August 10, 2010 1:41 AM
Posted by: Arun Gupta
, mobile security
The last few weeks have seen many news and analysis items on the enterprise mobile market leader—a player that made ‘email on the go’ a way of life—in addition to creating sore thumbs and marital discord for many corporate executives. After all these years, now there are concerns around national security, not just corporate data compromise.
A few countries have taken a tough stance banning the service or seeking the key to monitor all traffic. The European Union decided to totally shift away to a popular consumer phone for their state offices with 20K+ users. The phone’s largest users as well as the associated services are worried about whether they will be required to shift away within a short span to another option. They are scared about imagining life without the familiar buzz every few minutes (of another email) and business applications.
Today we cannot think of work life without access to email, corporate applications, sales data and many more on the mobile. These devices have made 24X7 slaves out of their owners. Expectations of instant response to a message (irrespective of the hour) are becoming the norm. This increased productivity is now factored into the workload. Apart from enabling the sales force with planning, reporting and sales data, mobile devices have provided even the typical desk bound executive an ability to stay connected at home. Thus enterprises have seen improvements that were not possible earlier. Suddenly, all this appears to be under threat.
Should the CIO be worried about this looming uncertainty? While a total shutdown is not imminent, restriction in services is a reality. This may extend in the future and cripple the basic functioning of these devices.
To me, the answer is a resounding yes. Country laws and regulations are paramount for every entity operating within the geographical boundaries. There is no circumventing these; so if applications depend on a type of service, they may have to be rewritten or discarded. Alternatives should be explored and options made available, should a switch be required to reduce the adverse impact. This should be discussed with the management and the level of impact (if any), be communicated clearly and explicitly.
With an ever increasing number of mobile devices deployed by the corporate or just connected to the enterprise (employee owned), it’s important to periodically assess and review mobility solutions and options. Work with the service providers to create an insurance policy. No one wants to die, but insurance always makes sense.
August 3, 2010 12:36 AM
Posted by: Arun Gupta
balancing strategic and operational IT
, CIO role
, IT review meetings
, operational IT
, strategic IT
Recently, I met a CIO who was berating the fact that whenever (which is infrequent in any case) a meeting was scheduled to discuss the strategic IT agenda, the gathering ended up discussing operational issues in almost every case. This was leading to a buildup of frustration, and the CIO was wondering if the business had no interest in pursuing the strategic alignment of IT for their enterprise. As I listened to these woes, I realized that the CIO had a remote possibility of getting there. This was not because the company did not understand or appreciate the value of IT’s contribution, but since the malaise had its roots in the way IT was engaging with the rest of the company.
Every CIO aspires (and rightly so) to create a significant impact to the company with the help of tools and IT enabled processes that give them tactical advantage many a times. IT organizations which are able to create several such initiatives sustain the benefits that IT provides, and creates IT advocates from within the business. However, this is possible only if everything else is working hunky dory, or at least has a jointly agreed review process that allows the organization to conduct a dialogue that focuses on the issues and challenges they face.
Periodic review meetings with different functions (like finance, marketing, sales and production)—singularly or jointly—provides a framework to list, review, mediate as well as track issues that are irritants to daily chores and operations within the enterprise. Over a period of time, as the IT organization resolves issues and engages in an open dialogue, these meetings become a regular way of exploring new opportunities that allow for mutual win-win situations. The assumption is that these issues are resolved to the satisfaction of “users” within the agreed to timelines. Where the formal review meetings are not the norm, any meeting that discusses IT in any shape or form becomes the ground to rage war with the CIO.
My CIO friend suffered from this lapse. He considered it inappropriate to engage the business in operational meetings, as he wanted to discuss only the strategic agenda. His team worked diligently to address operational issues when they were brought to their notice (normally when it was a crisis). As a result, the IT team was always fighting fires, without opportunities for an across the table discussion. This lack of a structured review mechanism ensured that the CIO rarely had an opportunity to table the strategic agenda which he was passionate about.
CIOs should balance the need for operational reviews, along with discussions that look at the long term impact created by innovation and new technology. Failure to engage the business across both planes will result in the strategic agenda being hijacked and loss of credibility to deliver business as usual. Such situations just end up further distancing the Business IT Alignment (See BITA).
July 26, 2010 6:38 AM
Posted by: Arun Gupta
CIO and cloud computing
, CIO conferences
, cloud computing
, vendor presentations
Last week, I was part of a two day gathering (attended by a little less than 100 CIOs) at a great beach resort in the wonderful locales of Goa. It had stopped raining after 20 days of incessant rain, said the lady at the Reception while welcoming us. The next few days were expected to be cloudy, with some sunshine bringing smiles—the CIOs were looking forward to rewind, relax, and network while exploring some serious thoughts on IT during the day. Weather stayed faithful to the prediction—apart from the occasional showers, the sun played hide and seek with the clouds. I could recognize cirrus, nimbostratus and cumulus.
As the conference progressed, it was evident that every IT services and product company (irrespective of what they had to offer), created some connect with cloud computing. We had power management, data center hosting services, servers, virtualization, software, telecom services and some of the global top five IT companies—all talking about cloud computing as the essence of IT. This herd behavior had resonance with hype seen in the late ‘90s around the Web and Internet. Words from the past echoed, “Any company who does not have a Web strategy will be dead in the next decade”. We all know that most of the companies which had only a Web strategy fell off the cliff into the chasm of oblivion. Predictions and promises of the cloudy set mirror the irrational exuberance that was pervasive in the dotcom era.
Do you know what cloud computing is? A rhetorical question; the speaker did not wait for the answer and began his 30 slide presentation starting with what is virtualization. The next speaker added to the misery with green data center and energy efficiency, while acknowledging that IT contributes to only 2% of the carbon emissions. If everyone did their bit, carbon emissions would come down by 0.4%. And, if all of us moved our entire infrastructure to the cloud, maybe that figure will go up to 0.7%. Save the world, move to the clouds. Over the next day, almost everything (from basic definitions to use case models and in between) was pushed down on the hapless audience, which braved the frontal attack while wistfully looking at the sunny sky outside.
Out of courtesy to the speakers and organizers, CIOs continued to field the inane presentations as well as panel discussions on clouds, clouds, clouds, and some more clouds. A resurgent CIO challenged the vendor’s wisdom (on stage) about treating the audience like kindergarten kids. They were challenged on solutions for the enterprise’s current ailments or help for the CIO’s real life problems; not just talk about irrelevant solutions. CIOs broke into spontaneous applause which would bring a politician pride, but evinced no answers from the speaker—again, like the politician. Sections of the audience wandered away after every break, leaving behind a thinning crowd for subsequent speakers. The sun too teasingly invited captives to come out, as the waves’ murmur tortured the spirit. The CIOs saw merit in discussing cloud formation in the skies—no connection with the conference room’s discussion.
With the ecosystem yet to evolve and create meaningful cloud transition strategies for enterprise users, the IT vendors will do a favor by not increasing the hype and aligning to reality. Privately, most vendors acknowledge the fact that clouds are as yet mature, since the concept is surrounded by a lot of questions that require hard answers like security, geographical data residency, privacy, licensing, and many more. Their organizational compulsions prevent them from being honest in a public forum—lest it be seen as them not toeing the party line. Thus, vendors and consultants will do well to listen to their customers before charging ahead on their favorite subject for now, cloud computing.
As the conference was coming to an end, a tweet escaped the room, “Cloud in the sky, cloud in the room, my mind is cloudy too after listening to so many speakers on cloud computing”. Personally, I enjoyed counting the clouds outside than the utterances inside.
July 20, 2010 12:42 AM
Posted by: Arun Gupta
, IT chargeback
, IT management
, IT Metrics
Every so often, the subject of chargeback raises its head, and challenges (un)conventional wisdom. In the recent past, it has been in the news as a critical requirement for deployment of cloud computing. Many reports have been written on why IT chargeback makes sense—especially in a diversified enterprise, with multiple business units using IT services provided by a corporate function. Almost everyone uses the rationale that chargeback helps IT allocate fair (?) cost to consumers of these services, and thus possibly provides the budgeting framework for KTLO (Keeping the Lights On) or BAU (Business As Usual).
I looked up IT chargeback on Wikipedia, and found the paragraph below as the closest definition:
“IT Cost Transparency is a new category of IT Management software and systems and that enables Enterprise IT organizations to model and track the total cost to deliver and maintain the IT Services they provide to the business. It is increasingly a task of Management accounting. IT Cost Transparency solutions integrate financial information such as labor, software licensing costs, hardware acquisition and depreciation, data center facilities charges, from general ledger systems and combines that with operational data from ticketing, monitoring, asset management, and project portfolio management systems to provide a single, integrated view of IT costs by service, department, GL line item and project. In addition to tracking cost elements, IT Cost Transparency tracks utilization, usage and operational performance metrics in order to provide a measure of value or ROI. Costs, budgets, performance metrics and changes to data points are tracked over time to highlight trends and the impact of changes to underlying cost drivers in order to help managers address the key drivers in escalating IT costs and improve planning.”
A mouthful indeed! Now, I agree that IT cost transparency matters, but chargeback? Having been part of enterprise IT across industries and IT models that included chargeback systems or none at all, my perspective:
1. Chargeback systems are important if IT is a “service provider”, and needs to justify every expense; innovation will have limited scope in this context
2. Chargeback systems will always be challenged by the majority of business units, as being an unfair practice
3. You will be required to reduce costs year-on-year irrespective of volume, and especially when business goes through recessionary cycles
4. Even after automation, the effort required for maintaining and managing data can be humungous. This will have the IT team on a defensive stance, churning out unusual associations of metrics in reports
So why is chargeback coming back again? Does virtualization, cloud service, or the next disruptive technology suddenly turn the tables in favor of chargeback? Does it really matter which specific function or business unit pays for the service, considering that it’s a zero sum game for the enterprise? So why should you bring in the complexity of managing unit costs for transactions, memory, CPU, storage, bandwidth, man hours and licenses?
When IT shops struggle to get incremental budgetary support, the practice of chargeback is typically seen as a vehicle to justify the high cost of KTLO or BAU. This is evident if you consider that with the exception of manpower cost, all other metrics have been on the downward spiral over the last decade. Thus, marginal reductions in these KPIs help in sustenance of inflated budgets, while keeping the attention away from metrics that matter (like contribution to business growth, profitability or customer retention).
CIOs should carefully evaluate why they need to implement IT chargeback mechanisms. After all, if they have aspirations to move to the next level of evolution, they should be enamored by business, and not expend energies counting pennies.
July 13, 2010 12:16 AM
Posted by: Arun Gupta
, infrastructure management
Almost every mid to large size organization now outsources the basic maintenance of desktops, laptops, printers and other end computing devices to service providers under the broad framework of facility management. Some have also given away the tasks of managing servers, backups and networks. As far as I remember, this practice is definitely more than 15 years old, considering that the first time I came across this concept was in the early ‘90s. So by now, one would assume that the vendors and service providers (along with the CIOs), would have fine tuned this basic support activity to a level where it does not require significant management time and attention. However, recent discussions bring out a different story.
Essentially, outsourcing of the basic break-fix and first level support (typically personified as the IT Helpdesk), broadly constitutes a centralized number, email or web based form for users to log their calls. The person at the other end is expected to acknowledge the call, and attempt troubleshooting via phone or remote control of the computing device. If this is not feasible, he’s then supposed to provide desk side support through an Engineer. Track progress of the call until completed, repeat ad infinitum. Sounds simple enough!
Add a dash of best practices, frameworks like ITIL, service level agreements, and periodic reviews—everything should be hunky dory?
As computers get ubiquitous, cheaper, sturdier, and easier to use, the expectation levels have also risen. Today the expectations veer towards near instant resolution, which reflects the high level dependence as well as time pressures that are typical of today’s workplace. Mobility adds to the complexity, while security concerns mount—new and old threats challenge existing solutions, and compliance add to the challenge. To add to this, budgets are shrinking, and attrition is on the rise. So is it fair to expect service levels to sustain and improve, quarter on quarter?
CIOs with reason are right in their expectations from facility management, as this is what the enterprise demands in a hyper competitive environment. On the other hand, service providers have been struggling to rise up to these challenges and seize the opportunity. A few CIOs mentioned that they were reviewing alternatives, even though the contract period was far from over. In these circumstances, root cause analysis points towards many reasons that contribute either singularly or collectively.
Key amongst these factors remain people (See Challenges of an upturn), where service providers did not plan for attrition, with growth coming back; thus the pipeline dried up, and customers saw an adverse impact. If the person exiting is a Project Manager, it can take up to six months to recover. And we are not yet talking about quality of resources on the ground, which is deteriorating slowly and surely. Most new hires were fresh out of institutes, with very limited or no soft skills orientation. Customer service is not just about fixing the problem, but also with respect to addressing the person behind the computer and his downtime.
The second big issue is process compliance, with or without ITIL. Every outsourcing engagement has a plethora of checklists and processes which need to be rigorously followed to ensure success. However, for the person on the ground, this is a distraction, and sometimes seen as policing. Inconsistent data and incomplete checklists lead to increasing grievances with the users.
Weekly, fortnightly or monthly review meetings are at best a post mortem of the issue; instead, daily exception management between the vendor and customer Project Managers is required to ensure that these do not get discussed at the Management table. CIOs need to conduct periodic assessments to remain connected to the process, a practice which also keeps the teams’ focus on deliverables.
July 5, 2010 7:22 AM
Posted by: Arun Gupta
business continuity plan
, cyber commute
, disaster recovery
, force majeure
, mobile workforce
, work from home
Every Monday, the chores begin—to get up a little earlier, get ready and off to the place of work. Every Monday, the average person gets the blues as he thinks about the week ahead and its pressures, timelines, political issues, performance, and many more. These are worries that are unique to everyone, but common in a way that they manifest themselves universally. But, this Monday is different. The majority of us did not travel, and decided to stay at home rather than risk a limb or broken glass on the vehicle. This Monday, there was a call for strike, bandh, and disruption; all to evoke the response of empathy.
Establishments either declared a day off with compensatory working on another weekend, or left the choice to employees just for safety. Rail and road transport saw very few utilizing the facilities, thus running almost empty. News channels searched for news on empty roads, and declared the empty roads as news. Impact to productivity in a blue collared environment was moderate to high; however, the white collared worker was not to be denied.
Armed with a laptop, Netbook, Blackberry or a smartphone, Wifi at home or at the least broadband, the road warrior was prepared for such exigencies. Finish the morning cuppa and settle down in the corner office with the device of choice connected to his corporate network on a high speed line; working similar (if not better) to the corner office at workplace, with no disruptions caused by the ringing phone. Churning numbers or making presentations, productivity barriers were unshackled, and deadlines appear a thing of the past.
In many countries and companies, working from home is a well accepted norm. This helps reduce the operating costs of space, power and other entrapments associated with office facilities (apart from offering flexibility to the employee to work from their cozy environments). Added benefit is accrued by the green nature of “no travel by hydrocarbon fuel driven transportation”. Many Indian enterprises have provided facilities to their workers—normally for after office hour exigencies and weekend support activities by some functions. The middle and senior managers are driven by compulsions to respond to the next mail, react to the next crisis, no crisis? Then let’s create one for the adrenaline rush.
IT enabled processes and employees with connectivity become a boon in such times of force majeure, when travel is a constraint. CIOs and enterprises which recognize the benefit of mobility and benefits thereof are able to reduce operational impact within the internal ecosystem. The larger environment (if it is cyber enabled) and the connected pieces can work with some efficiency, thereby reducing the potential adverse impact. Business continuity and disaster recovery plans should factor in productivity losses due to such events. So push forth and enjoy the fruits of boundary-less connectivity and empowerment.
One thought troubles me though; what will we all do if we face a cyber bandh some day?
June 29, 2010 4:59 AM
Posted by: Arun Gupta
business IT alignment
, business technology
, evolution of IT
, role of the CIO
In recent times, there have been many consultants, research entities and academia discussing the IT organization’s transformation. The proposed concept seeks to rechristen IT to BT to reflect the new nature of the expected role. The rationale is largely around the fact that business drives technology within an enterprise. So the function should be called business technology (BT). Many CIOs like the new nomenclature, and have attempted to adopt this new symbol that represents their purported evolution and alignment.
Flashback to 2002; I interviewed for a Fortune 50 company’s Indian operations. The process progressed well, and I joined the company (which had a federated IT organization). The corporate IT organization was responsible for standards, infrastructure, architecture, and many applications that were supporting the operations. Then we had Manufacturing IT, which focused on the requirements of the manufacturing plants, connecting to suppliers, managing the manufacturing process, and running the warehouses. The company also had an R&D IT function that empowered the large and globally spread research teams with enabling technology solutions that were critical towards maintaining the company’s leadership position. Each IT organization head reported to the respective function head with dotted line to the global IT head; they had the flexibility and independence to create solutions or choose vendors. Last but not the least was the function called Business Technology, into which I was inducted.
Business Technology worked with the sales organization. It existed in almost every country that the company operated in, and reported to the CEO. It was the largest group and also the most powerful, since the sales teams connected with customers, and thus also had the power to garner larger IT budgets. Thus this name signified a closer relationship with business. It provided technology initiatives that impacted life everyday on the field connecting with customers, while competing with others in the industry. Not that those other teams were not aligned to their respective business folks, but the impact of changes was slower, and largely created internal efficiencies or benefit. Thus, every introduction to an outsider required a five minute discourse on why we were called Business Technology.
Was BT any different? We still had our challenges around vendors, change management, new initiatives, budget approvals, technology adoption, political issues, everything that a normal IT organization experiences every day. As the CIO, my role was acknowledged with a seat on the management table, but like every other CXO, it required consistent performance to keep it there. The basic expectation from the CIO was to create business value, challenge status quo, and participate in all discussions around the table that influenced the company’s future direction.
So, what about the role today? The CIO is required to do all of the above, sometimes even fight to get a seat on the management table; in a few cases where the CIO does not report to the CEO, they are dependent on other CXOs to be their voice in the management team meetings. Will the change in name to business technology bring about the transformation and fast track the evolution and acceptance of the function better than when it is plain old IT? I guess not–the enterprise, the IT leader, and the culture largely contribute to its success. BT happened almost a decade back, evolution is catching up.
After all, as the bard said it a long time back, “What’s in a name; that which we call a rose, by any other name would smell as sweet”!
June 22, 2010 12:54 AM
Posted by: Arun Gupta
, business IT alignment
, communicating business value
, communicating IT value
, IT Annual Report
Almost a decade back, I met the CIO of Intel, who talked about an Annual Report of the IT organization— similar to the Annual Report published by the company for its shareholders. This report made good reading, which at that time presented metrics around availability of systems, uptime of links, number of problem tickets, budget performance, and a few others. At the turn of the century, a lot of these were indeed deemed relevant, and accepted by everyone. The report’s interesting parts depicted ’Voice of Customer’, discussed projects undertaken with their status, impact to business, and customer quotes. It was a slick report, similar to what a company would create with help from Marketing and Advertising.
Fast forward to 2010, when I was listening to a presentation on “Why should IT create an Annual Report”. The examples quoted were from Computer Associates (CA) and Intel. The audience of about 40 IT leaders listened in rapt attention, made notes, consuming the speaker’s insights, who mesmerized the audience. The KPIs were largely different, reflecting evolution of the IT organization and IT leader. Post the presentation, a debate started off on how many in the room did anything similar in terms of KPIs, reports, transparency, or even the basic weekly or monthly presentation at the management meetings; and if they did, what did they report?
Almost everyone had some kind of report being tabled, though not an Annual Report akin to the one that was presented. These hard copies were typically printed and distributed to the stakeholders, with help from an Advertising agency or Marketing department. A large IT company’s CIO mentioned that he has started working on something similar (with external help). He hopes to emulate the success that we all listened to. The thought that crossed my mind was that are CIOs of IT companies a step ahead of the rest of us in the room who represented other non-computer related industries. It was a disconnect, considering that a fair number of IT companies did not provide a seat on the management table to their IT heads.
Thinking for a long while after that, I kept wondering about why I never took the step (despite having the benefit a decade back) and when it was rekindled from memory again. The thought also wandered around as to why the representative Annual IT reports were only from the IT industry. Where were the examples from the large and successful marquee CIOs as well as IT enterprises (of success stories that everyone talks about)? Don’t they need the Annual Report to publish their success story and present it to their shareholders (CXOs and Board)?
I believe that success does not need an anniversary to present, but is shared within the enterprise on occurrence, during frequent management meetings, and gets acknowledgement. The Annual Report is a vehicle to tell the rest of the world what we do well. But maybe, I am totally off the track.
June 15, 2010 7:25 AM
Posted by: Arun Gupta
CIO and clouds
, cloud computing
, cloud SLA
, cloud watching
Yes, it’s raining, and the country is covered with rain clouds for which everyone is thankful; after a year when everyone was worried. It’s as if the economy’s slowdown and lower budgets had a link with the reduced rainfall. You must be now wondering about the relevance of monsoon for a CIO. Please have a bit of patience for the ‘Oh I See’.
Someone is launching a book on the support models and delivery on a specific cloud (amongst the oldest service offerings globally before the term ‘cloud computing’ was coined). This book is derived out of thousands of support threads from customers, analysis of response times, efficacy of the model, and the pitfalls in putting your business on the cloud. No, the book is not about cloud bashing, but more about the reality of what customers faced—either in their ignorance, or due to lack of definitions and omissions.
With enough being said about why everyone (CEO and CFO included) should go cloud watching or about CIOs being beaten to death about adoption of cloud computing, the proponents of this disruptive technology are growing. This often leaves the CIO wondering about why he doesn’t get it and looks up for insight from Almighty—only to see some more clouds!
Recently, I met up with a cloud evangelist from the world’s largest cloud company. He was patiently explaining to the CIOs in a step-by-step way—on how to get started, where to get started from, and what to realistically expect. Now that made everyone sit up and listen with attention! Following the discourse getting into a debate with selected CIOs, the reality dawned on everyone that various XaaS models (where X = application, platform, and infrastructure, for now) do have limitations and challenges for any large enterprise to function in a hybrid model using cloud and internal capability.
Almost everyone who has adopted the cloud has used it for non-critical applications, test and development environments. In many cases, organizations use the cloud on fringes to connect road warriors or partners. Concerns remain around security, manageability, data retention, geographical statutes, service levels, and the evolving experience around how clouds behave. One point that had me jumping out of the chair after reading the above mentioned book’s synopsis was the gap between perception (and reality) around turnaround times for issues, patching and security management in an IaaS model. With 20+ hours to resolve issues and no patch management service, I would not even bet my test or development environments to the cloud.
Every industry evolution goes through the hype curve, and for now, cloud is still on the rising edge. With the number of companies announcing cloud based services (which do require large investments), I wonder if the future will see a cloud burst akin to the dotcom bubble burst that we experienced a decade ago.
I would stay cautiously optimistic until then, and learn to live in the rain.