIOs present had large investments in BI with varied degrees of success, some more than the others. Everyone acknowledged the presence of multiple tools and technologies with no single vendor possessing the ability to address the wide spectrum of needs. It was evident that their respective enterprises had reached a level of maturity in adoption of IT that would be the envy of many companies—large and small.
Later in the evening, as the discussion continued over drinks, with rising ‘spirits’, the voices became louder, the emotions hotter, and the language looser. It so transpired that all of them had a few common service providers and solution vendors; stories exchanged may stay in the room but the lessons may be shared.
Most companies have common groups created with IT and business participants to explore, evaluate, and decide on solutions. These heterogeneous groups are typically led by the CIO or a senior IT leader who orchestrates the process. The process is similar across companies, with one or more of the following steps involving RFI, RFP, Demo/POC, business case, budget approval, negotiation, and commencement of the project. A few vendors in their excitement sometimes try to take shortcuts which almost always result in unpleasantness for everyone.
But the more interesting phenomenon occurs when solutions don’t really meet the functionality requirements by a reasonable margin, but the sales person, in his desire to meet monthly/ quarterly—or whatever—sales target, pushes ahead with the desperation of a man clutching straws to save himself from drowning. Everything then seems possible with a tweak, a small code change, customization, bolt-on systems, or some to be released fix in the next version or patch.
Stick to best practices
The resulting tragedy of errors, omissions, round pegs in square holes and heartburn caused to the IT and business teams is imminently avoidable by following the process the way it should be, the urgency on the part of the sales person and his/ her manager ensuring that targets do not override good business practices. It is not okay to withhold information or bend the process to fit the tools, neither it is acceptable for the CIO to allow leeway in the due diligence process. Even with rigor practiced, it is probable that some critical elements may remain uncovered. The business and IT teams will have to manage such exceptions (not a rule).
The luxury of time always eludes us in such activities; many a time deferred decisions put pressure on delivery of milestones, thereby compromising quality or extended time lines and sliding targets to fix issues that could have been avoided with collaboration from both sides. Good practice is a result of everyone being on the same side of the table; a skillful CIO should and will recognize the body language when the problem is being twisted to fit the solution.
In a class of MBA students, a discussion around quality frameworks veered towards ERP-class systems and the large amount of effort it takes to keep them running. The number of patches released frequently as well as the overall administration keeps everyone busy and on their toes. Bug fixes, functionality enhancements, and then some more bug fixes are the norm. Comparatively the in-house or bespoke systems are relatively stable and the effort investment is around incremental functionality.
Is it because the development of custom solutions is carried out by IT companies with multiple quality certifications like CMMI and others; or just that the big software vendors providing so called ‘off-the-shelf’ solutions are struggling with factories of programmers that churn code trying to keep the innovation wheel running just to stay in the game. The resultant code is often bug ridden with usability that requires a Ph.D. and a large team to keep it from falling apart.
Despite paying anything between 15-30% of the initial acquisition cost and spending a bomb on implementation with process consultants attempting to fit business to solution to business, it is indeed a wonder that quality remains firmly in the backseat.
The story is no different across the industry. Vendors have started believing that it is their birthright to charge customers exorbitantly as Annual Maintenance Charges so that they can forever keep on downloading patches; they also get to call a helpdesk which will in most cases not solve the problem, which, to begin with, should not have been there. The twist in the story is that now AMC is also indexed to inflation which provides a creeping increase every year with no improvement in the service level.
Why is it that none of the big software vendors ever talk about quality certifications or Six Sigma levels of defects? Do they not believe in churning out quality solutions that will be the biggest differentiator for the customer rather than esoteric functionality that is rarely used; consider the fact that almost every enterprise uses between 5-50% of the functionality, I am sure that customers would gladly shift to solutions which are stable, work as designed and provide updates to functionality collaboratively.
There have been efforts from various CIO and industry groups to rein in the runaway costs of maintaining business as usual of which a large chunk goes towards the AMC and teams managing the big solutions. User Groups have failed to make a dent in the ever increasing charges; it does not matter how big or small you are, neither does it matter if the solution does not work as promised, you got to pay else support will be withdrawn and reinstatement of support is very expensive.
I wonder how many customers will pay for AMC if the solution worked perfectly out of the box and did not have any bugs or required any patches. Maybe, this is a ploy to create solutions that fail on quality tests so that vendors can charge you to just make the system work; after all it is a very large chunk of revenue for these companies. An interesting thought thus emerges, would the CIO pay more if s/he was assured that the software does not require any patches, bug fixes or support? I definitely would!
In the year 1996, when India just started opening up internet access to its citizens, I happened to join one of the first online CIO communities. It was a small group of about 100, with global representation, and it stayed that way for a long time. The community was promoted by an IT services company who mostly stayed off from influencing any discussion or attempt to sell. The moderators were professional and provoked thought from the community who responded with mirrored passion. With the dotcom boom, the community transferred ownership to an online giant with commercial interests; en mass the CIOs moved on and created their own community that continued to focus on learning.
Recent times have seen an explosion of online communities that are generic, specific, niche, community, profession, or domain based, and a lot of ‘me too’ with hopeful intent to provide many things to members. A few [of them] have become hot properties with stratospheric valuations and a large member-base. Corporates joined in to understand what the communities are saying about them or their competitors; some started targeted messaging with little success. Industries have mushroomed selling strategy, analytics, and a lot more from the mass of posts and unstructured data.
Consolidation is imminent
A shakeout has begun in this space, leaving the individual confused on the choices made; corporate entities are beginning to wonder how to generate revenue from all the investments made in the height of euphoria. Every intervention requires effort and resource commitment to bind the members. Whether you are an individual or an enterprise, how does one decide which community to join?
For individuals, the choice is largely made by following Connectors (Tipping Point, Malcolm Gladwell) within their groups or when friends invite them to join new communities with an expectation to stay in touch, to share knowledge, emotions, or happenings within their friends and family circles, and a lot more. As the numbers start stacking up over a period of time, the activity level falls off from most. The winning communities are the ones that offer a bit of something to everyone, freshness, content, features, etc.
Enterprises have followed the crowd and the hype around the communities with hope of understanding their customers, stakeholders, and influencers who potentially impact business outcomes, even if indirectly. ‘Crowd-sourcing’ and ‘networked innovation’ became the buzz words with significant investments pouring in. The few success stories added fuel to the fire. But a large amount of efforts has not yielded the desired outcome. Even though the starting point for most was Marketing or other functions with no ROI or business case, the online nature of such interactions put the CIO and IT in the middle of the discussion.
A reality check is needed
CIOs have struggled to moderate expectations and make sense of the noise. Combining these with the relatively clean, structured data remains a challenge, though multiple service providers and consultants tout the next level of competitive differentiation. These are early days where a lot of investment is a leap of faith or hit in the dark, until the haze lifts and clarity emerges, the worry for the enterprise is not to be left behind in the race to the unknown.
As for me, accepting every new invite that comes my way, I think, I will pass them for now and stick to a couple of them that offer me personal and professional connectivity. The direction for enterprise and peers remains: “keep a watch on the horizon, stay invested, but be focused on what matters.”
Not too long ago, IT departments faced the challenge of integrating a new consumer device into the corporate infrastructure; this was the iPad which took the fancy of every CXO and techno-affiliate with its cool factor. It did not matter that the tablet was another appendage to do everything that the earlier devices did well enough while ensuring that the information assets of the company stayed protected from nefarious elements. The tablet toting executive would simply declare: “I want it; security is for you to go [and] figure [out].”
The starting point though, was the iPhone, which was contained to some extent. The tablet was something different; it was a wave that swept away all opposition. Developers mushroomed all over, creating applications to do everything that mattered, and some that did not. IT had no clue what kind of vulnerabilities these apps created or introduced on the device. Faith in mankind was one of the strategies promoted by many to allow the devices to connect.
Compliance vs. convenience
In another part of the world, employees went up in arms against the corporate-issued compute devices—laptops and desktops—citing their home computers’ superiority over the standardized and locked corporate devices. Thus started a trend that is gaining momentum now: BYOD or Bring Your Own Device. BYOD frees up financial resources for companies, it can even free up the support costs if the employee fends for herself. And there are no hassles of managing the refresh.
But what about information on the device? Confidentiality or sensitivity of information, especially when the employee leaves?
Now extend the same to the mobile, which is a lot more like a consumable, gets changed every year on an average (and in some cases, even faster). With the category evolving, this multi-polar, multi-version world of IOS, Android, Symbian, Blackberry, and Windows has brought in unique challenges that are getting out of hand for CIOs.
In a world where every corporate employee expects all kinds of information on her fingertips (read, mobile device), the security framework looks worse than a coarse sieve.
Mobile device security
Mobile device security is an evolving subject; vulnerabilities on the mobile are being discovered every day and they are attaining critical proportions with multiple applications vying for users’ attention. In a 24X7 world, the definition of acceptable risk has changed. CIOs are expected to create visibility of the potential compromises and keep the critical information assets secure at all times. The change in the security stance, thus, creates new challenges and opportunities, requiring higher agility to respond.
Abstraction of applications and information layers from the device is one of the strategies that helps and many frameworks are emerging in this space. The only thing that a CIO can do is to keep abreast of these developments and experiment before business forces change.
It’s expected that the dependence on the big computer (including laptops) will dramatically reduce in another couple of years. The CXO will carry a few devices—personal, corporate, and function-specific—and all these devices will require management and access to corporate information assets.
Start preparing now!
A CEO, in a heated debate, asks a question to one of the CXOs; the poor phone tapping guy has no clue what the discussion is all about. Confused in his reality, he blurts the words out that are on his top of the mind recall about his interaction with his girlfriend. Everyone on the table smirks, but the CEO accepts whatever nonsense comes out.
“Go ahead, mix your worlds,” proudly says an advertisement by a mobile service provider, justifying the jumbling up of internet social media world and the workplace.
Disappearance of personal space, time
Ever since the time of portable computers to the current paradigm of everything on the handheld device, be it mobile, tablet or the laptop, work transgressed the boundaries of what was earlier a 9 to 5 or whatever hours people worked. The dividing line between what was referred to as work and life has disappeared.
It is normal to expect a response to a mail 24X7 and many obliged. In an interconnected world, with business being conducted across time zones, this became a way of life. Umpteen cases have reflected the damage this phenomena causes to friends, family, and the individual.
As we grew up through school, there was a sense of relief that there will be no homework when we start attending a job in an enterprise. The irony of the situation is that work has expanded to fill all the time beyond the cubicle or cabin reaching the bedroom, thus permeating every nook and corner of life, threatening to follow like the shadow.
A state of imbalance
So a debate on work-life balance is an exercise in intellectual stimulation; the reality for most executives is that balance is a utopian state never to be reached, with the swing all the way towards work. So if work activities are standard fare, why not allow the life to creep into the workplace?
Why do organizations abhor the thought of employees occasionally checking personal email or posting a few updates on social or micro-blog sites but expect them to work on the presentation or spread sheet while traveling or in their homes? Security is one of the justifications and then corporate data travels all over the world. Consultants will tout productivity loss due to distractions not recognizing the gains in after office hours.
This is more so now with the IT function with networks, ERP systems, messaging and collaboration, you name it, is buzzing with activity through the day and night. Downtime, what’s that? And then, the scheduled downtime shifts again and again until the breakpoint is imminent. CIOs struggle to retain teams engaged in keeping these aspects running. Weekends, holidays, vacations belong to an era gone by; the executive is now chained on a Wi-Fi, GPRS, or 3G network which cannot be unshackled.
Role of IT policies
IT and work policies straightjacket the behavior on premise and often off premises too when using corporate assets like the laptop, smartphone or others. We all accept using these as a way of life. Progressive organizations have taken a lenient view of some digression; as of date, they are the exceptions. I believe that productivity will be higher when knowledge workers have the flexibility to escape a few times. Unfortunately, there are no empirical data or solutions to validate this. Contradictory claims make such decisions difficult while burnouts continue. Incidences of fatality are getting younger with stress induced by work pressures and lifestyles that may get promotions, but what is a promotion worth when you are dead?
I don’t know what can help alleviate the issue; unless life is allowed to creep into the work hours.
P.S. I wrote this past the midnight hour on Saturday.
If you have looked for an app on Apple’s App Store, I am sure you have faced a Google search kind of frustration with hundreds of applications purporting to do the same stuff, one better than the other, or many times just a ‘me too’. So some of us end up downloading more than one to try and then decide which one is better; many a time we don’t end up discarding the others. Check around with friends who would have downloaded, say, an ‘Alarm Clock’, and it is quite likely you will find that their app is different. You may be tempted to download that one too, just to try!
The problem of plenty
I met a CIO who was showing his angst on the fact that there were more than a dozen applications within his enterprise for travel approvals. While some were a result of ‘forgotten’ acquisition synergies, the others were created by Shadow IT for departments to address short term need. These sustained themselves even after the corporate version was deployed. And now to top it all, almost all of them had mobile versions for different mobile devices thereby multiplying the number of micro-apps that were floating around.
The resulting collection of travel approval micro-apps exceeded a number that crossed the tipping point for the CIO. There was an uneasy silence on the table as she described the chaos and now the support expectations when some of them failed to work with the clamp down or rationalization of applications. Sympathetic nods followed as new governance processes were discussed and general agreement that the actions taken were fair.
Most of the micro-apps on the App Store are written by enthusiasts and programmers wanting to showcase their prowess. They test the waters with free apps, and then add features and a tiny charge. Some start-up companies too indulged in similar bunch of apps on the store getting a few hits and lots of misses. How did this suddenly become an industry with 10 billion downloads in such a short span? Because you can!
Challenges for the CIO
The simplicity and ability to create such apps is, I guess, one of the reasons that contributed to this explosion. Consumerization of the hand held device has given rise to the opportunity that had to be capitalized upon. The slowdown/ recession encouraged the blurring of the lines between work and life, while everyone wallowed in the need to stay connected 24X7. The pressure is now on the CIO to stay ahead of the game and deploy even more processes that can be accessed on the mobile. Even if you have already formulated a mobility strategy, review it frequently to stay on top of the situation.
But what about the increasing number of micro-apps that are being downloaded, sanctioned or otherwise? No one knows what kind of vulnerabilities they create; what will they lead to in the future? Are they the future support nightmare? Only time will tell; until then, tread cautiously, create the micro-apps required, test the ones you may want to endorse from the store, and pray!
An intense debate was on, on how we ensure team alignment across the different organizational units that form a work group within an enterprise. As the discussion moved towards pinning responsibility (read blame) when things go wrong, there was a palpable sense of unease across the group; specifically the team that manages the vendor relationships and is expected to deliver and monitor the service.
The discussion had started when one of the stakeholders had raised the issue of inter-dependency across other teams and his ability to influence how the team is rated during the review and appraisal. It is true that all of us are no longer islands with any connection to others. We use services from within and outside and similarly provide it directly or indirectly to internal and external customers. The work, subdivided into interrelated tasks, when performed in unison, leads to a positive outcome (in most cases).
Stop the blame game
Adversarial attitude is the outcome when we are not satisfied with the result or our perception of the effort put in by others. The conventional solution is to create service level agreements (SLAs) and cross-linked KRAs (key result areas).
Review meetings are often heated while everyone trying to pin the ‘blame’ on the other. Such meetings are rarely productive and highlight the gap resulting in the ‘you’ versus ‘us’ stance.
Even this meeting, as cited above, was headed for a showdown that would have been messy for everyone with skeletons tumbling out of the proverbial closet. An eye opener remark from one of the participants got everyone hushed and staring at the person who uttered those words: “But aren’t we all on the same side of the table?”
Could anyone have disagreed to such a profound insight? Being speechless, everyone exchanged glances, feeling generally uncomfortable, without acknowledging the cause.
Work towards a common objective
The acknowledgment of the fact that we all are working towards the same objective is a starting point not just for any collaborative endeavor, but for teams within the organization. Everyone contributes and brings a skill to the table that matters, even if in a small way. When we are in a challenged situation, we know that the best recovery strategy is to help the other overcome the challenge and not berate the lack of skill or achievement.
Great teamwork is always a result of shared goal and common objective; the acknowledgment of complementary skills within the team provides a framework that nurtures healthy collaboration and focus on what matters, i.e. the result, without compromising the quality of team spirit. Keeping this as the foundation of review helps ensure better outcomes. It is indeed difficult to sustain such a mindset when one is at the receiving end.
The hierarchical leader of the team, the CIO in this case, has to play the role of setting expectations and resolve confrontations and conflict which will always be there. The matrix organizations of today are necessary; we have to learn to live in the rain.